Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/c1ce51-19eb-4096-bdb9-1bffa74a3b1d/1/1-2PnzzFVpt1dGXWeYqhIzX1nVe0.roa
File:                     1-2PnzzFVpt1dGXWeYqhIzX1nVe0.roa (raw, json)
Hash identifier:          hI/InHmZs9EbHw0E5EzTrrWOPonm9OzaUn8fi0xcF4M=
Subject key identifier:   FB:63:E7:CF:31:55:A6:DD:5D:19:75:9E:62:A8:48:CD:7D:67:55:ED
Certificate issuer:       /CN=3830792b5e3bbac9f370d4cae7aba2a5cdba7a0a
Certificate serial:       019423697060F0F78F030C300337E0A43EC5
Authority key identifier: 38:30:79:2B:5E:3B:BA:C9:F3:70:D4:CA:E7:AB:A2:A5:CD:BA:7A:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ODB5K147usnzcNTK56uipc26ego.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/c1ce51-19eb-4096-bdb9-1bffa74a3b1d/1/1-2PnzzFVpt1dGXWeYqhIzX1nVe0.roa
Signing time:             Wed 01 Jan 2025 19:48:20 +0000
ROA not before:           Wed 01 Jan 2025 19:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43187
IP address blocks:        91.198.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/c1ce51-19eb-4096-bdb9-1bffa74a3b1d/1/ODB5K147usnzcNTK56uipc26ego.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/c1ce51-19eb-4096-bdb9-1bffa74a3b1d/1/ODB5K147usnzcNTK56uipc26ego.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ODB5K147usnzcNTK56uipc26ego.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:70:60:f0:f7:8f:03:0c:30:03:37:e0:a4:3e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3830792b5e3bbac9f370d4cae7aba2a5cdba7a0a
        Validity
            Not Before: Jan  1 19:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb63e7cf3155a6dd5d19759e62a848cd7d6755ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6e:f6:d5:7d:90:09:69:6d:fe:b5:27:8a:ec:
                    40:98:74:38:22:fd:45:11:2d:07:fa:32:b1:df:38:
                    78:d3:98:21:54:7c:a0:65:6b:4a:bc:c7:dc:6d:31:
                    3f:93:12:04:64:43:44:db:1f:0b:11:41:0b:95:ac:
                    e4:30:ee:dd:61:77:d1:b5:56:9d:29:7b:eb:35:75:
                    77:67:e9:a9:54:e5:ad:e2:54:f9:3e:5f:1c:10:85:
                    74:cb:83:43:78:ef:77:31:61:71:2a:e3:2f:56:09:
                    c1:b0:aa:dd:dc:f4:4e:50:30:48:f1:cc:fa:94:d6:
                    15:bd:76:ec:47:84:8a:e8:50:9a:a9:fa:6a:98:e7:
                    c9:72:89:7b:4d:9c:47:94:ff:26:ff:78:04:3c:c1:
                    bc:74:a2:f4:98:71:df:ce:76:f8:08:b6:ce:f6:ca:
                    d2:ae:c6:dd:fc:05:e7:6a:e8:66:ea:9f:08:fb:33:
                    d1:76:14:ca:da:9b:9e:77:15:7d:27:fe:87:21:25:
                    1a:17:41:69:7d:4a:34:da:d4:c6:40:cd:fd:d8:6f:
                    f9:63:3f:61:8f:8e:37:d3:a6:ac:4a:b7:8f:8a:7d:
                    f7:9d:dd:d3:bd:b8:c6:19:79:52:e2:4d:3e:3f:0a:
                    3d:1f:cc:8f:69:41:db:e6:91:17:b7:56:e9:a5:b1:
                    84:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:63:E7:CF:31:55:A6:DD:5D:19:75:9E:62:A8:48:CD:7D:67:55:ED
            X509v3 Authority Key Identifier:
