Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/x7E4vTuFgCr64ZVq3U-xscL-USk.roa
File:                     x7E4vTuFgCr64ZVq3U-xscL-USk.roa (raw, json)
Hash identifier:          OZDwiTDcfB0hTE+as0vUAuvw/JJaALww6nnxSoVl0cU=
Subject key identifier:   C7:B1:38:BD:3B:85:80:2A:FA:E1:95:6A:DD:4F:B1:B1:C2:FE:51:29
Certificate issuer:       /CN=a50f21c3dc93757fc03282a835600d659f961e8e
Certificate serial:       018CC49323FA5584716830109AC44F309335
Authority key identifier: A5:0F:21:C3:DC:93:75:7F:C0:32:82:A8:35:60:0D:65:9F:96:1E:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pQ8hw9yTdX_AMoKoNWANZZ-WHo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/x7E4vTuFgCr64ZVq3U-xscL-USk.roa
Signing time:             Mon 01 Jan 2024 10:30:26 +0000
ROA not before:           Mon 01 Jan 2024 10:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13000
IP address blocks:        91.207.64.0/23 maxlen: 23
                          91.208.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/pQ8hw9yTdX_AMoKoNWANZZ-WHo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/pQ8hw9yTdX_AMoKoNWANZZ-WHo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pQ8hw9yTdX_AMoKoNWANZZ-WHo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:23:fa:55:84:71:68:30:10:9a:c4:4f:30:93:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a50f21c3dc93757fc03282a835600d659f961e8e
        Validity
            Not Before: Jan  1 10:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7b138bd3b85802afae1956add4fb1b1c2fe5129
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:4c:c8:a5:37:1b:ea:59:25:37:d7:04:93:c4:
                    c9:ff:74:84:0d:69:5d:75:b1:e8:2d:6b:e4:9a:17:
                    6b:9a:80:0d:bf:ff:22:eb:6e:de:0c:0c:4f:62:9f:
                    a9:ec:2e:c8:86:a0:23:83:b9:3c:6c:4b:5f:2d:e1:
                    ea:5d:20:e6:33:3f:0f:fc:11:92:07:bb:c9:e7:53:
                    cc:94:53:6e:1f:73:c4:90:e7:0d:2f:1a:e0:65:8c:
                    dc:76:43:0b:bc:fc:52:77:9d:67:18:74:66:de:75:
                    34:03:26:c0:ef:e7:04:d7:65:a4:f7:26:44:23:fb:
                    95:05:29:43:02:9d:c7:f8:d1:0a:c7:28:90:00:9c:
                    3e:1c:d7:78:aa:c3:53:3f:f1:00:f4:ab:23:74:1b:
                    8b:a0:82:45:ca:e1:86:f0:0a:33:bf:29:d6:cb:2b:
                    31:f4:6f:84:10:d7:4a:86:b2:f2:a2:b2:25:b8:54:
                    22:48:34:29:91:57:4f:82:fa:18:f0:be:26:3d:72:
                    e2:35:78:ca:98:a0:76:ca:3d:0a:d2:41:ff:bb:8c:
                    f2:4d:58:2c:80:0d:59:26:12:39:c1:09:4b:3a:1f:
                    ab:bb:1e:4c:c4:11:25:5b:0d:e8:a2:2a:6e:20:25:
                    ae:bf:1b:e4:bf:69:e1:82:c6:77:0e:9e:c3:04:99:
                    8c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:B1:38:BD:3B:85:80:2A:FA:E1:95:6A:DD:4F:B1:B1:C2:FE:51:29
            X509v3 Authority Key Identifier:
