Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/_F7ev2MBBxNUWA2zbKywRx1epIs.roa
File:                     _F7ev2MBBxNUWA2zbKywRx1epIs.roa (raw, json)
Hash identifier:          ab/PBGhlf8KsdKFVWCStEJO1EAqxAF8tNS/JPsSqUvk=
Subject key identifier:   FC:5E:DE:BF:63:01:07:13:54:58:0D:B3:6C:AC:B0:47:1D:5E:A4:8B
Certificate issuer:       /CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
Certificate serial:       019421B1D9D6B72F64D7229A007656291BC8
Authority key identifier: F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/_F7ev2MBBxNUWA2zbKywRx1epIs.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47979
IP address blocks:        91.120.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d9:d6:b7:2f:64:d7:22:9a:00:76:56:29:1b:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f02dac605f4659718c0a15e1f732cbd4f48aae7b
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc5edebf6301071354580db36cacb0471d5ea48b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9c:07:e7:76:c6:fa:c8:b5:a7:1e:33:50:27:
                    66:0b:32:aa:bb:42:6e:b7:84:82:1a:87:a1:45:29:
                    f3:d2:7e:33:5a:29:e6:72:e1:74:f1:f0:41:bd:c8:
                    06:76:50:9e:de:c0:04:26:be:58:8c:1a:cf:4d:3d:
                    f6:aa:e2:fb:61:7e:42:25:a4:68:10:be:bc:36:88:
                    21:c7:f5:f4:10:49:5e:13:c4:a3:22:79:04:aa:f3:
                    20:a9:69:51:b8:4a:eb:3d:aa:7d:56:4c:34:e9:1b:
                    93:00:8f:10:cf:56:e0:4f:f8:3d:ea:ed:04:5a:89:
                    b3:b0:c3:14:ed:e4:36:6f:04:c7:45:29:74:c8:b5:
                    70:c5:63:4d:86:5e:b3:d3:5b:3a:6f:d9:4c:53:45:
                    f0:25:17:e1:ab:54:62:83:99:2a:82:98:c3:8a:f2:
                    4c:75:3d:04:e4:3b:86:7c:db:f5:fe:20:8e:ae:e2:
                    73:f4:1b:53:2e:e2:f2:8d:bd:f9:40:8e:b6:74:93:
                    ad:eb:b4:25:96:d6:1d:09:00:ae:26:a8:ab:a5:02:
                    e8:fd:74:66:38:79:7f:ad:3a:c0:fb:ff:2a:29:74:
                    4f:7f:50:32:16:b4:15:0f:38:af:37:0b:14:5d:83:
                    61:90:35:b9:22:e5:dc:41:5d:7a:01:c5:20:e3:67:
                    95:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:5E:DE:BF:63:01:07:13:54:58:0D:B3:6C:AC:B0:47:1D:5E:A4:8B
            X509v3 Authority Key Identifier:
                keyid:F0:2D:AC:60:5F:46:59:71:8C:0A:15:E1:F7:32:CB:D4:F4:8A:AE:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8C2sYF9GWXGMChXh9zLL1PSKrns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/_F7ev2MBBxNUWA2zbKywRx1epIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/e90976-3dd1-4716-bbf6-292ae46e6302/1/8C2sYF9GWXGMChXh9zLL1PSKrns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.120.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:75:91:54:06:9a:87:51:3d:3d:fb:e8:c1:1a:70:c6:17:04:
         15:1b:f5:e8:3d:df:ab:af:ec:84:59:0f:b2:48:93:d6:b7:df:
         e7:a7:19:4f:85:bd:84:fe:84:e3:35:b7:21:dc:c4:d7:26:28:
         88:68:b8:58:ca:39:10:41:ee:ca:46:c3:ab:82:97:48:f8:d0:
         37:8f:6e:84:4b:e5:13:99:f6:29:c3:9b:a6:ab:c3:35:cd:50:
         98:df:1c:e6:eb:7f:25:f8:f1:a8:f5:d0:82:fc:0c:47:bf:76:
         65:57:8c:0d:6f:61:0b:9d:d7:9b:1b:65:67:c0:c6:96:67:d7:
         57:be:0a:39:56:7e:8c:ac:cb:c9:6b:bc:e2:68:58:c8:c9:d5:
         dc:d9:5d:73:88:b8:45:53:ac:b8:79:19:c3:03:d2:e7:94:ac:
         67:ed:bb:93:12:7c:70:10:89:58:f2:33:b5:c1:d1:dd:f1:8e:
         00:99:e6:f8:a8:23:5a:7c:01:21:9b:4a:aa:50:4a:f0:e0:ed:
         ed:8a:20:4a:3e:05:35:47:5e:b1:60:50:a0:01:69:7d:97:d9:
         f3:4d:84:96:65:03:23:aa:ab:2f:6e:43:4d:42:63:8d:ce:fd:
         7f:d6:da:3c:aa:35:f7:3f:19:9f:3b:c9:b6:dc:d3:1f:0d:95:
         c2:84:8c:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdnWty9k1yKaAHZWKRvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMmRhYzYwNWY0NjU5NzE4YzBhMTVlMWY3MzJjYmQ0ZjQ4
YWFlN2IwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzVlZGViZjYzMDEwNzEzNTQ1ODBkYjM2Y2FjYjA0NzFkNWVhNDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5wH53bG+si1px4zUCdmCzKqu0Ju
t4SCGoehRSnz0n4zWinmcuF08fBBvcgGdlCe3sAEJr5YjBrPTT32quL7YX5CJaRo
EL68Noghx/X0EEleE8SjInkEqvMgqWlRuErrPap9Vkw06RuTAI8Qz1bgT/g96u0E
WomzsMMU7eQ2bwTHRSl0yLVwxWNNhl6z01s6b9lMU0XwJRfhq1Rig5kqgpjDivJM
dT0E5DuGfNv1/iCOruJz9BtTLuLyjb35QI62dJOt67QlltYdCQCuJqirpQLo/XRm
OHl/rTrA+/8qKXRPf1AyFrQVDzivNwsUXYNhkDW5IuXcQV16AcUg42eVfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPxe3r9jAQcTVFgNs2yssEcdXqSLMB8GA1UdIwQY
MBaAFPAtrGBfRllxjAoV4fcyy9T0iq57MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYt
MjkyYWU0NmU2MzAyLzEvX0Y3ZXYyTUJCeE5VV0EyemJLeXdSeDFlcElzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9lOTA5NzYtM2RkMS00NzE2LWJiZjYtMjkyYWU0NmU2MzAy
LzEvOEMyc1lGOUdXWEdNQ2hYaDl6TEwxUFNLcm5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3gsMA0G
CSqGSIb3DQEBCwUAA4IBAQAidZFUBpqHUT09++jBGnDGFwQVG/XoPd+rr+yEWQ+y
SJPWt9/npxlPhb2E/oTjNbch3MTXJiiIaLhYyjkQQe7KRsOrgpdI+NA3j26ES+UT
mfYpw5umq8M1zVCY3xzm638l+PGo9dCC/AxHv3ZlV4wNb2ELndebG2VnwMaWZ9dX
vgo5Vn6MrMvJa7ziaFjIydXc2V1ziLhFU6y4eRnDA9LnlKxn7buTEnxwEIlY8jO1
wdHd8Y4Ameb4qCNafAEhm0qqUErw4O3tiiBKPgU1R16xYFCgAWl9l9nzTYSWZQMj
qqsvbkNNQmONzv1/1to8qjX3PxmfO8m23NMfDZXChIxK
-----END CERTIFICATE-----