Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/av5MSDY5iSrv7TwlZZF1JwJ4p10.roa
File:                     av5MSDY5iSrv7TwlZZF1JwJ4p10.roa (raw, json)
Hash identifier:          h7DmU0E7b2NmTbVlaMOnlHskDV1UFg/7beenphi6PkU=
Subject key identifier:   6A:FE:4C:48:36:39:89:2A:EF:ED:3C:25:65:91:75:27:02:78:A7:5D
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       018CC3B6A074ECC5B3D0349F4AB0EE21D476
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/av5MSDY5iSrv7TwlZZF1JwJ4p10.roa
Signing time:             Mon 01 Jan 2024 06:29:34 +0000
ROA not before:           Mon 01 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        91.199.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a0:74:ec:c5:b3:d0:34:9f:4a:b0:ee:21:d4:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Jan  1 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6afe4c483639892aefed3c25659175270278a75d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:55:4e:f9:8a:4f:b0:f5:9e:be:4f:36:a1:4b:
                    c3:0f:d6:c6:04:e9:02:92:d4:8d:c1:ac:25:36:48:
                    5d:a1:4f:f0:16:e2:5f:de:c2:b2:3a:0f:d0:9b:37:
                    52:b5:5b:c2:a2:d2:e4:3d:b8:b2:2f:a0:4b:3b:89:
                    fc:34:fd:5d:b4:e8:93:bb:4a:3d:75:a8:b5:7c:be:
                    ef:8f:76:d0:b7:ce:e0:60:72:4f:b4:df:75:1b:20:
                    e0:6a:19:81:99:ea:c2:d3:cd:59:9c:25:00:9e:0e:
                    b7:d6:06:f6:5b:37:57:52:0d:cd:a2:88:92:0b:90:
                    c6:8f:3a:77:99:b3:d2:ad:7e:b4:93:b7:ef:20:27:
                    8f:46:55:9b:61:ff:8a:f4:32:9e:6e:7e:2a:0d:bd:
                    75:81:ec:2a:f9:54:66:04:c5:78:54:c5:ee:fa:8d:
                    b9:32:4d:17:ab:93:0a:bf:f6:19:ea:f3:a1:3c:aa:
                    08:d3:10:91:32:fc:bf:51:e7:d6:1d:cb:54:56:77:
                    c7:9e:03:c1:2a:9c:c5:fd:7f:a2:15:bc:78:98:fd:
                    43:1b:83:b0:ec:b0:c7:cb:29:7d:2c:ee:60:31:c6:
                    ed:0e:47:ba:8e:9b:ce:f1:23:9e:af:03:ef:d2:97:
                    95:a3:90:42:75:e7:79:78:11:2a:ee:cc:9a:85:d9:
                    8e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:FE:4C:48:36:39:89:2A:EF:ED:3C:25:65:91:75:27:02:78:A7:5D
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/av5MSDY5iSrv7TwlZZF1JwJ4p10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:8e:d3:00:1c:a6:0b:b3:18:55:52:8b:d2:9d:be:25:4d:02:
         8a:d9:9e:52:cc:96:18:45:9e:fc:1f:99:03:c3:ed:21:e6:c3:
         0b:17:a3:d8:e5:4c:9b:2a:db:ce:53:7e:83:76:b0:c5:0b:ea:
         0f:d1:89:1f:97:95:42:79:41:28:1c:13:49:eb:0f:91:00:c0:
         4f:2f:a6:6e:40:ef:d0:ad:aa:f5:a5:99:94:f3:22:0f:b0:85:
         06:5a:0a:b4:93:0c:d2:72:a6:2d:48:e1:c7:0a:89:fa:b7:2c:
         f0:d8:b0:da:7b:de:48:39:e9:48:33:8a:e9:c4:43:8f:90:38:
         37:04:69:15:58:b2:52:d7:f0:49:82:d1:3b:94:fd:92:a2:df:
         fa:b8:b2:2c:80:5d:22:81:3c:d1:f8:86:ac:db:ba:b7:14:a2:
         3f:eb:6a:ae:c6:6b:40:ab:a0:67:88:e3:a3:92:37:2a:f7:b7:
         2b:5b:e0:19:23:7c:75:d4:4d:e7:a7:e1:c5:62:2b:1d:c7:09:
         d1:32:63:0a:b1:86:20:2a:35:e0:65:98:d1:55:2e:cc:fb:f0:
         bf:cb:75:2c:4d:e6:4d:45:16:e0:fd:59:7d:16:b9:f6:82:e1:
         56:b1:78:5c:2d:4c:7c:73:38:1f:cf:eb:9f:fd:34:65:7d:a7:
         44:e5:f8:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtqB07MWz0DSfSrDuIdR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjQwMTAxMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWZlNGM0ODM2Mzk4OTJhZWZlZDNjMjU2NTkxNzUyNzAyNzhhNzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFVO+YpPsPWevk82oUvDD9bGBOkC
ktSNwawlNkhdoU/wFuJf3sKyOg/QmzdStVvCotLkPbiyL6BLO4n8NP1dtOiTu0o9
dai1fL7vj3bQt87gYHJPtN91GyDgahmBmerC081ZnCUAng631gb2WzdXUg3NooiS
C5DGjzp3mbPSrX60k7fvICePRlWbYf+K9DKebn4qDb11gewq+VRmBMV4VMXu+o25
Mk0Xq5MKv/YZ6vOhPKoI0xCRMvy/UefWHctUVnfHngPBKpzF/X+iFbx4mP1DG4Ow
7LDHyyl9LO5gMcbtDke6jpvO8SOerwPv0peVo5BCded5eBEq7syahdmOxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGr+TEg2OYkq7+08JWWRdScCeKddMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvYXY1TVNEWTVpU3J2N1R3bFpaRjFKd0o0cDEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cgMA0G
CSqGSIb3DQEBCwUAA4IBAQAPjtMAHKYLsxhVUovSnb4lTQKK2Z5SzJYYRZ78H5kD
w+0h5sMLF6PY5UybKtvOU36DdrDFC+oP0Ykfl5VCeUEoHBNJ6w+RAMBPL6ZuQO/Q
rar1pZmU8yIPsIUGWgq0kwzScqYtSOHHCon6tyzw2LDae95IOelIM4rpxEOPkDg3
BGkVWLJS1/BJgtE7lP2Sot/6uLIsgF0igTzR+Ias27q3FKI/62quxmtAq6BniOOj
kjcq97crW+AZI3x11E3np+HFYisdxwnRMmMKsYYgKjXgZZjRVS7M+/C/y3UsTeZN
RRbg/Vl9Frn2guFWsXhcLUx8czgfz+uf/TRlfadE5fj+
-----END CERTIFICATE-----