Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/7ZHcZO9VQbfA0lClX-cGA5al6Y8.roa
File:                     7ZHcZO9VQbfA0lClX-cGA5al6Y8.roa (raw, json)
Hash identifier:          uQVLx5aAgUJ2s6piP9R3BUPsGpGGjFJdBvs5eyX5/Vk=
Subject key identifier:   ED:91:DC:64:EF:55:41:B7:C0:D2:50:A5:5F:E7:06:03:96:A5:E9:8F
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019421440D6082C69BA5F08F5B48B221FD96
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/7ZHcZO9VQbfA0lClX-cGA5al6Y8.roa
Signing time:             Wed 01 Jan 2025 09:48:15 +0000
ROA not before:           Wed 01 Jan 2025 09:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61302
IP address blocks:        91.236.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:0d:60:82:c6:9b:a5:f0:8f:5b:48:b2:21:fd:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed91dc64ef5541b7c0d250a55fe7060396a5e98f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:e1:85:e2:9f:82:10:bf:f8:0b:24:f4:b8:82:
                    b5:59:00:85:ed:9e:4a:66:34:59:b3:e2:5a:86:e1:
                    cb:a3:7f:0f:70:10:0e:d1:9f:fc:9c:0d:47:8a:a9:
                    5f:de:86:d0:15:06:f5:73:17:37:77:8a:a6:24:3e:
                    b3:93:6b:84:25:e4:f3:27:89:59:f6:c5:6f:53:13:
                    10:64:47:2d:cd:f1:1a:2c:f1:4f:be:d5:f5:9f:f0:
                    33:e7:0e:bb:97:3e:8d:97:26:7d:09:a2:e9:39:24:
                    53:ea:2e:24:77:02:1b:3c:25:f1:fd:d5:03:41:6e:
                    90:c1:ec:7b:38:13:a8:85:61:c0:fd:66:fd:67:e2:
                    51:72:4d:f7:74:69:25:fb:fd:f8:3f:81:a6:eb:8e:
                    66:13:ff:8a:4a:b4:5f:e2:ac:da:2b:14:a8:71:51:
                    54:15:9e:d7:ed:06:1a:04:85:d2:ad:c8:11:4d:77:
                    b2:24:e7:3d:df:70:3e:60:f5:92:dd:23:47:fc:fa:
                    1a:89:e0:f2:d2:47:21:df:7d:0f:4a:1f:e0:5d:68:
                    64:65:93:5e:f4:d3:f4:50:55:4a:8f:4d:cd:76:7a:
                    25:e4:2b:94:d0:32:c4:e6:86:e5:2d:50:cb:aa:10:
                    74:be:2e:c2:0e:36:8b:e0:2f:60:8b:cc:75:e7:bc:
                    34:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:91:DC:64:EF:55:41:B7:C0:D2:50:A5:5F:E7:06:03:96:A5:E9:8F
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/7ZHcZO9VQbfA0lClX-cGA5al6Y8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:19:72:92:b4:6a:ff:66:15:ca:5a:d4:92:5b:48:98:73:f0:
         6a:2b:05:50:43:98:3e:68:bf:f2:86:5d:3d:c9:d4:d7:90:2b:
         54:52:3e:2c:7b:a3:f6:6a:6f:50:79:a2:66:dc:e3:44:65:31:
         f3:52:a3:d9:c7:9e:8d:ca:94:4a:61:97:34:d6:15:ce:61:62:
         66:b7:10:22:28:65:e9:9f:a1:29:5b:ca:1a:a0:dc:5e:75:9b:
         bd:ef:4d:1b:98:29:cc:31:11:d9:c3:c1:e0:8c:fc:56:c9:6b:
         1d:d5:9a:5f:c3:6c:6f:21:e3:27:34:ce:42:44:06:2d:54:ba:
         bc:74:26:dd:f8:8d:9e:46:38:ef:95:fd:cf:d7:9a:70:9a:90:
         1d:b4:03:f5:59:3f:b2:77:e5:b3:b8:30:30:7f:68:cb:c7:fe:
         70:b3:b7:64:cc:a3:e5:20:d3:fe:b5:51:62:e1:23:b8:80:9c:
         c4:23:87:b8:a8:01:a3:ba:25:84:e2:b3:8f:6e:22:09:2f:39:
         6c:7e:dc:3e:30:0f:57:2a:cd:1a:ab:7f:50:4a:98:7d:5c:b2:
         e3:5f:2b:e7:c6:73:8e:30:67:d9:ec:8f:7c:1d:f4:28:cf:96:
         5e:56:f8:fe:13:81:71:7e:2c:02:c4:93:e5:09:ac:53:7c:4f:
         f0:66:8a:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRA1ggsabpfCPW0iyIf2WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDkxZGM2NGVmNTU0MWI3YzBkMjUwYTU1ZmU3MDYwMzk2YTVlOThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOGF4p+CEL/4CyT0uIK1WQCF7Z5K
ZjRZs+JahuHLo38PcBAO0Z/8nA1Hiqlf3obQFQb1cxc3d4qmJD6zk2uEJeTzJ4lZ
9sVvUxMQZEctzfEaLPFPvtX1n/Az5w67lz6NlyZ9CaLpOSRT6i4kdwIbPCXx/dUD
QW6Qwex7OBOohWHA/Wb9Z+JRck33dGkl+/34P4Gm645mE/+KSrRf4qzaKxSocVFU
FZ7X7QYaBIXSrcgRTXeyJOc933A+YPWS3SNH/PoaieDy0kch330PSh/gXWhkZZNe
9NP0UFVKj03Ndnol5CuU0DLE5oblLVDLqhB0vi7CDjaL4C9gi8x157w0bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2R3GTvVUG3wNJQpV/nBgOWpemPMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvN1pIY1pPOVZRYmZBMGxDbFgtY0dBNWFsNlk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+xPMA0G
CSqGSIb3DQEBCwUAA4IBAQAXGXKStGr/ZhXKWtSSW0iYc/BqKwVQQ5g+aL/yhl09
ydTXkCtUUj4se6P2am9QeaJm3ONEZTHzUqPZx56NypRKYZc01hXOYWJmtxAiKGXp
n6EpW8oaoNxedZu9700bmCnMMRHZw8HgjPxWyWsd1Zpfw2xvIeMnNM5CRAYtVLq8
dCbd+I2eRjjvlf3P15pwmpAdtAP1WT+yd+WzuDAwf2jLx/5ws7dkzKPlINP+tVFi
4SO4gJzEI4e4qAGjuiWE4rOPbiIJLzlsftw+MA9XKs0aq39QSph9XLLjXyvnxnOO
MGfZ7I98HfQoz5ZeVvj+E4FxfiwCxJPlCaxTfE/wZopw
-----END CERTIFICATE-----