Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/ev3DTsHXNC4f5jrH2ub4xYGyB50.roa
File:                     ev3DTsHXNC4f5jrH2ub4xYGyB50.roa (raw, json)
Hash identifier:          xVYtp4UvEiCftjGOr3H3iB7Laupx6aoIcAExb5sWuio=
Subject key identifier:   7A:FD:C3:4E:C1:D7:34:2E:1F:E6:3A:C7:DA:E6:F8:C5:81:B2:07:9D
Certificate issuer:       /CN=0f7dd32779c1a9b297e28cb035fd679abb1916d1
Certificate serial:       0191C1B04DDE5359E53BCAD4BFD65F94D8CF
Authority key identifier: 0F:7D:D3:27:79:C1:A9:B2:97:E2:8C:B0:35:FD:67:9A:BB:19:16:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D33TJ3nBqbKX4oywNf1nmrsZFtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/ev3DTsHXNC4f5jrH2ub4xYGyB50.roa
Signing time:             Thu 05 Sep 2024 10:17:22 +0000
ROA not before:           Thu 05 Sep 2024 10:17:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198154
IP address blocks:        91.234.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/D33TJ3nBqbKX4oywNf1nmrsZFtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/D33TJ3nBqbKX4oywNf1nmrsZFtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D33TJ3nBqbKX4oywNf1nmrsZFtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c1:b0:4d:de:53:59:e5:3b:ca:d4:bf:d6:5f:94:d8:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f7dd32779c1a9b297e28cb035fd679abb1916d1
        Validity
            Not Before: Sep  5 10:17:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7afdc34ec1d7342e1fe63ac7dae6f8c581b2079d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9c:5c:e2:40:f0:fe:a2:e9:65:62:7e:49:54:
                    18:9b:f1:b0:21:7c:75:eb:ab:fc:4f:70:d9:d9:88:
                    60:f3:1b:0f:f8:7c:cb:be:01:72:8b:49:81:96:2b:
                    11:4c:76:99:2b:12:dd:7d:61:6e:d9:8e:46:bc:29:
                    98:a3:8d:18:4a:7a:dc:70:59:3f:29:a5:88:7f:f5:
                    19:e2:4a:2c:5f:f1:65:62:ca:52:9d:df:66:05:10:
                    df:f3:b7:c6:b5:a8:7c:bd:5b:02:10:e5:c2:a2:5b:
                    1c:87:b6:34:87:da:37:e9:76:26:30:47:ef:08:2b:
                    2e:35:4d:a3:c9:04:90:d8:f3:b5:45:5f:c3:50:f3:
                    eb:50:f3:5a:3c:cb:77:41:7e:f0:a0:fd:c4:ed:67:
                    52:cc:36:30:55:6f:61:e2:d9:06:db:50:ae:8f:33:
                    a0:01:7a:a5:98:c3:8e:46:b9:ae:4d:8e:88:ce:29:
                    1d:34:12:bf:06:5f:83:36:03:00:02:f8:d2:08:e9:
                    7d:af:1c:a0:01:9b:5c:e8:c6:e9:25:8e:f2:79:ba:
                    2e:d0:10:40:2b:59:bb:c5:cd:ad:2a:b6:e4:8a:ce:
                    13:bb:ab:62:e7:97:d6:ed:14:9a:f3:97:30:87:1f:
                    37:c9:31:e7:2d:72:4d:d9:d0:da:59:05:9f:4a:d8:
                    dd:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:FD:C3:4E:C1:D7:34:2E:1F:E6:3A:C7:DA:E6:F8:C5:81:B2:07:9D
            X509v3 Authority Key Identifier:
