Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/jxQNAB6ZZG9SlC0Qh7gqqiQru6k.roa
File:                     jxQNAB6ZZG9SlC0Qh7gqqiQru6k.roa (raw, json)
Hash identifier:          LCEQ6tm2yOBkRDqSSxTjGOVJXRg12kghh8C/AxEnJVw=
Subject key identifier:   8F:14:0D:00:1E:99:64:6F:52:94:2D:10:87:B8:2A:AA:24:2B:BB:A9
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0192D30D4C5D239F0A1CB731E7F5A4ACC9AF
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/jxQNAB6ZZG9SlC0Qh7gqqiQru6k.roa
Signing time:             Mon 28 Oct 2024 12:15:17 +0000
ROA not before:           Mon 28 Oct 2024 12:15:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215419
IP address blocks:        91.132.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d3:0d:4c:5d:23:9f:0a:1c:b7:31:e7:f5:a4:ac:c9:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Oct 28 12:15:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f140d001e99646f52942d1087b82aaa242bbba9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bc:a4:0e:75:6e:49:31:66:a1:09:fd:e1:7a:
                    67:4d:f4:58:7b:8d:e3:35:ea:12:e0:9d:91:69:f8:
                    6a:6e:3c:ed:77:a0:7a:91:a0:9c:1c:98:f4:3c:8d:
                    19:85:3d:15:fa:1b:69:a5:21:fd:58:31:a4:07:4c:
                    67:b3:d8:d4:57:3d:4b:b9:d2:06:99:e5:15:65:11:
                    34:e8:f9:19:ad:57:a9:9c:a1:44:46:54:56:3a:92:
                    95:da:7e:64:8a:61:a6:d8:63:4c:64:db:40:33:ea:
                    38:6e:c7:55:0f:fe:33:d9:27:a1:07:f6:90:3e:bf:
                    be:6c:58:0e:2b:19:7d:9d:bc:61:65:b5:c0:e3:ef:
                    46:50:03:e1:63:20:f5:57:23:b0:ee:1c:2d:84:5b:
                    29:44:98:f1:5c:ed:e2:8a:32:a7:ee:f3:3f:f9:c6:
                    fc:a1:56:a5:80:a0:7a:84:b6:14:98:9a:c4:92:77:
                    80:1e:bf:27:c5:7e:d1:98:ec:63:50:44:9b:35:e6:
                    01:be:2f:24:cf:51:96:1b:bb:01:3b:47:6f:62:d9:
                    0a:35:ba:82:57:78:03:79:60:78:55:ed:4c:02:43:
                    9b:f9:87:8c:94:1f:b7:e6:e2:e6:4b:ec:4d:6a:eb:
                    70:91:be:96:7e:af:a7:7b:48:35:bb:1a:65:a6:93:
                    06:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:14:0D:00:1E:99:64:6F:52:94:2D:10:87:B8:2A:AA:24:2B:BB:A9
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/jxQNAB6ZZG9SlC0Qh7gqqiQru6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:fa:72:c5:b7:b1:c2:33:f7:d4:27:90:2e:62:9c:c3:d0:4a:
         23:c8:43:25:6c:9c:a0:47:e7:b1:7b:c4:cf:c6:9e:59:31:5f:
         ae:69:9e:42:84:d2:27:45:44:9e:72:42:26:30:65:be:c2:01:
         3b:6c:74:95:27:fc:e1:53:12:dc:2d:e9:73:92:12:4d:b2:6e:
         3b:20:8a:1a:87:39:6c:5b:20:12:a9:b7:64:c5:58:96:49:97:
         c4:1f:29:d2:91:19:95:9f:c6:47:8f:ed:6a:1f:78:63:8a:e2:
         1f:af:54:45:c8:5d:d8:52:f5:bc:2c:a0:3b:54:0f:5b:2e:39:
         88:3a:11:dd:91:0a:45:84:5d:08:ff:61:9f:d5:28:96:db:cd:
         17:1e:31:9f:e5:37:cb:88:e8:51:be:3a:3b:86:3b:bf:df:94:
         f8:67:92:d2:e2:98:a7:09:be:3b:4b:17:26:27:71:6b:bc:d6:
         27:61:b0:79:04:ea:09:c6:5b:c8:68:bc:eb:6c:4c:b5:b3:5a:
         50:60:28:df:3c:b2:3e:b0:4b:d5:1b:b2:3c:af:fa:7b:c8:38:
         83:22:a7:7e:76:77:72:0b:21:6b:39:2f:d5:30:02:b8:ff:06:
         c6:d6:b6:29:2c:9a:11:2c:5a:16:7a:28:1a:9a:7e:d7:07:e6:
         79:72:00:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLTDUxdI58KHLcx5/WkrMmvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQxMDI4MTIxNTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjE0MGQwMDFlOTk2NDZmNTI5NDJkMTA4N2I4MmFhYTI0MmJiYmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07ykDnVuSTFmoQn94XpnTfRYe43j
NeoS4J2Rafhqbjztd6B6kaCcHJj0PI0ZhT0V+htppSH9WDGkB0xns9jUVz1LudIG
meUVZRE06PkZrVepnKFERlRWOpKV2n5kimGm2GNMZNtAM+o4bsdVD/4z2SehB/aQ
Pr++bFgOKxl9nbxhZbXA4+9GUAPhYyD1VyOw7hwthFspRJjxXO3iijKn7vM/+cb8
oValgKB6hLYUmJrEkneAHr8nxX7RmOxjUESbNeYBvi8kz1GWG7sBO0dvYtkKNbqC
V3gDeWB4Ve1MAkOb+YeMlB+35uLmS+xNautwkb6Wfq+ne0g1uxplppMG8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI8UDQAemWRvUpQtEIe4KqokK7upMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvanhRTkFCNlpaRzlTbEMwUWg3Z3FxaVFydTZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4QyMA0G
CSqGSIb3DQEBCwUAA4IBAQBA+nLFt7HCM/fUJ5AuYpzD0EojyEMlbJygR+exe8TP
xp5ZMV+uaZ5ChNInRUSeckImMGW+wgE7bHSVJ/zhUxLcLelzkhJNsm47IIoahzls
WyASqbdkxViWSZfEHynSkRmVn8ZHj+1qH3hjiuIfr1RFyF3YUvW8LKA7VA9bLjmI
OhHdkQpFhF0I/2Gf1SiW280XHjGf5TfLiOhRvjo7hju/35T4Z5LS4pinCb47Sxcm
J3FrvNYnYbB5BOoJxlvIaLzrbEy1s1pQYCjfPLI+sEvVG7I8r/p7yDiDIqd+dndy
CyFrOS/VMAK4/wbG1rYpLJoRLFoWeigamn7XB+Z5cgDY
-----END CERTIFICATE-----