Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/066780-c307-4a70-8d86-b0eb7e31ff46/1/B-SHxdCKWNFHFz7dgjaTKIpyYNI.roa
File:                     B-SHxdCKWNFHFz7dgjaTKIpyYNI.roa (raw, json)
Hash identifier:          O3HSXXyFMl7hKID0D1yLffpPc3LlX8Dha/QrpPJqYNI=
Subject key identifier:   07:E4:87:C5:D0:8A:58:D1:47:17:3E:DD:82:36:93:28:8A:72:60:D2
Certificate issuer:       /CN=7cbba846b6fe0678c9d4b7d7db11e6aeb86e5942
Certificate serial:       018F0EC2F4D8F1E851585FC376338E9687EE
Authority key identifier: 7C:BB:A8:46:B6:FE:06:78:C9:D4:B7:D7:DB:11:E6:AE:B8:6E:59:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fLuoRrb-BnjJ1LfX2xHmrrhuWUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/066780-c307-4a70-8d86-b0eb7e31ff46/1/B-SHxdCKWNFHFz7dgjaTKIpyYNI.roa
Signing time:             Wed 24 Apr 2024 06:20:08 +0000
ROA not before:           Wed 24 Apr 2024 06:20:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49808
IP address blocks:        91.213.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/066780-c307-4a70-8d86-b0eb7e31ff46/1/fLuoRrb-BnjJ1LfX2xHmrrhuWUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/066780-c307-4a70-8d86-b0eb7e31ff46/1/fLuoRrb-BnjJ1LfX2xHmrrhuWUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fLuoRrb-BnjJ1LfX2xHmrrhuWUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0e:c2:f4:d8:f1:e8:51:58:5f:c3:76:33:8e:96:87:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cbba846b6fe0678c9d4b7d7db11e6aeb86e5942
        Validity
            Not Before: Apr 24 06:20:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07e487c5d08a58d147173edd823693288a7260d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:93:d8:f4:6d:01:08:80:1c:80:96:9c:27:95:
                    a2:50:83:96:16:0c:7e:5f:f6:d9:52:60:4c:f0:2b:
                    d6:c3:99:b1:b0:45:d8:d8:b1:26:61:97:90:d9:47:
                    c9:47:31:b8:31:fb:cc:0c:be:11:60:bd:40:ee:b4:
                    a6:40:04:2b:0c:0c:09:99:79:28:63:26:42:ef:9b:
                    0d:60:c3:85:d5:15:2e:45:6e:ad:3d:ea:1e:75:33:
                    34:1f:92:0b:d5:f9:09:1b:00:ef:07:19:12:46:3c:
                    0e:da:80:3b:bd:da:32:27:dd:05:4b:4b:52:db:c7:
                    3a:cc:8e:ed:d9:dd:2b:cc:f5:af:ff:7e:d4:d9:bd:
                    9c:c7:2a:5a:74:df:5e:a3:1a:58:6c:c9:31:05:75:
                    5f:ec:0a:5e:d5:8c:a3:92:1e:20:b3:3d:9c:9b:e9:
                    49:e4:3e:a6:58:f2:6e:4a:7d:86:6f:7d:12:fb:0a:
                    08:f8:93:db:ae:0c:de:06:a7:27:48:3d:e8:e4:54:
                    66:4e:d6:d1:da:e3:41:93:04:69:27:c2:20:2a:72:
                    5f:15:c5:a2:bf:c3:7b:47:45:f0:72:fa:ee:94:1f:
                    74:40:94:ab:81:cf:d6:e6:69:42:94:91:1a:bd:64:
                    5e:03:02:20:a9:2d:7c:07:da:9c:5f:73:99:b2:88:
                    e7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:E4:87:C5:D0:8A:58:D1:47:17:3E:DD:82:36:93:28:8A:72:60:D2
            X509v3 Authority Key Identifier:
                keyid:7C:BB:A8:46:B6:FE:06:78:C9:D4:B7:D7:DB:11:E6:AE:B8:6E:59:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fLuoRrb-BnjJ1LfX2xHmrrhuWUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/066780-c307-4a70-8d86-b0eb7e31ff46/1/B-SHxdCKWNFHFz7dgjaTKIpyYNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/066780-c307-4a70-8d86-b0eb7e31ff46/1/fLuoRrb-BnjJ1LfX2xHmrrhuWUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:16:d4:a1:0a:9f:45:07:49:1a:e8:c8:b9:4b:e6:47:99:be:
         48:04:61:7a:7c:26:1c:05:0d:81:aa:39:29:79:58:78:85:c4:
         b6:44:c4:e2:dc:ec:d4:0a:a0:ae:5e:e5:a5:01:5f:17:cd:83:
         d2:f2:bc:f9:4e:a9:59:0c:4f:a2:4c:81:e6:af:6a:4e:a4:18:
         41:b4:3b:d0:87:58:3a:1f:d4:f3:cd:15:cd:f9:9a:d7:d9:8c:
         52:5e:5f:12:f3:d0:68:1d:72:40:62:b2:28:28:8a:9d:bd:e0:
         08:c9:14:1e:79:e2:90:4f:a0:4f:bf:99:3c:12:b6:0e:7a:aa:
         77:72:51:5f:ed:39:28:2e:ba:6b:cc:03:23:37:9f:86:d4:14:
         63:12:56:27:4e:98:fd:f0:53:fe:f1:5c:2f:39:8a:e1:a3:4a:
         bb:42:87:16:ed:91:a3:20:56:34:99:b1:28:a2:c5:4c:a1:cd:
         66:f0:0d:d0:3e:12:3c:14:51:87:9b:e1:25:60:f9:8f:1c:36:
         33:f6:c6:d1:03:ae:64:d7:58:3a:01:6c:b5:90:15:e4:f7:b2:
         40:c9:de:8a:e2:6b:a5:53:20:68:c9:36:f5:44:7f:c4:f3:a5:
         d0:62:9b:fc:51:71:7b:d5:eb:8e:66:c1:09:e3:f6:78:9e:5f:
         3e:df:9a:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8OwvTY8ehRWF/DdjOOlofuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYmJhODQ2YjZmZTA2NzhjOWQ0YjdkN2RiMTFlNmFlYjg2
ZTU5NDIwHhcNMjQwNDI0MDYyMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2U0ODdjNWQwOGE1OGQxNDcxNzNlZGQ4MjM2OTMyODhhNzI2MGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZPY9G0BCIAcgJacJ5WiUIOWFgx+
X/bZUmBM8CvWw5mxsEXY2LEmYZeQ2UfJRzG4MfvMDL4RYL1A7rSmQAQrDAwJmXko
YyZC75sNYMOF1RUuRW6tPeoedTM0H5IL1fkJGwDvBxkSRjwO2oA7vdoyJ90FS0tS
28c6zI7t2d0rzPWv/37U2b2cxypadN9eoxpYbMkxBXVf7Ape1Yyjkh4gsz2cm+lJ
5D6mWPJuSn2Gb30S+woI+JPbrgzeBqcnSD3o5FRmTtbR2uNBkwRpJ8IgKnJfFcWi
v8N7R0XwcvrulB90QJSrgc/W5mlClJEavWReAwIgqS18B9qcX3OZsojnTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfkh8XQiljRRxc+3YI2kyiKcmDSMB8GA1UdIwQY
MBaAFHy7qEa2/gZ4ydS319sR5q64bllCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkx1b1JyYi1CbmpKMUxmWDJ4SG1ycmh1V1VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8wNjY3ODAtYzMwNy00YTcwLThkODYt
YjBlYjdlMzFmZjQ2LzEvQi1TSHhkQ0tXTkZIRno3ZGdqYVRLSXB5WU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8wNjY3ODAtYzMwNy00YTcwLThkODYtYjBlYjdlMzFmZjQ2
LzEvZkx1b1JyYi1CbmpKMUxmWDJ4SG1ycmh1V1VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9UGMA0G
CSqGSIb3DQEBCwUAA4IBAQCMFtShCp9FB0ka6Mi5S+ZHmb5IBGF6fCYcBQ2Bqjkp
eVh4hcS2RMTi3OzUCqCuXuWlAV8XzYPS8rz5TqlZDE+iTIHmr2pOpBhBtDvQh1g6
H9TzzRXN+ZrX2YxSXl8S89BoHXJAYrIoKIqdveAIyRQeeeKQT6BPv5k8ErYOeqp3
clFf7TkoLrprzAMjN5+G1BRjElYnTpj98FP+8VwvOYrho0q7QocW7ZGjIFY0mbEo
osVMoc1m8A3QPhI8FFGHm+ElYPmPHDYz9sbRA65k11g6AWy1kBXk97JAyd6K4mul
UyBoyTb1RH/E86XQYpv8UXF71euOZsEJ4/Z4nl8+35qQ
-----END CERTIFICATE-----