Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/5zNQmjLe9hugNqe1cSGUFfcrX4A.roa
File:                     5zNQmjLe9hugNqe1cSGUFfcrX4A.roa (raw, json)
Hash identifier:          86fsNTBHQhQVftXksNo/YbxCNnmrGt7DBJr1/op1c70=
Subject key identifier:   E7:33:50:9A:32:DE:F6:1B:A0:36:A7:B5:71:21:94:15:F7:2B:5F:80
Certificate issuer:       /CN=cf6843ce15229a8023d97fa27a37e59278b2bfd7
Certificate serial:       018CC5DC2ACD1BC043647B31CA69E6C5FDFC
Authority key identifier: CF:68:43:CE:15:22:9A:80:23:D9:7F:A2:7A:37:E5:92:78:B2:BF:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z2hDzhUimoAj2X-iejflkniyv9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/5zNQmjLe9hugNqe1cSGUFfcrX4A.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197944
IP address blocks:        91.230.90.0/24 maxlen: 24
                          2001:67c:24dc::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/z2hDzhUimoAj2X-iejflkniyv9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/z2hDzhUimoAj2X-iejflkniyv9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z2hDzhUimoAj2X-iejflkniyv9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2a:cd:1b:c0:43:64:7b:31:ca:69:e6:c5:fd:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf6843ce15229a8023d97fa27a37e59278b2bfd7
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e733509a32def61ba036a7b571219415f72b5f80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:29:2e:30:1e:fe:76:43:38:9a:98:7c:fa:0b:
                    a2:57:4e:3f:74:e3:c3:ca:dc:a5:58:db:f9:10:ce:
                    64:24:7e:73:89:5e:0f:0d:05:2e:26:6d:db:0a:81:
                    f9:f3:30:c4:9d:4b:0a:71:0b:e8:52:d0:d4:97:70:
                    96:b4:3c:2c:88:b9:37:15:d8:21:8e:d7:d3:a1:df:
                    8d:f9:82:3c:56:09:23:32:52:ba:95:2a:2e:83:9e:
                    51:c9:8a:62:a6:a8:37:fc:fe:ad:a6:55:de:d3:0e:
                    24:5b:de:5c:e6:be:2c:98:9d:f6:f5:9f:c0:ac:14:
                    b6:81:1e:b5:35:d6:dc:67:4f:cd:5f:db:b1:ef:56:
                    31:61:cb:ac:d2:d9:4b:22:c5:8e:9f:e2:23:2a:e1:
                    a3:14:90:c0:9d:6f:01:36:73:df:32:e6:d2:74:51:
                    03:29:a3:7c:63:8c:b7:bc:1b:0c:27:af:b7:5c:02:
                    45:b8:ae:58:59:f7:f6:e8:1c:b3:00:1a:78:cb:34:
                    c6:22:c3:75:dc:f3:46:c9:2b:47:64:f9:f7:a5:d9:
                    8e:5c:83:fe:d7:81:68:94:20:45:f2:e1:8b:72:91:
                    d7:7b:5a:9c:68:3c:0f:30:cd:d7:c6:c4:a9:8a:1b:
                    51:02:97:0b:b7:bd:c1:b2:70:8b:00:e7:12:02:e5:
                    d7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:33:50:9A:32:DE:F6:1B:A0:36:A7:B5:71:21:94:15:F7:2B:5F:80
            X509v3 Authority Key Identifier:
                keyid:CF:68:43:CE:15:22:9A:80:23:D9:7F:A2:7A:37:E5:92:78:B2:BF:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z2hDzhUimoAj2X-iejflkniyv9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/5zNQmjLe9hugNqe1cSGUFfcrX4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/z2hDzhUimoAj2X-iejflkniyv9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.90.0/24
                IPv6:
                  2001:67c:24dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:26:d9:10:ba:9d:63:16:17:b3:67:3b:32:48:ee:e5:14:e7:
         04:5d:8b:ec:c0:02:53:5a:6f:23:1f:f7:52:11:bf:07:07:1f:
         71:1d:2a:75:a8:a4:7d:e6:d0:37:88:22:62:b5:9d:30:e4:03:
         9d:d9:74:8a:61:e0:d3:e9:23:29:06:26:9c:3a:f2:f1:d0:2b:
         e5:ed:39:ef:7f:dc:60:b2:fb:49:ea:ec:2d:41:76:8b:57:70:
         ae:7b:e8:38:86:90:76:9a:8f:46:06:8c:bb:6a:3d:b9:00:1a:
         5b:33:8f:a8:2a:c4:b7:4e:d3:a1:a3:0f:ef:21:6e:cd:47:6e:
         25:e5:f3:c0:b1:ba:22:49:5f:51:a5:0b:5c:a8:7f:db:04:b0:
         2b:c0:d4:a7:17:2b:af:3a:13:0a:1f:bb:33:08:4d:64:0c:6e:
         b0:11:ee:4b:bc:2f:f3:b9:a2:c9:18:8f:fe:0a:27:a9:41:54:
         bf:2d:b2:2d:03:24:ce:4f:8c:8c:3c:67:cd:6b:54:62:98:ae:
         b2:bb:3f:be:52:25:4d:88:b4:f5:6e:57:1a:72:73:68:9f:f7:
         70:96:02:eb:1b:00:c2:fc:e5:60:f6:15:78:ab:fa:4e:a4:d4:
         2a:56:24:87:eb:17:7e:ff:67:02:46:b1:a7:1c:51:a6:0f:a6:
         e7:2f:34:a6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3CrNG8BDZHsxymnmxf38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNjg0M2NlMTUyMjlhODAyM2Q5N2ZhMjdhMzdlNTkyNzhi
MmJmZDcwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzMzNTA5YTMyZGVmNjFiYTAzNmE3YjU3MTIxOTQxNWY3MmI1ZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ykuMB7+dkM4mph8+guiV04/dOPD
ytylWNv5EM5kJH5ziV4PDQUuJm3bCoH58zDEnUsKcQvoUtDUl3CWtDwsiLk3Fdgh
jtfTod+N+YI8VgkjMlK6lSoug55RyYpipqg3/P6tplXe0w4kW95c5r4smJ329Z/A
rBS2gR61NdbcZ0/NX9ux71YxYcus0tlLIsWOn+IjKuGjFJDAnW8BNnPfMubSdFED
KaN8Y4y3vBsMJ6+3XAJFuK5YWff26ByzABp4yzTGIsN13PNGyStHZPn3pdmOXIP+
14FolCBF8uGLcpHXe1qcaDwPMM3XxsSpihtRApcLt73BsnCLAOcSAuXXgQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOczUJoy3vYboDantXEhlBX3K1+AMB8GA1UdIwQY
MBaAFM9oQ84VIpqAI9l/ono35ZJ4sr/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejJoRHpoVWltb0FqMlgtaWVqZmxrbml5djljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy83NjFiNDgtNjllYS00MGU0LThkN2Mt
NjRjZDE5NGY3ZjRmLzEvNXpOUW1qTGU5aHVnTnFlMWNTR1VGZmNyWDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy83NjFiNDgtNjllYS00MGU0LThkN2MtNjRjZDE5NGY3ZjRm
LzEvejJoRHpoVWltb0FqMlgtaWVqZmxrbml5djljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+ZaMA8E
AgACMAkDBwAgAQZ8JNwwDQYJKoZIhvcNAQELBQADggEBACYm2RC6nWMWF7NnOzJI
7uUU5wRdi+zAAlNabyMf91IRvwcHH3EdKnWopH3m0DeIImK1nTDkA53ZdIph4NPp
IykGJpw68vHQK+XtOe9/3GCy+0nq7C1BdotXcK576DiGkHaaj0YGjLtqPbkAGlsz
j6gqxLdO06GjD+8hbs1HbiXl88CxuiJJX1GlC1yof9sEsCvA1KcXK686EwofuzMI
TWQMbrAR7ku8L/O5oskYj/4KJ6lBVL8tsi0DJM5PjIw8Z81rVGKYrrK7P75SJU2I
tPVuVxpyc2if93CWAusbAML85WD2FXir+k6k1CpWJIfrF37/ZwJGsaccUaYPpucv
NKY=
-----END CERTIFICATE-----