Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/N27NGihy8WmI6HIW_yhWSJZeU9k.roa
File:                     N27NGihy8WmI6HIW_yhWSJZeU9k.roa (raw, json)
Hash identifier:          Q+Td16nLax+UmqY0XNxT8IJJewf0jGZAU8j9g1646D8=
Subject key identifier:   37:6E:CD:1A:28:72:F1:69:88:E8:72:16:FF:28:56:48:96:5E:53:D9
Certificate issuer:       /CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
Certificate serial:       019006B6B08EC240764348CA175A51746D38
Authority key identifier: CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/N27NGihy8WmI6HIW_yhWSJZeU9k.roa
Signing time:             Tue 11 Jun 2024 09:52:34 +0000
ROA not before:           Tue 11 Jun 2024 09:52:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49617
IP address blocks:        91.215.60.0/23 maxlen: 23
                          91.236.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:b6:b0:8e:c2:40:76:43:48:ca:17:5a:51:74:6d:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf1df6667da38e57a25b1945fa40e593e5adfa00
        Validity
            Not Before: Jun 11 09:52:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=376ecd1a2872f16988e87216ff285648965e53d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:32:f4:00:9f:2d:25:9f:fe:77:47:09:8c:d1:
                    b2:44:89:64:07:e0:d8:ed:36:81:ad:fb:03:b2:fa:
                    88:d8:d8:31:40:cd:ca:22:87:54:c8:57:03:a1:10:
                    74:94:49:9f:76:ad:a7:48:54:dc:08:06:0d:0c:b3:
                    30:99:74:e8:d2:c1:28:46:17:b9:02:ab:e9:43:89:
                    66:6c:d2:2e:1b:15:8f:6d:dc:b6:b1:57:c1:d4:ce:
                    3f:94:5d:5e:da:62:04:b6:0f:77:4a:ba:df:d0:d8:
                    1f:e7:e7:6f:79:46:a9:2d:cf:31:30:6b:f0:43:32:
                    b6:10:57:db:7f:e7:61:1a:42:de:ca:97:79:1c:12:
                    80:7d:ab:f8:41:9f:e3:2d:46:fc:12:b0:d9:98:6a:
                    b8:7d:5d:3b:30:c9:fe:cb:92:f1:fa:be:a0:66:1c:
                    cc:85:17:12:e4:91:dd:41:ea:40:bf:1d:be:f8:80:
                    8d:a0:58:20:c2:bc:3e:b1:0f:ad:e8:ad:21:4b:10:
                    2c:f6:2d:e0:02:cf:ed:3c:b2:f4:01:fe:0d:38:df:
                    d0:57:37:a6:52:f1:d0:74:87:7b:be:b0:b7:c3:50:
                    b2:24:b4:1e:14:ff:78:99:3c:cf:29:39:28:43:e3:
                    07:45:fc:0f:fe:54:c3:12:72:27:64:dd:65:8d:e2:
                    e3:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:6E:CD:1A:28:72:F1:69:88:E8:72:16:FF:28:56:48:96:5E:53:D9
            X509v3 Authority Key Identifier:
                keyid:CF:1D:F6:66:7D:A3:8E:57:A2:5B:19:45:FA:40:E5:93:E5:AD:FA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zx32Zn2jjleiWxlF-kDlk-Wt-gA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/N27NGihy8WmI6HIW_yhWSJZeU9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/e5789a-160d-4896-a25a-8df36337e6bc/1/zx32Zn2jjleiWxlF-kDlk-Wt-gA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.60.0/23
