Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/1-r43f9Bz5nUOgrU-gNvcbL23TRk.roa
File:                     1-r43f9Bz5nUOgrU-gNvcbL23TRk.roa (raw, json)
Hash identifier:          Yb8xf2tMBzQ70ILT97IqnoQHd6J2auIa/MLwbWcGuUo=
Subject key identifier:   FA:BE:37:7F:D0:73:E6:75:0E:82:B5:3E:80:DB:DC:6C:BD:B7:4D:19
Certificate issuer:       /CN=7001e422227fa44cc5cb95d2a9dcce0fa5b89c07
Certificate serial:       01929A62C43C5EE1FD165722033E0EA3A717
Authority key identifier: 70:01:E4:22:22:7F:A4:4C:C5:CB:95:D2:A9:DC:CE:0F:A5:B8:9C:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/1-r43f9Bz5nUOgrU-gNvcbL23TRk.roa
Signing time:             Thu 17 Oct 2024 12:10:16 +0000
ROA not before:           Thu 17 Oct 2024 12:10:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214640
IP address blocks:        91.226.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:9a:62:c4:3c:5e:e1:fd:16:57:22:03:3e:0e:a3:a7:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7001e422227fa44cc5cb95d2a9dcce0fa5b89c07
        Validity
            Not Before: Oct 17 12:10:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fabe377fd073e6750e82b53e80dbdc6cbdb74d19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ac:db:56:e2:a2:16:14:c2:d1:7d:35:73:c7:
                    a9:4e:49:71:8f:1e:ce:72:9e:24:1e:cb:60:3e:83:
                    df:15:27:23:44:82:ff:1a:67:8a:78:42:06:32:9c:
                    95:9b:d7:99:1a:ff:a1:71:8a:76:a0:72:45:db:a3:
                    b2:78:04:2d:2c:18:23:55:e5:0e:e5:5a:9d:2b:09:
                    58:cc:28:bd:15:3d:8c:b2:19:5a:dd:d8:81:1c:73:
                    ed:ee:7b:a0:f1:0e:71:f0:41:89:23:93:cc:3f:a6:
                    ed:9b:cb:65:17:7f:08:78:c4:da:13:69:21:32:50:
                    92:af:7a:61:7f:35:1d:fd:b4:37:bb:0b:c9:10:6d:
                    15:b8:70:50:2b:b2:2f:5e:cd:e8:cb:3e:ed:23:f1:
                    c1:58:74:f7:e7:3c:e1:96:b7:2c:e9:93:25:93:f6:
                    26:69:eb:8d:35:19:06:7a:03:c5:31:41:93:ff:60:
                    51:a6:64:9f:6b:55:52:c1:ca:c2:12:21:20:37:db:
                    39:cf:b9:31:59:10:c1:b3:8c:6e:58:da:98:03:75:
                    a6:ec:be:16:1b:fa:cf:2e:b4:85:2a:5b:db:ee:d2:
                    a8:b5:57:dc:83:ed:46:d2:e9:7c:ae:99:99:46:9f:
                    70:1c:58:38:bd:a7:d2:b1:d3:1e:52:0b:8d:74:96:
                    09:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:BE:37:7F:D0:73:E6:75:0E:82:B5:3E:80:DB:DC:6C:BD:B7:4D:19
            X509v3 Authority Key Identifier:
                keyid:70:01:E4:22:22:7F:A4:4C:C5:CB:95:D2:A9:DC:CE:0F:A5:B8:9C:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/1-r43f9Bz5nUOgrU-gNvcbL23TRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:80:0c:3e:ae:3d:0f:7e:b7:d4:e4:41:40:49:0e:bd:62:af:
         9f:7f:0e:eb:78:f4:fd:20:35:ee:af:79:98:b8:0f:62:b5:c0:
         7f:d2:f2:a4:37:69:80:ad:dd:af:c1:20:0c:56:6f:bb:66:62:
         ba:69:24:20:60:e6:01:8c:2f:72:38:13:a1:16:33:ab:aa:d9:
         99:8d:ee:60:a6:eb:6c:75:4d:73:e1:2d:06:97:64:ce:9e:e9:
         94:cc:7d:82:71:b5:18:8c:5c:0b:9d:8b:5c:50:1b:c9:ca:03:
         51:6a:45:79:be:0d:c8:8a:64:bc:a5:ca:61:4a:b1:c1:cf:7f:
         67:4d:07:18:2a:b4:53:c9:83:3b:9b:fb:da:aa:2b:64:3f:6b:
         96:77:21:44:bc:a4:07:6d:d5:18:83:af:3e:34:e7:2c:fe:3b:
         aa:11:04:43:3a:74:7e:b3:75:e3:22:f6:4f:b8:d5:8d:c5:25:
         cf:04:67:9e:e4:b2:b7:ff:78:be:11:0c:04:7e:1c:a8:5a:6e:
         49:55:0e:e1:21:1e:b9:b5:2d:25:fc:b8:9a:57:54:ed:a5:cc:
         da:b4:fa:93:18:4f:40:c0:59:76:2a:6b:5b:ad:2f:bf:ff:8a:
         c8:e6:60:b6:55:f5:d0:37:80:b3:fc:41:db:52:83:1f:8c:17:
         e3:96:1f:d6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZKaYsQ8XuH9FlciAz4Oo6cXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMDFlNDIyMjI3ZmE0NGNjNWNiOTVkMmE5ZGNjZTBmYTVi
ODljMDcwHhcNMjQxMDE3MTIxMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWJlMzc3ZmQwNzNlNjc1MGU4MmI1M2U4MGRiZGM2Y2JkYjc0ZDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKzbVuKiFhTC0X01c8epTklxjx7O
cp4kHstgPoPfFScjRIL/GmeKeEIGMpyVm9eZGv+hcYp2oHJF26OyeAQtLBgjVeUO
5VqdKwlYzCi9FT2Mshla3diBHHPt7nug8Q5x8EGJI5PMP6btm8tlF38IeMTaE2kh
MlCSr3phfzUd/bQ3uwvJEG0VuHBQK7IvXs3oyz7tI/HBWHT35zzhlrcs6ZMlk/Ym
aeuNNRkGegPFMUGT/2BRpmSfa1VSwcrCEiEgN9s5z7kxWRDBs4xuWNqYA3Wm7L4W
G/rPLrSFKlvb7tKotVfcg+1G0ul8rpmZRp9wHFg4vafSsdMeUguNdJYJRwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPq+N3/Qc+Z1DoK1PoDb3Gy9t00ZMB8GA1UdIwQY
MBaAFHAB5CIif6RMxcuV0qnczg+luJwHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0FIa0lpSl9wRXpGeTVYU3Fkek9ENlc0bkFjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85OTJkMDMtODgzYi00MDRkLTg4N2Ut
ZjI0MzVkNWNmMzdiLzEvMS1yNDNmOUJ6NW5VT2dyVS1nTnZjYkwyM1RSay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjMvOTkyZDAzLTg4M2ItNDA0ZC04ODdlLWYyNDM1ZDVjZjM3
Yi8xL2NBSGtJaUpfcEV6Rnk1WFNxZHpPRDZXNG5BYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvi3TAN
BgkqhkiG9w0BAQsFAAOCAQEAr4AMPq49D3631ORBQEkOvWKvn38O63j0/SA17q95
mLgPYrXAf9LypDdpgK3dr8EgDFZvu2ZiumkkIGDmAYwvcjgToRYzq6rZmY3uYKbr
bHVNc+EtBpdkzp7plMx9gnG1GIxcC52LXFAbycoDUWpFeb4NyIpkvKXKYUqxwc9/
Z00HGCq0U8mDO5v72qorZD9rlnchRLykB23VGIOvPjTnLP47qhEEQzp0frN14yL2
T7jVjcUlzwRnnuSyt/94vhEMBH4cqFpuSVUO4SEeubUtJfy4mldU7aXM2rT6kxhP
QMBZdiprW60vv/+KyOZgtlX10DeAs/xB21KDH4wX45Yf1g==
-----END CERTIFICATE-----