Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/7DiJ9K95ehnMUXD7u9LvwomDRPI.roa
File:                     7DiJ9K95ehnMUXD7u9LvwomDRPI.roa (raw, json)
Hash identifier:          yHePvo0AvtTtp1CqIzen+Z0YaKjnaD10cabMMhhLxUI=
Subject key identifier:   EC:38:89:F4:AF:79:7A:19:CC:51:70:FB:BB:D2:EF:C2:89:83:44:F2
Certificate issuer:       /CN=68cef722dabe5975ca4f9ba8616388ec6c656a20
Certificate serial:       018CC49392AA8EC9E95C91B10236988DA373
Authority key identifier: 68:CE:F7:22:DA:BE:59:75:CA:4F:9B:A8:61:63:88:EC:6C:65:6A:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aM73Itq-WXXKT5uoYWOI7GxlaiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/7DiJ9K95ehnMUXD7u9LvwomDRPI.roa
Signing time:             Mon 01 Jan 2024 10:30:54 +0000
ROA not before:           Mon 01 Jan 2024 10:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203259
IP address blocks:        91.240.232.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/aM73Itq-WXXKT5uoYWOI7GxlaiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/aM73Itq-WXXKT5uoYWOI7GxlaiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aM73Itq-WXXKT5uoYWOI7GxlaiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:92:aa:8e:c9:e9:5c:91:b1:02:36:98:8d:a3:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68cef722dabe5975ca4f9ba8616388ec6c656a20
        Validity
            Not Before: Jan  1 10:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ec3889f4af797a19cc5170fbbbd2efc2898344f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:9d:9d:b9:85:38:a1:22:e2:ca:01:ef:aa:21:
                    32:a3:5c:fe:c0:90:6a:75:b5:19:f8:2b:91:54:65:
                    85:1c:bd:f8:93:d0:aa:c2:c4:b6:9b:94:68:b4:38:
                    ab:6d:f9:6f:ff:ec:0e:3b:8e:2b:eb:c8:f5:7d:ce:
                    18:57:89:8b:c2:81:ab:04:e2:29:f6:ac:ed:c8:e7:
                    03:af:e0:38:94:00:af:1f:60:e4:6a:66:40:d7:d8:
                    85:15:64:8c:d4:48:32:1a:60:0b:b5:91:60:9f:50:
                    0a:15:90:30:18:13:b0:47:fb:a9:8c:de:ed:c8:81:
                    68:64:df:db:68:a0:c5:fa:ef:8c:47:52:c7:0c:f9:
                    37:1c:1f:fc:5d:bd:6b:93:b5:76:1c:bf:bf:21:d5:
                    68:36:bb:00:74:91:e3:d0:d0:b7:08:28:41:90:17:
                    38:9f:71:3c:52:9d:8a:7c:46:a3:99:06:a0:91:93:
                    09:e5:4d:ec:87:4c:1b:ea:fd:3f:f2:25:59:b0:22:
                    a1:53:a5:c2:58:56:50:97:17:53:38:ff:b7:9b:13:
                    0b:e1:f3:57:d2:20:e5:61:75:0b:da:38:22:d8:02:
                    c1:db:5d:52:b0:7b:60:e0:f5:2a:ca:67:73:16:05:
                    db:1c:e3:58:2e:50:46:e9:2e:c2:2f:c4:d0:60:5c:
                    2f:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:38:89:F4:AF:79:7A:19:CC:51:70:FB:BB:D2:EF:C2:89:83:44:F2
            X509v3 Authority Key Identifier:
                keyid:68:CE:F7:22:DA:BE:59:75:CA:4F:9B:A8:61:63:88:EC:6C:65:6A:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aM73Itq-WXXKT5uoYWOI7GxlaiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/7DiJ9K95ehnMUXD7u9LvwomDRPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/790c15-2058-4c39-90cb-cd677ab431aa/1/aM73Itq-WXXKT5uoYWOI7GxlaiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:71:bf:19:11:5d:1a:8c:34:3d:fd:e7:25:72:c4:9e:c5:94:
         8f:9f:20:fe:b4:9f:37:20:04:82:a2:e1:7c:7e:6d:95:08:d4:
         8a:55:3c:03:90:78:19:9d:18:6d:90:de:44:4e:66:0b:52:e1:
         86:8f:33:0f:8a:d5:43:cf:bd:86:fd:f1:49:72:b9:cf:d3:25:
         20:2c:93:36:22:a1:a4:46:a7:0e:09:8a:75:bb:6f:1c:be:2d:
         42:86:64:c5:46:88:be:31:46:be:12:bb:0e:ff:c4:ba:10:17:
         3c:25:c3:0d:c0:b5:c8:de:3f:a8:eb:11:1d:0a:9e:6c:2b:5a:
         47:3f:0b:5c:68:28:7a:0f:2c:df:fb:25:74:13:88:aa:a8:d0:
         45:5a:e2:e8:a7:67:26:58:8b:3b:9c:29:42:bd:1e:7e:e9:17:
         a9:33:0e:0d:a6:5a:fe:04:c3:d1:a6:e1:cf:9d:b8:e4:36:93:
         7e:34:58:15:0c:a5:93:69:65:c8:44:11:55:34:79:4a:4f:33:
         34:69:6b:ab:f9:35:ba:ed:fc:e8:a6:ec:34:90:4a:d7:dd:e3:
         fe:b0:8a:d9:40:ac:57:8b:93:87:96:ef:ac:e6:40:d0:e9:b1:
         a7:2c:95:c3:88:3d:b2:92:82:b2:d7:9c:68:bd:a8:8a:b4:6d:
         aa:78:ba:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk5KqjsnpXJGxAjaYjaNzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4Y2VmNzIyZGFiZTU5NzVjYTRmOWJhODYxNjM4OGVjNmM2
NTZhMjAwHhcNMjQwMTAxMTAzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzM4ODlmNGFmNzk3YTE5Y2M1MTcwZmJiYmQyZWZjMjg5ODM0NGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv52duYU4oSLiygHvqiEyo1z+wJBq
dbUZ+CuRVGWFHL34k9CqwsS2m5RotDirbflv/+wOO44r68j1fc4YV4mLwoGrBOIp
9qztyOcDr+A4lACvH2DkamZA19iFFWSM1EgyGmALtZFgn1AKFZAwGBOwR/upjN7t
yIFoZN/baKDF+u+MR1LHDPk3HB/8Xb1rk7V2HL+/IdVoNrsAdJHj0NC3CChBkBc4
n3E8Up2KfEajmQagkZMJ5U3sh0wb6v0/8iVZsCKhU6XCWFZQlxdTOP+3mxML4fNX
0iDlYXUL2jgi2ALB211SsHtg4PUqymdzFgXbHONYLlBG6S7CL8TQYFwv4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOw4ifSveXoZzFFw+7vS78KJg0TyMB8GA1UdIwQY
MBaAFGjO9yLavll1yk+bqGFjiOxsZWogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU03M0l0cS1XWFhLVDV1b1lXT0k3R3hsYWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi83OTBjMTUtMjA1OC00YzM5LTkwY2It
Y2Q2NzdhYjQzMWFhLzEvN0RpSjlLOTVlaG5NVVhEN3U5THZ3b21EUlBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi83OTBjMTUtMjA1OC00YzM5LTkwY2ItY2Q2NzdhYjQzMWFh
LzEvYU03M0l0cS1XWFhLVDV1b1lXT0k3R3hsYWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/DoMA0G
CSqGSIb3DQEBCwUAA4IBAQAScb8ZEV0ajDQ9/eclcsSexZSPnyD+tJ83IASCouF8
fm2VCNSKVTwDkHgZnRhtkN5ETmYLUuGGjzMPitVDz72G/fFJcrnP0yUgLJM2IqGk
RqcOCYp1u28cvi1ChmTFRoi+MUa+ErsO/8S6EBc8JcMNwLXI3j+o6xEdCp5sK1pH
PwtcaCh6Dyzf+yV0E4iqqNBFWuLop2cmWIs7nClCvR5+6RepMw4Nplr+BMPRpuHP
nbjkNpN+NFgVDKWTaWXIRBFVNHlKTzM0aWur+TW67fzopuw0kErX3eP+sIrZQKxX
i5OHlu+s5kDQ6bGnLJXDiD2ykoKy15xovaiKtG2qeLpm
-----END CERTIFICATE-----