Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/_-NFwzI2xGfyJvGLH9WaFm823Dk.roa
File:                     _-NFwzI2xGfyJvGLH9WaFm823Dk.roa (raw, json)
Hash identifier:          RucIHj0PwZdgvfceYQaphYIXSd4VxMjes371/qIo/GU=
Subject key identifier:   FF:E3:45:C3:32:36:C4:67:F2:26:F1:8B:1F:D5:9A:16:6F:36:DC:39
Certificate issuer:       /CN=a5097a156aef2f82ff13b3c16aff6f7e16db02c8
Certificate serial:       018F14AD7A5F341011D36A51CC2132850628
Authority key identifier: A5:09:7A:15:6A:EF:2F:82:FF:13:B3:C1:6A:FF:6F:7E:16:DB:02:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pQl6FWrvL4L_E7PBav9vfhbbAsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/_-NFwzI2xGfyJvGLH9WaFm823Dk.roa
Signing time:             Thu 25 Apr 2024 09:54:24 +0000
ROA not before:           Thu 25 Apr 2024 09:54:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35421
IP address blocks:        91.209.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/pQl6FWrvL4L_E7PBav9vfhbbAsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/pQl6FWrvL4L_E7PBav9vfhbbAsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pQl6FWrvL4L_E7PBav9vfhbbAsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:ad:7a:5f:34:10:11:d3:6a:51:cc:21:32:85:06:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5097a156aef2f82ff13b3c16aff6f7e16db02c8
        Validity
            Not Before: Apr 25 09:54:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ffe345c33236c467f226f18b1fd59a166f36dc39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:87:52:68:62:37:13:d7:55:f2:8d:f8:e8:4b:
                    ec:7b:f1:b7:82:38:dc:f2:73:81:2b:f6:ff:bc:42:
                    a6:c8:8b:13:15:b4:2c:fa:ce:8b:16:a4:be:ee:11:
                    9e:5b:15:77:f3:ca:69:40:20:d6:64:4d:0e:76:41:
                    46:4f:e5:fa:12:34:01:10:48:0f:7a:36:5d:24:5e:
                    76:4f:13:19:88:38:0f:31:e7:9a:5b:d5:81:a9:92:
                    12:fa:c2:f3:2e:ca:b6:06:70:0a:09:0e:d7:ef:bb:
                    b2:90:28:6c:ee:fc:a8:3c:01:ac:80:9d:b4:dd:a4:
                    7c:cb:69:c5:cf:a8:ea:ac:0d:8e:ba:42:cf:d4:35:
                    eb:a2:57:e8:4c:51:84:f8:4c:f1:7b:fa:e5:2e:81:
                    3d:09:0d:9b:23:3a:f9:9d:11:78:f2:5f:62:1a:47:
                    50:ec:5c:d5:aa:4a:b4:af:b6:b5:dd:af:56:01:1b:
                    86:2d:2f:65:aa:ad:b4:ec:31:4d:e2:90:4f:e1:fc:
                    a3:4d:48:8e:3b:41:4c:1b:3c:54:ff:3a:91:c7:00:
                    4f:38:b9:83:30:2c:45:b7:7c:72:de:64:bb:0b:a9:
                    18:31:76:27:db:00:b9:59:87:50:e3:f8:e3:52:4b:
                    4d:0d:2c:2d:b1:02:22:cc:30:b3:54:e2:3c:51:19:
                    f6:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:E3:45:C3:32:36:C4:67:F2:26:F1:8B:1F:D5:9A:16:6F:36:DC:39
            X509v3 Authority Key Identifier:
