Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/sFvs_prtwKu42YxR1lLYA6s-LfY.roa
File:                     sFvs_prtwKu42YxR1lLYA6s-LfY.roa (raw, json)
Hash identifier:          B//Muv+RgtWM9+j4D4TMR775xHt5nXHGTfaVRYpWbRc=
Subject key identifier:   B0:5B:EC:FE:9A:ED:C0:AB:B8:D9:8C:51:D6:52:D8:03:AB:3E:2D:F6
Certificate issuer:       /CN=729e4620c5991e06e1cc056e9cdd1de2b7958873
Certificate serial:       019423693EAE55FA38FF72A24470E7808D69
Authority key identifier: 72:9E:46:20:C5:99:1E:06:E1:CC:05:6E:9C:DD:1D:E2:B7:95:88:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cp5GIMWZHgbhzAVunN0d4reViHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/sFvs_prtwKu42YxR1lLYA6s-LfY.roa
Signing time:             Wed 01 Jan 2025 19:48:07 +0000
ROA not before:           Wed 01 Jan 2025 19:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56798
IP address blocks:        91.223.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/cp5GIMWZHgbhzAVunN0d4reViHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/cp5GIMWZHgbhzAVunN0d4reViHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cp5GIMWZHgbhzAVunN0d4reViHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:3e:ae:55:fa:38:ff:72:a2:44:70:e7:80:8d:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=729e4620c5991e06e1cc056e9cdd1de2b7958873
        Validity
            Not Before: Jan  1 19:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b05becfe9aedc0abb8d98c51d652d803ab3e2df6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f9:39:c8:c4:fa:70:05:f6:99:50:e8:3d:1c:
                    19:50:0b:fd:ff:06:9c:bf:2f:2e:15:63:05:ef:2e:
                    28:fb:de:f3:67:22:f5:47:ee:4e:3c:82:82:07:b1:
                    d7:1a:31:49:b3:31:4f:4d:40:dd:f3:a4:fc:f6:b7:
                    82:77:c0:ad:84:2e:2b:52:26:5d:c9:24:ef:de:e9:
                    51:8e:56:b1:ca:90:6e:36:ea:74:12:33:82:21:f6:
                    d6:02:84:01:69:78:e0:2a:77:07:3d:48:23:1a:35:
                    b7:65:83:0b:0a:7b:4f:09:91:ed:3a:ca:39:58:1e:
                    cd:51:9d:d3:57:2d:d5:5a:dc:ce:ce:d5:1e:6d:1d:
                    9b:11:e5:a5:b0:dc:82:8b:cf:d5:5d:be:9d:10:b7:
                    25:07:cf:34:01:7b:bc:d0:7f:eb:a2:c1:0a:c5:05:
                    bc:1a:63:37:1d:fc:9e:14:4f:c4:8e:43:c7:43:29:
                    de:36:6d:a4:7b:17:c1:49:17:6f:37:e2:8a:57:b6:
                    88:68:64:f6:e9:47:ad:15:3f:37:c1:fa:62:dc:4a:
                    08:73:26:65:37:51:04:7a:80:d4:a7:db:45:d8:99:
                    fe:b7:c7:a2:a8:fc:6f:a3:ed:7b:83:85:3a:2f:9c:
                    f7:f0:30:8f:2b:ce:16:f6:37:b0:b2:05:ec:5b:33:
                    a1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:5B:EC:FE:9A:ED:C0:AB:B8:D9:8C:51:D6:52:D8:03:AB:3E:2D:F6
            X509v3 Authority Key Identifier:
