Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/HaalQUyXvekLLFnkPZZhVXqikr4.roa
File:                     HaalQUyXvekLLFnkPZZhVXqikr4.roa (raw, json)
Hash identifier:          XVCqv4pgA5TkYnMXtfYT+wYqQ9BP8Hx4XqIqmyrpnqM=
Subject key identifier:   1D:A6:A5:41:4C:97:BD:E9:0B:2C:59:E4:3D:96:61:55:7A:A2:92:BE
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019427B679C6679CEC651FDDE820045F549E
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/HaalQUyXvekLLFnkPZZhVXqikr4.roa
Signing time:             Thu 02 Jan 2025 15:50:57 +0000
ROA not before:           Thu 02 Jan 2025 15:50:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35381
IP address blocks:        91.207.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:79:c6:67:9c:ec:65:1f:dd:e8:20:04:5f:54:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jan  2 15:50:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1da6a5414c97bde90b2c59e43d9661557aa292be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:92:67:28:dd:30:d3:d5:e2:18:1a:46:e6:cd:
                    33:e8:48:e0:43:01:1b:2c:98:be:ed:38:68:32:27:
                    7e:d8:f8:e2:9e:68:e6:63:08:ae:f2:4b:8a:27:3c:
                    59:d9:02:ae:2d:67:ad:4f:5a:02:08:cb:c3:8d:c6:
                    b9:cb:cd:08:8e:cb:9b:09:48:cf:c6:98:d9:d8:47:
                    ea:b1:dc:e5:b2:f3:22:e5:17:8c:e6:0a:f6:74:3f:
                    d9:30:c0:29:7e:47:e7:aa:d5:12:7c:8f:7d:b4:df:
                    ce:0d:91:0c:ed:b1:38:2e:5a:49:5c:f0:ae:89:c5:
                    5c:9f:c9:d2:25:0d:ff:1b:5c:8b:4f:1e:02:86:a6:
                    ee:f7:b2:b8:f7:78:40:d0:6d:05:67:40:67:70:00:
                    e0:10:f3:58:a9:4d:38:71:61:28:32:b6:fa:c8:28:
                    ad:9b:ba:9e:7d:9d:9a:cb:de:0e:48:83:6d:96:ac:
                    56:29:16:96:18:3e:e8:5d:57:31:20:a9:17:9f:a3:
                    fa:9e:fa:b6:9e:de:d8:4b:25:7f:9c:0f:74:a8:9b:
                    07:f2:b5:7e:4c:44:7a:c9:76:fe:e1:a5:7f:69:bf:
                    6f:5b:56:97:7f:95:74:17:f0:ee:70:a4:53:a3:c7:
                    53:61:ab:5c:86:3f:fe:e8:9e:86:19:a3:6f:fd:7e:
                    83:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:A6:A5:41:4C:97:BD:E9:0B:2C:59:E4:3D:96:61:55:7A:A2:92:BE
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/HaalQUyXvekLLFnkPZZhVXqikr4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:9a:b6:bd:29:0a:a7:57:c3:c9:f6:8f:40:79:ea:2d:e4:95:
         b7:47:58:db:21:1e:be:d1:d9:dd:df:cb:8c:8b:fa:e2:79:39:
         ff:8f:7d:67:9c:22:75:3d:48:fe:a8:2e:65:9a:15:a5:ff:15:
         a1:fe:77:16:2f:6c:55:49:f3:a4:29:2b:14:fc:9f:3c:b0:3a:
         4d:72:67:4c:ca:e8:51:32:56:1d:8c:d4:0f:1a:f0:d9:7e:56:
         03:a8:78:38:90:fc:9d:cb:a2:34:bc:b9:c7:70:c4:0f:c7:0d:
         5b:44:37:8c:b7:11:49:d2:05:b5:a9:e1:c3:f4:5a:f3:f3:5c:
         9a:db:64:35:f6:98:4d:90:f3:68:cc:ba:97:cd:cf:30:88:ac:
         48:f7:e4:58:d6:4a:7c:d1:70:21:1b:f6:7f:6c:4e:64:5e:f0:
         bb:b4:11:f9:34:c8:b0:db:37:ee:90:b0:5c:10:80:3d:bd:73:
         76:53:1e:0d:93:0a:03:e7:3e:38:b5:44:22:cb:9b:dc:f6:26:
         2f:91:2a:0c:20:f5:ab:5c:99:8f:3c:fd:83:19:2b:16:cf:65:
         04:8f:05:80:61:82:c3:b5:0a:81:66:90:0a:08:9b:c4:65:0f:
         63:db:fa:f2:3d:1e:34:b1:e0:19:a8:ea:74:d4:d1:1e:00:2d:
         4c:ee:1e:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntnnGZ5zsZR/d6CAEX1SeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjUwMTAyMTU1MDU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGE2YTU0MTRjOTdiZGU5MGIyYzU5ZTQzZDk2NjE1NTdhYTI5MmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpJnKN0w09XiGBpG5s0z6EjgQwEb
LJi+7ThoMid+2PjinmjmYwiu8kuKJzxZ2QKuLWetT1oCCMvDjca5y80IjsubCUjP
xpjZ2EfqsdzlsvMi5ReM5gr2dD/ZMMApfkfnqtUSfI99tN/ODZEM7bE4LlpJXPCu
icVcn8nSJQ3/G1yLTx4Chqbu97K493hA0G0FZ0BncADgEPNYqU04cWEoMrb6yCit
m7qefZ2ay94OSINtlqxWKRaWGD7oXVcxIKkXn6P6nvq2nt7YSyV/nA90qJsH8rV+
TER6yXb+4aV/ab9vW1aXf5V0F/DucKRTo8dTYatchj/+6J6GGaNv/X6DjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB2mpUFMl73pCyxZ5D2WYVV6opK+MB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvSGFhbFFVeVh2ZWtMTEZua1BaWmhWWHFpa3I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW89rMA0G
CSqGSIb3DQEBCwUAA4IBAQBmmra9KQqnV8PJ9o9Aeeot5JW3R1jbIR6+0dnd38uM
i/rieTn/j31nnCJ1PUj+qC5lmhWl/xWh/ncWL2xVSfOkKSsU/J88sDpNcmdMyuhR
MlYdjNQPGvDZflYDqHg4kPydy6I0vLnHcMQPxw1bRDeMtxFJ0gW1qeHD9Frz81ya
22Q19phNkPNozLqXzc8wiKxI9+RY1kp80XAhG/Z/bE5kXvC7tBH5NMiw2zfukLBc
EIA9vXN2Ux4NkwoD5z44tUQiy5vc9iYvkSoMIPWrXJmPPP2DGSsWz2UEjwWAYYLD
tQqBZpAKCJvEZQ9j2/ryPR40seAZqOp01NEeAC1M7h4J
-----END CERTIFICATE-----