Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/7xAcmo220oCYc6gaudf4mxgJx1M.roa
File:                     7xAcmo220oCYc6gaudf4mxgJx1M.roa (raw, json)
Hash identifier:          zweiLRIChZgxvn1lL8CGIVywv+/wxSDhmEu7DizOmRI=
Subject key identifier:   EF:10:1C:9A:8D:B6:D2:80:98:73:A8:1A:B9:D7:F8:9B:18:09:C7:53
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       018CC3B743E10B7124982BB299F68BD9F708
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/7xAcmo220oCYc6gaudf4mxgJx1M.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57967
IP address blocks:        91.237.90.0/24 maxlen: 24
                          2001:67c:2794::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:43:e1:0b:71:24:98:2b:b2:99:f6:8b:d9:f7:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef101c9a8db6d2809873a81ab9d7f89b1809c753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d8:88:2e:34:d5:96:30:e7:5f:6e:f6:60:35:
                    73:a9:d8:3d:e8:29:8a:3e:1b:56:3d:ca:46:6f:23:
                    8d:e0:98:e2:1a:1e:00:08:f4:3e:8e:ae:fe:f3:30:
                    b0:82:90:85:7b:b2:02:fa:d5:0e:19:b5:d4:d4:4f:
                    de:0d:15:91:fc:99:c4:75:03:36:32:86:7a:7f:18:
                    45:e8:e4:e2:30:69:b2:19:7f:09:e6:66:ca:59:51:
                    eb:a5:84:9a:58:82:1a:23:91:5d:58:d3:c9:fe:0f:
                    a2:85:05:ac:d1:68:9d:4c:ee:e2:48:f6:f4:1e:d4:
                    6a:83:02:f9:88:6c:30:b6:d0:24:78:9a:3a:78:e7:
                    34:39:6d:0f:0a:bd:5b:64:0f:d3:c1:7d:2c:22:d1:
                    6a:12:47:cc:7e:f6:c6:eb:c1:5c:11:b5:12:39:40:
                    00:3a:79:65:aa:2c:c6:cf:9a:84:26:9d:dd:91:95:
                    13:21:cb:c9:36:4d:3c:8b:05:ba:a0:90:f7:08:4a:
                    f0:67:e1:3d:08:fc:2c:71:62:26:f8:1d:56:29:11:
                    d2:1d:58:29:ad:55:83:9b:15:eb:43:29:f6:e8:8b:
                    11:3d:8a:e7:97:2e:09:c1:11:58:f4:b9:ad:cb:4b:
                    17:0a:20:6a:e8:a8:ec:4b:c0:73:ee:80:f8:5d:43:
                    1b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:10:1C:9A:8D:B6:D2:80:98:73:A8:1A:B9:D7:F8:9B:18:09:C7:53
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/7xAcmo220oCYc6gaudf4mxgJx1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.90.0/24
                IPv6:
                  2001:67c:2794::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:ab:48:ee:30:92:ac:f9:9a:d4:d8:23:ba:41:5b:ad:34:c9:
         9b:27:f8:e9:fe:14:71:e1:24:0d:24:12:9e:d7:26:82:ff:7e:
         fd:a1:33:3f:69:be:90:78:53:94:aa:04:23:63:0f:a9:f3:35:
         17:f9:00:f9:b5:36:4a:85:33:e6:be:cf:a8:f4:a8:96:4b:34:
         81:4f:0a:08:1d:9d:31:0d:24:f3:93:92:78:c6:7b:93:a8:b8:
         be:54:ed:98:ca:f7:12:85:39:57:39:23:d8:9e:ee:9f:a8:75:
         e3:5b:bf:19:2a:ff:4d:05:c0:fe:5a:bd:eb:75:57:bf:cc:d1:
         86:f9:4c:8b:bc:7c:ce:ff:7a:52:82:e7:6b:96:95:af:b1:ba:
         67:5a:4e:3b:10:c9:29:bf:e8:8f:cd:4e:b2:1b:9e:cb:b3:f1:
         7e:37:08:95:e2:08:eb:f1:8a:9e:96:3b:70:36:96:29:03:04:
         c6:69:ef:98:bd:ba:7a:98:73:ec:11:dd:7e:42:76:1a:37:82:
         69:43:c3:38:bb:66:89:d0:a6:88:ae:2a:c5:a6:5f:97:56:4f:
         c7:cc:ca:d2:cd:ce:fa:ef:94:b8:42:22:19:dc:fa:67:fd:78:
         4f:30:d2:69:08:6e:89:d0:65:9f:44:3c:c0:86:e4:27:22:a7:
         7c:87:d9:95
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDt0PhC3EkmCuymfaL2fcIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjEwMWM5YThkYjZkMjgwOTg3M2E4MWFiOWQ3Zjg5YjE4MDljNzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9iILjTVljDnX272YDVzqdg96CmK
PhtWPcpGbyON4JjiGh4ACPQ+jq7+8zCwgpCFe7IC+tUOGbXU1E/eDRWR/JnEdQM2
MoZ6fxhF6OTiMGmyGX8J5mbKWVHrpYSaWIIaI5FdWNPJ/g+ihQWs0WidTO7iSPb0
HtRqgwL5iGwwttAkeJo6eOc0OW0PCr1bZA/TwX0sItFqEkfMfvbG68FcEbUSOUAA
OnllqizGz5qEJp3dkZUTIcvJNk08iwW6oJD3CErwZ+E9CPwscWIm+B1WKRHSHVgp
rVWDmxXrQyn26IsRPYrnly4JwRFY9Lmty0sXCiBq6KjsS8Bz7oD4XUMbzQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO8QHJqNttKAmHOoGrnX+JsYCcdTMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvN3hBY21vMjIwb0NZYzZnYXVkZjRteGdKeDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+1aMA8E
AgACMAkDBwAgAQZ8J5QwDQYJKoZIhvcNAQELBQADggEBAAirSO4wkqz5mtTYI7pB
W600yZsn+On+FHHhJA0kEp7XJoL/fv2hMz9pvpB4U5SqBCNjD6nzNRf5APm1NkqF
M+a+z6j0qJZLNIFPCggdnTENJPOTknjGe5OouL5U7ZjK9xKFOVc5I9ie7p+odeNb
vxkq/00FwP5avet1V7/M0Yb5TIu8fM7/elKC52uWla+xumdaTjsQySm/6I/NTrIb
nsuz8X43CJXiCOvxip6WO3A2likDBMZp75i9unqYc+wR3X5Cdho3gmlDwzi7ZonQ
poiuKsWmX5dWT8fMytLNzvrvlLhCIhnc+mf9eE8w0mkIbonQZZ9EPMCG5Ccip3yH
2ZU=
-----END CERTIFICATE-----