Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/4ce012-33ea-4b6e-9065-a2c4c231ddf7/1/ffTEmHDwrnxcx64_e8SAl1mpY4o.roa
File:                     ffTEmHDwrnxcx64_e8SAl1mpY4o.roa (raw, json)
Hash identifier:          oOLI8epsDfTUXJqCkz0SsAQAjlqrToiG0NjYMSlooVQ=
Subject key identifier:   7D:F4:C4:98:70:F0:AE:7C:5C:C7:AE:3F:7B:C4:80:97:59:A9:63:8A
Certificate issuer:       /CN=7e750d6fcb8a40cd661cf73d1acabd8305e877fd
Certificate serial:       01925132112C17F50EA918B7F782A6E22F39
Authority key identifier: 7E:75:0D:6F:CB:8A:40:CD:66:1C:F7:3D:1A:CA:BD:83:05:E8:77:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fnUNb8uKQM1mHPc9Gsq9gwXod_0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/4ce012-33ea-4b6e-9065-a2c4c231ddf7/1/ffTEmHDwrnxcx64_e8SAl1mpY4o.roa
Signing time:             Thu 03 Oct 2024 07:04:48 +0000
ROA not before:           Thu 03 Oct 2024 07:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.230.68.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/4ce012-33ea-4b6e-9065-a2c4c231ddf7/1/fnUNb8uKQM1mHPc9Gsq9gwXod_0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/4ce012-33ea-4b6e-9065-a2c4c231ddf7/1/fnUNb8uKQM1mHPc9Gsq9gwXod_0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fnUNb8uKQM1mHPc9Gsq9gwXod_0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:32:11:2c:17:f5:0e:a9:18:b7:f7:82:a6:e2:2f:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e750d6fcb8a40cd661cf73d1acabd8305e877fd
        Validity
            Not Before: Oct  3 07:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7df4c49870f0ae7c5cc7ae3f7bc4809759a9638a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3b:fa:8d:7a:67:5b:62:3f:39:cd:e0:35:30:
                    28:c8:d0:3b:11:02:0c:27:db:37:b0:40:c5:a9:54:
                    69:67:ba:9e:88:f0:8c:4f:22:08:bb:97:a0:37:7a:
                    89:20:cd:5b:50:6e:26:ac:c3:2f:82:16:6a:8b:66:
                    a4:f5:86:75:04:66:37:5d:44:2d:13:10:f7:fb:1e:
                    d7:85:ca:4f:12:c8:e4:9f:44:11:7b:ff:36:3c:4f:
                    1c:67:24:08:f2:a0:fe:29:7e:9a:31:58:48:ea:f8:
                    26:0b:cc:36:89:b5:a7:91:70:12:38:4e:b2:71:96:
                    83:a2:df:3b:a8:cc:a5:4c:5f:73:a4:6b:a9:d4:0b:
                    2b:8b:ff:3e:28:67:ff:b2:ce:6b:02:aa:3b:63:cb:
                    55:e7:b9:37:1c:d1:1b:aa:8c:79:d5:f8:ee:c6:3a:
                    ac:18:49:d0:be:5b:dd:71:22:dd:22:d2:5f:6e:cd:
                    24:7f:61:68:16:16:e2:43:ef:64:d0:28:d9:6a:ac:
                    98:03:37:5e:08:e8:36:4b:cf:c1:ac:4c:26:72:69:
                    b7:54:ce:70:e6:f6:9b:82:e9:cf:8d:16:ab:25:b4:
                    65:0d:d7:87:4e:23:80:14:38:cc:fc:33:83:c3:77:
                    02:3a:fd:e3:43:02:3a:58:c1:d5:7f:8e:7d:17:b9:
                    b9:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:F4:C4:98:70:F0:AE:7C:5C:C7:AE:3F:7B:C4:80:97:59:A9:63:8A
            X509v3 Authority Key Identifier:
                keyid:7E:75:0D:6F:CB:8A:40:CD:66:1C:F7:3D:1A:CA:BD:83:05:E8:77:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fnUNb8uKQM1mHPc9Gsq9gwXod_0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/4ce012-33ea-4b6e-9065-a2c4c231ddf7/1/ffTEmHDwrnxcx64_e8SAl1mpY4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/4ce012-33ea-4b6e-9065-a2c4c231ddf7/1/fnUNb8uKQM1mHPc9Gsq9gwXod_0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:87:ce:bf:40:52:76:76:b6:07:37:12:f7:f8:ae:63:4a:c3:
         4b:50:1b:71:df:93:4a:d4:0b:6f:98:45:42:9f:e4:b6:d5:6f:
         20:b4:1f:94:c4:d8:91:9f:18:e4:50:db:9f:83:71:8e:21:c8:
         e9:8d:c0:1c:e2:c9:5e:01:00:17:2e:96:1b:eb:5d:24:eb:1b:
         85:5e:98:0f:68:63:1a:4a:a5:b6:7d:e1:17:d2:40:4b:0e:d8:
         19:1f:d1:78:dd:75:ab:f8:64:8d:58:db:c7:7a:80:a0:d9:67:
         66:45:a3:52:43:ec:c0:b8:9f:68:c0:85:bf:f4:b5:82:4d:7c:
         0b:cf:6c:c9:dc:8f:cf:c3:56:32:98:cc:d2:ec:ad:f2:97:8f:
         f7:7c:af:2a:1b:82:f9:a2:22:a6:d7:9d:be:f4:bd:99:37:f3:
         c3:f8:80:97:03:1b:c6:d9:9c:0d:61:ed:11:f7:55:98:42:34:
         f5:08:a6:20:51:93:21:d5:95:92:b6:f8:a8:1b:51:d0:63:04:
         e6:65:35:83:c4:00:9e:d2:97:eb:e9:56:bc:ff:c7:bc:22:1d:
         9c:d3:17:6d:ab:dd:50:7c:5e:2b:32:85:4b:da:bd:82:cf:f8:
         11:51:50:ab:56:67:17:2e:fa:b2:3e:7b:bb:58:2a:49:8b:72:
         94:88:6e:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRMhEsF/UOqRi394Km4i85MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNzUwZDZmY2I4YTQwY2Q2NjFjZjczZDFhY2FiZDgzMDVl
ODc3ZmQwHhcNMjQxMDAzMDcwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGY0YzQ5ODcwZjBhZTdjNWNjN2FlM2Y3YmM0ODA5NzU5YTk2MzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjv6jXpnW2I/Oc3gNTAoyNA7EQIM
J9s3sEDFqVRpZ7qeiPCMTyIIu5egN3qJIM1bUG4mrMMvghZqi2ak9YZ1BGY3XUQt
ExD3+x7XhcpPEsjkn0QRe/82PE8cZyQI8qD+KX6aMVhI6vgmC8w2ibWnkXASOE6y
cZaDot87qMylTF9zpGup1Asri/8+KGf/ss5rAqo7Y8tV57k3HNEbqox51fjuxjqs
GEnQvlvdcSLdItJfbs0kf2FoFhbiQ+9k0CjZaqyYAzdeCOg2S8/BrEwmcmm3VM5w
5vabgunPjRarJbRlDdeHTiOAFDjM/DODw3cCOv3jQwI6WMHVf459F7m5NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH30xJhw8K58XMeuP3vEgJdZqWOKMB8GA1UdIwQY
MBaAFH51DW/LikDNZhz3PRrKvYMF6Hf9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm5VTmI4dUtRTTFtSFBjOUdzcTlnd1hvZF8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS80Y2UwMTItMzNlYS00YjZlLTkwNjUt
YTJjNGMyMzFkZGY3LzEvZmZURW1IRHdybnhjeDY0X2U4U0FsMW1wWTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS80Y2UwMTItMzNlYS00YjZlLTkwNjUtYTJjNGMyMzFkZGY3
LzEvZm5VTmI4dUtRTTFtSFBjOUdzcTlnd1hvZF8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+ZEMA0G
CSqGSIb3DQEBCwUAA4IBAQCrh86/QFJ2drYHNxL3+K5jSsNLUBtx35NK1AtvmEVC
n+S21W8gtB+UxNiRnxjkUNufg3GOIcjpjcAc4sleAQAXLpYb610k6xuFXpgPaGMa
SqW2feEX0kBLDtgZH9F43XWr+GSNWNvHeoCg2WdmRaNSQ+zAuJ9owIW/9LWCTXwL
z2zJ3I/Pw1YymMzS7K3yl4/3fK8qG4L5oiKm152+9L2ZN/PD+ICXAxvG2ZwNYe0R
91WYQjT1CKYgUZMh1ZWStvioG1HQYwTmZTWDxACe0pfr6Va8/8e8Ih2c0xdtq91Q
fF4rMoVL2r2Cz/gRUVCrVmcXLvqyPnu7WCpJi3KUiG5Z
-----END CERTIFICATE-----