                keyid:72:9E:46:20:C5:99:1E:06:E1:CC:05:6E:9C:DD:1D:E2:B7:95:88:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cp5GIMWZHgbhzAVunN0d4reViHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/sFvs_prtwKu42YxR1lLYA6s-LfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/d4739e-affc-49ba-8694-20fe18f7e128/1/cp5GIMWZHgbhzAVunN0d4reViHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:42:2a:d3:52:ea:e6:75:42:7a:ff:8e:45:ae:03:af:25:22:
         4d:be:7a:73:08:e2:3b:3a:de:6c:25:77:d4:e9:d3:04:09:22:
         6d:95:92:ba:a6:38:0b:7b:92:83:0e:6b:c5:d8:5c:c8:9a:36:
         e1:70:a5:e1:8a:b2:29:9e:ba:be:84:03:84:d3:a6:dc:24:17:
         b3:44:9d:ab:d8:d2:55:a8:cf:8d:95:26:49:72:96:da:be:f6:
         0d:82:8a:59:aa:9f:80:6f:42:9b:50:8e:83:98:5b:d8:06:97:
         58:15:c3:1b:4e:de:c7:f3:73:cf:39:f6:9e:e3:3b:cd:12:d8:
         6c:f1:02:fa:1d:9d:27:72:03:37:cd:82:0f:7c:be:d7:ac:1b:
         e6:59:50:d1:17:ef:4b:40:03:17:40:21:88:2e:b4:cf:92:0a:
         e5:8e:14:d6:54:40:a1:85:36:0b:9e:21:e5:a0:05:c0:21:ec:
         f4:f9:d6:ed:bc:a1:11:10:81:4d:ce:e9:f1:53:03:2b:7d:f4:
         0e:89:3d:fc:94:93:26:e8:bd:22:25:38:54:bb:29:93:9a:2b:
         0b:67:56:ad:13:37:bd:b9:e6:d5:51:39:f4:25:51:ec:fa:b4:
         23:9c:46:fb:7e:b3:c3:b8:07:49:38:15:90:b5:e6:5a:b8:6a:
         35:db:0d:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaT6uVfo4/3KiRHDngI1pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOWU0NjIwYzU5OTFlMDZlMWNjMDU2ZTljZGQxZGUyYjc5
NTg4NzMwHhcNMjUwMTAxMTk0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDViZWNmZTlhZWRjMGFiYjhkOThjNTFkNjUyZDgwM2FiM2UyZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPk5yMT6cAX2mVDoPRwZUAv9/wac
vy8uFWMF7y4o+97zZyL1R+5OPIKCB7HXGjFJszFPTUDd86T89reCd8CthC4rUiZd
ySTv3ulRjlaxypBuNup0EjOCIfbWAoQBaXjgKncHPUgjGjW3ZYMLCntPCZHtOso5
WB7NUZ3TVy3VWtzOztUebR2bEeWlsNyCi8/VXb6dELclB880AXu80H/rosEKxQW8
GmM3HfyeFE/EjkPHQyneNm2kexfBSRdvN+KKV7aIaGT26UetFT83wfpi3EoIcyZl
N1EEeoDUp9tF2Jn+t8eiqPxvo+17g4U6L5z38DCPK84W9jewsgXsWzOhfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLBb7P6a7cCruNmMUdZS2AOrPi32MB8GA1UdIwQY
MBaAFHKeRiDFmR4G4cwFbpzdHeK3lYhzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3A1R0lNV1pIZ2JoekFWdW5OMGQ0cmVWaUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9kNDczOWUtYWZmYy00OWJhLTg2OTQt
MjBmZTE4ZjdlMTI4LzEvc0Z2c19wcnR3S3U0Mll4UjFsTFlBNnMtTGZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9kNDczOWUtYWZmYy00OWJhLTg2OTQtMjBmZTE4ZjdlMTI4
LzEvY3A1R0lNV1pIZ2JoekFWdW5OMGQ0cmVWaUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+EMA0G
CSqGSIb3DQEBCwUAA4IBAQACQirTUurmdUJ6/45FrgOvJSJNvnpzCOI7Ot5sJXfU
6dMECSJtlZK6pjgLe5KDDmvF2FzImjbhcKXhirIpnrq+hAOE06bcJBezRJ2r2NJV
qM+NlSZJcpbavvYNgopZqp+Ab0KbUI6DmFvYBpdYFcMbTt7H83PPOfae4zvNEths
8QL6HZ0ncgM3zYIPfL7XrBvmWVDRF+9LQAMXQCGILrTPkgrljhTWVEChhTYLniHl
oAXAIez0+dbtvKEREIFNzunxUwMrffQOiT38lJMm6L0iJThUuymTmisLZ1atEze9
uebVUTn0JVHs+rQjnEb7frPDuAdJOBWQteZauGo12w1u
-----END CERTIFICATE-----