Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/vaUxYlnleESeMKU9z_9EJ_ketk0.roa
File:                     vaUxYlnleESeMKU9z_9EJ_ketk0.roa (raw, json)
Hash identifier:          4J+CuHlN52RgoMPo5wHaJCENtAULyJ816PUoh3W1PwE=
Subject key identifier:   BD:A5:31:62:59:E5:78:44:9E:30:A5:3D:CF:FF:44:27:F9:1E:B6:4D
Certificate issuer:       /CN=7d149f62447853689c12fb288afeb6b681cfebc1
Certificate serial:       01927294DF9EB6CD966ACC5F33391C8269CC
Authority key identifier: 7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/vaUxYlnleESeMKU9z_9EJ_ketk0.roa
Signing time:             Wed 09 Oct 2024 18:40:12 +0000
ROA not before:           Wed 09 Oct 2024 18:40:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35594
IP address blocks:        91.149.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:72:94:df:9e:b6:cd:96:6a:cc:5f:33:39:1c:82:69:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d149f62447853689c12fb288afeb6b681cfebc1
        Validity
            Not Before: Oct  9 18:40:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bda5316259e578449e30a53dcfff4427f91eb64d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8b:6d:4c:93:7b:ed:7f:71:a8:cd:a4:74:84:
                    fe:26:35:91:5e:89:1b:b5:22:2f:68:81:fa:0f:ef:
                    a9:11:82:13:d5:e3:13:73:83:9d:26:2e:3f:0c:af:
                    cd:33:44:9f:10:0d:e4:1f:4d:4f:22:37:94:9b:35:
                    c5:50:67:45:b5:96:65:4c:71:4b:9f:18:4a:ff:42:
                    71:1a:2f:bc:c2:8b:77:55:b5:7b:9a:ec:d8:d9:be:
                    f9:38:4f:98:14:fe:5e:d1:84:18:30:23:f4:43:b7:
                    d2:7c:dc:89:97:26:71:1d:97:86:8e:fd:f5:79:3c:
                    db:b1:50:47:c1:b4:46:b9:95:3e:65:14:00:81:d2:
                    e3:3f:d7:05:a3:c7:de:58:d8:c8:83:df:21:d9:b7:
                    fe:78:90:b5:4c:9d:2c:75:f8:09:63:5c:bb:71:54:
                    6b:f3:d4:96:f7:c5:55:91:94:a8:d9:6c:27:c6:2a:
                    3b:44:1c:89:92:40:52:be:15:0d:5b:1d:21:4f:87:
                    32:53:ca:89:17:d9:bb:b3:14:a1:09:37:fd:a0:b9:
                    49:d9:d6:1b:de:ac:b8:2c:59:d9:c0:4b:61:18:81:
                    ff:53:0a:5b:51:cf:22:e4:7b:6e:a4:71:84:53:39:
                    92:00:f7:3a:2f:8b:c1:c0:6a:e4:ce:60:97:ba:7b:
                    5e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:A5:31:62:59:E5:78:44:9E:30:A5:3D:CF:FF:44:27:F9:1E:B6:4D
            X509v3 Authority Key Identifier:
                keyid:7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/vaUxYlnleESeMKU9z_9EJ_ketk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:e8:5c:9e:6f:1b:d2:9b:7a:50:32:b7:7b:24:0f:23:61:c0:
         97:a1:25:7d:5f:0e:e1:97:81:e8:d4:2f:86:64:6e:c8:fa:11:
         58:56:62:03:4f:46:ab:b1:83:a8:96:37:81:ab:0f:c9:6b:3a:
         15:2e:92:5a:b4:a6:12:e9:0a:ad:e8:5c:14:bf:8b:a9:14:59:
         2a:e3:ed:a7:33:71:b3:f3:a4:a7:58:9a:1a:eb:cd:34:b1:4b:
         6a:2f:d7:ea:e1:30:9c:f7:f9:57:30:84:76:10:c7:77:39:21:
         0a:d3:99:ed:d5:a7:91:ff:c6:a7:ba:78:27:75:87:dc:8d:7e:
         9c:96:fc:40:70:cd:13:ad:31:a9:d2:89:91:86:97:1d:bb:cf:
         2a:b6:58:92:3d:4d:d8:91:8a:d4:76:cd:73:51:d2:ac:8f:5c:
         ff:84:9c:55:60:9f:da:1a:dd:11:13:bc:cb:87:f3:bb:05:f2:
         2f:48:ff:bf:1b:78:65:4e:68:02:a3:d9:ab:08:f5:64:01:45:
         c1:1e:54:be:34:7d:81:c3:1b:9f:a3:cb:ed:d2:99:b7:3b:b4:
         d9:cf:3b:d6:03:7f:be:2f:c9:1f:81:9d:19:fa:ea:59:36:b9:
         ea:2f:7d:ec:b2:55:57:ef:af:cf:13:3b:7c:b9:43:dc:a9:d7:
         a0:32:e9:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJylN+ets2WasxfMzkcgmnMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMTQ5ZjYyNDQ3ODUzNjg5YzEyZmIyODhhZmViNmI2ODFj
ZmViYzEwHhcNMjQxMDA5MTg0MDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGE1MzE2MjU5ZTU3ODQ0OWUzMGE1M2RjZmZmNDQyN2Y5MWViNjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYttTJN77X9xqM2kdIT+JjWRXokb
tSIvaIH6D++pEYIT1eMTc4OdJi4/DK/NM0SfEA3kH01PIjeUmzXFUGdFtZZlTHFL
nxhK/0JxGi+8wot3VbV7muzY2b75OE+YFP5e0YQYMCP0Q7fSfNyJlyZxHZeGjv31
eTzbsVBHwbRGuZU+ZRQAgdLjP9cFo8feWNjIg98h2bf+eJC1TJ0sdfgJY1y7cVRr
89SW98VVkZSo2Wwnxio7RByJkkBSvhUNWx0hT4cyU8qJF9m7sxShCTf9oLlJ2dYb
3qy4LFnZwEthGIH/UwpbUc8i5HtupHGEUzmSAPc6L4vBwGrkzmCXunteLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2lMWJZ5XhEnjClPc//RCf5HrZNMB8GA1UdIwQY
MBaAFH0Un2JEeFNonBL7KIr+traBz+vBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTct
YWFiMGU0MTRjYzYzLzEvdmFVeFlsbmxlRVNlTUtVOXpfOUVKX2tldGswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTctYWFiMGU0MTRjYzYz
LzEvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5W9MA0G
CSqGSIb3DQEBCwUAA4IBAQBp6FyebxvSm3pQMrd7JA8jYcCXoSV9Xw7hl4Ho1C+G
ZG7I+hFYVmIDT0arsYOoljeBqw/JazoVLpJatKYS6Qqt6FwUv4upFFkq4+2nM3Gz
86SnWJoa6800sUtqL9fq4TCc9/lXMIR2EMd3OSEK05nt1aeR/8anungndYfcjX6c
lvxAcM0TrTGp0omRhpcdu88qtliSPU3YkYrUds1zUdKsj1z/hJxVYJ/aGt0RE7zL
h/O7BfIvSP+/G3hlTmgCo9mrCPVkAUXBHlS+NH2Bwxufo8vt0pm3O7TZzzvWA3++
L8kfgZ0Z+upZNrnqL33sslVX76/PEzt8uUPcqdegMum0
-----END CERTIFICATE-----