                keyid:38:30:79:2B:5E:3B:BA:C9:F3:70:D4:CA:E7:AB:A2:A5:CD:BA:7A:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ODB5K147usnzcNTK56uipc26ego.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/c1ce51-19eb-4096-bdb9-1bffa74a3b1d/1/1-2PnzzFVpt1dGXWeYqhIzX1nVe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/c1ce51-19eb-4096-bdb9-1bffa74a3b1d/1/ODB5K147usnzcNTK56uipc26ego.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:a8:a2:d9:b9:3d:8c:3d:6e:f9:ea:5d:7a:ab:d9:14:47:e1:
         4c:68:59:13:aa:62:c9:77:9a:b1:36:8d:79:54:85:53:62:6f:
         51:72:8a:db:70:6e:e0:1e:5d:22:b1:34:16:2f:d0:62:0d:78:
         07:54:42:76:cd:bd:ab:f2:3c:ed:f4:af:da:59:6d:c4:6f:c0:
         22:e7:a2:09:99:e0:e5:84:e9:58:53:72:75:c0:90:2c:56:5c:
         a1:f1:51:1f:39:3f:11:d7:60:67:56:20:ad:5a:69:2e:88:8f:
         39:57:c7:cf:fa:d4:28:97:f4:99:46:bd:8f:93:b8:03:b1:6f:
         0d:9f:6c:7c:44:4b:68:4e:98:76:a7:3c:f2:b9:51:7a:e7:2b:
         ea:88:6a:55:40:44:6f:1c:36:eb:94:37:eb:fd:c5:29:a2:82:
         e1:38:76:a9:5c:72:61:50:76:81:6a:f6:a8:c0:db:8d:6b:5d:
         28:d9:1f:8a:56:55:41:1c:eb:b4:23:a8:e9:9c:a8:ab:d4:81:
         ba:c7:03:61:fa:9e:7c:1f:bf:a5:d7:3b:de:00:93:83:bf:6f:
         e4:ee:e2:76:8c:d1:27:2c:9e:79:25:65:ed:97:d1:65:be:c1:
         1a:24:00:f6:66:fd:80:34:22:d7:b6:f2:2b:f8:b2:a4:94:11:
         00:60:13:c4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQjaXBg8PePAwwwAzfgpD7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MzA3OTJiNWUzYmJhYzlmMzcwZDRjYWU3YWJhMmE1Y2Ri
YTdhMGEwHhcNMjUwMTAxMTk0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjYzZTdjZjMxNTVhNmRkNWQxOTc1OWU2MmE4NDhjZDdkNjc1NWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxW721X2QCWlt/rUniuxAmHQ4Iv1F
ES0H+jKx3zh405ghVHygZWtKvMfcbTE/kxIEZENE2x8LEUELlazkMO7dYXfRtVad
KXvrNXV3Z+mpVOWt4lT5Pl8cEIV0y4NDeO93MWFxKuMvVgnBsKrd3PROUDBI8cz6
lNYVvXbsR4SK6FCaqfpqmOfJcol7TZxHlP8m/3gEPMG8dKL0mHHfznb4CLbO9srS
rsbd/AXnauhm6p8I+zPRdhTK2puedxV9J/6HISUaF0FpfUo02tTGQM392G/5Yz9h
j44306asSrePin33nd3TvbjGGXlS4k0+Pwo9H8yPaUHb5pEXt1bppbGEKQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPtj588xVabdXRl1nmKoSM19Z1XtMB8GA1UdIwQY
MBaAFDgweSteO7rJ83DUyueroqXNunoKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0RCNUsxNDd1c256Y05USzU2dWlwYzI2ZWdvLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9jMWNlNTEtMTllYi00MDk2LWJkYjkt
MWJmZmE3NGEzYjFkLzEvMS0yUG56ekZWcHQxZEdYV2VZcWhJelgxblZlMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjQvYzFjZTUxLTE5ZWItNDA5Ni1iZGI5LTFiZmZhNzRhM2Ix
ZC8xL09EQjVLMTQ3dXNuemNOVEs1NnVpcGMyNmVnby5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvGBzAN
BgkqhkiG9w0BAQsFAAOCAQEAc6ii2bk9jD1u+epdeqvZFEfhTGhZE6piyXeasTaN
eVSFU2JvUXKK23Bu4B5dIrE0Fi/QYg14B1RCds29q/I87fSv2lltxG/AIueiCZng
5YTpWFNydcCQLFZcofFRHzk/EddgZ1YgrVppLoiPOVfHz/rUKJf0mUa9j5O4A7Fv
DZ9sfERLaE6Ydqc88rlReucr6ohqVUBEbxw265Q36/3FKaKC4Th2qVxyYVB2gWr2
qMDbjWtdKNkfilZVQRzrtCOo6Zyoq9SBuscDYfqefB+/pdc73gCTg79v5O7idozR
JyyeeSVl7ZfRZb7BGiQA9mb9gDQi17byK/iypJQRAGATxA==
-----END CERTIFICATE-----