Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/ef1IFXBRyUc_UhmQBLKR_kqjP-k.roa
File:                     ef1IFXBRyUc_UhmQBLKR_kqjP-k.roa (raw, json)
Hash identifier:          ReaiOea67yb8AgzXCMfyIi9G3e09LCQ9vM+znmfetZM=
Subject key identifier:   79:FD:48:15:70:51:C9:47:3F:52:19:90:04:B2:91:FE:4A:A3:3F:E9
Certificate issuer:       /CN=0bd4ad95f17f397207a3fc0d186f2913df38eb93
Certificate serial:       019421437B8E6811BEF76970F10E258DAFCA
Authority key identifier: 0B:D4:AD:95:F1:7F:39:72:07:A3:FC:0D:18:6F:29:13:DF:38:EB:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C9StlfF_OXIHo_wNGG8pE98465M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/ef1IFXBRyUc_UhmQBLKR_kqjP-k.roa
Signing time:             Wed 01 Jan 2025 09:47:38 +0000
ROA not before:           Wed 01 Jan 2025 09:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48440
IP address blocks:        91.210.188.0/22 maxlen: 22
                          91.210.188.0/24 maxlen: 24
                          91.210.189.0/24 maxlen: 24
                          91.210.190.0/24 maxlen: 24
                          91.210.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/C9StlfF_OXIHo_wNGG8pE98465M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/C9StlfF_OXIHo_wNGG8pE98465M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C9StlfF_OXIHo_wNGG8pE98465M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:7b:8e:68:11:be:f7:69:70:f1:0e:25:8d:af:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bd4ad95f17f397207a3fc0d186f2913df38eb93
        Validity
            Not Before: Jan  1 09:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79fd48157051c9473f52199004b291fe4aa33fe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:a2:f1:65:25:2a:ce:ad:b1:93:b1:fd:5d:cf:
                    58:a4:ea:99:84:63:68:df:ae:09:a9:ac:3c:2d:5e:
                    c7:28:ed:84:bb:09:5d:42:2e:0a:74:50:0e:9f:36:
                    18:cd:43:04:93:f1:92:fe:c4:fd:bb:e1:26:95:7e:
                    3c:d3:d3:da:66:c5:31:20:95:be:1f:1c:3b:28:b3:
                    1f:ad:e1:a1:f4:88:cb:fe:48:50:b7:fe:6c:56:df:
                    02:3b:ee:b7:35:f8:a4:eb:f0:08:a7:31:68:2d:33:
                    bb:fb:e5:dc:b7:1f:da:cd:87:d2:9d:af:3b:dd:30:
                    48:f5:01:2b:03:8e:e8:38:d6:8a:f2:76:84:0b:e8:
                    6c:4e:8c:3d:0e:65:f3:9e:49:59:1c:65:81:9d:e8:
                    42:08:da:a4:e8:55:bd:8d:a1:2a:de:01:c6:ea:07:
                    eb:e0:6f:10:33:d7:ba:81:c0:19:d9:9f:98:b3:7f:
                    c5:69:e9:80:29:14:e7:c4:1a:04:59:af:c9:bc:8e:
                    96:70:b7:fe:1e:15:f7:72:fa:7a:a1:83:3e:40:4f:
                    61:32:c9:40:f0:ab:18:a9:83:b1:52:82:d7:9c:70:
                    71:b2:97:b1:11:38:69:72:c0:e9:1d:b9:85:ae:50:
                    4a:fa:83:0c:a4:ab:8d:ae:88:c3:ad:e3:fa:55:0e:
                    2b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:FD:48:15:70:51:C9:47:3F:52:19:90:04:B2:91:FE:4A:A3:3F:E9
