Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/wed1dI7kmQ6rwffkswXkH2cgAUE.roa
File:                     wed1dI7kmQ6rwffkswXkH2cgAUE.roa (raw, json)
Hash identifier:          LleW4YyrOFUM4CKY2bjaQDnlIoLZDcQDdpt9EKVPOXQ=
Subject key identifier:   C1:E7:75:74:8E:E4:99:0E:AB:C1:F7:E4:B3:05:E4:1F:67:20:01:41
Certificate issuer:       /CN=7fcad89df1bf99a36f290cc3ef0f1e7b4d027533
Certificate serial:       018F62111264FABC1B4BA84F1F4FA16867E1
Authority key identifier: 7F:CA:D8:9D:F1:BF:99:A3:6F:29:0C:C3:EF:0F:1E:7B:4D:02:75:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/wed1dI7kmQ6rwffkswXkH2cgAUE.roa
Signing time:             Fri 10 May 2024 10:33:56 +0000
ROA not before:           Fri 10 May 2024 10:33:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210895
IP address blocks:        91.198.166.0/24 maxlen: 24
                          185.253.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/f8rYnfG_maNvKQzD7w8ee00CdTM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/f8rYnfG_maNvKQzD7w8ee00CdTM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:62:11:12:64:fa:bc:1b:4b:a8:4f:1f:4f:a1:68:67:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7fcad89df1bf99a36f290cc3ef0f1e7b4d027533
        Validity
            Not Before: May 10 10:33:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c1e775748ee4990eabc1f7e4b305e41f67200141
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d0:64:f2:9b:bf:df:c0:9c:bc:39:b8:d5:e6:
                    dc:7e:c1:ff:fc:7e:f6:3f:8f:57:70:e1:38:59:98:
                    07:8b:ac:59:b8:a9:47:3a:7f:05:da:4d:aa:33:d2:
                    d0:8f:af:6a:ea:08:1d:67:85:12:12:62:b6:f9:88:
                    7a:80:5b:b5:f2:7f:c9:7d:3c:c2:71:14:a7:8e:25:
                    a6:48:fb:7b:92:94:90:2d:28:0f:b1:17:60:fe:0d:
                    a7:c1:b2:3f:4a:01:85:87:b8:ba:8e:a8:9a:5f:e7:
                    19:f8:ab:40:c8:4b:0b:a2:c7:d7:e7:f4:38:c6:4a:
                    19:e9:15:db:3c:fe:48:88:04:52:a5:47:89:dc:02:
                    fa:e2:c4:57:d7:23:d3:73:15:93:07:6b:de:c2:a6:
                    74:39:54:3d:18:ec:a2:f0:42:1f:a9:c7:c7:34:9b:
                    32:f4:1f:32:aa:7c:04:11:2c:5d:43:62:87:90:bd:
                    90:1d:02:e6:c2:cb:cd:a8:1b:dc:2d:c5:b0:16:b8:
                    fc:e5:b0:95:e4:72:64:01:f3:a3:0a:bf:4e:bb:92:
                    d5:1a:be:71:24:e9:fa:06:4a:af:b6:92:f1:87:08:
                    a6:e5:49:69:db:9c:6b:1b:b3:82:0f:7b:eb:f0:0b:
                    df:5b:31:08:86:2e:0e:ac:c8:8a:d4:ff:ff:b7:f4:
                    ba:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:E7:75:74:8E:E4:99:0E:AB:C1:F7:E4:B3:05:E4:1F:67:20:01:41
            X509v3 Authority Key Identifier:
                keyid:7F:CA:D8:9D:F1:BF:99:A3:6F:29:0C:C3:EF:0F:1E:7B:4D:02:75:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8rYnfG_maNvKQzD7w8ee00CdTM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/wed1dI7kmQ6rwffkswXkH2cgAUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/9f8b16-284f-4512-b3dc-015d9f1b4b50/1/f8rYnfG_maNvKQzD7w8ee00CdTM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.166.0/24
                  185.253.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:98:46:5e:d6:1a:d5:77:08:e6:fc:fa:0a:b1:1d:a3:29:fb:
         36:20:57:d9:08:89:09:8d:85:ff:15:dd:b1:7d:2e:c2:51:b2:
         06:dc:5c:37:b3:18:83:a7:9e:a3:ae:a5:ec:24:8f:76:75:bb:
         d5:11:a5:46:27:75:96:5f:4f:2f:f7:af:10:d4:c7:4f:b8:e8:
         6e:b9:14:e6:90:0f:12:b5:b1:49:9e:8e:b8:51:e7:59:00:7f:
         be:35:15:24:bf:49:c9:f0:02:01:81:84:c0:46:42:46:b0:e4:
         19:4d:21:94:18:e3:0d:14:26:0e:77:e0:ec:9a:fc:fb:e1:39:
         a4:90:86:e9:42:93:cc:7f:48:5a:d6:2e:0b:be:0f:e9:22:42:
         09:fb:f0:65:d4:b4:74:2f:07:98:fd:d5:32:b0:d0:fe:20:80:
         e1:9c:09:26:ed:f4:d5:ba:f3:5b:0f:a8:75:2c:ed:51:6f:c9:
         56:d7:b4:12:82:73:31:10:2d:ad:2e:60:4a:d3:08:18:ed:fe:
         ff:43:97:0b:61:9a:6d:ff:34:42:e7:98:d0:29:02:7b:f0:42:
         53:87:90:c4:38:fe:55:3d:b4:d9:db:8e:4a:5f:ef:89:39:8d:
         f6:01:ac:56:c2:e6:9a:0d:f7:fe:4d:c0:9a:11:b5:ab:74:33:
         43:b9:ba:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9iERJk+rwbS6hPH0+haGfhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmY2FkODlkZjFiZjk5YTM2ZjI5MGNjM2VmMGYxZTdiNGQw
Mjc1MzMwHhcNMjQwNTEwMTAzMzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWU3NzU3NDhlZTQ5OTBlYWJjMWY3ZTRiMzA1ZTQxZjY3MjAwMTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldBk8pu/38CcvDm41ebcfsH//H72
P49XcOE4WZgHi6xZuKlHOn8F2k2qM9LQj69q6ggdZ4USEmK2+Yh6gFu18n/JfTzC
cRSnjiWmSPt7kpSQLSgPsRdg/g2nwbI/SgGFh7i6jqiaX+cZ+KtAyEsLosfX5/Q4
xkoZ6RXbPP5IiARSpUeJ3AL64sRX1yPTcxWTB2vewqZ0OVQ9GOyi8EIfqcfHNJsy
9B8yqnwEESxdQ2KHkL2QHQLmwsvNqBvcLcWwFrj85bCV5HJkAfOjCr9Ou5LVGr5x
JOn6BkqvtpLxhwim5Ulp25xrG7OCD3vr8AvfWzEIhi4OrMiK1P//t/S6iQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMHndXSO5JkOq8H35LMF5B9nIAFBMB8GA1UdIwQY
MBaAFH/K2J3xv5mjbykMw+8PHntNAnUzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjhyWW5mR19tYU52S1F6RDd3OGVlMDBDZFRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS85ZjhiMTYtMjg0Zi00NTEyLWIzZGMt
MDE1ZDlmMWI0YjUwLzEvd2VkMWRJN2ttUTZyd2Zma3N3WGtIMmNnQVVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS85ZjhiMTYtMjg0Zi00NTEyLWIzZGMtMDE1ZDlmMWI0YjUw
LzEvZjhyWW5mR19tYU52S1F6RDd3OGVlMDBDZFRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8amAwQA
uf0HMA0GCSqGSIb3DQEBCwUAA4IBAQA+mEZe1hrVdwjm/PoKsR2jKfs2IFfZCIkJ
jYX/Fd2xfS7CUbIG3Fw3sxiDp56jrqXsJI92dbvVEaVGJ3WWX08v968Q1MdPuOhu
uRTmkA8StbFJno64UedZAH++NRUkv0nJ8AIBgYTARkJGsOQZTSGUGOMNFCYOd+Ds
mvz74TmkkIbpQpPMf0ha1i4Lvg/pIkIJ+/Bl1LR0LweY/dUysND+IIDhnAkm7fTV
uvNbD6h1LO1Rb8lW17QSgnMxEC2tLmBK0wgY7f7/Q5cLYZpt/zRC55jQKQJ78EJT
h5DEOP5VPbTZ245KX++JOY32AaxWwuaaDff+TcCaEbWrdDNDubqS
-----END CERTIFICATE-----