Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/x5OcpBtDjdmsNegcpqKRcYGfe4I.roa
File:                     x5OcpBtDjdmsNegcpqKRcYGfe4I.roa (raw, json)
Hash identifier:          tztbQVf1Csx2bxGYr7VD6e2RtMD/c7biQ+Jk1Ftm9xk=
Subject key identifier:   C7:93:9C:A4:1B:43:8D:D9:AC:35:E8:1C:A6:A2:91:71:81:9F:7B:82
Certificate issuer:       /CN=0eca6e06c6824bd1b811183e0e17fa19496d261c
Certificate serial:       019423D732D678B96EAE132E9D468F326E00
Authority key identifier: 0E:CA:6E:06:C6:82:4B:D1:B8:11:18:3E:0E:17:FA:19:49:6D:26:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DspuBsaCS9G4ERg-Dhf6GUltJhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/x5OcpBtDjdmsNegcpqKRcYGfe4I.roa
Signing time:             Wed 01 Jan 2025 21:48:13 +0000
ROA not before:           Wed 01 Jan 2025 21:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8352
IP address blocks:        91.213.148.0/24 maxlen: 24
                          185.65.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/DspuBsaCS9G4ERg-Dhf6GUltJhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/DspuBsaCS9G4ERg-Dhf6GUltJhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DspuBsaCS9G4ERg-Dhf6GUltJhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:32:d6:78:b9:6e:ae:13:2e:9d:46:8f:32:6e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0eca6e06c6824bd1b811183e0e17fa19496d261c
        Validity
            Not Before: Jan  1 21:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7939ca41b438dd9ac35e81ca6a29171819f7b82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:1b:88:71:b8:05:af:e7:02:d6:29:fd:7b:02:
                    48:33:31:42:8f:a7:75:a6:5e:e7:34:ff:b1:94:77:
                    49:eb:01:cc:fe:89:08:bf:a4:31:2e:17:1d:f7:97:
                    cc:f4:c9:e4:ba:6b:d2:3e:6e:48:6e:9b:f0:c8:97:
                    67:d7:26:ce:b4:21:d5:43:a1:7e:84:0b:c8:bb:da:
                    17:bd:da:76:04:b8:c1:68:1a:ab:44:3f:50:d2:0b:
                    0c:00:0e:4d:5f:b5:73:86:9a:3c:31:35:a8:b1:ed:
                    e1:a8:41:86:0f:bc:59:10:ed:8e:1d:8b:3c:2d:48:
                    09:eb:36:e7:04:18:38:51:c4:61:34:2b:ce:51:32:
                    a7:38:d3:6f:92:ad:5f:57:48:04:47:79:38:e3:5c:
                    d6:36:6e:37:1c:ae:06:58:82:5e:bb:a9:4e:9d:1b:
                    da:e2:ed:90:d5:45:e6:e6:07:e6:c4:64:6d:6d:8f:
                    2b:5b:74:cd:50:4e:34:0f:13:68:7f:13:84:fd:e2:
                    fa:52:6e:be:5f:0d:c3:d7:5f:b4:af:0d:28:6f:f7:
                    87:94:12:6b:0f:ea:4a:78:c0:16:a0:9b:e4:d6:ab:
                    06:74:2a:65:32:e7:8d:c6:00:9e:b8:c7:e5:a7:11:
                    1f:f3:2f:64:f7:8d:62:22:7a:e0:8a:3b:91:0b:79:
                    a0:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:93:9C:A4:1B:43:8D:D9:AC:35:E8:1C:A6:A2:91:71:81:9F:7B:82
            X509v3 Authority Key Identifier:
                keyid:0E:CA:6E:06:C6:82:4B:D1:B8:11:18:3E:0E:17:FA:19:49:6D:26:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DspuBsaCS9G4ERg-Dhf6GUltJhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/x5OcpBtDjdmsNegcpqKRcYGfe4I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/DspuBsaCS9G4ERg-Dhf6GUltJhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.148.0/24
                  185.65.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:b2:d0:2a:f1:2e:a3:d0:b0:6b:7c:d6:6f:a6:e4:48:7e:75:
         01:06:cf:88:0c:bd:b2:b3:ea:c1:f0:bb:b0:4e:84:3e:48:6f:
         b8:14:72:54:ed:d4:42:be:40:9d:db:ea:75:ea:90:f5:5e:4d:
         29:06:24:4b:63:27:56:10:9f:7e:23:98:2d:66:a3:d6:aa:f2:
         3c:59:94:74:3d:88:58:be:87:84:81:4b:48:c2:cc:0c:ac:13:
         68:e6:27:24:17:c8:fb:3b:18:17:1d:35:59:24:af:ee:c5:73:
         09:fd:09:89:4a:d5:66:b5:20:bf:d5:82:91:21:5f:82:42:91:
         35:4a:3b:ba:5d:f5:70:7a:bb:c6:7a:46:57:1a:5f:90:47:7a:
         cf:ca:79:db:53:9d:25:d1:02:72:93:53:cf:01:b0:6f:4f:dd:
         4c:aa:cf:11:ee:ca:ad:4e:8a:d6:a7:24:73:92:e3:a6:7b:f8:
         be:a9:80:2e:46:8c:03:de:15:56:80:8b:d3:26:4e:6b:18:9a:
         8e:7f:b8:4a:bd:d5:9c:f0:e6:a9:1a:f6:4e:e7:64:37:47:59:
         cd:f3:61:32:29:20:89:fe:03:6b:8b:11:ed:cd:34:61:71:a9:
         3a:cd:46:d8:d3:3e:c5:3e:93:c9:ce:34:27:9c:6e:ea:ed:69:
         e8:f4:a4:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1zLWeLlurhMunUaPMm4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlY2E2ZTA2YzY4MjRiZDFiODExMTgzZTBlMTdmYTE5NDk2
ZDI2MWMwHhcNMjUwMTAxMjE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzkzOWNhNDFiNDM4ZGQ5YWMzNWU4MWNhNmEyOTE3MTgxOWY3YjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBuIcbgFr+cC1in9ewJIMzFCj6d1
pl7nNP+xlHdJ6wHM/okIv6QxLhcd95fM9MnkumvSPm5IbpvwyJdn1ybOtCHVQ6F+
hAvIu9oXvdp2BLjBaBqrRD9Q0gsMAA5NX7Vzhpo8MTWose3hqEGGD7xZEO2OHYs8
LUgJ6zbnBBg4UcRhNCvOUTKnONNvkq1fV0gER3k441zWNm43HK4GWIJeu6lOnRva
4u2Q1UXm5gfmxGRtbY8rW3TNUE40DxNofxOE/eL6Um6+Xw3D11+0rw0ob/eHlBJr
D+pKeMAWoJvk1qsGdCplMueNxgCeuMflpxEf8y9k941iInrgijuRC3mgRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMeTnKQbQ43ZrDXoHKaikXGBn3uCMB8GA1UdIwQY
MBaAFA7KbgbGgkvRuBEYPg4X+hlJbSYcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHNwdUJzYUNTOUc0RVJnLURoZjZHVWx0Smh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy85MTM3ZmYtMjA2My00Njc1LThkZTct
Y2ZkM2ZmOWZkZjdiLzEveDVPY3BCdERqZG1zTmVnY3BxS1JjWUdmZTRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy85MTM3ZmYtMjA2My00Njc1LThkZTctY2ZkM2ZmOWZkZjdi
LzEvRHNwdUJzYUNTOUc0RVJnLURoZjZHVWx0Smh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9WUAwQA
uUGNMA0GCSqGSIb3DQEBCwUAA4IBAQBistAq8S6j0LBrfNZvpuRIfnUBBs+IDL2y
s+rB8LuwToQ+SG+4FHJU7dRCvkCd2+p16pD1Xk0pBiRLYydWEJ9+I5gtZqPWqvI8
WZR0PYhYvoeEgUtIwswMrBNo5ickF8j7OxgXHTVZJK/uxXMJ/QmJStVmtSC/1YKR
IV+CQpE1Sju6XfVwervGekZXGl+QR3rPynnbU50l0QJyk1PPAbBvT91Mqs8R7sqt
TorWpyRzkuOme/i+qYAuRowD3hVWgIvTJk5rGJqOf7hKvdWc8OapGvZO52Q3R1nN
82EyKSCJ/gNrixHtzTRhcak6zUbY0z7FPpPJzjQnnG7q7Wno9KTA
-----END CERTIFICATE-----