Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/757f2b-4f01-4e70-b3d5-4fdba867e47a/1/C7HES5ypXI2QWo6Q7UQ0oevT-NI.roa
File:                     C7HES5ypXI2QWo6Q7UQ0oevT-NI.roa (raw, json)
Hash identifier:          xdWxU1U5tBeU6use48JuXspS7DgAiW9uLa0dSoFTGEU=
Subject key identifier:   0B:B1:C4:4B:9C:A9:5C:8D:90:5A:8E:90:ED:44:34:A1:EB:D3:F8:D2
Certificate issuer:       /CN=3cd2aa71a93aa9c1327b73538a0478e4f782f6f7
Certificate serial:       0192F825D38CBAF026F7EE4653F495638B4C
Authority key identifier: 3C:D2:AA:71:A9:3A:A9:C1:32:7B:73:53:8A:04:78:E4:F7:82:F6:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PNKqcak6qcEye3NTigR45PeC9vc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/757f2b-4f01-4e70-b3d5-4fdba867e47a/1/C7HES5ypXI2QWo6Q7UQ0oevT-NI.roa
Signing time:             Mon 04 Nov 2024 17:08:01 +0000
ROA not before:           Mon 04 Nov 2024 17:08:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205091
IP address blocks:        91.217.211.0/24 maxlen: 24
                          2a12:81c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/757f2b-4f01-4e70-b3d5-4fdba867e47a/1/PNKqcak6qcEye3NTigR45PeC9vc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/757f2b-4f01-4e70-b3d5-4fdba867e47a/1/PNKqcak6qcEye3NTigR45PeC9vc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PNKqcak6qcEye3NTigR45PeC9vc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f8:25:d3:8c:ba:f0:26:f7:ee:46:53:f4:95:63:8b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cd2aa71a93aa9c1327b73538a0478e4f782f6f7
        Validity
            Not Before: Nov  4 17:08:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bb1c44b9ca95c8d905a8e90ed4434a1ebd3f8d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:21:02:7e:70:9a:4e:cd:6e:7e:b3:4a:cc:a4:
                    df:30:4e:f7:d0:cd:02:8c:62:38:27:89:b9:9a:80:
                    7f:07:c4:2e:44:9a:f3:e1:f1:88:a1:0d:b5:af:88:
                    d9:f5:9b:89:f7:dc:cf:59:b1:08:75:27:ee:fd:52:
                    47:ac:75:2a:5c:22:43:52:be:d8:8c:55:27:a3:d0:
                    2c:b3:da:b6:6c:00:07:d3:22:d5:12:2a:f8:d7:55:
                    33:4c:d1:4a:b2:12:fa:53:6a:0c:aa:d8:5b:af:45:
                    82:33:86:b7:10:2c:fb:4a:40:9f:ba:86:5c:16:a4:
                    83:92:6f:d7:9f:0b:da:4b:dc:27:ce:b1:63:e2:84:
                    2e:8c:07:95:30:d8:ea:d3:68:1c:b0:f1:4d:bf:22:
                    e5:8b:6a:84:11:ee:5c:ba:d5:a2:c6:b8:8f:49:d0:
                    be:1b:b4:38:e1:11:bb:40:9a:bf:db:db:7f:79:e1:
                    b4:61:c4:cc:a4:ea:03:14:09:44:f1:b1:4d:f0:a5:
                    b9:f7:10:6a:d3:4d:7a:8e:9f:01:43:e7:14:b3:b3:
                    50:6d:e1:43:82:ab:58:d7:2e:c2:7a:d2:16:1d:63:
                    13:db:4d:5e:25:51:f9:80:a2:52:1a:51:aa:fd:d6:
                    3d:18:7a:50:be:57:2e:83:95:54:13:b4:cd:d4:f3:
                    84:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:B1:C4:4B:9C:A9:5C:8D:90:5A:8E:90:ED:44:34:A1:EB:D3:F8:D2
            X509v3 Authority Key Identifier:
