Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/OSfCvRDn5rwH2xpcMtEUP0sV1D0.roa
File:                     OSfCvRDn5rwH2xpcMtEUP0sV1D0.roa (raw, json)
Hash identifier:          YJd7BM/YO/DejIANNT19DgGaGBCVl/athIJy3uYWmVc=
Subject key identifier:   39:27:C2:BD:10:E7:E6:BC:07:DB:1A:5C:32:D1:14:3F:4B:15:D4:3D
Certificate issuer:       /CN=e575def18a75eb45c440771ace246c50e8a9d316
Certificate serial:       0194228E1AD61119CE696715A0D0DE657A3E
Authority key identifier: E5:75:DE:F1:8A:75:EB:45:C4:40:77:1A:CE:24:6C:50:E8:A9:D3:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5XXe8Yp160XEQHcaziRsUOip0xY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/OSfCvRDn5rwH2xpcMtEUP0sV1D0.roa
Signing time:             Wed 01 Jan 2025 15:48:45 +0000
ROA not before:           Wed 01 Jan 2025 15:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57601
IP address blocks:        91.233.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/5XXe8Yp160XEQHcaziRsUOip0xY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/5XXe8Yp160XEQHcaziRsUOip0xY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5XXe8Yp160XEQHcaziRsUOip0xY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:1a:d6:11:19:ce:69:67:15:a0:d0:de:65:7a:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e575def18a75eb45c440771ace246c50e8a9d316
        Validity
            Not Before: Jan  1 15:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3927c2bd10e7e6bc07db1a5c32d1143f4b15d43d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:58:3c:84:15:01:ca:40:b2:7c:4c:1c:1d:f7:
                    79:32:43:28:6b:ae:80:a0:53:a7:ec:ca:68:bf:b3:
                    02:07:66:37:12:f6:68:f7:a4:2c:18:3f:67:4a:99:
                    8e:94:d8:63:15:27:90:ac:62:4c:f4:e3:bb:6e:f3:
                    5d:80:9e:ec:31:f9:80:8f:64:85:38:ad:52:1d:98:
                    ba:e5:a6:f0:fe:d3:ba:b7:09:d6:9b:c6:96:b8:87:
                    22:c4:87:04:3f:45:25:b5:24:b9:a8:c8:a8:59:55:
                    bb:eb:f0:6b:95:e6:a8:84:a6:35:71:34:25:87:e2:
                    9d:99:30:60:b9:6e:da:7b:27:74:02:c6:3b:32:41:
                    09:f0:e8:38:f8:31:34:2b:41:6c:f8:36:03:c0:5d:
                    d1:2f:40:a1:0d:78:fe:b7:f4:4d:27:63:f3:c7:4e:
                    03:93:3c:dd:91:30:f4:d9:45:b6:69:9a:35:bf:5e:
                    29:1a:d7:40:d8:6a:33:38:60:ae:d2:b9:75:f2:72:
                    c7:9a:60:11:0c:6b:70:e8:3c:c3:7a:ea:a4:3f:3d:
                    9b:94:b7:13:4a:be:19:56:5b:84:ff:69:e4:10:1f:
                    07:09:c5:0f:72:6f:c3:f9:3b:89:20:4e:38:2b:ba:
                    79:28:e1:fe:1e:3a:24:ee:bb:70:24:10:22:be:47:
                    1e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:27:C2:BD:10:E7:E6:BC:07:DB:1A:5C:32:D1:14:3F:4B:15:D4:3D
            X509v3 Authority Key Identifier:
                keyid:E5:75:DE:F1:8A:75:EB:45:C4:40:77:1A:CE:24:6C:50:E8:A9:D3:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5XXe8Yp160XEQHcaziRsUOip0xY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/OSfCvRDn5rwH2xpcMtEUP0sV1D0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/ca0898-2979-43ae-8b89-fb9741359727/1/5XXe8Yp160XEQHcaziRsUOip0xY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:2d:d4:4a:be:3a:27:1a:2f:b7:52:76:18:32:a3:f7:61:ce:
         c8:de:fa:cf:4e:ba:f4:c4:93:93:15:1a:75:58:42:3b:41:a7:
         49:9a:fe:47:4f:1f:7d:6c:ea:47:5f:37:51:06:5b:02:61:ef:
         d0:51:41:b3:0d:16:64:55:4b:e1:62:fb:67:de:6e:8a:51:93:
         d6:59:67:f1:e6:de:b1:f1:7c:9a:c1:7a:ba:0b:da:27:2d:bc:
         0f:41:37:9e:5e:7e:69:fe:e3:3d:8e:23:28:c9:b1:5d:a0:d8:
         f6:c6:10:bb:6d:c7:5e:05:2a:c5:04:1d:7d:e2:44:18:3f:dd:
         41:06:14:b1:87:1e:3a:ee:8d:d3:4e:42:05:b1:c9:ff:14:ed:
         f3:de:5f:e1:f0:58:61:1c:0e:4b:25:36:a3:b3:7e:bb:f0:92:
         d9:9f:90:8c:d4:f3:0b:93:87:94:50:1d:4c:c7:fc:ec:b9:42:
         fa:86:96:30:12:2d:ce:60:06:e7:01:b6:bb:76:80:e1:0a:0f:
         a2:65:4b:bc:87:8c:9c:ce:94:8f:fe:71:bd:5b:2b:ef:38:08:
         13:2e:6e:22:22:18:4e:46:9c:35:6a:4c:01:fc:ca:05:f5:24:
         dd:30:7b:00:3e:0b:2e:26:4e:8c:90:70:71:41:29:e7:d2:24:
         12:f7:e7:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijhrWERnOaWcVoNDeZXo+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1NzVkZWYxOGE3NWViNDVjNDQwNzcxYWNlMjQ2YzUwZThh
OWQzMTYwHhcNMjUwMTAxMTU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTI3YzJiZDEwZTdlNmJjMDdkYjFhNWMzMmQxMTQzZjRiMTVkNDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFg8hBUBykCyfEwcHfd5MkMoa66A
oFOn7Mpov7MCB2Y3EvZo96QsGD9nSpmOlNhjFSeQrGJM9OO7bvNdgJ7sMfmAj2SF
OK1SHZi65abw/tO6twnWm8aWuIcixIcEP0UltSS5qMioWVW76/BrleaohKY1cTQl
h+KdmTBguW7aeyd0AsY7MkEJ8Og4+DE0K0Fs+DYDwF3RL0ChDXj+t/RNJ2Pzx04D
kzzdkTD02UW2aZo1v14pGtdA2GozOGCu0rl18nLHmmARDGtw6DzDeuqkPz2blLcT
Sr4ZVluE/2nkEB8HCcUPcm/D+TuJIE44K7p5KOH+Hjok7rtwJBAivkcedwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDknwr0Q5+a8B9saXDLRFD9LFdQ9MB8GA1UdIwQY
MBaAFOV13vGKdetFxEB3Gs4kbFDoqdMWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVhYZThZcDE2MFhFUUhjYXppUnNVT2lwMHhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9jYTA4OTgtMjk3OS00M2FlLThiODkt
ZmI5NzQxMzU5NzI3LzEvT1NmQ3ZSRG41cndIMnhwY010RVVQMHNWMUQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9jYTA4OTgtMjk3OS00M2FlLThiODktZmI5NzQxMzU5NzI3
LzEvNVhYZThZcDE2MFhFUUhjYXppUnNVT2lwMHhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+lnMA0G
CSqGSIb3DQEBCwUAA4IBAQCILdRKvjonGi+3UnYYMqP3Yc7I3vrPTrr0xJOTFRp1
WEI7QadJmv5HTx99bOpHXzdRBlsCYe/QUUGzDRZkVUvhYvtn3m6KUZPWWWfx5t6x
8XyawXq6C9onLbwPQTeeXn5p/uM9jiMoybFdoNj2xhC7bcdeBSrFBB194kQYP91B
BhSxhx467o3TTkIFscn/FO3z3l/h8FhhHA5LJTajs3678JLZn5CM1PMLk4eUUB1M
x/zsuUL6hpYwEi3OYAbnAba7doDhCg+iZUu8h4yczpSP/nG9WyvvOAgTLm4iIhhO
Rpw1akwB/MoF9STdMHsAPgsuJk6MkHBxQSnn0iQS9+fN
-----END CERTIFICATE-----