Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/PfSqzrWEMAcR8IPn5aqsENkrrYU.roa
File:                     PfSqzrWEMAcR8IPn5aqsENkrrYU.roa (raw, json)
Hash identifier:          uhZg5HgeewV2r+jtLJAQ0FmU/6uQS3+cUD3N32TUqgg=
Subject key identifier:   3D:F4:AA:CE:B5:84:30:07:11:F0:83:E7:E5:AA:AC:10:D9:2B:AD:85
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       018F2FB16EF486D244A1E10118A4D29A4DC2
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/PfSqzrWEMAcR8IPn5aqsENkrrYU.roa
Signing time:             Tue 30 Apr 2024 15:48:28 +0000
ROA not before:           Tue 30 Apr 2024 15:48:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212496
IP address blocks:        91.240.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2f:b1:6e:f4:86:d2:44:a1:e1:01:18:a4:d2:9a:4d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Apr 30 15:48:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3df4aaceb584300711f083e7e5aaac10d92bad85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e9:e9:c3:20:43:1a:20:c9:ba:5b:dd:bd:90:
                    89:15:fe:90:68:3d:61:e9:bb:a7:a0:fe:6d:ed:03:
                    78:17:1b:39:83:46:ec:4e:f6:89:aa:9f:a7:10:de:
                    aa:8e:4e:d6:5c:cb:ac:46:66:2f:6b:01:70:45:c9:
                    7f:cc:41:5b:96:37:c1:bb:aa:51:d3:3f:43:21:e6:
                    3a:ef:76:6a:9c:4b:aa:d2:7e:ca:ec:62:ad:eb:89:
                    89:0b:ec:f9:4c:b4:e0:36:ee:cb:5d:6e:db:9b:2d:
                    bf:f8:64:b3:2a:67:5b:9f:28:e7:3d:2f:15:42:fb:
                    9b:f8:4d:7c:8c:5e:14:3e:59:6e:97:e7:72:19:29:
                    84:17:e6:13:6e:e6:08:d2:33:88:d4:8c:89:2c:df:
                    a7:3f:d1:6e:b0:83:08:48:66:13:4b:82:2b:32:64:
                    80:0b:5b:1a:a0:25:eb:ac:1b:ce:17:ae:53:d4:f2:
                    ae:6b:d0:b1:82:cb:db:0b:bb:4e:3e:c3:c8:10:87:
                    a9:82:9b:c1:82:b4:1f:90:40:05:f4:78:f3:96:c1:
                    7a:68:15:56:9a:ac:f3:42:ef:79:b2:9b:63:26:7a:
                    75:42:79:0a:c4:64:ec:ff:84:bf:45:c7:34:f2:98:
                    cc:22:46:9b:63:45:9e:ea:f8:86:23:ab:e8:4e:22:
                    8c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F4:AA:CE:B5:84:30:07:11:F0:83:E7:E5:AA:AC:10:D9:2B:AD:85
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/PfSqzrWEMAcR8IPn5aqsENkrrYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:1a:44:cf:4f:21:94:b4:ea:b8:1d:81:f6:09:20:db:da:42:
         6b:02:d7:98:97:37:3b:78:d4:1a:b3:74:0a:93:1a:84:2f:1a:
         bc:9c:50:6d:15:09:88:bc:a4:c5:d5:b4:a9:2d:3d:87:06:4e:
         a8:23:0d:ce:da:f1:f5:07:fc:99:07:2e:0d:55:09:d6:e2:9d:
         55:bf:b8:0d:2f:2b:f0:16:02:2a:dc:83:88:03:76:60:2b:60:
         35:bf:07:e3:84:d0:38:d2:db:17:00:3f:fe:07:3b:67:45:4f:
         36:e1:0d:51:b3:86:6e:ee:65:d8:d9:40:bd:fd:12:bc:83:31:
         97:bd:f8:84:cf:cd:77:52:b8:d3:2d:0f:6e:a5:62:38:fa:0b:
         6a:39:42:c9:93:6e:69:bb:67:29:34:44:07:b3:76:67:84:5c:
         a7:ad:69:f3:e4:28:35:3a:07:db:cc:cd:1f:28:c5:86:be:2c:
         e3:f5:16:aa:63:3c:73:e7:74:71:a8:86:6b:e3:b1:58:ce:f4:
         5d:59:db:fb:9d:2c:82:87:f5:bf:d3:4e:19:a2:d8:73:3a:58:
         0d:85:27:00:9c:4c:43:a7:9f:41:78:d6:7c:7c:8e:68:ed:f0:
         c0:15:52:6f:56:bb:aa:90:c3:3c:41:31:60:68:c2:1f:b2:a7:
         8a:28:e9:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8vsW70htJEoeEBGKTSmk3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQwNDMwMTU0ODI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGY0YWFjZWI1ODQzMDA3MTFmMDgzZTdlNWFhYWMxMGQ5MmJhZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+npwyBDGiDJulvdvZCJFf6QaD1h
6bunoP5t7QN4Fxs5g0bsTvaJqp+nEN6qjk7WXMusRmYvawFwRcl/zEFbljfBu6pR
0z9DIeY673ZqnEuq0n7K7GKt64mJC+z5TLTgNu7LXW7bmy2/+GSzKmdbnyjnPS8V
Qvub+E18jF4UPllul+dyGSmEF+YTbuYI0jOI1IyJLN+nP9FusIMISGYTS4IrMmSA
C1saoCXrrBvOF65T1PKua9CxgsvbC7tOPsPIEIepgpvBgrQfkEAF9HjzlsF6aBVW
mqzzQu95sptjJnp1QnkKxGTs/4S/Rcc08pjMIkabY0We6viGI6voTiKMxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD30qs61hDAHEfCD5+WqrBDZK62FMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvUGZTcXpyV0VNQWNSOElQbjVhcXNFTmtycllVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/DzMA0G
CSqGSIb3DQEBCwUAA4IBAQApGkTPTyGUtOq4HYH2CSDb2kJrAteYlzc7eNQas3QK
kxqELxq8nFBtFQmIvKTF1bSpLT2HBk6oIw3O2vH1B/yZBy4NVQnW4p1Vv7gNLyvw
FgIq3IOIA3ZgK2A1vwfjhNA40tsXAD/+BztnRU824Q1Rs4Zu7mXY2UC9/RK8gzGX
vfiEz813UrjTLQ9upWI4+gtqOULJk25pu2cpNEQHs3ZnhFynrWnz5Cg1OgfbzM0f
KMWGvizj9RaqYzxz53RxqIZr47FYzvRdWdv7nSyCh/W/004ZothzOlgNhScAnExD
p59BeNZ8fI5o7fDAFVJvVruqkMM8QTFgaMIfsqeKKOk2
-----END CERTIFICATE-----