Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/7E5LSfCOnSbjv-AVC1nxJJ66F4U.roa
File:                     7E5LSfCOnSbjv-AVC1nxJJ66F4U.roa (raw, json)
Hash identifier:          /aIHlfM99fuCwlGxN5/ehUDLpA24+vyDEzZMgylijKg=
Subject key identifier:   EC:4E:4B:49:F0:8E:9D:26:E3:BF:E0:15:0B:59:F1:24:9E:BA:17:85
Certificate issuer:       /CN=2793bde946ae936d3cacc136a5f3239edf2431f4
Certificate serial:       019428243AF8DAA7F12EE494970B0A965C85
Authority key identifier: 27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/7E5LSfCOnSbjv-AVC1nxJJ66F4U.roa
Signing time:             Thu 02 Jan 2025 17:50:50 +0000
ROA not before:           Thu 02 Jan 2025 17:50:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        81.31.198.0/24 maxlen: 24
                          91.188.253.0/24 maxlen: 24
                          91.188.254.0/24 maxlen: 24
                          91.188.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:3a:f8:da:a7:f1:2e:e4:94:97:0b:0a:96:5c:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2793bde946ae936d3cacc136a5f3239edf2431f4
        Validity
            Not Before: Jan  2 17:50:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec4e4b49f08e9d26e3bfe0150b59f1249eba1785
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:09:ed:41:c8:50:1d:93:cb:b5:68:ff:17:68:
                    87:a5:b2:3a:08:cc:83:6a:f0:b1:c2:bf:0e:f2:3b:
                    d4:9a:87:27:75:eb:e5:52:08:07:eb:8f:91:af:73:
                    d9:71:22:18:07:6f:4c:61:b4:a8:42:f9:57:af:5f:
                    fb:18:d0:c6:b9:bf:24:a9:31:46:55:79:3c:2a:5e:
                    8e:32:dd:e7:c8:ff:f0:da:e5:a5:51:ea:21:e2:5d:
                    23:24:ef:71:d7:52:b0:c5:28:e6:5b:fa:27:66:50:
                    9a:ff:cf:39:e5:b5:e6:06:12:b2:6f:4d:b6:3f:29:
                    bc:8d:ce:90:9f:b0:65:c6:e5:d3:59:a3:c8:b5:e2:
                    e9:c2:85:a2:1e:d1:69:de:1e:8f:92:b8:3e:ca:59:
                    a3:16:36:2f:03:74:36:74:bd:63:6e:a9:b6:24:22:
                    b8:28:e7:f9:fe:09:5f:70:40:8f:e2:c0:1d:f8:c1:
                    ac:20:6e:a1:17:fb:34:6c:83:ad:f3:a2:8c:f9:ab:
                    2d:24:85:66:f0:a6:f9:8c:e0:88:0f:32:05:24:d8:
                    c0:c7:13:be:04:b6:35:2f:cd:1f:9a:27:26:33:6b:
                    9d:e8:17:3f:2b:99:28:f7:37:af:af:c9:22:22:71:
                    d9:8c:80:51:0e:a3:c0:39:d6:a6:eb:5b:b4:50:ab:
                    a0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:4E:4B:49:F0:8E:9D:26:E3:BF:E0:15:0B:59:F1:24:9E:BA:17:85
            X509v3 Authority Key Identifier:
                keyid:27:93:BD:E9:46:AE:93:6D:3C:AC:C1:36:A5:F3:23:9E:DF:24:31:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J5O96Uauk208rME2pfMjnt8kMfQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/7E5LSfCOnSbjv-AVC1nxJJ66F4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/bf58da-a9d2-421a-b43a-92c3bf74a97b/1/J5O96Uauk208rME2pfMjnt8kMfQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.198.0/24
