Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/7ek9jw_D1SZL7GHk9xoMUUJn--8.roa
File:                     7ek9jw_D1SZL7GHk9xoMUUJn--8.roa (raw, json)
Hash identifier:          5WdjWFWUNpBg8x3yWq+u433pecv794pH1RrHL8I6Ubc=
Subject key identifier:   ED:E9:3D:8F:0F:C3:D5:26:4B:EC:61:E4:F7:1A:0C:51:42:67:FB:EF
Certificate issuer:       /CN=af413fd2ad9e25c84bc0b59e608a643663e6bb68
Certificate serial:       018CC8DF9CB4265FDBB0B88AF880498DDA30
Authority key identifier: AF:41:3F:D2:AD:9E:25:C8:4B:C0:B5:9E:60:8A:64:36:63:E6:BB:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r0E_0q2eJchLwLWeYIpkNmPmu2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/7ek9jw_D1SZL7GHk9xoMUUJn--8.roa
Signing time:             Tue 02 Jan 2024 06:32:26 +0000
ROA not before:           Tue 02 Jan 2024 06:32:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216275
IP address blocks:        91.226.144.0/23 maxlen: 23
                          2a13:e740::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/r0E_0q2eJchLwLWeYIpkNmPmu2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/r0E_0q2eJchLwLWeYIpkNmPmu2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r0E_0q2eJchLwLWeYIpkNmPmu2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:9c:b4:26:5f:db:b0:b8:8a:f8:80:49:8d:da:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af413fd2ad9e25c84bc0b59e608a643663e6bb68
        Validity
            Not Before: Jan  2 06:32:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ede93d8f0fc3d5264bec61e4f71a0c514267fbef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:13:fe:3a:b9:bf:e9:6d:68:41:c2:c1:db:95:
                    31:15:a5:93:93:c5:45:ad:37:f6:6b:a9:52:2f:68:
                    41:5b:f1:ea:3b:02:9a:24:bb:6c:94:5f:6e:c6:0a:
                    dd:da:cc:f1:52:fb:7d:88:71:38:48:3e:c2:93:0e:
                    81:2e:30:6b:97:51:13:37:64:d7:d4:c9:a8:62:11:
                    34:62:d6:82:b5:d9:f0:83:31:ee:96:8d:91:65:07:
                    1b:79:af:97:c4:14:f2:a5:cc:00:c1:99:be:85:55:
                    7d:49:38:db:51:f1:b5:d0:fe:28:61:69:23:11:c5:
                    c0:bf:62:cb:d1:c0:e6:9d:a3:5f:26:7b:ca:82:3c:
                    e2:e2:97:50:24:29:d4:9e:d3:af:d9:4e:a8:78:8e:
                    18:b2:ff:1c:6a:b2:47:1f:c2:eb:89:46:65:d5:ce:
                    7d:f2:bf:d3:66:9a:02:e4:9b:5b:20:0f:fd:85:7c:
                    92:b7:0b:8d:33:6c:36:f4:65:9e:99:89:a4:f7:37:
                    2c:0b:73:97:4f:8c:4f:31:16:f5:00:83:26:6c:9f:
                    be:89:d8:77:3e:14:da:72:fc:47:aa:2d:04:0b:9e:
                    c4:1d:95:a5:5b:c2:0b:7c:e8:8e:a4:e4:30:61:8d:
                    d8:59:83:56:60:8c:8d:86:3a:51:d4:56:7e:ef:0a:
                    fd:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:E9:3D:8F:0F:C3:D5:26:4B:EC:61:E4:F7:1A:0C:51:42:67:FB:EF
            X509v3 Authority Key Identifier:
                keyid:AF:41:3F:D2:AD:9E:25:C8:4B:C0:B5:9E:60:8A:64:36:63:E6:BB:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r0E_0q2eJchLwLWeYIpkNmPmu2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/7ek9jw_D1SZL7GHk9xoMUUJn--8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/r0E_0q2eJchLwLWeYIpkNmPmu2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.144.0/23
                IPv6:
                  2a13:e740::/29

    Signature Algorithm: sha256WithRSAEncryption
         67:35:e0:c7:18:33:f5:3f:92:0e:1e:67:98:ef:f3:07:55:c4:
         cc:4e:9f:a3:3f:7b:5a:cc:d2:30:2d:29:86:e2:27:63:a0:f7:
         70:3f:21:dd:17:50:5b:09:97:62:7d:3a:ed:c5:ab:9e:84:67:
         d9:2f:69:a7:0d:e6:77:05:39:f8:3f:7e:59:3e:d6:03:3d:c0:
         e7:51:b2:be:70:55:01:86:1f:82:49:91:5f:07:c1:f1:2f:1b:
         99:f5:6e:82:f2:4a:d4:fb:5a:2a:0b:49:3f:13:a2:64:1f:32:
         e7:aa:b7:d8:8d:19:bd:3f:9d:56:9d:5c:29:6c:03:cd:71:62:
         60:94:b4:08:89:06:2f:7e:ac:2f:cf:45:64:b4:15:66:bc:79:
         47:b6:ae:e5:80:2d:10:91:83:f1:9b:2f:b3:87:a5:28:1a:fc:
         cf:c4:e7:75:fb:e9:c4:17:90:c6:96:9c:a8:f0:fe:73:ba:2c:
         63:b8:cd:5d:bd:43:3a:b7:a3:7a:58:5c:35:a7:a8:db:46:7b:
         5e:19:c8:2b:54:73:04:b9:e9:e0:2b:fa:d3:46:75:9d:1f:34:
         f2:03:20:40:4a:c1:06:e3:d2:20:9b:73:ed:38:bf:2a:40:bb:
         31:f7:81:cf:dd:70:6a:e1:7e:76:7c:77:25:fc:1c:7d:90:6d:
         92:f5:cb:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzI35y0Jl/bsLiK+IBJjdowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNDEzZmQyYWQ5ZTI1Yzg0YmMwYjU5ZTYwOGE2NDM2NjNl
NmJiNjgwHhcNMjQwMTAyMDYzMjI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGU5M2Q4ZjBmYzNkNTI2NGJlYzYxZTRmNzFhMGM1MTQyNjdmYmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRP+Orm/6W1oQcLB25UxFaWTk8VF
rTf2a6lSL2hBW/HqOwKaJLtslF9uxgrd2szxUvt9iHE4SD7Ckw6BLjBrl1ETN2TX
1MmoYhE0YtaCtdnwgzHulo2RZQcbea+XxBTypcwAwZm+hVV9STjbUfG10P4oYWkj
EcXAv2LL0cDmnaNfJnvKgjzi4pdQJCnUntOv2U6oeI4Ysv8carJHH8LriUZl1c59
8r/TZpoC5JtbIA/9hXyStwuNM2w29GWemYmk9zcsC3OXT4xPMRb1AIMmbJ++idh3
PhTacvxHqi0EC57EHZWlW8ILfOiOpOQwYY3YWYNWYIyNhjpR1FZ+7wr9LQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO3pPY8Pw9UmS+xh5PcaDFFCZ/vvMB8GA1UdIwQY
MBaAFK9BP9KtniXIS8C1nmCKZDZj5rtoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjBFXzBxMmVKY2hMd0xXZVlJcGtObVBtdTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC85YWY2MTUtMmM0ZS00Y2FmLWI1YWYt
ZWJiZTFmNDc3ZjY4LzEvN2VrOWp3X0QxU1pMN0dIazl4b01VVUpuLS04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC85YWY2MTUtMmM0ZS00Y2FmLWI1YWYtZWJiZTFmNDc3ZjY4
LzEvcjBFXzBxMmVKY2hMd0xXZVlJcGtObVBtdTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW+KQMA0E
AgACMAcDBQMqE+dAMA0GCSqGSIb3DQEBCwUAA4IBAQBnNeDHGDP1P5IOHmeY7/MH
VcTMTp+jP3tazNIwLSmG4idjoPdwPyHdF1BbCZdifTrtxauehGfZL2mnDeZ3BTn4
P35ZPtYDPcDnUbK+cFUBhh+CSZFfB8HxLxuZ9W6C8krU+1oqC0k/E6JkHzLnqrfY
jRm9P51WnVwpbAPNcWJglLQIiQYvfqwvz0VktBVmvHlHtq7lgC0QkYPxmy+zh6Uo
GvzPxOd1++nEF5DGlpyo8P5zuixjuM1dvUM6t6N6WFw1p6jbRnteGcgrVHMEueng
K/rTRnWdHzTyAyBASsEG49Igm3PtOL8qQLsx94HP3XBq4X52fHcl/Bx9kG2S9ctA
-----END CERTIFICATE-----