                keyid:0F:7D:D3:27:79:C1:A9:B2:97:E2:8C:B0:35:FD:67:9A:BB:19:16:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D33TJ3nBqbKX4oywNf1nmrsZFtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/ev3DTsHXNC4f5jrH2ub4xYGyB50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/D33TJ3nBqbKX4oywNf1nmrsZFtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:65:88:ae:ce:b9:a2:48:31:e3:4f:0a:49:1a:f3:6f:78:ed:
         a7:ca:a5:98:6d:e6:90:83:11:2c:61:6f:3d:df:d9:22:b2:20:
         ad:85:4d:9a:3c:ad:f5:ad:b1:f0:4d:54:23:92:9c:8a:13:99:
         d7:76:63:7f:4d:0d:f4:f9:c7:e3:82:9f:7b:da:c5:66:a4:28:
         1c:32:2d:5f:c0:f0:63:09:e8:7e:c4:31:d3:26:e5:cd:32:b3:
         a3:9a:7c:3a:34:86:28:be:06:77:12:2c:32:33:6b:7e:b7:ec:
         4d:32:d6:45:e7:ef:b1:a4:37:57:29:80:f7:e3:28:a0:c0:26:
         9a:29:de:a5:9e:29:cf:1e:a8:65:e1:34:86:d7:63:54:38:82:
         62:ab:75:f0:cf:84:92:d5:d5:ba:a7:ac:ba:90:2c:88:ca:5b:
         78:28:7f:e6:1f:52:79:9b:d0:b4:6c:55:a6:e2:77:70:a8:50:
         ba:a9:84:d1:02:51:4c:e9:12:6c:dd:60:1b:05:a2:21:82:f1:
         d9:ba:e3:b5:15:54:96:5a:59:19:ad:7f:0f:f4:3b:56:d2:2d:
         38:18:54:67:c6:f8:d5:23:2e:47:15:39:8d:ce:f7:89:10:2c:
         b1:ac:3e:4e:80:af:9d:3c:40:10:a0:41:b4:3b:0d:27:6d:b4:
         4e:ba:90:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHBsE3eU1nlO8rUv9ZflNjPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmN2RkMzI3NzljMWE5YjI5N2UyOGNiMDM1ZmQ2NzlhYmIx
OTE2ZDEwHhcNMjQwOTA1MTAxNzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWZkYzM0ZWMxZDczNDJlMWZlNjNhYzdkYWU2ZjhjNTgxYjIwNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy5xc4kDw/qLpZWJ+SVQYm/GwIXx1
66v8T3DZ2Yhg8xsP+HzLvgFyi0mBlisRTHaZKxLdfWFu2Y5GvCmYo40YSnrccFk/
KaWIf/UZ4kosX/FlYspSnd9mBRDf87fGtah8vVsCEOXColsch7Y0h9o36XYmMEfv
CCsuNU2jyQSQ2PO1RV/DUPPrUPNaPMt3QX7woP3E7WdSzDYwVW9h4tkG21CujzOg
AXqlmMOORrmuTY6IzikdNBK/Bl+DNgMAAvjSCOl9rxygAZtc6MbpJY7yebou0BBA
K1m7xc2tKrbkis4Tu6ti55fW7RSa85cwhx83yTHnLXJN2dDaWQWfStjdOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHr9w07B1zQuH+Y6x9rm+MWBsgedMB8GA1UdIwQY
MBaAFA990yd5wamyl+KMsDX9Z5q7GRbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDMzVEozbkJxYktYNG95d05mMW5tcnNaRnRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi83MjkyMTAtZDcyMC00ZjM4LWI2YmUt
YWNmNjZmNzhiMmI3LzEvZXYzRFRzSFhOQzRmNWpySDJ1YjR4WUd5QjUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi83MjkyMTAtZDcyMC00ZjM4LWI2YmUtYWNmNjZmNzhiMmI3
LzEvRDMzVEozbkJxYktYNG95d05mMW5tcnNaRnRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+onMA0G
CSqGSIb3DQEBCwUAA4IBAQAlZYiuzrmiSDHjTwpJGvNveO2nyqWYbeaQgxEsYW89
39kisiCthU2aPK31rbHwTVQjkpyKE5nXdmN/TQ30+cfjgp972sVmpCgcMi1fwPBj
Ceh+xDHTJuXNMrOjmnw6NIYovgZ3EiwyM2t+t+xNMtZF5++xpDdXKYD34yigwCaa
Kd6lninPHqhl4TSG12NUOIJiq3Xwz4SS1dW6p6y6kCyIylt4KH/mH1J5m9C0bFWm
4ndwqFC6qYTRAlFM6RJs3WAbBaIhgvHZuuO1FVSWWlkZrX8P9DtW0i04GFRnxvjV
Iy5HFTmNzveJECyxrD5OgK+dPEAQoEG0Ow0nbbROupAk
-----END CERTIFICATE-----