                  91.188.253.0-91.188.255.255

    Signature Algorithm: sha256WithRSAEncryption
         6c:5a:ce:40:7a:7b:81:f5:7f:f9:a5:ec:c9:70:73:f9:07:20:
         3a:ba:d8:25:8c:2a:aa:fc:91:f3:4d:2c:07:a9:74:27:02:e6:
         00:0b:a5:3c:5a:2e:7c:2b:a4:63:d8:ce:bf:12:63:31:bc:86:
         5b:2b:67:80:02:c8:f9:44:09:01:d9:60:8f:ab:6e:0a:9c:4e:
         13:31:5a:d7:d8:63:62:b1:c5:04:90:fd:2a:47:4a:16:d6:b7:
         7d:ea:12:32:7a:f8:76:09:1e:b5:6e:14:75:f7:83:14:ac:dd:
         72:43:7c:65:d4:0c:27:d7:fe:90:36:4c:cd:c3:55:4c:7a:35:
         c5:ca:35:40:80:f5:fc:ed:a1:42:1a:48:f5:8a:46:cf:92:f0:
         26:48:5c:ea:ee:d0:00:c4:d2:a8:b0:17:eb:e7:9d:89:3b:bd:
         11:d6:12:46:53:db:22:60:43:54:28:78:ad:3c:0f:af:86:84:
         22:41:8a:f6:97:75:3f:cf:bc:e2:f3:26:fe:c7:14:a6:87:5f:
         d0:6e:1c:0a:96:78:77:92:6c:9a:74:67:71:e3:ee:84:fa:78:
         bf:5f:d0:85:4c:ab:e2:e3:ba:34:d8:a7:95:c4:66:7c:59:84:
         e0:a4:f5:a0:c9:a7:01:ee:4d:dd:70:94:95:4d:db:de:ad:83:
         8b:00:4b:bb
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZQoJDr42qfxLuSUlwsKllyFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OTNiZGU5NDZhZTkzNmQzY2FjYzEzNmE1ZjMyMzllZGYy
NDMxZjQwHhcNMjUwMTAyMTc1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzRlNGI0OWYwOGU5ZDI2ZTNiZmUwMTUwYjU5ZjEyNDllYmExNzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAntQchQHZPLtWj/F2iHpbI6CMyD
avCxwr8O8jvUmocndevlUggH64+Rr3PZcSIYB29MYbSoQvlXr1/7GNDGub8kqTFG
VXk8Kl6OMt3nyP/w2uWlUeoh4l0jJO9x11KwxSjmW/onZlCa/8855bXmBhKyb022
Pym8jc6Qn7BlxuXTWaPIteLpwoWiHtFp3h6Pkrg+ylmjFjYvA3Q2dL1jbqm2JCK4
KOf5/glfcECP4sAd+MGsIG6hF/s0bIOt86KM+astJIVm8Kb5jOCIDzIFJNjAxxO+
BLY1L80fmicmM2ud6Bc/K5ko9zevr8kiInHZjIBRDqPAOdam61u0UKugSQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFOxOS0nwjp0m47/gFQtZ8SSeuheFMB8GA1UdIwQY
MBaAFCeTvelGrpNtPKzBNqXzI57fJDH0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2Et
OTJjM2JmNzRhOTdiLzEvN0U1TFNmQ09uU2Jqdi1BVkMxbnhKSjY2RjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9iZjU4ZGEtYTlkMi00MjFhLWI0M2EtOTJjM2JmNzRhOTdi
LzEvSjVPOTZVYXVrMjA4ck1FMnBmTWpudDhrTWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAATATAwQAUR/GMAsD
BABbvP0DAwBbvDANBgkqhkiG9w0BAQsFAAOCAQEAbFrOQHp7gfV/+aXsyXBz+Qcg
OrrYJYwqqvyR800sB6l0JwLmAAulPFoufCukY9jOvxJjMbyGWytngALI+UQJAdlg
j6tuCpxOEzFa19hjYrHFBJD9KkdKFta3feoSMnr4dgketW4UdfeDFKzdckN8ZdQM
J9f+kDZMzcNVTHo1xco1QID1/O2hQhpI9YpGz5LwJkhc6u7QAMTSqLAX6+ediTu9
EdYSRlPbImBDVCh4rTwPr4aEIkGK9pd1P8+84vMm/scUpodf0G4cCpZ4d5JsmnRn
cePuhPp4v1/QhUyr4uO6NNinlcRmfFmE4KT1oMmnAe5N3XCUlU3b3q2DiwBLuw==
-----END CERTIFICATE-----