                keyid:A5:0F:21:C3:DC:93:75:7F:C0:32:82:A8:35:60:0D:65:9F:96:1E:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pQ8hw9yTdX_AMoKoNWANZZ-WHo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/x7E4vTuFgCr64ZVq3U-xscL-USk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/ea1df7-808a-47c3-ae51-b0843ec38823/1/pQ8hw9yTdX_AMoKoNWANZZ-WHo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.64.0/23
                  91.208.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:ae:f7:71:30:f4:bc:27:fa:ee:e7:6f:58:7b:13:86:49:db:
         fa:8a:22:f5:93:9e:7a:62:e7:cc:f5:e1:16:87:19:29:59:83:
         f3:1f:bf:a3:19:8c:8a:10:82:04:4e:91:e8:18:33:4c:c2:4c:
         85:5a:e3:74:ee:45:0a:0b:5c:43:94:37:4b:cf:3c:3c:f8:ab:
         33:80:aa:1a:f3:3c:9a:3b:56:87:4e:49:d7:6f:5a:bb:8a:4e:
         35:20:01:e2:b1:a1:0e:85:7c:df:e0:91:aa:d2:c1:e0:29:dc:
         bc:e2:32:33:17:b8:38:3e:1e:13:14:67:96:b0:a2:a8:3d:2a:
         3b:78:f5:6d:bb:41:ed:a4:f6:11:5b:df:e5:ba:35:0f:03:41:
         7a:8c:f4:73:97:0d:d6:18:ea:3c:99:6d:17:2a:06:b3:e9:e4:
         bb:8c:cf:38:fa:7f:36:31:6b:68:dc:d0:49:fa:90:de:5d:d0:
         3d:a7:52:4f:8e:45:ae:0d:14:7a:a9:ed:8e:6e:09:db:a3:13:
         2c:eb:be:df:ee:9e:25:ea:0e:f5:98:28:bd:32:72:ec:7c:03:
         ac:52:48:9a:8d:87:16:2b:4e:f6:8b:9c:92:d6:11:92:0a:34:
         30:ed:fe:13:df:4a:09:c5:4e:0d:59:4f:62:7d:d8:09:f8:06:
         d7:03:93:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkyP6VYRxaDAQmsRPMJM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MGYyMWMzZGM5Mzc1N2ZjMDMyODJhODM1NjAwZDY1OWY5
NjFlOGUwHhcNMjQwMTAxMTAzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2IxMzhiZDNiODU4MDJhZmFlMTk1NmFkZDRmYjFiMWMyZmU1MTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEzIpTcb6lklN9cEk8TJ/3SEDWld
dbHoLWvkmhdrmoANv/8i627eDAxPYp+p7C7IhqAjg7k8bEtfLeHqXSDmMz8P/BGS
B7vJ51PMlFNuH3PEkOcNLxrgZYzcdkMLvPxSd51nGHRm3nU0AybA7+cE12Wk9yZE
I/uVBSlDAp3H+NEKxyiQAJw+HNd4qsNTP/EA9KsjdBuLoIJFyuGG8AozvynWyysx
9G+EENdKhrLyorIluFQiSDQpkVdPgvoY8L4mPXLiNXjKmKB2yj0K0kH/u4zyTVgs
gA1ZJhI5wQlLOh+rux5MxBElWw3ooipuICWuvxvkv2nhgsZ3Dp7DBJmMuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMexOL07hYAq+uGVat1PsbHC/lEpMB8GA1UdIwQY
MBaAFKUPIcPck3V/wDKCqDVgDWWflh6OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFE4aHc5eVRkWF9BTW9Lb05XQU5aWi1XSG80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9lYTFkZjctODA4YS00N2MzLWFlNTEt
YjA4NDNlYzM4ODIzLzEveDdFNHZUdUZnQ3I2NFpWcTNVLXhzY0wtVVNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9lYTFkZjctODA4YS00N2MzLWFlNTEtYjA4NDNlYzM4ODIz
LzEvcFE4aHc5eVRkWF9BTW9Lb05XQU5aWi1XSG80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW89AAwQA
W9D3MA0GCSqGSIb3DQEBCwUAA4IBAQBqrvdxMPS8J/ru529YexOGSdv6iiL1k556
YufM9eEWhxkpWYPzH7+jGYyKEIIETpHoGDNMwkyFWuN07kUKC1xDlDdLzzw8+Ksz
gKoa8zyaO1aHTknXb1q7ik41IAHisaEOhXzf4JGq0sHgKdy84jIzF7g4Ph4TFGeW
sKKoPSo7ePVtu0HtpPYRW9/lujUPA0F6jPRzlw3WGOo8mW0XKgaz6eS7jM84+n82
MWto3NBJ+pDeXdA9p1JPjkWuDRR6qe2ObgnboxMs677f7p4l6g71mCi9MnLsfAOs
UkiajYcWK072i5yS1hGSCjQw7f4T30oJxU4NWU9ifdgJ+AbXA5PC
-----END CERTIFICATE-----