Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-wUMr1JMJN0Nj9v47jI_dOkWk5k.roa
File:                     1-wUMr1JMJN0Nj9v47jI_dOkWk5k.roa (raw, json)
Hash identifier:          5kUXIxtwhqKAcsEqnjKLxN4yVnkPReIkpGS2LZHQwls=
Subject key identifier:   FB:05:0C:AF:52:4C:24:DD:0D:8F:DB:F8:EE:32:3F:74:E9:16:93:99
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0192E6B03A149EECA839BA2A2B8AD9F01CD1
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-wUMr1JMJN0Nj9v47jI_dOkWk5k.roa
Signing time:             Fri 01 Nov 2024 07:46:01 +0000
ROA not before:           Fri 01 Nov 2024 07:46:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        91.209.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e6:b0:3a:14:9e:ec:a8:39:ba:2a:2b:8a:d9:f0:1c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Nov  1 07:46:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fb050caf524c24dd0d8fdbf8ee323f74e9169399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e5:94:cc:00:94:22:31:1d:f9:39:d2:50:15:
                    f8:79:1c:95:9f:1d:05:fe:4e:08:52:bd:2a:66:c2:
                    d2:17:f1:db:1b:a0:2b:8e:78:38:29:45:d5:88:8d:
                    11:09:ff:be:3d:18:bf:27:ba:2c:94:ee:0c:c9:f7:
                    36:42:ee:8d:90:ee:a3:4b:ac:b3:de:df:09:92:60:
                    b5:81:0b:19:68:a7:40:1d:d1:d3:52:c6:2c:e5:d6:
                    44:aa:60:9d:d1:56:e4:42:67:d3:9a:e1:1f:69:06:
                    62:00:9b:78:83:23:31:77:0f:69:63:96:c3:46:cb:
                    e8:c9:0b:4a:ce:ea:5a:64:d4:e6:4e:bc:4c:ea:0f:
                    6f:44:37:fc:56:54:54:ac:38:33:31:c2:10:15:1d:
                    fb:9e:2d:f4:37:a2:a4:af:36:51:a7:71:10:00:c1:
                    dc:ab:0d:88:1d:37:2f:bb:65:9b:a7:c7:fc:48:50:
                    11:d6:ba:98:42:cf:8d:88:5b:ac:59:76:d0:71:d0:
                    2d:1e:e2:b1:e5:68:1a:5d:26:28:ab:1e:c8:17:45:
                    a7:21:15:08:6e:59:98:15:f9:8b:ab:34:06:a2:10:
                    cc:12:85:bc:f7:6b:2d:9d:b2:bf:a4:f1:9b:0e:91:
                    e9:ad:cd:7a:5c:3f:7d:09:20:13:bc:bf:8d:16:7e:
                    b1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:05:0C:AF:52:4C:24:DD:0D:8F:DB:F8:EE:32:3F:74:E9:16:93:99
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/1-wUMr1JMJN0Nj9v47jI_dOkWk5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:1e:f7:65:fd:12:61:e6:e6:18:4a:5a:7d:b3:ee:d0:1d:72:
         c1:af:a9:f3:52:65:5a:76:6a:70:50:05:a3:ed:37:32:ad:12:
         f2:a4:49:90:7a:a6:32:17:7b:c6:99:8e:ad:2e:bb:0c:21:fc:
         8a:09:4e:79:5f:c4:ab:d2:13:f3:f9:52:7b:55:54:5b:3b:7e:
         3c:f5:df:9b:c7:31:ce:bc:91:7d:f2:55:6f:a2:fe:c8:a2:71:
         60:1b:77:83:0b:77:18:e5:a7:4a:61:24:a4:58:8e:1a:ee:bf:
         a7:cc:e3:1f:f6:0b:5f:cd:e4:ce:73:6c:a9:7b:7b:70:76:be:
         ac:a1:67:cf:78:fa:2b:69:b4:5d:71:ec:f6:c8:9b:d1:c3:24:
         8f:f3:4b:01:28:73:be:e4:af:67:7a:b4:1e:43:a6:c0:36:bc:
         f3:35:2c:29:4b:7c:dc:fa:12:75:3e:19:71:f8:68:fa:2d:31:
         26:b7:fc:bd:06:e2:5e:95:f7:57:14:16:f9:7a:1e:37:81:90:
         db:be:b3:c9:4b:81:01:ad:34:c1:95:df:63:b9:b8:ca:04:55:
         27:0d:20:af:8b:d5:fc:83:36:89:6f:26:0c:f5:cd:43:25:8d:
         bf:bd:f4:f4:fd:d7:98:e3:da:4e:a3:9f:d3:53:c8:5b:92:f4:
         3d:d5:76:86
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZLmsDoUnuyoOboqK4rZ8BzRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQxMTAxMDc0NjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjA1MGNhZjUyNGMyNGRkMGQ4ZmRiZjhlZTMyM2Y3NGU5MTY5Mzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOWUzACUIjEd+TnSUBX4eRyVnx0F
/k4IUr0qZsLSF/HbG6Arjng4KUXViI0RCf++PRi/J7oslO4Myfc2Qu6NkO6jS6yz
3t8JkmC1gQsZaKdAHdHTUsYs5dZEqmCd0VbkQmfTmuEfaQZiAJt4gyMxdw9pY5bD
RsvoyQtKzupaZNTmTrxM6g9vRDf8VlRUrDgzMcIQFR37ni30N6KkrzZRp3EQAMHc
qw2IHTcvu2Wbp8f8SFAR1rqYQs+NiFusWXbQcdAtHuKx5WgaXSYoqx7IF0WnIRUI
blmYFfmLqzQGohDMEoW892stnbK/pPGbDpHprc16XD99CSATvL+NFn6xdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPsFDK9STCTdDY/b+O4yP3TpFpOZMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvMS13VU1yMUpNSk4wTmo5djQ3aklfZE9rV2s1ay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjYvNGIxOGZiLWQzZWQtNGIyNy05YmQwLWU1ODM5ZjQzZTU4
My8xL2ZhWFRMVnNKeVR3YlhqX0ZvcW9nMTBiOF90RS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvR5DAN
BgkqhkiG9w0BAQsFAAOCAQEAHB73Zf0SYebmGEpafbPu0B1ywa+p81JlWnZqcFAF
o+03Mq0S8qRJkHqmMhd7xpmOrS67DCH8iglOeV/Eq9IT8/lSe1VUWzt+PPXfm8cx
zryRffJVb6L+yKJxYBt3gwt3GOWnSmEkpFiOGu6/p8zjH/YLX83kznNsqXt7cHa+
rKFnz3j6K2m0XXHs9sib0cMkj/NLAShzvuSvZ3q0HkOmwDa88zUsKUt83PoSdT4Z
cfho+i0xJrf8vQbiXpX3VxQW+XoeN4GQ276zyUuBAa00wZXfY7m4ygRVJw0gr4vV
/IM2iW8mDPXNQyWNv7309P3XmOPaTqOf01PIW5L0PdV2hg==
-----END CERTIFICATE-----