Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/eN7Xz_vKPidhL0yRZFxL2Qt14_o.roa
File:                     eN7Xz_vKPidhL0yRZFxL2Qt14_o.roa (raw, json)
Hash identifier:          3Yoo93Qhbm9hHe7zfS8SvvADWVpr883ZjQTsJIXsQEs=
Subject key identifier:   78:DE:D7:CF:FB:CA:3E:27:61:2F:4C:91:64:5C:4B:D9:0B:75:E3:FA
Certificate issuer:       /CN=e91f9dbbe68b84027ced4d31e8803f13e9d65d13
Certificate serial:       018CC94DD729930E10684447FE7D9D1F23DA
Authority key identifier: E9:1F:9D:BB:E6:8B:84:02:7C:ED:4D:31:E8:80:3F:13:E9:D6:5D:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6R-du-aLhAJ87U0x6IA_E-nWXRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/eN7Xz_vKPidhL0yRZFxL2Qt14_o.roa
Signing time:             Tue 02 Jan 2024 08:32:50 +0000
ROA not before:           Tue 02 Jan 2024 08:32:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42905
IP address blocks:        91.199.245.0/24 maxlen: 24
                          193.200.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/6R-du-aLhAJ87U0x6IA_E-nWXRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/6R-du-aLhAJ87U0x6IA_E-nWXRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6R-du-aLhAJ87U0x6IA_E-nWXRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d7:29:93:0e:10:68:44:47:fe:7d:9d:1f:23:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e91f9dbbe68b84027ced4d31e8803f13e9d65d13
        Validity
            Not Before: Jan  2 08:32:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78ded7cffbca3e27612f4c91645c4bd90b75e3fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d1:db:23:f7:ca:07:30:3f:02:0e:f0:d5:d3:
                    db:f0:76:62:b4:5e:45:13:d3:70:78:d1:ae:32:d4:
                    15:f7:a2:e5:c2:19:46:0a:e2:18:7b:37:8e:79:a3:
                    a3:b6:c6:ff:8b:af:69:43:23:79:74:32:b2:48:ab:
                    f1:8c:07:09:cc:2c:48:df:eb:76:dc:75:60:54:50:
                    28:10:13:ff:9b:7c:b0:6f:92:2d:99:a3:01:c1:3f:
                    73:21:9d:8d:82:05:ee:40:df:a4:b7:43:aa:c3:58:
                    cb:92:ad:ee:f2:06:b0:9e:41:34:6f:cb:cb:6a:a8:
                    7b:b8:73:3c:6d:aa:a8:54:00:80:b4:64:1f:79:cd:
                    b6:45:92:93:8c:f8:79:93:97:08:7e:7b:c0:ce:e7:
                    2e:43:ad:a8:fb:f5:52:e2:d6:0a:b1:de:e4:61:2f:
                    32:32:88:67:fa:71:a2:8e:63:51:a2:40:2a:4c:40:
                    f6:67:91:d1:df:72:7f:61:39:61:15:0c:68:80:f5:
                    70:45:03:c2:8d:81:d6:98:2e:ef:21:a6:cb:55:64:
                    da:7d:19:c0:37:a7:3e:ba:2b:bb:95:c8:b7:fb:08:
                    90:f7:43:e1:0b:13:c3:3c:51:c4:55:81:b9:d8:c7:
                    e1:27:ea:56:38:86:0d:fc:64:96:b9:e5:f4:fc:db:
                    e3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:DE:D7:CF:FB:CA:3E:27:61:2F:4C:91:64:5C:4B:D9:0B:75:E3:FA
            X509v3 Authority Key Identifier:
                keyid:E9:1F:9D:BB:E6:8B:84:02:7C:ED:4D:31:E8:80:3F:13:E9:D6:5D:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6R-du-aLhAJ87U0x6IA_E-nWXRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/eN7Xz_vKPidhL0yRZFxL2Qt14_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/0afac0-27b9-4637-9cde-b4e79f781e4d/1/6R-du-aLhAJ87U0x6IA_E-nWXRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.245.0/24
                  193.200.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:f1:cf:16:49:ed:f4:45:28:f5:ee:20:7b:1f:00:9b:00:8e:
         dd:bd:b1:fd:0d:5a:e5:83:3b:00:ce:52:50:6a:b2:80:16:fa:
         93:56:4a:37:be:74:4e:4f:1e:3c:99:ab:49:6c:04:81:c6:39:
         7d:89:2f:bf:0c:29:f9:79:d5:81:2a:fb:3d:25:65:92:d2:ee:
         6b:ae:04:e0:4b:3f:70:f9:31:ab:eb:98:e3:74:c7:ad:eb:f1:
         8c:8a:3e:ef:08:89:03:d4:e9:ca:25:70:4a:5d:64:57:14:ae:
         43:87:9c:60:4c:ef:ae:b2:1b:3e:57:39:21:e3:1e:a0:36:99:
         73:4e:92:b9:7a:18:6d:75:80:5f:07:63:35:ee:20:52:76:b9:
         ac:03:fd:0e:63:e4:7e:39:dd:4a:f9:34:35:6e:56:62:74:a5:
         4a:b9:07:cc:6d:da:d1:20:97:9c:4a:8f:41:01:3a:a2:d9:31:
         2b:83:ef:6a:ca:17:49:60:b2:72:a6:be:bb:7f:a2:c5:4a:db:
         7f:8f:07:ed:d0:46:c3:61:2f:60:0b:64:93:41:24:b1:24:c2:
         10:58:a3:25:75:ff:fe:92:2c:60:46:58:d9:99:57:c3:ed:bf:
         a3:8e:70:05:7f:6a:cf:c5:c1:34:e0:47:11:88:ee:a5:9f:a1:
         78:64:df:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTdcpkw4QaERH/n2dHyPaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MWY5ZGJiZTY4Yjg0MDI3Y2VkNGQzMWU4ODAzZjEzZTlk
NjVkMTMwHhcNMjQwMTAyMDgzMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGRlZDdjZmZiY2EzZTI3NjEyZjRjOTE2NDVjNGJkOTBiNzVlM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdHbI/fKBzA/Ag7w1dPb8HZitF5F
E9NweNGuMtQV96LlwhlGCuIYezeOeaOjtsb/i69pQyN5dDKySKvxjAcJzCxI3+t2
3HVgVFAoEBP/m3ywb5ItmaMBwT9zIZ2NggXuQN+kt0Oqw1jLkq3u8gawnkE0b8vL
aqh7uHM8baqoVACAtGQfec22RZKTjPh5k5cIfnvAzucuQ62o+/VS4tYKsd7kYS8y
Mohn+nGijmNRokAqTED2Z5HR33J/YTlhFQxogPVwRQPCjYHWmC7vIabLVWTafRnA
N6c+uiu7lci3+wiQ90PhCxPDPFHEVYG52MfhJ+pWOIYN/GSWueX0/NvjPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHje18/7yj4nYS9MkWRcS9kLdeP6MB8GA1UdIwQY
MBaAFOkfnbvmi4QCfO1NMeiAPxPp1l0TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlItZHUtYUxoQUo4N1UweDZJQV9FLW5XWFJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8wYWZhYzAtMjdiOS00NjM3LTljZGUt
YjRlNzlmNzgxZTRkLzEvZU43WHpfdktQaWRoTDB5UlpGeEwyUXQxNF9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8wYWZhYzAtMjdiOS00NjM3LTljZGUtYjRlNzlmNzgxZTRk
LzEvNlItZHUtYUxoQUo4N1UweDZJQV9FLW5XWFJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8f1AwQA
wciXMA0GCSqGSIb3DQEBCwUAA4IBAQCd8c8WSe30RSj17iB7HwCbAI7dvbH9DVrl
gzsAzlJQarKAFvqTVko3vnROTx48matJbASBxjl9iS+/DCn5edWBKvs9JWWS0u5r
rgTgSz9w+TGr65jjdMet6/GMij7vCIkD1OnKJXBKXWRXFK5Dh5xgTO+ushs+Vzkh
4x6gNplzTpK5ehhtdYBfB2M17iBSdrmsA/0OY+R+Od1K+TQ1blZidKVKuQfMbdrR
IJecSo9BATqi2TErg+9qyhdJYLJypr67f6LFStt/jwft0EbDYS9gC2STQSSxJMIQ
WKMldf/+kixgRljZmVfD7b+jjnAFf2rPxcE04EcRiO6ln6F4ZN84
-----END CERTIFICATE-----