Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/H7_KMnwqi4l9-ZrdNeakxjWBXrU.roa
File:                     H7_KMnwqi4l9-ZrdNeakxjWBXrU.roa (raw, json)
Hash identifier:          egqqMzkow7HB/jSrN5CsKCiM7Jt5dctyuWif7nOckUU=
Subject key identifier:   1F:BF:CA:32:7C:2A:8B:89:7D:F9:9A:DD:35:E6:A4:C6:35:81:5E:B5
Certificate issuer:       /CN=d58214cfa326611e9d494135a12ce8276f0f1784
Certificate serial:       018CC2DADADA901098CDB4080D5F219781A0
Authority key identifier: D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/H7_KMnwqi4l9-ZrdNeakxjWBXrU.roa
Signing time:             Mon 01 Jan 2024 02:29:31 +0000
ROA not before:           Mon 01 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203730
IP address blocks:        91.217.11.0/24 maxlen: 24
                          91.217.10.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:da:da:90:10:98:cd:b4:08:0d:5f:21:97:81:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58214cfa326611e9d494135a12ce8276f0f1784
        Validity
            Not Before: Jan  1 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fbfca327c2a8b897df99add35e6a4c635815eb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:aa:c2:5d:0a:04:6a:82:3e:fc:e4:54:a1:ab:
                    91:53:8d:e9:be:54:3b:ca:ce:ac:fb:9c:3d:38:6a:
                    dd:41:35:3c:d5:18:c6:3c:3e:c7:c7:24:3f:e9:26:
                    16:e0:68:d5:bc:cf:09:a7:7b:ea:4e:94:b4:7a:58:
                    70:ba:4b:36:e8:d0:aa:a2:01:d2:c1:e9:15:b9:52:
                    b0:a6:92:10:2b:85:3d:63:92:1e:90:54:49:7b:ce:
                    97:8c:ff:d7:eb:aa:d5:93:84:fe:03:bd:d2:89:0b:
                    38:a1:ca:cf:17:94:f0:47:5a:ca:da:fd:a4:eb:1e:
                    a2:04:5c:05:05:f3:6a:6f:55:ba:d0:4d:12:eb:10:
                    a3:ce:41:ce:f8:30:2d:c8:e0:9c:f0:d4:57:d0:77:
                    08:bd:18:66:db:56:90:4b:38:c6:a8:98:56:b8:d2:
                    6c:b3:98:42:69:ea:84:54:e9:8d:20:d2:41:97:29:
                    cf:30:4d:0c:b2:91:28:6b:16:10:d8:1d:a9:7f:5b:
                    5c:b0:5d:6f:1e:4a:90:0a:da:ee:3c:b8:a2:21:4b:
                    21:f6:42:e5:bd:ba:ae:ae:86:15:d1:c9:92:33:c1:
                    01:2a:ed:48:b6:39:4c:5c:f1:42:40:58:6c:88:25:
                    c8:ad:cc:f4:dc:90:30:36:c9:dd:16:03:74:a3:b9:
                    d8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:BF:CA:32:7C:2A:8B:89:7D:F9:9A:DD:35:E6:A4:C6:35:81:5E:B5
            X509v3 Authority Key Identifier:
                keyid:D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/H7_KMnwqi4l9-ZrdNeakxjWBXrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.10.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c1:60:57:78:05:cf:e6:2c:bf:81:bb:f1:ba:f4:8f:7b:37:42:
         28:da:27:1e:2d:80:c4:b5:c6:54:6e:00:6f:b9:a2:db:87:b6:
         22:26:8b:df:f2:bd:2c:8d:8b:a2:c8:8e:b0:f0:97:0a:e7:66:
         00:9c:a5:87:e0:29:26:ab:69:75:bc:42:32:29:5d:23:74:f7:
         12:32:3a:21:11:6c:55:c9:66:02:a6:0c:a2:e7:a5:2d:0b:f5:
         88:95:aa:82:0f:e4:80:38:55:44:5c:7b:ad:1b:44:18:ba:e4:
         4a:b7:f9:a0:ae:94:63:85:e8:de:be:e5:cc:89:66:85:14:33:
         ce:8e:a4:b3:d1:c6:f8:7b:0e:2d:8f:4b:ed:d9:94:ba:13:ff:
         57:a1:b1:fa:c2:9f:0e:cf:d5:92:b2:96:01:ff:79:7e:1c:0f:
         ff:72:2d:96:e3:92:da:c8:f5:41:a8:28:f0:b8:69:c6:e2:dc:
         ba:db:6b:ce:14:37:38:4d:53:f9:64:da:7c:15:d8:3f:85:28:
         ba:fc:a6:30:71:ff:0b:ad:53:fc:f3:87:6b:aa:b7:50:1d:3a:
         42:60:bd:57:5f:59:7c:51:e4:b3:7e:34:49:3d:fc:d4:47:66:
         92:2a:95:2a:11:bf:ed:9b:98:b6:8b:25:ef:49:06:a0:9b:04:
         c8:9a:14:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2trakBCYzbQIDV8hl4GgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ODIxNGNmYTMyNjYxMWU5ZDQ5NDEzNWExMmNlODI3NmYw
ZjE3ODQwHhcNMjQwMTAxMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmJmY2EzMjdjMmE4Yjg5N2RmOTlhZGQzNWU2YTRjNjM1ODE1ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqrCXQoEaoI+/ORUoauRU43pvlQ7
ys6s+5w9OGrdQTU81RjGPD7HxyQ/6SYW4GjVvM8Jp3vqTpS0elhwuks26NCqogHS
wekVuVKwppIQK4U9Y5IekFRJe86XjP/X66rVk4T+A73SiQs4ocrPF5TwR1rK2v2k
6x6iBFwFBfNqb1W60E0S6xCjzkHO+DAtyOCc8NRX0HcIvRhm21aQSzjGqJhWuNJs
s5hCaeqEVOmNINJBlynPME0MspEoaxYQ2B2pf1tcsF1vHkqQCtruPLiiIUsh9kLl
vbquroYV0cmSM8EBKu1ItjlMXPFCQFhsiCXIrcz03JAwNsndFgN0o7nY+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+/yjJ8KouJffma3TXmpMY1gV61MB8GA1UdIwQY
MBaAFNWCFM+jJmEenUlBNaEs6CdvDxeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQt
MTA3OWQ1NWFlZTkxLzEvSDdfS01ud3FpNGw5LVpyZE5lYWt4aldCWHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQtMTA3OWQ1NWFlZTkx
LzEvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9kKMA0G
CSqGSIb3DQEBCwUAA4IBAQDBYFd4Bc/mLL+Bu/G69I97N0Io2iceLYDEtcZUbgBv
uaLbh7YiJovf8r0sjYuiyI6w8JcK52YAnKWH4Ckmq2l1vEIyKV0jdPcSMjohEWxV
yWYCpgyi56UtC/WIlaqCD+SAOFVEXHutG0QYuuRKt/mgrpRjhejevuXMiWaFFDPO
jqSz0cb4ew4tj0vt2ZS6E/9XobH6wp8Oz9WSspYB/3l+HA//ci2W45LayPVBqCjw
uGnG4ty622vOFDc4TVP5ZNp8Fdg/hSi6/KYwcf8LrVP884drqrdQHTpCYL1XX1l8
UeSzfjRJPfzUR2aSKpUqEb/tm5i2iyXvSQagmwTImhSZ
-----END CERTIFICATE-----