Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/7jhea4Z45q_-w6Bw5hm9Ljo6jd0.roa
File:                     7jhea4Z45q_-w6Bw5hm9Ljo6jd0.roa (raw, json)
Hash identifier:          0432QcgMFkJ7sn27j+nTeHIZYZPsrtQmgOnk9+WOg5s=
Subject key identifier:   EE:38:5E:6B:86:78:E6:AF:FE:C3:A0:70:E6:19:BD:2E:3A:3A:8D:DD
Certificate issuer:       /CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
Certificate serial:       01942521BD80124BB71F4B5F0A5D609507B3
Authority key identifier: 1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/7jhea4Z45q_-w6Bw5hm9Ljo6jd0.roa
Signing time:             Thu 02 Jan 2025 03:49:15 +0000
ROA not before:           Thu 02 Jan 2025 03:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200017
IP address blocks:        91.216.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:bd:80:12:4b:b7:1f:4b:5f:0a:5d:60:95:07:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f4738389cb3b998ec4fa6d4272f8dd799fbc4a9
        Validity
            Not Before: Jan  2 03:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee385e6b8678e6affec3a070e619bd2e3a3a8ddd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:7f:e7:3c:99:53:5f:85:47:51:d5:c2:7c:e3:
                    33:be:b2:ba:15:29:6d:c4:be:ca:db:88:33:d1:e8:
                    1c:bb:db:66:08:61:34:96:23:89:5d:b3:2b:e8:0b:
                    76:e3:d0:e9:81:fb:40:d7:c2:ca:ba:4b:44:ce:9f:
                    a0:4b:e6:96:39:79:8e:cc:1c:f7:aa:25:34:b5:f8:
                    92:ce:79:72:69:43:5b:a7:12:7b:3a:4f:03:1b:44:
                    12:e2:7e:ed:18:35:78:40:d2:87:32:80:ff:1e:7c:
                    13:2c:e4:a0:fb:b8:61:fc:be:51:a1:c0:6e:62:88:
                    e1:a1:f7:d3:55:97:e7:38:5c:d2:ec:4e:dd:5c:69:
                    67:4f:51:cb:4c:59:ac:ed:23:4b:d7:70:8a:ad:66:
                    80:4e:e9:2d:ff:b1:8b:f7:81:19:12:b0:b9:a8:b2:
                    3c:e2:66:c3:96:1b:cf:39:34:79:71:ae:89:a5:d6:
                    26:29:96:e0:55:c3:5c:f6:43:b5:8d:7c:42:52:6c:
                    b6:aa:8c:e8:94:cd:ed:f0:59:a4:68:a9:e9:d8:a0:
                    1c:89:e7:28:5d:10:ea:69:b8:38:fa:86:88:3a:2f:
                    ee:d4:ab:b2:6c:6f:18:39:2a:20:c1:e8:04:10:d5:
                    e4:4b:fb:3c:e5:73:77:b8:ea:8c:2e:34:c4:24:5c:
                    10:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:38:5E:6B:86:78:E6:AF:FE:C3:A0:70:E6:19:BD:2E:3A:3A:8D:DD
            X509v3 Authority Key Identifier:
                keyid:1F:47:38:38:9C:B3:B9:98:EC:4F:A6:D4:27:2F:8D:D7:99:FB:C4:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H0c4OJyzuZjsT6bUJy-N15n7xKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/7jhea4Z45q_-w6Bw5hm9Ljo6jd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/517694-c8a1-458b-9cf2-6c7e5685890c/1/H0c4OJyzuZjsT6bUJy-N15n7xKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:13:3a:42:34:bb:30:84:ef:cf:34:54:40:db:dc:ac:cb:01:
         d2:32:c0:ee:69:a5:3e:b1:03:3a:5f:70:dd:63:b7:ff:62:52:
         ac:c3:6b:8c:81:da:26:37:af:bc:61:b5:b6:b1:55:ce:85:d3:
         f0:04:a2:2c:f7:89:62:91:73:37:45:72:99:ab:6d:8d:5e:b3:
         99:0d:29:7d:42:9e:2b:78:3d:74:41:cb:0c:41:e5:fc:79:3c:
         94:5e:8d:3f:74:8f:22:16:03:ce:5f:85:80:2b:76:08:7a:37:
         57:46:6e:c1:3e:a2:7d:f7:bc:e0:b2:e5:8c:a5:c3:c9:b5:ef:
         6a:63:70:15:c6:f6:99:45:c2:3e:f9:83:3f:2c:fc:01:be:b3:
         67:5f:5f:29:19:aa:b4:30:41:81:d3:aa:68:11:8a:41:43:49:
         6f:3c:20:13:94:ae:1d:db:15:60:4a:ce:97:e0:05:0a:63:3f:
         bf:b5:48:e6:09:00:5a:5d:cc:b5:b3:11:3e:76:16:67:94:0e:
         0c:81:f8:04:a6:32:4a:42:7d:7e:fa:e0:15:29:2b:69:e8:4f:
         b4:3b:d4:b8:48:08:3f:1d:44:1b:74:82:16:aa:f5:39:a5:0a:
         81:69:35:26:d4:11:f1:1b:32:3e:08:54:f4:16:e4:e1:29:3c:
         e4:c6:28:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIb2AEku3H0tfCl1glQezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNDczODM4OWNiM2I5OThlYzRmYTZkNDI3MmY4ZGQ3OTlm
YmM0YTkwHhcNMjUwMTAyMDM0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTM4NWU2Yjg2NzhlNmFmZmVjM2EwNzBlNjE5YmQyZTNhM2E4ZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5X/nPJlTX4VHUdXCfOMzvrK6FSlt
xL7K24gz0egcu9tmCGE0liOJXbMr6At249DpgftA18LKuktEzp+gS+aWOXmOzBz3
qiU0tfiSznlyaUNbpxJ7Ok8DG0QS4n7tGDV4QNKHMoD/HnwTLOSg+7hh/L5RocBu
YojhoffTVZfnOFzS7E7dXGlnT1HLTFms7SNL13CKrWaATukt/7GL94EZErC5qLI8
4mbDlhvPOTR5ca6JpdYmKZbgVcNc9kO1jXxCUmy2qozolM3t8FmkaKnp2KAcieco
XRDqabg4+oaIOi/u1KuybG8YOSogwegEENXkS/s85XN3uOqMLjTEJFwQpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO44XmuGeOav/sOgcOYZvS46Oo3dMB8GA1UdIwQY
MBaAFB9HODics7mY7E+m1CcvjdeZ+8SpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjIt
NmM3ZTU2ODU4OTBjLzEvN2poZWE0WjQ1cV8tdzZCdzVobTlMam82amQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS81MTc2OTQtYzhhMS00NThiLTljZjItNmM3ZTU2ODU4OTBj
LzEvSDBjNE9KeXp1WmpzVDZiVUp5LU4xNW43eEtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9jXMA0G
CSqGSIb3DQEBCwUAA4IBAQCuEzpCNLswhO/PNFRA29ysywHSMsDuaaU+sQM6X3Dd
Y7f/YlKsw2uMgdomN6+8YbW2sVXOhdPwBKIs94likXM3RXKZq22NXrOZDSl9Qp4r
eD10QcsMQeX8eTyUXo0/dI8iFgPOX4WAK3YIejdXRm7BPqJ997zgsuWMpcPJte9q
Y3AVxvaZRcI++YM/LPwBvrNnX18pGaq0MEGB06poEYpBQ0lvPCATlK4d2xVgSs6X
4AUKYz+/tUjmCQBaXcy1sxE+dhZnlA4MgfgEpjJKQn1++uAVKStp6E+0O9S4SAg/
HUQbdIIWqvU5pQqBaTUm1BHxGzI+CFT0FuThKTzkxijr
-----END CERTIFICATE-----