Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/eb877c-929e-41b6-b9cb-fc64bfc3d2f9/1/oR-_e_ljHfJx8K42oAbKYjXiJdY.roa
File:                     oR-_e_ljHfJx8K42oAbKYjXiJdY.roa (raw, json)
Hash identifier:          IOxVfWo5ybw3EL/BaX6UVQ/qchssU11iL6B2BoiuUyo=
Subject key identifier:   A1:1F:BF:7B:F9:63:1D:F2:71:F0:AE:36:A0:06:CA:62:35:E2:25:D6
Certificate issuer:       /CN=02339402c42b3f84995c4d58ef670e8d16c2afe2
Certificate serial:       019252F657158A6291AA3058E6DA52B593AB
Authority key identifier: 02:33:94:02:C4:2B:3F:84:99:5C:4D:58:EF:67:0E:8D:16:C2:AF:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AjOUAsQrP4SZXE1Y72cOjRbCr-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/eb877c-929e-41b6-b9cb-fc64bfc3d2f9/1/oR-_e_ljHfJx8K42oAbKYjXiJdY.roa
Signing time:             Thu 03 Oct 2024 15:18:48 +0000
ROA not before:           Thu 03 Oct 2024 15:18:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198559
IP address blocks:        91.241.30.0/24 maxlen: 24
                          2001:67c:2a58::/48 maxlen: 56

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/eb877c-929e-41b6-b9cb-fc64bfc3d2f9/1/AjOUAsQrP4SZXE1Y72cOjRbCr-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/eb877c-929e-41b6-b9cb-fc64bfc3d2f9/1/AjOUAsQrP4SZXE1Y72cOjRbCr-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AjOUAsQrP4SZXE1Y72cOjRbCr-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:52:f6:57:15:8a:62:91:aa:30:58:e6:da:52:b5:93:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=02339402c42b3f84995c4d58ef670e8d16c2afe2
        Validity
            Not Before: Oct  3 15:18:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a11fbf7bf9631df271f0ae36a006ca6235e225d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:c9:87:63:e1:af:fc:a7:87:7a:bf:a8:11:9f:
                    8b:ae:bc:da:b9:d9:6a:8d:6b:4f:ef:38:cd:b8:30:
                    a3:7f:66:d7:80:14:80:5e:59:23:13:f0:3f:83:9f:
                    5d:7e:48:6b:5a:f0:68:c7:6d:10:8e:70:46:f4:ba:
                    38:00:a9:96:7c:71:3f:a4:ca:11:55:58:27:95:d6:
                    07:15:d3:56:c4:26:90:dd:78:f6:80:23:cf:94:1d:
                    ed:57:b7:0d:15:dd:9c:a2:c2:2f:31:e9:11:94:93:
                    4a:92:42:f4:fd:68:83:ff:82:6b:34:e0:a9:a0:db:
                    c2:2b:b3:c6:83:7d:dc:0e:26:9b:74:e3:ca:86:44:
                    77:cd:13:a8:0d:9e:d7:f7:00:ad:62:5d:76:1a:b7:
                    e4:87:d2:f2:b0:59:f5:bd:46:3a:28:55:03:1a:85:
                    81:5a:68:db:cb:1b:7b:5a:18:fa:8d:49:db:be:bc:
                    c4:9b:94:13:48:e0:3d:c8:af:64:b2:81:6f:6f:08:
                    76:32:e4:b7:12:4a:19:c9:de:53:db:7c:40:9d:94:
                    78:25:93:84:15:a2:60:18:8a:8f:fd:37:d5:46:1d:
                    db:4a:50:96:b6:6c:36:72:bf:d1:07:9c:58:e6:41:
                    0e:77:bf:6f:99:f5:06:d2:22:f6:2f:89:b8:15:a6:
                    7c:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:1F:BF:7B:F9:63:1D:F2:71:F0:AE:36:A0:06:CA:62:35:E2:25:D6
            X509v3 Authority Key Identifier:
                keyid:02:33:94:02:C4:2B:3F:84:99:5C:4D:58:EF:67:0E:8D:16:C2:AF:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AjOUAsQrP4SZXE1Y72cOjRbCr-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/eb877c-929e-41b6-b9cb-fc64bfc3d2f9/1/oR-_e_ljHfJx8K42oAbKYjXiJdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/eb877c-929e-41b6-b9cb-fc64bfc3d2f9/1/AjOUAsQrP4SZXE1Y72cOjRbCr-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.30.0/24
                IPv6:
                  2001:67c:2a58::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:16:6f:2b:45:87:5a:63:da:57:a4:53:26:9d:db:8d:6f:e0:
         e4:83:05:96:c0:c7:00:a9:a8:39:ce:d6:2a:a3:80:26:10:da:
         b6:0c:5a:30:36:3d:d9:6b:ba:1c:ca:22:e3:47:25:bf:0a:c3:
         fe:09:8c:99:c3:d2:94:65:4f:8b:d3:f5:e9:f6:66:2b:81:d8:
         2a:bd:44:39:a4:23:7d:3b:5c:c5:02:61:df:46:b5:46:19:7d:
         79:97:28:93:0b:fc:ec:e9:86:58:5d:f1:61:eb:94:a7:6c:b1:
         86:30:2b:05:c6:61:48:ae:b8:e7:69:6f:5a:ec:42:69:e7:e4:
         fd:7a:cd:ac:81:d3:17:83:46:ec:49:8d:e7:40:4b:08:22:31:
         1b:07:60:bb:9a:82:f4:15:bc:39:98:2b:68:be:0a:f2:f7:80:
         a0:1b:76:9a:63:28:0f:84:f7:e0:fe:f8:2b:31:55:e5:99:8e:
         8b:c4:5d:05:8a:91:23:25:ff:5a:e5:ec:64:77:1f:d5:22:40:
         a3:67:17:da:a2:c4:c7:61:2c:14:bd:ba:20:a5:20:f0:c4:57:
         d4:68:55:4f:11:0c:e4:66:35:bd:fb:b7:ef:cc:4a:4f:76:78:
         ec:29:3f:ce:c2:e8:ec:e9:3d:f9:6d:d2:50:b8:8c:64:0c:65:
         52:3f:e4:f1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZJS9lcVimKRqjBY5tpStZOrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMzM5NDAyYzQyYjNmODQ5OTVjNGQ1OGVmNjcwZThkMTZj
MmFmZTIwHhcNMjQxMDAzMTUxODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTFmYmY3YmY5NjMxZGYyNzFmMGFlMzZhMDA2Y2E2MjM1ZTIyNWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2cmHY+Gv/KeHer+oEZ+Lrrzaudlq
jWtP7zjNuDCjf2bXgBSAXlkjE/A/g59dfkhrWvBox20QjnBG9Lo4AKmWfHE/pMoR
VVgnldYHFdNWxCaQ3Xj2gCPPlB3tV7cNFd2cosIvMekRlJNKkkL0/WiD/4JrNOCp
oNvCK7PGg33cDiabdOPKhkR3zROoDZ7X9wCtYl12Grfkh9LysFn1vUY6KFUDGoWB
Wmjbyxt7Whj6jUnbvrzEm5QTSOA9yK9ksoFvbwh2MuS3EkoZyd5T23xAnZR4JZOE
FaJgGIqP/TfVRh3bSlCWtmw2cr/RB5xY5kEOd79vmfUG0iL2L4m4FaZ83wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKEfv3v5Yx3ycfCuNqAGymI14iXWMB8GA1UdIwQY
MBaAFAIzlALEKz+EmVxNWO9nDo0Wwq/iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWpPVUFzUXJQNFNaWEUxWTcyY09qUmJDci1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9lYjg3N2MtOTI5ZS00MWI2LWI5Y2It
ZmM2NGJmYzNkMmY5LzEvb1ItX2VfbGpIZkp4OEs0Mm9BYktZalhpSmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9lYjg3N2MtOTI5ZS00MWI2LWI5Y2ItZmM2NGJmYzNkMmY5
LzEvQWpPVUFzUXJQNFNaWEUxWTcyY09qUmJDci1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/EeMA8E
AgACMAkDBwAgAQZ8KlgwDQYJKoZIhvcNAQELBQADggEBAHQWbytFh1pj2lekUyad
241v4OSDBZbAxwCpqDnO1iqjgCYQ2rYMWjA2PdlruhzKIuNHJb8Kw/4JjJnD0pRl
T4vT9en2ZiuB2Cq9RDmkI307XMUCYd9GtUYZfXmXKJML/Ozphlhd8WHrlKdssYYw
KwXGYUiuuOdpb1rsQmnn5P16zayB0xeDRuxJjedASwgiMRsHYLuagvQVvDmYK2i+
CvL3gKAbdppjKA+E9+D++CsxVeWZjovEXQWKkSMl/1rl7GR3H9UiQKNnF9qixMdh
LBS9uiClIPDEV9RoVU8RDORmNb37t+/MSk92eOwpP87C6OzpPflt0lC4jGQMZVI/
5PE=
-----END CERTIFICATE-----