Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/fJ17oyJVQtuyP89XIcu2Gz4_KoE.roa
File:                     fJ17oyJVQtuyP89XIcu2Gz4_KoE.roa (raw, json)
Hash identifier:          AMaB9LpQeXFTaSIVVSFqhaZ1YRZDqyanbB1co81Cry4=
Subject key identifier:   7C:9D:7B:A3:22:55:42:DB:B2:3F:CF:57:21:CB:B6:1B:3E:3F:2A:81
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       0192BF77DE78148270DDE73F8271B827DDE5
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/fJ17oyJVQtuyP89XIcu2Gz4_KoE.roa
Signing time:             Thu 24 Oct 2024 16:59:16 +0000
ROA not before:           Thu 24 Oct 2024 16:59:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41588
IP address blocks:        91.195.248.0/23 maxlen: 23
                          195.138.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bf:77:de:78:14:82:70:dd:e7:3f:82:71:b8:27:dd:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Oct 24 16:59:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c9d7ba3225542dbb23fcf5721cbb61b3e3f2a81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:fc:f8:da:d3:36:6e:c5:98:ae:a0:67:67:97:
                    78:72:dd:ac:b9:92:74:95:0e:7c:18:c8:b1:ea:ba:
                    ff:b4:91:49:dc:34:df:88:c2:0b:27:77:81:03:d3:
                    d6:af:4a:27:ec:be:ab:69:c7:a7:3b:da:76:7c:3a:
                    10:84:da:b8:f1:2d:c0:08:4a:13:f5:52:cd:3d:f1:
                    cc:18:2a:4d:e5:ba:b9:71:a4:67:fc:71:ac:a5:39:
                    48:20:90:92:9e:6d:42:9c:5e:6c:ad:11:ad:f0:d4:
                    f9:bc:0e:42:33:a8:79:8c:94:db:56:2a:4a:f9:a7:
                    e6:99:b3:3b:41:a5:ee:2c:8f:29:a1:75:f3:bf:2f:
                    26:0c:78:13:12:fc:98:12:e8:9a:63:6c:2f:1e:3d:
                    27:91:eb:94:71:ec:f8:1f:d9:a3:8d:cf:7a:25:5d:
                    5d:54:4a:6d:d9:88:6d:97:3e:8c:f9:14:8d:42:27:
                    17:68:ce:c5:61:75:88:ac:09:9a:3f:ff:5b:11:94:
                    ae:ac:4b:de:10:a5:2c:b4:a2:16:e3:dc:ff:42:bc:
                    eb:2e:1c:7b:80:98:54:14:0a:30:ae:96:ae:b2:75:
                    3b:45:c2:54:39:b1:a6:53:cb:a8:d6:e1:4c:23:dc:
                    d3:3b:48:85:68:9e:89:ef:ea:86:34:9a:56:c8:f1:
                    34:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:9D:7B:A3:22:55:42:DB:B2:3F:CF:57:21:CB:B6:1B:3E:3F:2A:81
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/fJ17oyJVQtuyP89XIcu2Gz4_KoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.248.0/23
                  195.138.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:a0:2f:2b:0c:0b:97:38:37:87:b6:7a:77:55:f8:42:d9:40:
         80:49:5b:c0:22:c7:d8:da:e1:29:cd:cd:60:f7:79:c9:2a:ed:
         4f:ae:30:fd:c4:4e:11:bf:4e:d0:1a:57:5d:99:29:a7:a5:b4:
         b7:a9:ff:95:9a:bb:94:0f:f4:ac:0e:c0:c2:63:1a:16:9e:f2:
         48:de:cf:21:6d:45:4c:75:39:b9:a1:cb:66:a3:9d:88:3b:c8:
         79:45:94:0f:24:67:77:3b:3d:f3:b7:77:2a:b4:00:72:7d:97:
         92:8f:4a:68:51:5e:5f:a2:b0:39:ea:54:23:8d:49:4e:49:64:
         cb:64:d7:9c:f8:77:07:d3:81:eb:29:c3:fb:89:c3:db:02:90:
         4e:07:84:06:13:c8:2a:1b:a1:fc:8e:e2:07:9c:07:47:3e:7d:
         07:aa:e3:14:ca:98:42:c7:36:69:4b:a1:3d:e0:d5:9c:e0:b5:
         8f:d6:de:70:8e:a2:9a:44:d1:1e:2f:bb:cf:7b:43:bc:6f:da:
         db:d1:f4:1b:75:08:df:08:dd:e5:55:5a:01:bb:47:0a:89:44:
         2e:14:21:26:d8:14:34:56:0b:d3:df:96:22:39:20:87:a4:de:
         92:23:7f:92:c6:80:1d:70:f8:e3:08:82:6e:8f:7e:dc:5b:60:
         a8:5a:6e:e0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK/d954FIJw3ec/gnG4J93lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjQxMDI0MTY1OTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzlkN2JhMzIyNTU0MmRiYjIzZmNmNTcyMWNiYjYxYjNlM2YyYTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/z42tM2bsWYrqBnZ5d4ct2suZJ0
lQ58GMix6rr/tJFJ3DTfiMILJ3eBA9PWr0on7L6racenO9p2fDoQhNq48S3ACEoT
9VLNPfHMGCpN5bq5caRn/HGspTlIIJCSnm1CnF5srRGt8NT5vA5CM6h5jJTbVipK
+afmmbM7QaXuLI8poXXzvy8mDHgTEvyYEuiaY2wvHj0nkeuUcez4H9mjjc96JV1d
VEpt2Yhtlz6M+RSNQicXaM7FYXWIrAmaP/9bEZSurEveEKUstKIW49z/QrzrLhx7
gJhUFAowrpausnU7RcJUObGmU8uo1uFMI9zTO0iFaJ6J7+qGNJpWyPE0CQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHyde6MiVULbsj/PVyHLths+PyqBMB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvZkoxN295SlZRdHV5UDg5WEljdTJHejRfS29FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8P4AwQA
w4rBMA0GCSqGSIb3DQEBCwUAA4IBAQDEoC8rDAuXODeHtnp3VfhC2UCASVvAIsfY
2uEpzc1g93nJKu1PrjD9xE4Rv07QGlddmSmnpbS3qf+VmruUD/SsDsDCYxoWnvJI
3s8hbUVMdTm5octmo52IO8h5RZQPJGd3Oz3zt3cqtAByfZeSj0poUV5forA56lQj
jUlOSWTLZNec+HcH04HrKcP7icPbApBOB4QGE8gqG6H8juIHnAdHPn0HquMUyphC
xzZpS6E94NWc4LWP1t5wjqKaRNEeL7vPe0O8b9rb0fQbdQjfCN3lVVoBu0cKiUQu
FCEm2BQ0VgvT35YiOSCHpN6SI3+SxoAdcPjjCIJuj37cW2CoWm7g
-----END CERTIFICATE-----