Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/7bfhk4avMv3aXwEYlLbXhXoy75k.roa
File:                     7bfhk4avMv3aXwEYlLbXhXoy75k.roa (raw, json)
Hash identifier:          ahW1+x6JyHSj5mcCjtaoHK41xJuZSnTDOh9RfWnmSUA=
Subject key identifier:   ED:B7:E1:93:86:AF:32:FD:DA:5F:01:18:94:B6:D7:85:7A:32:EF:99
Certificate issuer:       /CN=82468b53967545e28e9267ccbf0069d87b259869
Certificate serial:       01941FFA6DF647D1D47DC6B739A3C8BA0959
Authority key identifier: 82:46:8B:53:96:75:45:E2:8E:92:67:CC:BF:00:69:D8:7B:25:98:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gkaLU5Z1ReKOkmfMvwBp2HslmGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/7bfhk4avMv3aXwEYlLbXhXoy75k.roa
Signing time:             Wed 01 Jan 2025 03:48:13 +0000
ROA not before:           Wed 01 Jan 2025 03:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56523
IP address blocks:        91.224.224.0/23 maxlen: 23
                          185.38.220.0/23 maxlen: 23
                          2a04:7840::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/gkaLU5Z1ReKOkmfMvwBp2HslmGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/gkaLU5Z1ReKOkmfMvwBp2HslmGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gkaLU5Z1ReKOkmfMvwBp2HslmGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6d:f6:47:d1:d4:7d:c6:b7:39:a3:c8:ba:09:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82468b53967545e28e9267ccbf0069d87b259869
        Validity
            Not Before: Jan  1 03:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edb7e19386af32fdda5f011894b6d7857a32ef99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:9b:70:ec:79:17:b3:4c:cb:11:ef:78:2e:2c:
                    61:b0:12:88:26:8c:33:38:c5:42:fa:ac:d5:ef:5f:
                    05:42:34:f1:ab:0f:4d:50:38:fb:43:9c:de:08:4b:
                    f2:3c:e7:3b:a6:d4:b8:35:db:27:53:ef:02:b0:1f:
                    30:91:7a:41:06:3a:00:83:5b:d5:72:6d:98:9e:13:
                    57:22:6a:3f:6b:68:16:d3:2b:06:25:68:26:a0:d8:
                    cf:7d:a1:84:5e:02:70:87:fb:6e:55:8a:3c:f5:be:
                    dc:2a:a9:7c:b5:36:59:2e:56:d1:8d:d9:3d:e2:0b:
                    6d:e4:f2:d3:f4:e4:fd:b0:40:44:92:c4:18:7d:7f:
                    d9:12:99:d6:7d:56:94:85:ef:8e:7d:cb:13:48:7b:
                    30:a6:92:14:79:f6:a6:f3:ec:a5:41:b4:eb:ad:c9:
                    f6:d8:f0:76:ff:c7:dc:28:30:e2:b6:fb:35:bd:3d:
                    72:06:b9:ba:7a:69:49:1b:54:6d:3c:55:ee:f2:ee:
                    f6:bf:e1:2a:98:8c:92:5a:98:ce:22:ca:2f:e3:9e:
                    02:2a:f8:72:4e:e1:71:48:b7:ef:5f:b3:a7:f3:43:
                    aa:c7:dc:2c:26:e7:98:b1:62:96:f8:48:29:de:f9:
                    26:5e:b2:a6:e5:48:67:d7:df:eb:eb:5f:c0:53:9d:
                    da:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:B7:E1:93:86:AF:32:FD:DA:5F:01:18:94:B6:D7:85:7A:32:EF:99
            X509v3 Authority Key Identifier:
                keyid:82:46:8B:53:96:75:45:E2:8E:92:67:CC:BF:00:69:D8:7B:25:98:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gkaLU5Z1ReKOkmfMvwBp2HslmGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/7bfhk4avMv3aXwEYlLbXhXoy75k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/gkaLU5Z1ReKOkmfMvwBp2HslmGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.224.0/23
                  185.38.220.0/23
                IPv6:
                  2a04:7840::/32

    Signature Algorithm: sha256WithRSAEncryption
         31:5d:d3:db:9b:2e:d2:f3:e2:96:7b:b1:e2:67:a3:35:d8:be:
         41:17:af:be:5b:c6:b1:01:c9:da:12:6d:d5:af:01:b1:cb:25:
         d5:5c:e4:73:1a:c8:a5:aa:74:37:c8:09:29:68:34:63:5c:4b:
         8b:a2:b0:13:c0:32:29:e5:78:f4:f1:85:2a:17:7b:4e:1a:20:
         ca:0e:76:2c:f5:15:cf:d8:74:15:40:db:6e:7d:c0:3b:29:c9:
         b9:e7:62:f4:b1:40:5a:83:4b:cb:a7:64:06:95:3d:41:3d:03:
         e9:d6:bf:6b:6c:2b:a5:81:24:9f:78:b6:ab:14:66:ce:e5:37:
         fb:64:55:4d:9a:41:69:86:01:1b:f5:64:6f:16:ed:a6:3a:6d:
         a8:72:de:44:62:fa:e3:74:18:00:5c:b0:c9:8c:76:5d:d3:87:
         f9:57:91:c4:95:e1:ba:55:2b:2e:e5:93:f6:85:5b:04:14:31:
         6b:64:c1:ae:24:08:b5:8e:4d:ea:c4:13:6d:3a:6d:19:30:33:
         dd:19:57:c3:51:7f:50:ac:03:13:07:ed:fe:11:98:e2:24:f1:
         e4:ac:2f:95:0b:16:47:9f:ce:76:c2:15:34:22:d2:3c:45:d6:
         91:70:b2:3d:8a:a1:8d:19:c4:3c:48:38:d7:ee:d4:1f:ea:96:
         5e:5f:b2:e8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQf+m32R9HUfca3OaPIuglZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNDY4YjUzOTY3NTQ1ZTI4ZTkyNjdjY2JmMDA2OWQ4N2Iy
NTk4NjkwHhcNMjUwMTAxMDM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGI3ZTE5Mzg2YWYzMmZkZGE1ZjAxMTg5NGI2ZDc4NTdhMzJlZjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5tw7HkXs0zLEe94LixhsBKIJowz
OMVC+qzV718FQjTxqw9NUDj7Q5zeCEvyPOc7ptS4NdsnU+8CsB8wkXpBBjoAg1vV
cm2YnhNXImo/a2gW0ysGJWgmoNjPfaGEXgJwh/tuVYo89b7cKql8tTZZLlbRjdk9
4gtt5PLT9OT9sEBEksQYfX/ZEpnWfVaUhe+OfcsTSHswppIUefam8+ylQbTrrcn2
2PB2/8fcKDDitvs1vT1yBrm6emlJG1RtPFXu8u72v+EqmIySWpjOIsov454CKvhy
TuFxSLfvX7On80Oqx9wsJueYsWKW+Egp3vkmXrKm5Uhn19/r61/AU53aVQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFO234ZOGrzL92l8BGJS214V6Mu+ZMB8GA1UdIwQY
MBaAFIJGi1OWdUXijpJnzL8Aadh7JZhpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2thTFU1WjFSZUtPa21mTXZ3QnAySHNsbUdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85Y2RhY2YtNTNlOS00MTM5LWJiNGEt
OGFjMmJhZjY5NmM4LzEvN2JmaGs0YXZNdjNhWHdFWWxMYlhoWG95NzVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85Y2RhY2YtNTNlOS00MTM5LWJiNGEtOGFjMmJhZjY5NmM4
LzEvZ2thTFU1WjFSZUtPa21mTXZ3QnAySHNsbUdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW+DgAwQB
uSbcMA0EAgACMAcDBQAqBHhAMA0GCSqGSIb3DQEBCwUAA4IBAQAxXdPbmy7S8+KW
e7HiZ6M12L5BF6++W8axAcnaEm3VrwGxyyXVXORzGsilqnQ3yAkpaDRjXEuLorAT
wDIp5Xj08YUqF3tOGiDKDnYs9RXP2HQVQNtufcA7Kcm552L0sUBag0vLp2QGlT1B
PQPp1r9rbCulgSSfeLarFGbO5Tf7ZFVNmkFphgEb9WRvFu2mOm2oct5EYvrjdBgA
XLDJjHZd04f5V5HEleG6VSsu5ZP2hVsEFDFrZMGuJAi1jk3qxBNtOm0ZMDPdGVfD
UX9QrAMTB+3+EZjiJPHkrC+VCxZHn852whU0ItI8RdaRcLI9iqGNGcQ8SDjX7tQf
6pZeX7Lo
-----END CERTIFICATE-----