Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/2b26af-e754-4080-9ec9-59f0f10b1d29/1/dOirMHERf2S7XaVhDBj8pRwQyLU.roa
File:                     dOirMHERf2S7XaVhDBj8pRwQyLU.roa (raw, json)
Hash identifier:          RUHnPEXdDgz2x6FeuZ8yiEPV6rqAxw/OAxkwBlLK73U=
Subject key identifier:   74:E8:AB:30:71:11:7F:64:BB:5D:A5:61:0C:18:FC:A5:1C:10:C8:B5
Certificate issuer:       /CN=1ebab40d608133cddf76c3b5a6f815df81fbc7dd
Certificate serial:       0195CCD93FFD4DA9F8344FA6362AE7FF0663
Authority key identifier: 1E:BA:B4:0D:60:81:33:CD:DF:76:C3:B5:A6:F8:15:DF:81:FB:C7:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hrq0DWCBM83fdsO1pvgV34H7x90.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/2b26af-e754-4080-9ec9-59f0f10b1d29/1/dOirMHERf2S7XaVhDBj8pRwQyLU.roa
Signing time:             Tue 25 Mar 2025 10:29:04 +0000
ROA not before:           Tue 25 Mar 2025 10:29:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39292
IP address blocks:        91.209.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/2b26af-e754-4080-9ec9-59f0f10b1d29/1/Hrq0DWCBM83fdsO1pvgV34H7x90.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/2b26af-e754-4080-9ec9-59f0f10b1d29/1/Hrq0DWCBM83fdsO1pvgV34H7x90.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hrq0DWCBM83fdsO1pvgV34H7x90.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:cc:d9:3f:fd:4d:a9:f8:34:4f:a6:36:2a:e7:ff:06:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ebab40d608133cddf76c3b5a6f815df81fbc7dd
        Validity
            Not Before: Mar 25 10:29:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74e8ab3071117f64bb5da5610c18fca51c10c8b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:85:c0:7d:23:c1:dd:2b:46:43:ea:d6:80:96:
                    c5:c3:77:74:0e:91:eb:b0:88:2b:ea:7c:87:fe:ff:
                    df:b2:d4:e3:87:85:4b:f6:33:df:c4:e7:9f:36:45:
                    9d:f1:2f:ec:ef:92:e2:4d:b8:35:5c:71:df:82:e5:
                    36:56:5a:8c:ff:ed:3a:7a:7d:a7:61:53:c8:27:fe:
                    6a:c8:49:3b:68:f7:e6:0c:3b:a7:ab:40:c4:51:b5:
                    79:90:f0:de:9d:e2:99:f9:b9:8c:68:0b:3b:8e:67:
                    57:d5:e0:65:da:67:39:f2:ec:e9:e6:04:24:03:c9:
                    a6:fc:fb:de:d0:a5:96:7d:16:23:d3:a6:93:51:93:
                    3c:08:d4:70:50:ce:b7:dc:87:5f:7a:d6:fe:5c:d5:
                    b3:7b:fa:76:a7:26:42:26:8d:f3:99:a1:3b:ea:a8:
                    5e:46:0b:fc:40:e4:d2:00:81:32:e2:b0:d3:83:0c:
                    d2:f3:44:f4:7a:b4:f7:97:f6:44:b0:32:f3:cc:fe:
                    38:d0:a8:3e:f2:1e:d1:33:62:2c:a1:ec:60:24:3d:
                    f9:71:38:8b:bb:13:ed:5a:91:77:f2:47:92:b8:ff:
                    a2:07:7b:03:4c:e8:c6:e2:f7:5e:db:a6:49:00:bd:
                    0e:a0:9b:ab:d8:6a:4c:d4:97:af:b5:7f:ad:87:76:
                    2c:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:E8:AB:30:71:11:7F:64:BB:5D:A5:61:0C:18:FC:A5:1C:10:C8:B5
            X509v3 Authority Key Identifier:
                keyid:1E:BA:B4:0D:60:81:33:CD:DF:76:C3:B5:A6:F8:15:DF:81:FB:C7:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hrq0DWCBM83fdsO1pvgV34H7x90.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/2b26af-e754-4080-9ec9-59f0f10b1d29/1/dOirMHERf2S7XaVhDBj8pRwQyLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/2b26af-e754-4080-9ec9-59f0f10b1d29/1/Hrq0DWCBM83fdsO1pvgV34H7x90.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:ce:0d:57:60:1c:41:a9:30:bf:e6:5d:b5:4f:95:84:5b:f5:
         1f:20:82:8b:ee:76:75:4f:9f:ff:e5:fe:74:9e:54:62:ff:06:
         3f:9b:e4:a5:df:39:69:5d:c1:7e:3b:5c:9c:dd:65:63:dd:19:
         54:30:bd:a4:58:a1:da:96:24:76:0b:65:d5:43:a2:d3:40:1c:
         e9:39:c3:9c:3c:72:9f:af:bc:37:34:21:62:0c:df:cf:d2:13:
         4b:3e:eb:3d:fd:a0:00:ca:5b:b1:5e:f1:22:76:12:cf:93:07:
         bc:ba:3d:01:08:16:4e:c3:b4:a3:d3:f0:64:20:8d:dc:1d:e5:
         90:20:9b:03:7c:5f:b7:fd:a4:34:ab:a7:96:0f:de:82:f3:f9:
         d9:32:15:97:dd:a7:78:ef:1f:c1:3a:93:04:68:3e:60:09:0b:
         7e:e3:2c:d2:a9:e8:6f:9b:54:41:03:1b:78:3a:94:21:69:a3:
         9d:2d:25:0b:60:cd:b7:e4:df:5b:e2:c6:45:2f:6a:3e:55:9d:
         41:28:fd:c9:db:74:02:3b:76:3c:1f:da:f0:6a:ac:f2:58:7b:
         6b:7d:af:17:3b:4a:d5:61:e5:08:45:e4:94:c1:7e:67:f0:f5:
         b2:a1:5b:b7:34:31:75:e3:d2:5c:e1:6d:77:88:29:b5:8b:f4:
         9e:b9:d7:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXM2T/9Tan4NE+mNirn/wZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlYmFiNDBkNjA4MTMzY2RkZjc2YzNiNWE2ZjgxNWRmODFm
YmM3ZGQwHhcNMjUwMzI1MTAyOTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGU4YWIzMDcxMTE3ZjY0YmI1ZGE1NjEwYzE4ZmNhNTFjMTBjOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA44XAfSPB3StGQ+rWgJbFw3d0DpHr
sIgr6nyH/v/fstTjh4VL9jPfxOefNkWd8S/s75LiTbg1XHHfguU2VlqM/+06en2n
YVPIJ/5qyEk7aPfmDDunq0DEUbV5kPDeneKZ+bmMaAs7jmdX1eBl2mc58uzp5gQk
A8mm/Pve0KWWfRYj06aTUZM8CNRwUM633Idfetb+XNWze/p2pyZCJo3zmaE76qhe
Rgv8QOTSAIEy4rDTgwzS80T0erT3l/ZEsDLzzP440Kg+8h7RM2IsoexgJD35cTiL
uxPtWpF38keSuP+iB3sDTOjG4vde26ZJAL0OoJur2GpM1JevtX+th3Ys9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHToqzBxEX9ku12lYQwY/KUcEMi1MB8GA1UdIwQY
MBaAFB66tA1ggTPN33bDtab4Fd+B+8fdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHJxMERXQ0JNODNmZHNPMXB2Z1YzNEg3eDkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yYjI2YWYtZTc1NC00MDgwLTllYzkt
NTlmMGYxMGIxZDI5LzEvZE9pck1IRVJmMlM3WGFWaERCajhwUndReUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yYjI2YWYtZTc1NC00MDgwLTllYzktNTlmMGYxMGIxZDI5
LzEvSHJxMERXQ0JNODNmZHNPMXB2Z1YzNEg3eDkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9EHMA0G
CSqGSIb3DQEBCwUAA4IBAQCPzg1XYBxBqTC/5l21T5WEW/UfIIKL7nZ1T5//5f50
nlRi/wY/m+Sl3zlpXcF+O1yc3WVj3RlUML2kWKHaliR2C2XVQ6LTQBzpOcOcPHKf
r7w3NCFiDN/P0hNLPus9/aAAyluxXvEidhLPkwe8uj0BCBZOw7Sj0/BkII3cHeWQ
IJsDfF+3/aQ0q6eWD96C8/nZMhWX3ad47x/BOpMEaD5gCQt+4yzSqehvm1RBAxt4
OpQhaaOdLSULYM235N9b4sZFL2o+VZ1BKP3J23QCO3Y8H9rwaqzyWHtrfa8XO0rV
YeUIReSUwX5n8PWyoVu3NDF149Jc4W13iCm1i/Seudfy
-----END CERTIFICATE-----