            X509v3 Authority Key Identifier:
                keyid:0B:D4:AD:95:F1:7F:39:72:07:A3:FC:0D:18:6F:29:13:DF:38:EB:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C9StlfF_OXIHo_wNGG8pE98465M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/ef1IFXBRyUc_UhmQBLKR_kqjP-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/C9StlfF_OXIHo_wNGG8pE98465M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5d:ed:23:b8:6e:51:23:16:12:73:9f:fc:91:fe:a6:c0:d9:17:
         43:09:0e:c7:bb:9a:5f:f3:37:35:1c:64:9b:41:75:41:08:92:
         46:1c:bb:5a:c2:da:fd:90:2f:09:a4:51:5c:84:12:b9:3d:4a:
         59:e2:12:30:4e:85:d5:02:18:60:13:8e:e3:95:dd:6a:6b:48:
         f9:e9:f0:7f:06:b2:4c:79:0e:52:26:c4:49:ca:30:39:56:f3:
         57:10:7f:2d:1c:30:0f:c1:44:29:24:2c:39:8b:76:60:d0:c9:
         9a:53:6c:92:f7:50:36:75:18:93:c8:69:a6:8f:a0:81:8e:6f:
         b0:52:44:92:eb:4f:2c:51:3c:39:5e:cf:ca:2a:49:8a:6f:47:
         ed:cd:34:45:84:59:89:a6:be:6d:36:f5:05:6c:ac:28:7a:a3:
         c7:8e:93:9e:a5:cd:01:4e:7e:d8:d8:ce:d6:9e:73:b0:96:56:
         8f:38:02:67:6a:62:4b:9a:87:e4:07:c6:7a:cd:73:b8:eb:cc:
         2e:d3:6c:52:98:75:26:1c:17:57:44:9c:0a:ff:90:c6:31:bd:
         db:b5:81:c3:d6:71:44:b0:b5:37:ba:47:b1:43:b9:20:ad:16:
         fd:88:b6:9f:2f:18:24:be:fd:da:23:f6:41:bf:d5:e3:12:fe:
         a4:ed:bf:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ3uOaBG+92lw8Q4lja/KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZDRhZDk1ZjE3ZjM5NzIwN2EzZmMwZDE4NmYyOTEzZGYz
OGViOTMwHhcNMjUwMTAxMDk0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWZkNDgxNTcwNTFjOTQ3M2Y1MjE5OTAwNGIyOTFmZTRhYTMzZmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qLxZSUqzq2xk7H9Xc9YpOqZhGNo
364Jqaw8LV7HKO2EuwldQi4KdFAOnzYYzUMEk/GS/sT9u+EmlX4809PaZsUxIJW+
Hxw7KLMfreGh9IjL/khQt/5sVt8CO+63Nfik6/AIpzFoLTO7++Xctx/azYfSna87
3TBI9QErA47oONaK8naEC+hsTow9DmXznklZHGWBnehCCNqk6FW9jaEq3gHG6gfr
4G8QM9e6gcAZ2Z+Ys3/FaemAKRTnxBoEWa/JvI6WcLf+HhX3cvp6oYM+QE9hMslA
8KsYqYOxUoLXnHBxspexEThpcsDpHbmFrlBK+oMMpKuNrojDreP6VQ4rywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHn9SBVwUclHP1IZkASykf5Koz/pMB8GA1UdIwQY
MBaAFAvUrZXxfzlyB6P8DRhvKRPfOOuTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzlTdGxmRl9PWElIb193TkdHOHBFOTg0NjVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83NmQwODItYWMzMi00NzM4LTk5ZTYt
YjJmNjA4NjM2OGM3LzEvZWYxSUZYQlJ5VWNfVWhtUUJMS1Jfa3FqUC1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83NmQwODItYWMzMi00NzM4LTk5ZTYtYjJmNjA4NjM2OGM3
LzEvQzlTdGxmRl9PWElIb193TkdHOHBFOTg0NjVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9K8MA0G
CSqGSIb3DQEBCwUAA4IBAQBd7SO4blEjFhJzn/yR/qbA2RdDCQ7Hu5pf8zc1HGSb
QXVBCJJGHLtawtr9kC8JpFFchBK5PUpZ4hIwToXVAhhgE47jld1qa0j56fB/BrJM
eQ5SJsRJyjA5VvNXEH8tHDAPwUQpJCw5i3Zg0MmaU2yS91A2dRiTyGmmj6CBjm+w
UkSS608sUTw5Xs/KKkmKb0ftzTRFhFmJpr5tNvUFbKwoeqPHjpOepc0BTn7Y2M7W
nnOwllaPOAJnamJLmofkB8Z6zXO468wu02xSmHUmHBdXRJwK/5DGMb3btYHD1nFE
sLU3ukexQ7kgrRb9iLafLxgkvv3aI/ZBv9XjEv6k7b/H
-----END CERTIFICATE-----