                keyid:A5:09:7A:15:6A:EF:2F:82:FF:13:B3:C1:6A:FF:6F:7E:16:DB:02:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pQl6FWrvL4L_E7PBav9vfhbbAsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/_-NFwzI2xGfyJvGLH9WaFm823Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/42f7f8-7407-432d-bbb5-0d339707cb88/1/pQl6FWrvL4L_E7PBav9vfhbbAsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:0c:de:82:a5:c2:85:43:58:dd:f4:4f:32:dc:68:fc:79:2b:
         66:33:1c:7f:d4:95:d4:61:66:a7:95:2f:45:c3:8f:d4:1e:23:
         e0:13:19:23:89:f1:1f:11:59:b3:f5:5e:d4:dc:fe:22:37:1f:
         4d:46:42:d5:19:a5:21:a7:f2:39:23:1a:8a:1d:7f:60:93:54:
         a0:44:32:ed:92:1d:14:fd:a3:fa:78:ff:e2:5e:86:df:63:1f:
         35:ef:93:7d:c7:3d:a1:e1:d9:0f:15:e2:f5:e3:7d:7a:79:5e:
         a2:6d:3f:00:85:88:bb:8c:f9:30:b6:e1:12:94:b8:74:04:9d:
         7b:1a:81:d6:b2:87:6e:02:7b:91:fa:8d:6d:7c:3c:d0:db:83:
         ee:4f:8c:c4:4e:a4:6b:c3:c5:89:a9:90:9c:1b:f6:6e:b1:ed:
         70:8d:9f:d5:88:ec:bd:fb:4b:8f:6b:48:87:0b:78:e9:33:72:
         b6:a2:fb:25:16:05:8e:67:0e:5a:fd:56:52:96:fa:18:ee:25:
         24:af:73:d3:90:9d:09:cb:f0:ec:2e:e2:cc:97:31:33:94:f7:
         ec:37:84:d6:20:74:b8:8f:46:8f:43:0e:b0:6f:50:c6:cd:ab:
         58:19:11:4c:9e:e7:e8:d4:94:43:11:97:fe:f2:59:0d:62:8c:
         e3:91:d6:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8UrXpfNBAR02pRzCEyhQYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1MDk3YTE1NmFlZjJmODJmZjEzYjNjMTZhZmY2ZjdlMTZk
YjAyYzgwHhcNMjQwNDI1MDk1NDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmUzNDVjMzMyMzZjNDY3ZjIyNmYxOGIxZmQ1OWExNjZmMzZkYzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0odSaGI3E9dV8o346Evse/G3gjjc
8nOBK/b/vEKmyIsTFbQs+s6LFqS+7hGeWxV388ppQCDWZE0OdkFGT+X6EjQBEEgP
ejZdJF52TxMZiDgPMeeaW9WBqZIS+sLzLsq2BnAKCQ7X77uykChs7vyoPAGsgJ20
3aR8y2nFz6jqrA2OukLP1DXrolfoTFGE+Ezxe/rlLoE9CQ2bIzr5nRF48l9iGkdQ
7FzVqkq0r7a13a9WARuGLS9lqq207DFN4pBP4fyjTUiOO0FMGzxU/zqRxwBPOLmD
MCxFt3xy3mS7C6kYMXYn2wC5WYdQ4/jjUktNDSwtsQIizDCzVOI8URn2vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP/jRcMyNsRn8ibxix/VmhZvNtw5MB8GA1UdIwQY
MBaAFKUJehVq7y+C/xOzwWr/b34W2wLIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFFsNkZXcnZMNExfRTdQQmF2OXZmaGJiQXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi80MmY3ZjgtNzQwNy00MzJkLWJiYjUt
MGQzMzk3MDdjYjg4LzEvXy1ORnd6STJ4R2Z5SnZHTEg5V2FGbTgyM0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi80MmY3ZjgtNzQwNy00MzJkLWJiYjUtMGQzMzk3MDdjYjg4
LzEvcFFsNkZXcnZMNExfRTdQQmF2OXZmaGJiQXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ENMA0G
CSqGSIb3DQEBCwUAA4IBAQAtDN6CpcKFQ1jd9E8y3Gj8eStmMxx/1JXUYWanlS9F
w4/UHiPgExkjifEfEVmz9V7U3P4iNx9NRkLVGaUhp/I5IxqKHX9gk1SgRDLtkh0U
/aP6eP/iXobfYx8175N9xz2h4dkPFeL14316eV6ibT8AhYi7jPkwtuESlLh0BJ17
GoHWsoduAnuR+o1tfDzQ24PuT4zETqRrw8WJqZCcG/Zuse1wjZ/ViOy9+0uPa0iH
C3jpM3K2ovslFgWOZw5a/VZSlvoY7iUkr3PTkJ0Jy/DsLuLMlzEzlPfsN4TWIHS4
j0aPQw6wb1DGzatYGRFMnufo1JRDEZf+8lkNYozjkdZH
-----END CERTIFICATE-----