Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/TvL09U7UfIYrIDWT9eUU0XfrOTE.roa
File:                     TvL09U7UfIYrIDWT9eUU0XfrOTE.roa (raw, json)
Hash identifier:          S0sWxANz/4WB5vNr9IR0Xbv/dEWtu1YXOej9XNa60Pk=
Subject key identifier:   4E:F2:F4:F5:4E:D4:7C:86:2B:20:35:93:F5:E5:14:D1:77:EB:39:31
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       0192390086C1FFE307F92ECC61F8410690E0
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/TvL09U7UfIYrIDWT9eUU0XfrOTE.roa
Signing time:             Sat 28 Sep 2024 14:19:48 +0000
ROA not before:           Sat 28 Sep 2024 14:19:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        91.199.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:39:00:86:c1:ff:e3:07:f9:2e:cc:61:f8:41:06:90:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Sep 28 14:19:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ef2f4f54ed47c862b203593f5e514d177eb3931
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:3b:f3:ae:06:aa:58:0f:e4:98:86:26:0b:73:
                    77:07:ee:63:8a:e7:7e:bb:07:5c:7b:ae:aa:19:9d:
                    0d:99:74:e5:9f:e5:7d:3a:35:0f:45:69:da:0f:45:
                    79:66:a8:40:72:17:1e:c8:0a:5e:58:5d:8b:67:7e:
                    6a:38:a5:f2:f6:73:72:11:06:93:e6:c7:84:64:1e:
                    e3:a0:f2:a1:94:2f:d6:1f:7d:a0:ff:4f:b4:81:55:
                    81:51:1c:30:f7:c8:88:b7:e9:e9:cc:f6:a0:72:35:
                    0c:7b:91:d9:a3:27:45:3e:e6:57:32:a5:c2:b7:ac:
                    6e:7e:2a:59:66:64:4f:e6:0b:08:54:5a:0c:ca:2f:
                    10:e3:04:c1:b1:33:62:01:d8:6b:54:aa:c7:3a:92:
                    ce:eb:12:fa:96:95:5f:c3:7f:14:f5:58:65:01:57:
                    3c:4c:2b:08:45:72:b0:ba:0b:de:7d:49:32:a3:27:
                    bb:98:6b:39:a5:d1:6a:65:6b:4b:b3:a9:d7:4a:94:
                    4d:31:24:d3:20:da:77:8e:62:a4:32:b5:e8:b7:b5:
                    13:ef:f3:7c:ba:b4:07:c7:a2:0f:3e:b5:ea:06:01:
                    03:fa:69:e4:52:18:f9:c6:1b:0f:f7:c4:e2:80:e0:
                    6a:0c:42:62:25:e4:9e:b9:0d:3e:2a:8c:16:10:d1:
                    cf:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F2:F4:F5:4E:D4:7C:86:2B:20:35:93:F5:E5:14:D1:77:EB:39:31
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/TvL09U7UfIYrIDWT9eUU0XfrOTE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:d2:44:b8:77:ee:7b:a8:6d:82:4a:43:ca:10:fc:7a:56:a7:
         b3:e5:8f:29:fd:43:78:05:c1:25:d6:67:2d:fe:12:87:c1:0a:
         f8:53:1a:ef:59:95:01:09:8a:84:d8:4f:e1:bc:8b:60:4a:bb:
         ec:e2:f2:5c:bf:ce:d8:c8:0f:f0:85:35:c3:79:04:e9:d5:76:
         ec:40:0c:95:76:de:3b:cc:33:5c:ac:03:e6:ed:9e:02:3e:f0:
         e2:50:48:af:7c:c6:d8:55:03:15:9c:80:5e:c8:8c:c0:69:06:
         b2:f6:4c:08:f4:92:4f:e0:b4:49:ec:1a:ab:c1:69:b1:ca:dd:
         f4:7c:8e:c1:05:cc:f1:13:4f:e1:cf:a8:18:e7:01:f9:ba:9f:
         96:56:c9:56:9e:80:49:4d:fb:a7:16:13:21:a9:d7:e2:c7:53:
         15:29:b1:e9:94:5e:59:09:e4:4d:9b:79:96:14:90:cd:2f:c7:
         dc:1b:0e:94:bf:8c:d3:d4:66:71:db:81:23:59:50:7b:02:c2:
         bd:2e:a3:2a:e4:24:37:84:49:b9:30:af:0e:6f:16:2e:37:17:
         d4:49:39:b4:00:af:ba:99:c6:7f:8e:57:c9:2b:64:5e:8b:e4:
         6a:0b:26:e8:e8:0a:52:34:32:ba:50:30:25:07:e1:61:f7:e6:
         8b:f5:44:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZI5AIbB/+MH+S7MYfhBBpDgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjQwOTI4MTQxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWYyZjRmNTRlZDQ3Yzg2MmIyMDM1OTNmNWU1MTRkMTc3ZWIzOTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4TvzrgaqWA/kmIYmC3N3B+5jiud+
uwdce66qGZ0NmXTln+V9OjUPRWnaD0V5ZqhAchceyApeWF2LZ35qOKXy9nNyEQaT
5seEZB7joPKhlC/WH32g/0+0gVWBURww98iIt+npzPagcjUMe5HZoydFPuZXMqXC
t6xufipZZmRP5gsIVFoMyi8Q4wTBsTNiAdhrVKrHOpLO6xL6lpVfw38U9VhlAVc8
TCsIRXKwugvefUkyoye7mGs5pdFqZWtLs6nXSpRNMSTTINp3jmKkMrXot7UT7/N8
urQHx6IPPrXqBgED+mnkUhj5xhsP98TigOBqDEJiJeSeuQ0+KowWENHPAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE7y9PVO1HyGKyA1k/XlFNF36zkxMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvVHZMMDlVN1VmSVlySURXVDllVVUwWGZyT1RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cgMA0G
CSqGSIb3DQEBCwUAA4IBAQBo0kS4d+57qG2CSkPKEPx6Vqez5Y8p/UN4BcEl1mct
/hKHwQr4UxrvWZUBCYqE2E/hvItgSrvs4vJcv87YyA/whTXDeQTp1XbsQAyVdt47
zDNcrAPm7Z4CPvDiUEivfMbYVQMVnIBeyIzAaQay9kwI9JJP4LRJ7BqrwWmxyt30
fI7BBczxE0/hz6gY5wH5up+WVslWnoBJTfunFhMhqdfix1MVKbHplF5ZCeRNm3mW
FJDNL8fcGw6Uv4zT1GZx24EjWVB7AsK9LqMq5CQ3hEm5MK8ObxYuNxfUSTm0AK+6
mcZ/jlfJK2Rei+RqCybo6ApSNDK6UDAlB+Fh9+aL9USt
-----END CERTIFICATE-----