Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/19650d-2b87-4911-ae1e-895b0d3c4b45/1/cVmHsP8Rowa_T2Kx7w85WzFqUtI.roa
File:                     cVmHsP8Rowa_T2Kx7w85WzFqUtI.roa (raw, json)
Hash identifier:          eCzXrFeAfULRCr6VQpA1RPAjIXUzXuPgfwgHNCZsv5c=
Subject key identifier:   71:59:87:B0:FF:11:A3:06:BF:4F:62:B1:EF:0F:39:5B:31:6A:52:D2
Certificate issuer:       /CN=7c07dbdc71f12bda7bb7fa80cadc2ed9a2feefeb
Certificate serial:       019251256939955B2815A0A40CE49FE0A871
Authority key identifier: 7C:07:DB:DC:71:F1:2B:DA:7B:B7:FA:80:CA:DC:2E:D9:A2:FE:EF:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fAfb3HHxK9p7t_qAytwu2aL-7-s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/19650d-2b87-4911-ae1e-895b0d3c4b45/1/cVmHsP8Rowa_T2Kx7w85WzFqUtI.roa
Signing time:             Thu 03 Oct 2024 06:50:59 +0000
ROA not before:           Thu 03 Oct 2024 06:50:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31027
IP address blocks:        91.233.142.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/19650d-2b87-4911-ae1e-895b0d3c4b45/1/fAfb3HHxK9p7t_qAytwu2aL-7-s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/19650d-2b87-4911-ae1e-895b0d3c4b45/1/fAfb3HHxK9p7t_qAytwu2aL-7-s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fAfb3HHxK9p7t_qAytwu2aL-7-s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:25:69:39:95:5b:28:15:a0:a4:0c:e4:9f:e0:a8:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c07dbdc71f12bda7bb7fa80cadc2ed9a2feefeb
        Validity
            Not Before: Oct  3 06:50:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=715987b0ff11a306bf4f62b1ef0f395b316a52d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ed:28:1b:85:d8:5e:7b:ed:cb:95:46:29:c0:
                    2c:e1:53:17:f3:7b:a8:1f:3b:2c:5b:1f:5d:bc:01:
                    4e:57:b0:23:49:a5:81:81:04:13:46:07:0d:91:e2:
                    fb:ff:78:5e:29:09:f1:29:82:3d:7c:fb:92:5e:50:
                    6b:06:0e:e3:04:52:0a:b8:ac:9f:85:0d:2d:b8:f7:
                    f9:0d:55:fe:e3:f4:81:3a:9e:aa:a9:38:8e:a4:50:
                    f5:f2:8c:4e:02:ea:d4:a9:54:eb:73:4f:da:bf:fd:
                    a4:1d:0d:bd:fb:03:79:bd:88:89:a2:0f:ac:39:2b:
                    eb:a6:06:64:f4:34:81:93:25:8e:b6:92:ee:fa:5f:
                    7c:ba:4c:e4:5a:e9:52:1f:53:30:d9:a0:d5:9b:5a:
                    71:3e:8b:ec:76:8a:46:2c:bc:40:16:77:b0:5d:c9:
                    a5:6d:06:95:f3:a9:04:4c:b9:51:f0:7c:bd:8d:bb:
                    67:d1:9f:3b:5c:53:cb:84:36:aa:0b:c9:95:0f:ba:
                    a6:87:73:67:3c:00:65:52:26:0e:a7:6d:dc:70:ee:
                    5f:2f:04:e1:a7:53:90:61:24:87:a8:8c:2a:b9:d2:
                    87:ff:69:d3:41:21:b2:10:3c:44:98:1d:f3:c6:db:
                    4c:e2:2d:31:bc:19:b7:93:5e:33:eb:68:c1:0d:c0:
                    48:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:59:87:B0:FF:11:A3:06:BF:4F:62:B1:EF:0F:39:5B:31:6A:52:D2
            X509v3 Authority Key Identifier:
                keyid:7C:07:DB:DC:71:F1:2B:DA:7B:B7:FA:80:CA:DC:2E:D9:A2:FE:EF:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fAfb3HHxK9p7t_qAytwu2aL-7-s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/19650d-2b87-4911-ae1e-895b0d3c4b45/1/cVmHsP8Rowa_T2Kx7w85WzFqUtI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/19650d-2b87-4911-ae1e-895b0d3c4b45/1/fAfb3HHxK9p7t_qAytwu2aL-7-s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.142.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ca:7a:e0:dc:f7:2b:ea:9e:9d:f5:27:06:fa:1a:59:1d:c2:d4:
         8d:8e:6c:30:75:d0:e7:8d:95:f3:fe:33:85:b2:47:07:93:3d:
         89:60:21:3a:59:c4:11:f3:23:36:21:04:23:59:9f:a5:d5:29:
         91:a2:b6:cd:fb:e6:f3:54:1c:2e:05:11:49:b2:e7:44:e1:27:
         f2:33:dc:76:cf:97:f4:39:d2:2f:82:81:e7:07:fe:15:dd:08:
         00:39:61:ec:0b:bd:4d:b3:50:2c:3b:5d:89:33:7a:5d:f3:9d:
         7f:f9:25:28:cf:9c:4f:ae:d3:a0:fc:bd:15:e5:dd:ca:07:18:
         f3:66:bc:2a:3c:ec:2b:a4:fb:d5:a9:c3:00:ee:fa:79:13:b5:
         d0:a7:a7:4f:c1:6f:33:9b:57:3d:dd:e6:e4:f2:6c:4a:24:40:
         88:1f:70:ad:d1:01:31:ac:29:2f:bb:77:1b:ed:de:aa:bd:7c:
         ba:a4:5c:45:06:43:0b:1f:a8:d9:ce:94:d3:b5:ec:67:c1:95:
         f4:04:91:02:ac:b6:8b:3d:1a:7e:96:8e:86:c5:dd:5b:11:45:
         ab:be:ed:fd:ce:ff:a5:7f:e1:c6:ea:97:ea:3f:26:0e:0a:82:
         d9:70:73:61:c6:6e:20:0d:26:83:a9:00:d7:a9:7f:c2:02:9a:
         d8:16:46:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRJWk5lVsoFaCkDOSf4KhxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMDdkYmRjNzFmMTJiZGE3YmI3ZmE4MGNhZGMyZWQ5YTJm
ZWVmZWIwHhcNMjQxMDAzMDY1MDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTU5ODdiMGZmMTFhMzA2YmY0ZjYyYjFlZjBmMzk1YjMxNmE1MmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApO0oG4XYXnvty5VGKcAs4VMX83uo
HzssWx9dvAFOV7AjSaWBgQQTRgcNkeL7/3heKQnxKYI9fPuSXlBrBg7jBFIKuKyf
hQ0tuPf5DVX+4/SBOp6qqTiOpFD18oxOAurUqVTrc0/av/2kHQ29+wN5vYiJog+s
OSvrpgZk9DSBkyWOtpLu+l98ukzkWulSH1Mw2aDVm1pxPovsdopGLLxAFnewXcml
bQaV86kETLlR8Hy9jbtn0Z87XFPLhDaqC8mVD7qmh3NnPABlUiYOp23ccO5fLwTh
p1OQYSSHqIwqudKH/2nTQSGyEDxEmB3zxttM4i0xvBm3k14z62jBDcBIawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFZh7D/EaMGv09ise8POVsxalLSMB8GA1UdIwQY
MBaAFHwH29xx8Svae7f6gMrcLtmi/u/rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkFmYjNISHhLOXA3dF9xQXl0d3UyYUwtNy1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi8xOTY1MGQtMmI4Ny00OTExLWFlMWUt
ODk1YjBkM2M0YjQ1LzEvY1ZtSHNQOFJvd2FfVDJLeDd3ODVXekZxVXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi8xOTY1MGQtMmI4Ny00OTExLWFlMWUtODk1YjBkM2M0YjQ1
LzEvZkFmYjNISHhLOXA3dF9xQXl0d3UyYUwtNy1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+mOMA0G
CSqGSIb3DQEBCwUAA4IBAQDKeuDc9yvqnp31Jwb6GlkdwtSNjmwwddDnjZXz/jOF
skcHkz2JYCE6WcQR8yM2IQQjWZ+l1SmRorbN++bzVBwuBRFJsudE4SfyM9x2z5f0
OdIvgoHnB/4V3QgAOWHsC71Ns1AsO12JM3pd851/+SUoz5xPrtOg/L0V5d3KBxjz
ZrwqPOwrpPvVqcMA7vp5E7XQp6dPwW8zm1c93ebk8mxKJECIH3Ct0QExrCkvu3cb
7d6qvXy6pFxFBkMLH6jZzpTTtexnwZX0BJECrLaLPRp+lo6Gxd1bEUWrvu39zv+l
f+HG6pfqPyYOCoLZcHNhxm4gDSaDqQDXqX/CAprYFkaf
-----END CERTIFICATE-----