Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/PvXxIOTmhlDT8Zjl8pOjVtbUjqs.roa
File:                     PvXxIOTmhlDT8Zjl8pOjVtbUjqs.roa (raw, json)
Hash identifier:          cEmlEEf5hdAMQxuyDOcKJwVECyiRzY+P8vKK1P563lo=
Subject key identifier:   3E:F5:F1:20:E4:E6:86:50:D3:F1:98:E5:F2:93:A3:56:D6:D4:8E:AB
Certificate issuer:       /CN=7001e422227fa44cc5cb95d2a9dcce0fa5b89c07
Certificate serial:       019425FDAF71D9AD4C89276B81EC5985F7CA
Authority key identifier: 70:01:E4:22:22:7F:A4:4C:C5:CB:95:D2:A9:DC:CE:0F:A5:B8:9C:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/PvXxIOTmhlDT8Zjl8pOjVtbUjqs.roa
Signing time:             Thu 02 Jan 2025 07:49:29 +0000
ROA not before:           Thu 02 Jan 2025 07:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136744
IP address blocks:        91.227.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:af:71:d9:ad:4c:89:27:6b:81:ec:59:85:f7:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7001e422227fa44cc5cb95d2a9dcce0fa5b89c07
        Validity
            Not Before: Jan  2 07:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ef5f120e4e68650d3f198e5f293a356d6d48eab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:b7:46:26:23:af:56:77:5e:d7:db:d5:56:13:
                    72:63:9b:d3:27:dd:43:68:e5:32:98:78:34:c1:6e:
                    e1:dc:3e:56:41:a7:c6:5b:b7:97:2b:58:50:87:2e:
                    ea:fb:43:e9:58:7e:1a:e1:a6:e4:2e:93:c0:88:30:
                    e2:f6:79:e5:46:f0:7f:73:15:83:49:88:b5:05:7b:
                    df:de:fb:14:40:37:8b:c5:8b:0d:21:c3:00:6a:1c:
                    3e:05:b8:e9:b0:b3:f3:15:5d:29:94:7f:ca:c5:e7:
                    5a:c9:ac:ea:c2:cf:45:36:f1:d2:50:a2:21:5a:dc:
                    8d:13:c6:bd:ef:d2:bf:9e:ff:85:3c:14:ae:3c:d6:
                    5d:35:02:1c:a1:86:1a:77:f8:d8:12:18:5d:61:6e:
                    0f:7c:2b:d4:35:e3:5f:d7:b0:30:f8:5c:b4:63:e3:
                    05:a4:8e:87:78:94:e9:a1:c0:7e:e8:6d:40:50:27:
                    33:5c:b9:c1:99:af:8e:fe:de:a5:04:ec:6c:b7:33:
                    99:05:d2:5b:13:c1:1f:a1:a3:de:78:9a:48:9e:78:
                    49:1a:8a:a5:68:f3:df:fb:83:63:e3:99:7e:6c:1d:
                    43:77:91:0d:aa:df:52:1d:8c:bf:96:bc:38:c1:eb:
                    70:67:44:f0:06:d6:13:48:18:d9:e1:55:e4:27:8d:
                    0a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:F5:F1:20:E4:E6:86:50:D3:F1:98:E5:F2:93:A3:56:D6:D4:8E:AB
            X509v3 Authority Key Identifier:
                keyid:70:01:E4:22:22:7F:A4:4C:C5:CB:95:D2:A9:DC:CE:0F:A5:B8:9C:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/PvXxIOTmhlDT8Zjl8pOjVtbUjqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/992d03-883b-404d-887e-f2435d5cf37b/1/cAHkIiJ_pEzFy5XSqdzOD6W4nAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:d6:53:f4:ab:f8:1c:f5:27:1b:b0:c7:6f:b3:bf:c2:0f:21:
         dd:dc:74:03:fc:2e:03:ce:ac:89:9b:c8:b2:99:e6:a1:30:7a:
         51:be:d2:e8:16:be:cf:20:37:16:fd:b0:46:eb:e5:76:63:d0:
         20:20:9e:aa:9c:0a:60:22:6f:f5:59:3c:27:89:05:c3:8c:bb:
         20:79:4a:92:00:f0:42:9f:03:62:69:0f:08:97:1b:2f:18:c9:
         7c:93:fa:d5:c1:e9:38:34:d8:bd:27:a1:18:57:49:d3:ae:c1:
         2c:ce:bd:29:a6:cb:12:d3:44:7a:b4:be:ff:d7:f4:62:f9:4d:
         67:14:f2:cc:30:20:7c:ac:c7:3c:c2:63:67:61:e9:32:2d:48:
         7a:bb:44:0c:bf:24:e4:43:a3:45:25:de:32:ef:de:fc:e4:70:
         b7:65:23:f6:25:2d:73:15:d0:4f:0a:66:74:8b:27:ef:1d:01:
         c3:22:d1:b3:6f:25:8c:0f:39:d4:82:bc:b1:2a:9f:d9:02:9a:
         bc:05:d0:cf:33:8c:b4:4c:da:3d:d4:be:2e:94:73:c4:d7:a4:
         41:a2:36:82:3d:92:cb:7e:ea:3f:db:08:87:bd:12:d6:b4:09:
         fd:32:d1:1b:ac:16:ad:a8:2f:98:6d:0c:f6:35:f9:63:c2:16:
         b6:de:5c:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/a9x2a1MiSdrgexZhffKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwMDFlNDIyMjI3ZmE0NGNjNWNiOTVkMmE5ZGNjZTBmYTVi
ODljMDcwHhcNMjUwMTAyMDc0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWY1ZjEyMGU0ZTY4NjUwZDNmMTk4ZTVmMjkzYTM1NmQ2ZDQ4ZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkrdGJiOvVnde19vVVhNyY5vTJ91D
aOUymHg0wW7h3D5WQafGW7eXK1hQhy7q+0PpWH4a4abkLpPAiDDi9nnlRvB/cxWD
SYi1BXvf3vsUQDeLxYsNIcMAahw+BbjpsLPzFV0plH/Kxedayazqws9FNvHSUKIh
WtyNE8a979K/nv+FPBSuPNZdNQIcoYYad/jYEhhdYW4PfCvUNeNf17Aw+Fy0Y+MF
pI6HeJTpocB+6G1AUCczXLnBma+O/t6lBOxstzOZBdJbE8EfoaPeeJpInnhJGoql
aPPf+4Nj45l+bB1Dd5ENqt9SHYy/lrw4wetwZ0TwBtYTSBjZ4VXkJ40KcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD718SDk5oZQ0/GY5fKTo1bW1I6rMB8GA1UdIwQY
MBaAFHAB5CIif6RMxcuV0qnczg+luJwHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0FIa0lpSl9wRXpGeTVYU3Fkek9ENlc0bkFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85OTJkMDMtODgzYi00MDRkLTg4N2Ut
ZjI0MzVkNWNmMzdiLzEvUHZYeElPVG1obERUOFpqbDhwT2pWdGJVanFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My85OTJkMDMtODgzYi00MDRkLTg4N2UtZjI0MzVkNWNmMzdi
LzEvY0FIa0lpSl9wRXpGeTVYU3Fkek9ENlc0bkFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+OJMA0G
CSqGSIb3DQEBCwUAA4IBAQCR1lP0q/gc9ScbsMdvs7/CDyHd3HQD/C4DzqyJm8iy
meahMHpRvtLoFr7PIDcW/bBG6+V2Y9AgIJ6qnApgIm/1WTwniQXDjLsgeUqSAPBC
nwNiaQ8IlxsvGMl8k/rVwek4NNi9J6EYV0nTrsEszr0ppssS00R6tL7/1/Ri+U1n
FPLMMCB8rMc8wmNnYekyLUh6u0QMvyTkQ6NFJd4y79785HC3ZSP2JS1zFdBPCmZ0
iyfvHQHDItGzbyWMDznUgryxKp/ZApq8BdDPM4y0TNo91L4ulHPE16RBojaCPZLL
fuo/2wiHvRLWtAn9MtEbrBatqC+YbQz2Nfljwha23lxd
-----END CERTIFICATE-----