Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/rEjSOzJIwjQmPWvGE8ZJu_oQl3Q.roa
File:                     rEjSOzJIwjQmPWvGE8ZJu_oQl3Q.roa (raw, json)
Hash identifier:          o5EAAqiwz83GvbFO2byEhhtESghe3FaPvPBoxxW37qg=
Subject key identifier:   AC:48:D2:3B:32:48:C2:34:26:3D:6B:C6:13:C6:49:BB:FA:10:97:74
Certificate issuer:       /CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
Certificate serial:       018CC3B726D4C8CCC72436F18B2D82E1F6A2
Authority key identifier: A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/rEjSOzJIwjQmPWvGE8ZJu_oQl3Q.roa
Signing time:             Mon 01 Jan 2024 06:30:09 +0000
ROA not before:           Mon 01 Jan 2024 06:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202
IP address blocks:        91.240.72.0/24 maxlen: 24
                          185.42.232.0/24 maxlen: 24
                          185.42.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:26:d4:c8:cc:c7:24:36:f1:8b:2d:82:e1:f6:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a62f2d3c269d935227690b28b7fbdd953e1e9edc
        Validity
            Not Before: Jan  1 06:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac48d23b3248c234263d6bc613c649bbfa109774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a5:83:a3:cd:30:09:d4:72:0b:6d:06:a1:2a:
                    32:18:6a:fd:ad:95:65:bc:00:d3:3a:4a:c3:52:dc:
                    9d:3e:f6:ad:7e:89:c6:8b:3f:da:81:8b:3c:b1:f1:
                    f2:5c:e4:0f:5d:98:57:c6:d1:6c:f1:ec:20:b4:db:
                    2d:3c:29:b3:b0:71:7f:45:15:d7:84:ca:26:39:09:
                    9a:2d:a4:22:fb:fe:58:ed:2e:3f:24:5e:57:ac:56:
                    74:bd:e6:89:47:71:78:45:dd:98:7e:c3:ca:dd:15:
                    39:cb:21:e2:53:43:00:a3:0b:a9:fe:41:00:6f:60:
                    8c:8b:1a:07:1a:e5:83:fb:8a:e9:e5:fb:b6:f4:53:
                    da:5e:64:d6:d2:31:2c:48:fc:82:c3:e3:43:b1:5d:
                    a6:44:e5:c7:0d:6d:97:5c:90:a4:de:81:02:0c:74:
                    e5:86:c6:a4:f7:66:e5:12:67:18:0d:bf:ea:53:f9:
                    ff:72:72:14:d9:f6:3e:2d:bd:0f:c2:0d:2f:8b:f7:
                    bc:67:cd:cb:b3:aa:85:6d:95:60:bf:9d:25:8a:a4:
                    10:2a:1c:27:fc:23:d2:ef:3e:43:42:53:4d:e9:e8:
                    15:96:8d:90:9c:79:0e:f5:1f:7e:c4:70:57:29:f4:
                    e8:40:65:30:9e:8a:f3:b7:9f:69:68:04:c7:6b:64:
                    a6:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:48:D2:3B:32:48:C2:34:26:3D:6B:C6:13:C6:49:BB:FA:10:97:74
            X509v3 Authority Key Identifier:
                keyid:A6:2F:2D:3C:26:9D:93:52:27:69:0B:28:B7:FB:DD:95:3E:1E:9E:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pi8tPCadk1InaQsot_vdlT4entw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/rEjSOzJIwjQmPWvGE8ZJu_oQl3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/325b84-2ed4-4092-906c-100eed812c40/1/pi8tPCadk1InaQsot_vdlT4entw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.72.0/24
                  185.42.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         56:7b:03:aa:72:eb:10:7f:f6:3e:cb:54:af:2a:e1:79:70:df:
         e5:97:44:5b:f7:62:25:6f:59:d0:c3:45:5b:17:bb:67:94:58:
         f6:9e:ca:43:b0:21:a8:13:94:ef:a3:f1:e8:85:63:3b:8e:45:
         3d:34:d6:27:f1:fd:f7:fb:7b:c7:1c:e8:1c:45:4d:85:99:87:
         b5:45:69:3c:a5:03:7a:4d:cc:b6:bd:99:eb:18:b9:b1:1c:20:
         24:cf:b3:d6:44:37:7a:54:03:c3:61:db:4c:90:de:21:b3:ab:
         f7:a1:77:5c:d0:75:b1:02:a2:70:df:7d:e4:52:69:49:1e:45:
         c8:ff:5f:ee:1a:e8:29:4f:5c:94:a9:b6:bc:30:42:98:eb:0f:
         75:d5:bf:f1:78:db:a4:01:8c:f0:f9:73:72:69:f4:c6:48:78:
         d6:71:6a:fe:0f:81:3a:4e:c1:dc:72:63:c3:f9:66:0d:f9:34:
         67:a4:62:c2:28:7e:53:bf:e2:55:27:ce:20:ec:8f:fd:1c:28:
         a0:6f:cd:19:83:a7:b9:c7:6e:ba:87:34:fa:a5:1e:2f:76:8b:
         ce:82:3f:ae:48:4c:5c:7e:c1:6d:f0:82:e6:0d:e2:00:b7:0b:
         e0:33:23:30:87:a6:94:c1:03:e8:64:93:f7:2b:15:9b:4e:e1:
         4f:bd:d1:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtybUyMzHJDbxiy2C4faiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2MmYyZDNjMjY5ZDkzNTIyNzY5MGIyOGI3ZmJkZDk1M2Ux
ZTllZGMwHhcNMjQwMTAxMDYzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ4ZDIzYjMyNDhjMjM0MjYzZDZiYzYxM2M2NDliYmZhMTA5Nzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqWDo80wCdRyC20GoSoyGGr9rZVl
vADTOkrDUtydPvatfonGiz/agYs8sfHyXOQPXZhXxtFs8ewgtNstPCmzsHF/RRXX
hMomOQmaLaQi+/5Y7S4/JF5XrFZ0veaJR3F4Rd2YfsPK3RU5yyHiU0MAowup/kEA
b2CMixoHGuWD+4rp5fu29FPaXmTW0jEsSPyCw+NDsV2mROXHDW2XXJCk3oECDHTl
hsak92blEmcYDb/qU/n/cnIU2fY+Lb0Pwg0vi/e8Z83Ls6qFbZVgv50liqQQKhwn
/CPS7z5DQlNN6egVlo2QnHkO9R9+xHBXKfToQGUwnorzt59paATHa2Sm7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKxI0jsySMI0Jj1rxhPGSbv6EJd0MB8GA1UdIwQY
MBaAFKYvLTwmnZNSJ2kLKLf73ZU+Hp7cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMt
MTAwZWVkODEyYzQwLzEvckVqU096Skl3alFtUFd2R0U4Wkp1X29RbDNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zMjViODQtMmVkNC00MDkyLTkwNmMtMTAwZWVkODEyYzQw
LzEvcGk4dFBDYWRrMUluYVFzb3RfdmRsVDRlbnR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/BIAwQB
uSroMA0GCSqGSIb3DQEBCwUAA4IBAQBWewOqcusQf/Y+y1SvKuF5cN/ll0Rb92Il
b1nQw0VbF7tnlFj2nspDsCGoE5Tvo/HohWM7jkU9NNYn8f33+3vHHOgcRU2FmYe1
RWk8pQN6Tcy2vZnrGLmxHCAkz7PWRDd6VAPDYdtMkN4hs6v3oXdc0HWxAqJw333k
UmlJHkXI/1/uGugpT1yUqba8MEKY6w911b/xeNukAYzw+XNyafTGSHjWcWr+D4E6
TsHccmPD+WYN+TRnpGLCKH5Tv+JVJ84g7I/9HCigb80Zg6e5x266hzT6pR4vdovO
gj+uSExcfsFt8ILmDeIAtwvgMyMwh6aUwQPoZJP3KxWbTuFPvdEm
-----END CERTIFICATE-----