Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/69sRGrf1eKIuqbxJPKmIq8nl_3A.roa
File:                     69sRGrf1eKIuqbxJPKmIq8nl_3A.roa (raw, json)
Hash identifier:          NdHPWAUQ3whH/aSg4roIAiS1Ms//6kEtxmH68PHAHvc=
Subject key identifier:   EB:DB:11:1A:B7:F5:78:A2:2E:A9:BC:49:3C:A9:88:AB:C9:E5:FF:70
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       018CC3B6A0EC63EB8AC884219BC8586431B7
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/69sRGrf1eKIuqbxJPKmIq8nl_3A.roa
Signing time:             Mon 01 Jan 2024 06:29:35 +0000
ROA not before:           Mon 01 Jan 2024 06:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212384
IP address blocks:        91.199.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a0:ec:63:eb:8a:c8:84:21:9b:c8:58:64:31:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Jan  1 06:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebdb111ab7f578a22ea9bc493ca988abc9e5ff70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:36:a5:76:c0:c9:b0:32:15:19:9e:f0:10:6d:
                    85:d5:f2:3a:6b:fb:12:c7:8c:ea:d9:c7:5f:40:f7:
                    d0:2f:73:e1:2d:42:84:78:66:4c:a3:7e:02:15:33:
                    64:ff:2e:95:5d:90:63:21:b5:b6:c3:8f:b8:a8:a9:
                    9e:af:97:84:08:aa:30:bd:99:38:62:2f:74:a3:f8:
                    78:e8:c1:c7:d8:5a:40:51:3c:91:5b:c1:b9:6c:3d:
                    aa:5c:5f:b3:4a:8f:47:aa:b0:5e:66:2b:fe:61:83:
                    f5:2b:50:ad:4f:95:76:b8:3b:a9:fa:f6:f6:90:25:
                    f1:27:6b:ae:f4:78:7e:ec:ac:40:42:03:97:64:c9:
                    ce:b8:91:f9:83:38:05:8f:72:bb:6e:28:7a:86:25:
                    3c:6a:9a:0d:ee:d9:fd:79:2b:ab:ca:d6:b2:78:d8:
                    68:89:aa:22:6f:c3:02:3b:20:f9:66:55:9f:34:b8:
                    e2:80:63:b2:36:5f:15:2e:66:58:36:a5:85:79:18:
                    31:19:ef:78:9f:96:f0:b5:e7:17:d2:af:95:71:6a:
                    4d:8a:f7:6b:83:ab:02:0b:67:60:02:02:c4:e3:b6:
                    cb:96:5b:88:de:bf:3f:03:8c:a9:a7:48:5e:3d:97:
                    c1:87:ca:0b:05:11:37:88:39:93:66:a1:b4:47:47:
                    ff:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:DB:11:1A:B7:F5:78:A2:2E:A9:BC:49:3C:A9:88:AB:C9:E5:FF:70
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/69sRGrf1eKIuqbxJPKmIq8nl_3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:85:4f:e4:01:8a:27:2a:da:d2:86:18:d8:f1:ec:59:a1:ad:
         40:62:b7:27:79:27:60:7a:a1:5c:d1:19:1f:35:84:eb:b7:f2:
         bd:4b:5c:ae:c1:99:34:3f:97:50:1e:25:7f:77:92:3c:ba:ca:
         45:d3:8d:53:3c:c1:5e:3a:32:27:91:5d:ea:dd:1d:be:18:d5:
         32:58:80:ed:e5:dc:be:28:6e:45:8c:27:24:7a:8e:5c:24:6a:
         50:49:13:e7:ce:fa:c5:ae:15:a5:f3:03:40:e3:39:54:87:8e:
         db:33:35:b1:a6:40:44:c3:87:b6:be:1c:52:e7:2a:b7:e0:b7:
         3b:ae:91:f6:39:ba:5e:de:07:38:d7:ae:a5:b1:74:17:82:d6:
         d0:65:b6:fd:3f:fc:17:15:7d:25:d2:57:4f:e9:c5:ff:83:b6:
         d2:d8:b8:24:f7:07:08:b8:8e:e3:32:2a:ae:86:0d:7f:59:b1:
         bf:5b:50:87:b2:7a:5a:79:f8:1b:ff:cb:6f:4a:0b:fe:0f:93:
         6d:17:77:35:84:3b:1b:e1:ae:35:4d:a5:4e:cd:8c:08:c4:60:
         28:d8:6b:b1:b1:ca:bf:55:8e:d3:cd:ed:e8:ca:65:60:20:63:
         ac:53:25:f6:1c:64:41:bd:c6:74:20:87:62:c7:db:0a:f4:ea:
         a0:3f:a1:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqDsY+uKyIQhm8hYZDG3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjQwMTAxMDYyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmRiMTExYWI3ZjU3OGEyMmVhOWJjNDkzY2E5ODhhYmM5ZTVmZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzaldsDJsDIVGZ7wEG2F1fI6a/sS
x4zq2cdfQPfQL3PhLUKEeGZMo34CFTNk/y6VXZBjIbW2w4+4qKmer5eECKowvZk4
Yi90o/h46MHH2FpAUTyRW8G5bD2qXF+zSo9HqrBeZiv+YYP1K1CtT5V2uDup+vb2
kCXxJ2uu9Hh+7KxAQgOXZMnOuJH5gzgFj3K7bih6hiU8apoN7tn9eSurytayeNho
iaoib8MCOyD5ZlWfNLjigGOyNl8VLmZYNqWFeRgxGe94n5bwtecX0q+VcWpNivdr
g6sCC2dgAgLE47bLlluI3r8/A4ypp0hePZfBh8oLBRE3iDmTZqG0R0f/fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvbERq39XiiLqm8STypiKvJ5f9wMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvNjlzUkdyZjFlS0l1cWJ4SlBLbUlxOG5sXzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cvMA0G
CSqGSIb3DQEBCwUAA4IBAQBnhU/kAYonKtrShhjY8exZoa1AYrcneSdgeqFc0Rkf
NYTrt/K9S1yuwZk0P5dQHiV/d5I8uspF041TPMFeOjInkV3q3R2+GNUyWIDt5dy+
KG5FjCckeo5cJGpQSRPnzvrFrhWl8wNA4zlUh47bMzWxpkBEw4e2vhxS5yq34Lc7
rpH2Obpe3gc4166lsXQXgtbQZbb9P/wXFX0l0ldP6cX/g7bS2Lgk9wcIuI7jMiqu
hg1/WbG/W1CHsnpaefgb/8tvSgv+D5NtF3c1hDsb4a41TaVOzYwIxGAo2Guxscq/
VY7Tze3oymVgIGOsUyX2HGRBvcZ0IIdix9sK9OqgP6G1
-----END CERTIFICATE-----