Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/fIRU7Arx9qD9Y5ur2tEu2WRvr7I.roa
File:                     fIRU7Arx9qD9Y5ur2tEu2WRvr7I.roa (raw, json)
Hash identifier:          ZlPk8Ajz/Qmyp1KRTC6xj2h/U9Da0PFCpMNUA88HDtk=
Subject key identifier:   7C:84:54:EC:0A:F1:F6:A0:FD:63:9B:AB:DA:D1:2E:D9:64:6F:AF:B2
Certificate issuer:       /CN=db9d7c57714ef40fdb0165dc1984580ce1d5906b
Certificate serial:       018CC94DD4AB3FA70E014D2C80AB4708E984
Authority key identifier: DB:9D:7C:57:71:4E:F4:0F:DB:01:65:DC:19:84:58:0C:E1:D5:90:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2518V3FO9A_bAWXcGYRYDOHVkGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/fIRU7Arx9qD9Y5ur2tEu2WRvr7I.roa
Signing time:             Tue 02 Jan 2024 08:32:50 +0000
ROA not before:           Tue 02 Jan 2024 08:32:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64441
IP address blocks:        91.212.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/2518V3FO9A_bAWXcGYRYDOHVkGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/2518V3FO9A_bAWXcGYRYDOHVkGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2518V3FO9A_bAWXcGYRYDOHVkGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d4:ab:3f:a7:0e:01:4d:2c:80:ab:47:08:e9:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db9d7c57714ef40fdb0165dc1984580ce1d5906b
        Validity
            Not Before: Jan  2 08:32:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c8454ec0af1f6a0fd639babdad12ed9646fafb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:af:54:66:b1:c7:33:48:5a:8c:74:ff:32:f3:
                    2a:e9:c3:17:32:29:c0:74:7b:2e:5b:d2:92:8e:67:
                    3d:a1:e4:31:f9:2e:83:66:aa:40:9a:de:e7:56:00:
                    fe:c7:5d:ac:53:e6:0e:c9:af:5b:29:d2:35:51:ce:
                    ad:dc:4f:b3:ca:cd:1b:65:96:15:a8:59:d8:1c:86:
                    a7:84:9e:d9:e3:12:eb:c3:05:86:9c:f2:db:4c:93:
                    d6:d7:82:69:2b:d6:b1:34:2d:8d:1d:54:2c:34:11:
                    f7:d6:dd:62:65:46:23:d6:38:87:42:cc:c6:ea:fb:
                    cb:cf:84:aa:da:18:56:1c:a8:8d:66:25:27:86:ae:
                    3d:00:f6:11:2a:08:03:ab:9b:e8:e3:c1:33:8c:f2:
                    9f:1b:42:95:cf:50:fa:36:24:10:d8:25:d3:90:99:
                    18:d5:8e:c8:12:92:40:26:65:2d:7f:02:64:0c:5a:
                    9d:ae:d9:87:37:43:d3:25:7d:b4:7e:c4:a6:f8:55:
                    29:3d:df:b3:99:ea:a2:3a:32:18:bc:e6:0c:13:b7:
                    c4:7f:60:79:33:e4:97:74:0c:17:8c:0f:6a:e8:4d:
                    8c:a7:c9:f9:fa:fc:96:c4:e8:99:a5:23:b6:f2:d4:
                    4b:86:70:59:bc:b1:d7:ae:99:c8:43:79:ef:be:11:
                    63:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:84:54:EC:0A:F1:F6:A0:FD:63:9B:AB:DA:D1:2E:D9:64:6F:AF:B2
            X509v3 Authority Key Identifier:
                keyid:DB:9D:7C:57:71:4E:F4:0F:DB:01:65:DC:19:84:58:0C:E1:D5:90:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2518V3FO9A_bAWXcGYRYDOHVkGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/fIRU7Arx9qD9Y5ur2tEu2WRvr7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/2518V3FO9A_bAWXcGYRYDOHVkGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:4d:76:89:15:fa:75:42:43:33:00:13:52:dd:a2:9e:f3:11:
         10:2d:5c:22:f4:8b:19:6a:86:85:89:4a:78:bc:54:bd:51:2e:
         8d:23:f8:f2:b4:38:05:fb:a8:b7:80:57:5a:fa:b9:c7:fb:d5:
         81:b5:a1:70:58:c0:a6:f8:34:4e:38:54:ae:bf:73:9b:30:d7:
         ee:fd:dd:a6:1f:48:c4:a2:a6:95:c0:49:38:5a:fc:21:ef:e4:
         fe:fe:d1:a1:ae:32:4a:19:20:74:60:22:b9:0e:e5:1d:3b:c6:
         7e:11:91:b1:7e:ef:9b:2b:e8:89:a5:40:06:ff:bb:19:08:68:
         8f:0c:e3:7e:7a:83:76:58:36:61:58:a9:7c:cf:48:8b:77:14:
         f6:6c:af:36:ea:ba:bf:86:c1:54:0a:c9:d1:c7:ce:70:5f:fc:
         ab:c3:ce:b3:78:31:ec:a9:9b:2d:9a:62:3d:60:92:3b:b1:d4:
         f1:72:5e:c5:bf:f9:90:d7:4c:7f:cc:9a:cf:28:de:cb:03:26:
         f5:3a:0c:8e:6f:d6:4d:f7:b6:38:30:84:f9:b1:bf:68:e7:87:
         5f:5e:1e:7d:d6:05:eb:12:99:a8:53:48:06:fc:1e:de:51:fc:
         5a:27:ed:58:ab:5a:2c:fe:82:f3:3c:33:bb:de:50:fc:a8:c6:
         a2:2d:3a:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTdSrP6cOAU0sgKtHCOmEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOWQ3YzU3NzE0ZWY0MGZkYjAxNjVkYzE5ODQ1ODBjZTFk
NTkwNmIwHhcNMjQwMTAyMDgzMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzg0NTRlYzBhZjFmNmEwZmQ2MzliYWJkYWQxMmVkOTY0NmZhZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkK9UZrHHM0hajHT/MvMq6cMXMinA
dHsuW9KSjmc9oeQx+S6DZqpAmt7nVgD+x12sU+YOya9bKdI1Uc6t3E+zys0bZZYV
qFnYHIanhJ7Z4xLrwwWGnPLbTJPW14JpK9axNC2NHVQsNBH31t1iZUYj1jiHQszG
6vvLz4Sq2hhWHKiNZiUnhq49APYRKggDq5vo48EzjPKfG0KVz1D6NiQQ2CXTkJkY
1Y7IEpJAJmUtfwJkDFqdrtmHN0PTJX20fsSm+FUpPd+zmeqiOjIYvOYME7fEf2B5
M+SXdAwXjA9q6E2Mp8n5+vyWxOiZpSO28tRLhnBZvLHXrpnIQ3nvvhFjkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyEVOwK8fag/WObq9rRLtlkb6+yMB8GA1UdIwQY
MBaAFNudfFdxTvQP2wFl3BmEWAzh1ZBrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjUxOFYzRk85QV9iQVdYY0dZUllET0hWa0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My83ZTc2ZmMtMTRhNi00MjY5LTgyNDUt
ZjA3ODFhNjNlNDQwLzEvZklSVTdBcng5cUQ5WTV1cjJ0RXUyV1J2cjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My83ZTc2ZmMtMTRhNi00MjY5LTgyNDUtZjA3ODFhNjNlNDQw
LzEvMjUxOFYzRk85QV9iQVdYY0dZUllET0hWa0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9TjMA0G
CSqGSIb3DQEBCwUAA4IBAQCuTXaJFfp1QkMzABNS3aKe8xEQLVwi9IsZaoaFiUp4
vFS9US6NI/jytDgF+6i3gFda+rnH+9WBtaFwWMCm+DROOFSuv3ObMNfu/d2mH0jE
oqaVwEk4Wvwh7+T+/tGhrjJKGSB0YCK5DuUdO8Z+EZGxfu+bK+iJpUAG/7sZCGiP
DON+eoN2WDZhWKl8z0iLdxT2bK826rq/hsFUCsnRx85wX/yrw86zeDHsqZstmmI9
YJI7sdTxcl7Fv/mQ10x/zJrPKN7LAyb1OgyOb9ZN97Y4MIT5sb9o54dfXh591gXr
EpmoU0gG/B7eUfxaJ+1Yq1os/oLzPDO73lD8qMaiLTok
-----END CERTIFICATE-----