Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/cc2083-f966-4e07-9207-79c410cb6458/1/fkJKmh5zDN0Kqn8rotQGh7tCyI4.roa
File:                     fkJKmh5zDN0Kqn8rotQGh7tCyI4.roa (raw, json)
Hash identifier:          quxYWHt6uVoxRIFcZvvj9cJG53rAivUXlL4xxrWHyXs=
Subject key identifier:   7E:42:4A:9A:1E:73:0C:DD:0A:AA:7F:2B:A2:D4:06:87:BB:42:C8:8E
Certificate issuer:       /CN=cbd085027dd3d2b9012533adffc9305e5ff0a548
Certificate serial:       019425FCE9762C649DF4645DDEEEE3BECD82
Authority key identifier: CB:D0:85:02:7D:D3:D2:B9:01:25:33:AD:FF:C9:30:5E:5F:F0:A5:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y9CFAn3T0rkBJTOt_8kwXl_wpUg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/cc2083-f966-4e07-9207-79c410cb6458/1/fkJKmh5zDN0Kqn8rotQGh7tCyI4.roa
Signing time:             Thu 02 Jan 2025 07:48:39 +0000
ROA not before:           Thu 02 Jan 2025 07:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197230
IP address blocks:        91.217.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/cc2083-f966-4e07-9207-79c410cb6458/1/y9CFAn3T0rkBJTOt_8kwXl_wpUg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/cc2083-f966-4e07-9207-79c410cb6458/1/y9CFAn3T0rkBJTOt_8kwXl_wpUg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y9CFAn3T0rkBJTOt_8kwXl_wpUg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:e9:76:2c:64:9d:f4:64:5d:de:ee:e3:be:cd:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cbd085027dd3d2b9012533adffc9305e5ff0a548
        Validity
            Not Before: Jan  2 07:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e424a9a1e730cdd0aaa7f2ba2d40687bb42c88e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:59:cd:75:4b:c8:98:88:33:22:34:b8:79:fb:
                    f6:bb:33:2d:b0:12:a7:85:a3:14:7d:cf:49:a8:20:
                    c1:c7:bd:f5:3c:f3:c6:42:71:67:7f:f2:ae:9b:6d:
                    8c:c4:d8:68:3f:62:4d:c5:0e:a9:54:0d:3b:34:99:
                    2f:82:1d:0e:22:93:a3:0e:ca:36:aa:ac:09:b6:9f:
                    47:ab:5f:91:d8:39:b9:9c:be:8d:63:78:c2:5b:08:
                    0e:9e:59:6d:f5:bd:31:bb:a0:47:4a:cc:8f:b3:3d:
                    73:22:83:4f:e8:f6:48:71:5b:42:1a:f0:4e:e8:87:
                    b7:df:bf:e1:ba:74:21:6b:7c:6f:78:5a:00:95:27:
                    fb:7d:0d:94:5a:a4:0e:40:71:e4:63:35:79:6a:1c:
                    28:51:75:85:0d:f7:ea:90:3b:bd:f8:ca:35:73:86:
                    24:ec:a3:07:59:76:27:55:68:78:4d:af:a5:62:8c:
                    cf:ad:98:46:97:95:9f:3c:19:f0:df:74:ac:01:ae:
                    7b:19:67:42:43:43:fd:c6:11:0d:92:6b:59:f7:c7:
                    26:6a:ac:39:08:48:fe:90:fd:46:4a:e2:4f:6f:f3:
                    b7:4f:8d:35:53:6e:f0:bc:82:2d:ad:f4:44:ec:36:
                    5d:d2:fe:9d:9a:cf:16:0a:ac:ba:d9:c9:3d:0d:62:
                    f8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:42:4A:9A:1E:73:0C:DD:0A:AA:7F:2B:A2:D4:06:87:BB:42:C8:8E
            X509v3 Authority Key Identifier:
                keyid:CB:D0:85:02:7D:D3:D2:B9:01:25:33:AD:FF:C9:30:5E:5F:F0:A5:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y9CFAn3T0rkBJTOt_8kwXl_wpUg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cc2083-f966-4e07-9207-79c410cb6458/1/fkJKmh5zDN0Kqn8rotQGh7tCyI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/cc2083-f966-4e07-9207-79c410cb6458/1/y9CFAn3T0rkBJTOt_8kwXl_wpUg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:de:8d:c7:b4:1d:8d:19:28:9e:dc:05:fa:71:58:24:d1:62:
         31:56:ae:bf:d2:bd:7f:df:32:aa:84:1a:8d:3a:23:ce:14:61:
         c0:d5:db:ff:16:83:b4:1f:9e:93:e7:f2:4b:60:6a:9a:ce:67:
         46:15:42:e0:c4:d8:7c:08:5b:47:7b:09:7f:bb:0a:34:c3:1c:
         dd:45:24:de:cc:90:76:df:3a:4b:1d:77:a0:8a:d5:1b:8c:d4:
         ba:70:8a:96:d4:38:de:59:12:c1:01:ec:38:50:6a:a9:f1:49:
         f3:14:29:f1:24:b7:6a:0b:9d:bf:fe:bf:a3:22:f4:c8:e5:d5:
         5e:f5:f2:59:08:83:04:fe:42:69:61:98:92:9b:39:e4:c8:5d:
         30:20:de:dc:a3:91:c2:05:db:66:c4:60:63:3c:4e:85:64:8a:
         f0:a2:11:b5:dd:e8:e9:7b:11:2c:02:51:a3:68:58:47:ea:fa:
         c8:92:89:21:f4:cd:fb:d6:22:57:51:da:c6:0a:d9:b2:af:c4:
         e7:8a:09:de:12:55:1a:d8:d6:ff:a2:ff:ee:06:36:b3:79:11:
         44:66:76:cb:3e:15:77:dc:ab:40:7f:63:5d:1c:a8:55:5d:13:
         83:39:75:e3:6c:97:11:76:2e:56:8b:bb:2d:0a:2c:77:97:e9:
         7f:79:cc:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Ol2LGSd9GRd3u7jvs2CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiZDA4NTAyN2RkM2QyYjkwMTI1MzNhZGZmYzkzMDVlNWZm
MGE1NDgwHhcNMjUwMTAyMDc0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTQyNGE5YTFlNzMwY2RkMGFhYTdmMmJhMmQ0MDY4N2JiNDJjODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFnNdUvImIgzIjS4efv2uzMtsBKn
haMUfc9JqCDBx731PPPGQnFnf/Kum22MxNhoP2JNxQ6pVA07NJkvgh0OIpOjDso2
qqwJtp9Hq1+R2Dm5nL6NY3jCWwgOnllt9b0xu6BHSsyPsz1zIoNP6PZIcVtCGvBO
6Ie337/hunQha3xveFoAlSf7fQ2UWqQOQHHkYzV5ahwoUXWFDffqkDu9+Mo1c4Yk
7KMHWXYnVWh4Ta+lYozPrZhGl5WfPBnw33SsAa57GWdCQ0P9xhENkmtZ98cmaqw5
CEj+kP1GSuJPb/O3T401U27wvIItrfRE7DZd0v6dms8WCqy62ck9DWL47wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH5CSpoecwzdCqp/K6LUBoe7QsiOMB8GA1UdIwQY
MBaAFMvQhQJ909K5ASUzrf/JMF5f8KVIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTlDRkFuM1QwcmtCSlRPdF84a3dYbF93cFVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9jYzIwODMtZjk2Ni00ZTA3LTkyMDct
NzljNDEwY2I2NDU4LzEvZmtKS21oNXpETjBLcW44cm90UUdoN3RDeUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9jYzIwODMtZjk2Ni00ZTA3LTkyMDctNzljNDEwY2I2NDU4
LzEveTlDRkFuM1QwcmtCSlRPdF84a3dYbF93cFVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mMMA0G
CSqGSIb3DQEBCwUAA4IBAQBV3o3HtB2NGSie3AX6cVgk0WIxVq6/0r1/3zKqhBqN
OiPOFGHA1dv/FoO0H56T5/JLYGqazmdGFULgxNh8CFtHewl/uwo0wxzdRSTezJB2
3zpLHXegitUbjNS6cIqW1DjeWRLBAew4UGqp8UnzFCnxJLdqC52//r+jIvTI5dVe
9fJZCIME/kJpYZiSmznkyF0wIN7co5HCBdtmxGBjPE6FZIrwohG13ejpexEsAlGj
aFhH6vrIkokh9M371iJXUdrGCtmyr8TnigneElUa2Nb/ov/uBjazeRFEZnbLPhV3
3KtAf2NdHKhVXRODOXXjbJcRdi5Wi7stCix3l+l/ecyD
-----END CERTIFICATE-----