                keyid:3C:D2:AA:71:A9:3A:A9:C1:32:7B:73:53:8A:04:78:E4:F7:82:F6:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PNKqcak6qcEye3NTigR45PeC9vc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/757f2b-4f01-4e70-b3d5-4fdba867e47a/1/C7HES5ypXI2QWo6Q7UQ0oevT-NI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/757f2b-4f01-4e70-b3d5-4fdba867e47a/1/PNKqcak6qcEye3NTigR45PeC9vc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.211.0/24
                IPv6:
                  2a12:81c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:d7:ed:bd:3d:bb:9e:15:6a:cb:5e:b5:2d:33:d9:e8:9f:5a:
         49:c0:e2:fc:21:7d:28:25:ce:c4:8b:40:05:05:c8:e5:49:69:
         66:d5:5f:9c:88:5e:10:82:7b:b5:67:20:d1:2a:e1:31:bd:8c:
         03:19:de:29:39:39:38:f1:a5:22:b3:e7:eb:0d:2d:5e:cd:2c:
         58:3c:3b:cb:cf:70:4a:18:8b:da:7f:07:93:0d:e9:c5:7c:4f:
         95:66:2f:d0:86:d6:63:bb:e5:9d:91:93:c1:65:e5:59:f0:26:
         52:21:86:fb:24:aa:31:11:13:0f:20:ea:f4:de:40:6e:f4:cc:
         fc:b3:40:a8:33:05:4b:6c:5d:3d:2a:29:3a:5a:9d:0e:fd:6e:
         06:33:00:f4:8c:79:0e:2a:71:d9:e8:c4:6f:e7:d0:37:98:fc:
         d4:4d:26:c0:dc:9f:62:87:c6:a3:d1:a2:2c:ec:37:38:dc:0e:
         0b:fe:a9:3d:73:54:a2:f8:7f:19:21:92:5b:a1:ef:eb:25:95:
         ac:11:fd:be:b9:eb:62:de:cd:be:e5:2d:9f:a3:75:d8:a1:79:
         fe:19:0b:a2:f8:80:b5:c9:f0:8d:20:8a:bb:3c:14:dc:5d:93:
         f9:87:e7:a7:54:1f:e0:e5:48:35:a8:4e:89:56:28:cd:a2:b6:
         4a:d1:d8:49
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZL4JdOMuvAm9+5GU/SVY4tMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZDJhYTcxYTkzYWE5YzEzMjdiNzM1MzhhMDQ3OGU0Zjc4
MmY2ZjcwHhcNMjQxMTA0MTcwODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmIxYzQ0YjljYTk1YzhkOTA1YThlOTBlZDQ0MzRhMWViZDNmOGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzyECfnCaTs1ufrNKzKTfME730M0C
jGI4J4m5moB/B8QuRJrz4fGIoQ21r4jZ9ZuJ99zPWbEIdSfu/VJHrHUqXCJDUr7Y
jFUno9Ass9q2bAAH0yLVEir411UzTNFKshL6U2oMqthbr0WCM4a3ECz7SkCfuoZc
FqSDkm/XnwvaS9wnzrFj4oQujAeVMNjq02gcsPFNvyLli2qEEe5cutWixriPSdC+
G7Q44RG7QJq/29t/eeG0YcTMpOoDFAlE8bFN8KW59xBq0016jp8BQ+cUs7NQbeFD
gqtY1y7CetIWHWMT201eJVH5gKJSGlGq/dY9GHpQvlcug5VUE7TN1POENQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAuxxEucqVyNkFqOkO1ENKHr0/jSMB8GA1UdIwQY
MBaAFDzSqnGpOqnBMntzU4oEeOT3gvb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE5LcWNhazZxY0V5ZTNOVGlnUjQ1UGVDOXZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83NTdmMmItNGYwMS00ZTcwLWIzZDUt
NGZkYmE4NjdlNDdhLzEvQzdIRVM1eXBYSTJRV282UTdVUTBvZXZULU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83NTdmMmItNGYwMS00ZTcwLWIzZDUtNGZkYmE4NjdlNDdh
LzEvUE5LcWNhazZxY0V5ZTNOVGlnUjQ1UGVDOXZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9nTMA0E
AgACMAcDBQMqEoHAMA0GCSqGSIb3DQEBCwUAA4IBAQCf1+29PbueFWrLXrUtM9no
n1pJwOL8IX0oJc7Ei0AFBcjlSWlm1V+ciF4Qgnu1ZyDRKuExvYwDGd4pOTk48aUi
s+frDS1ezSxYPDvLz3BKGIvafweTDenFfE+VZi/QhtZju+WdkZPBZeVZ8CZSIYb7
JKoxERMPIOr03kBu9Mz8s0CoMwVLbF09Kik6Wp0O/W4GMwD0jHkOKnHZ6MRv59A3
mPzUTSbA3J9ih8aj0aIs7Dc43A4L/qk9c1Si+H8ZIZJboe/rJZWsEf2+ueti3s2+
5S2fo3XYoXn+GQui+IC1yfCNIIq7PBTcXZP5h+enVB/g5Ug1qE6JVijNorZK0dhJ
-----END CERTIFICATE-----