Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/qfxvedgG9P_3nghUIKFxrBhZg3s.roa
File:                     qfxvedgG9P_3nghUIKFxrBhZg3s.roa (raw, json)
Hash identifier:          oFR8742y/pdJyYE4uLmrYv3JNxZO2gzKDtL041ot2t4=
Subject key identifier:   A9:FC:6F:79:D8:06:F4:FF:F7:9E:08:54:20:A1:71:AC:18:59:83:7B
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       018CC3B6A04261505ECD8682CA8E2DA4D0F6
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/qfxvedgG9P_3nghUIKFxrBhZg3s.roa
Signing time:             Mon 01 Jan 2024 06:29:34 +0000
ROA not before:           Mon 01 Jan 2024 06:29:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        91.199.44.0/24 maxlen: 24
                          91.199.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 03:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:a0:42:61:50:5e:cd:86:82:ca:8e:2d:a4:d0:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Jan  1 06:29:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9fc6f79d806f4fff79e085420a171ac1859837b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:cc:2a:62:05:17:b8:f3:a6:b6:d2:76:46:df:
                    cc:25:c9:23:0e:3b:a4:91:31:ec:96:56:35:db:00:
                    21:6e:aa:b2:79:32:e5:87:de:c8:30:f1:d3:4c:6d:
                    8f:50:41:cf:b0:ab:a1:9c:c5:33:84:85:f4:09:37:
                    53:78:a0:bb:6a:7b:f8:bb:3d:dd:db:8e:00:97:ed:
                    7d:db:39:2b:f6:51:97:1a:31:a8:d3:9a:ab:64:ab:
                    3c:80:76:4b:9b:44:9f:d8:62:bb:13:83:23:7d:d9:
                    aa:7f:1b:10:71:8b:fd:ad:5e:2e:5a:dc:d6:fb:63:
                    b7:b5:7e:e1:93:bc:3e:28:64:8b:01:f8:6e:3d:fc:
                    32:5a:83:0a:15:5c:cd:11:be:b6:8f:a8:c4:4a:c2:
                    a5:ee:30:fa:10:18:b3:d4:5d:03:c7:a3:61:fd:1b:
                    f6:bf:8f:24:36:45:26:21:65:27:ca:a2:56:19:ee:
                    8c:18:cf:37:4f:b5:6e:ab:5d:b9:a7:60:62:59:b1:
                    c3:7a:4c:e0:d3:6c:cf:71:e4:5c:57:2f:ba:64:a4:
                    c8:d6:b1:36:43:1d:aa:bb:17:24:bf:1c:17:1e:d5:
                    1c:5d:3b:4f:d5:78:19:cd:b3:c6:3e:78:43:e1:69:
                    90:5c:43:03:56:c3:21:d7:18:a1:3d:42:29:c7:e1:
                    b4:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:FC:6F:79:D8:06:F4:FF:F7:9E:08:54:20:A1:71:AC:18:59:83:7B
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/qfxvedgG9P_3nghUIKFxrBhZg3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.44.0/24
                  91.199.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:c3:f2:7e:b2:22:f1:59:4e:01:c4:bf:2c:09:e2:88:c8:3a:
         02:a1:d7:ba:7f:a8:21:75:53:be:98:d4:74:85:ef:be:91:bc:
         17:2f:c4:be:62:54:57:56:42:da:1b:77:59:a5:e8:ba:3b:46:
         e9:cf:e0:ec:02:57:ce:cb:64:6f:e6:55:6f:22:c4:61:86:36:
         16:ef:9c:47:3e:01:ea:29:f1:12:3a:68:a9:7d:63:97:6b:a7:
         10:6f:96:08:b4:b1:46:dc:47:84:77:1e:23:b0:2c:38:2a:cf:
         34:95:c1:89:7b:d7:14:3b:f5:52:79:b6:f1:fa:0a:ed:75:a2:
         ad:6b:96:44:35:b3:6a:a8:19:df:86:47:d1:6d:cf:05:16:f2:
         fd:95:aa:81:b9:58:d6:fb:e2:f5:f4:2c:c8:58:d9:cd:f6:c4:
         22:b4:0c:08:8e:03:c7:45:c2:98:57:70:f2:d1:fd:62:11:20:
         d9:64:ad:d8:0c:59:3d:aa:ed:77:8f:a4:44:c5:1a:f9:f6:0a:
         e8:e8:ab:0e:45:28:70:e7:79:bc:22:a6:c2:cf:d3:bf:c2:a1:
         37:7b:a8:34:17:d0:3e:86:8c:32:02:41:06:76:a3:38:19:89:
         50:96:c8:c4:00:fa:e6:8c:b7:b0:3a:f5:9e:2c:73:ba:29:8f:
         cd:ea:79:b8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtqBCYVBezYaCyo4tpND2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjQwMTAxMDYyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOWZjNmY3OWQ4MDZmNGZmZjc5ZTA4NTQyMGExNzFhYzE4NTk4MzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArswqYgUXuPOmttJ2Rt/MJckjDjuk
kTHsllY12wAhbqqyeTLlh97IMPHTTG2PUEHPsKuhnMUzhIX0CTdTeKC7anv4uz3d
244Al+192zkr9lGXGjGo05qrZKs8gHZLm0Sf2GK7E4MjfdmqfxsQcYv9rV4uWtzW
+2O3tX7hk7w+KGSLAfhuPfwyWoMKFVzNEb62j6jESsKl7jD6EBiz1F0Dx6Nh/Rv2
v48kNkUmIWUnyqJWGe6MGM83T7Vuq125p2BiWbHDekzg02zPceRcVy+6ZKTI1rE2
Qx2quxckvxwXHtUcXTtP1XgZzbPGPnhD4WmQXEMDVsMh1xihPUIpx+G0pQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKn8b3nYBvT/954IVCChcawYWYN7MB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvcWZ4dmVkZ0c5UF8zbmdoVUlLRnhyQmhaZzNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8csAwQA
W8cvMA0GCSqGSIb3DQEBCwUAA4IBAQAQw/J+siLxWU4BxL8sCeKIyDoCode6f6gh
dVO+mNR0he++kbwXL8S+YlRXVkLaG3dZpei6O0bpz+DsAlfOy2Rv5lVvIsRhhjYW
75xHPgHqKfESOmipfWOXa6cQb5YItLFG3EeEdx4jsCw4Ks80lcGJe9cUO/VSebbx
+grtdaKta5ZENbNqqBnfhkfRbc8FFvL9laqBuVjW++L19CzIWNnN9sQitAwIjgPH
RcKYV3Dy0f1iESDZZK3YDFk9qu13j6RExRr59gro6KsORShw53m8IqbCz9O/wqE3
e6g0F9A+howyAkEGdqM4GYlQlsjEAPrmjLewOvWeLHO6KY/N6nm4
-----END CERTIFICATE-----