                  91.236.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:5c:27:dc:c0:f1:df:b8:16:f9:ae:30:a7:d1:0a:bd:c5:df:
         4d:d3:54:dd:82:5e:8b:fc:0a:f8:5d:25:c4:b4:d7:8e:75:55:
         a2:cf:ca:89:b6:0c:34:80:00:dc:7c:9d:b4:65:41:96:87:64:
         20:15:2a:0f:30:e4:1f:f6:08:77:f9:b9:b3:75:07:c2:f8:de:
         d5:33:6d:c2:00:a3:40:f4:73:e5:0a:d3:95:a8:e1:e3:9d:3a:
         d7:8a:2c:aa:15:ae:08:76:00:f6:9c:57:60:a6:8e:e0:62:15:
         81:f0:1c:66:ab:68:d0:cc:5a:50:fc:4c:74:31:5e:98:2a:21:
         00:03:28:9a:9d:f5:89:70:a3:10:bf:78:c5:d6:1c:8d:e0:67:
         ed:4e:28:c2:18:fc:c0:3b:17:6a:8b:49:f4:63:da:e4:e3:64:
         f9:e3:b9:60:83:37:8e:91:d7:eb:be:e9:76:da:c1:2a:00:8e:
         66:5e:ea:75:49:72:9e:1e:cc:16:fb:05:4b:74:4b:c3:e5:43:
         cd:bf:f3:9a:0d:32:d1:51:5a:c2:a9:a0:d7:05:de:3b:6e:f0:
         64:2b:6e:1c:5d:d6:e2:b5:73:d6:f6:10:e1:34:aa:d3:2d:0c:
         89:51:4b:b5:cc:72:bd:84:8e:6c:10:6e:56:dd:af:5e:71:89:
         9e:0c:d9:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZAGtrCOwkB2Q0jKF1pRdG04MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmMWRmNjY2N2RhMzhlNTdhMjViMTk0NWZhNDBlNTkzZTVh
ZGZhMDAwHhcNMjQwNjExMDk1MjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzZlY2QxYTI4NzJmMTY5ODhlODcyMTZmZjI4NTY0ODk2NWU1M2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjL0AJ8tJZ/+d0cJjNGyRIlkB+DY
7TaBrfsDsvqI2NgxQM3KIodUyFcDoRB0lEmfdq2nSFTcCAYNDLMwmXTo0sEoRhe5
AqvpQ4lmbNIuGxWPbdy2sVfB1M4/lF1e2mIEtg93Srrf0Ngf5+dveUapLc8xMGvw
QzK2EFfbf+dhGkLeypd5HBKAfav4QZ/jLUb8ErDZmGq4fV07MMn+y5Lx+r6gZhzM
hRcS5JHdQepAvx2++ICNoFggwrw+sQ+t6K0hSxAs9i3gAs/tPLL0Af4NON/QVzem
UvHQdId7vrC3w1CyJLQeFP94mTzPKTkoQ+MHRfwP/lTDEnInZN1ljeLjTQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDduzRoocvFpiOhyFv8oVkiWXlPZMB8GA1UdIwQY
MBaAFM8d9mZ9o45XolsZRfpA5ZPlrfoAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEt
OGRmMzYzMzdlNmJjLzEvTjI3TkdpaHk4V21JNkhJV195aFdTSlplVTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9lNTc4OWEtMTYwZC00ODk2LWEyNWEtOGRmMzYzMzdlNmJj
LzEvengzMlpuMmpqbGVpV3hsRi1rRGxrLVd0LWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW9c8AwQA
W+yGMA0GCSqGSIb3DQEBCwUAA4IBAQCTXCfcwPHfuBb5rjCn0Qq9xd9N01Tdgl6L
/Ar4XSXEtNeOdVWiz8qJtgw0gADcfJ20ZUGWh2QgFSoPMOQf9gh3+bmzdQfC+N7V
M23CAKNA9HPlCtOVqOHjnTrXiiyqFa4IdgD2nFdgpo7gYhWB8Bxmq2jQzFpQ/Ex0
MV6YKiEAAyianfWJcKMQv3jF1hyN4GftTijCGPzAOxdqi0n0Y9rk42T547lggzeO
kdfrvul22sEqAI5mXup1SXKeHswW+wVLdEvD5UPNv/OaDTLRUVrCqaDXBd47bvBk
K24cXdbitXPW9hDhNKrTLQyJUUu1zHK9hI5sEG5W3a9ecYmeDNlK
-----END CERTIFICATE-----