Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/ed3d4a-704f-4aa4-821f-dcd5e9478084/1/5y54voFpQemaWdhJdL3R6I-ZfdY.roa
File:                     5y54voFpQemaWdhJdL3R6I-ZfdY.roa (raw, json)
Hash identifier:          0q0hdM7ItmEN9aXgu0xUxeLxjebZjyz7UrwOiAMpRFI=
Subject key identifier:   E7:2E:78:BE:81:69:41:E9:9A:59:D8:49:74:BD:D1:E8:8F:99:7D:D6
Certificate issuer:       /CN=643daf122e3a87acaa6fdb62c35a252a199a58d9
Certificate serial:       019422203E242B0BB22A2CD6AD693F4F47FF
Authority key identifier: 64:3D:AF:12:2E:3A:87:AC:AA:6F:DB:62:C3:5A:25:2A:19:9A:58:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZD2vEi46h6yqb9tiw1olKhmaWNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/ed3d4a-704f-4aa4-821f-dcd5e9478084/1/5y54voFpQemaWdhJdL3R6I-ZfdY.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57956
IP address blocks:        91.237.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/ed3d4a-704f-4aa4-821f-dcd5e9478084/1/ZD2vEi46h6yqb9tiw1olKhmaWNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/ed3d4a-704f-4aa4-821f-dcd5e9478084/1/ZD2vEi46h6yqb9tiw1olKhmaWNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZD2vEi46h6yqb9tiw1olKhmaWNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3e:24:2b:0b:b2:2a:2c:d6:ad:69:3f:4f:47:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=643daf122e3a87acaa6fdb62c35a252a199a58d9
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e72e78be816941e99a59d84974bdd1e88f997dd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:94:f0:07:2e:ce:9b:e6:3f:1b:7f:16:16:08:
                    f0:b2:45:81:71:5e:c7:98:a1:31:c5:f6:f6:a2:ef:
                    f0:c6:0a:f4:ac:f2:78:ca:fb:2a:1b:3d:b0:03:f6:
                    b2:c0:f9:fe:1b:e0:60:ed:50:3f:cf:a4:25:a8:a4:
                    ba:91:3e:16:28:b1:5e:2a:b3:42:0c:af:8b:77:bd:
                    6c:af:9e:5c:93:a4:09:6a:e6:32:0e:63:ad:2b:ab:
                    1c:98:c8:e0:72:1c:8d:84:47:24:92:df:3a:82:68:
                    a7:c2:3b:a5:dd:30:42:d9:63:1a:9a:0f:40:ac:f9:
                    e1:e3:32:e7:7d:9c:63:a4:7d:d0:ff:1d:b9:12:7f:
                    47:44:ce:bc:b8:f9:76:fb:95:b3:f8:10:0c:ff:f3:
                    20:9d:e2:7d:16:79:21:18:fd:2d:13:f4:7f:d4:bc:
                    3f:28:ce:47:41:59:2d:41:d4:43:91:0b:8a:8e:3d:
                    9f:cf:95:47:e4:07:98:85:fe:28:40:09:3e:fc:67:
                    1a:35:40:8a:10:1b:76:dc:29:a1:3b:5b:25:c4:f5:
                    e9:68:22:90:55:1c:84:fc:12:30:fc:9d:45:d0:ed:
                    cc:cc:2c:33:0d:95:2d:56:14:c3:77:ba:6a:76:18:
                    bd:87:86:81:b0:39:f7:40:4b:12:89:9f:95:4f:68:
                    d2:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:2E:78:BE:81:69:41:E9:9A:59:D8:49:74:BD:D1:E8:8F:99:7D:D6
            X509v3 Authority Key Identifier:
                keyid:64:3D:AF:12:2E:3A:87:AC:AA:6F:DB:62:C3:5A:25:2A:19:9A:58:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZD2vEi46h6yqb9tiw1olKhmaWNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/ed3d4a-704f-4aa4-821f-dcd5e9478084/1/5y54voFpQemaWdhJdL3R6I-ZfdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/ed3d4a-704f-4aa4-821f-dcd5e9478084/1/ZD2vEi46h6yqb9tiw1olKhmaWNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:12:31:9f:7a:95:7c:84:cc:82:ea:80:49:54:a4:0e:8a:47:
         93:2d:7e:b1:34:c2:cd:3a:3c:34:1d:aa:eb:c0:74:fe:ca:fc:
         ff:1c:98:63:c9:25:c1:ee:35:39:d4:aa:d5:be:89:dd:3d:7c:
         f2:b2:f4:3c:a5:cc:c9:2a:17:13:a7:3b:05:19:89:c0:fc:13:
         3f:b2:c2:e6:b0:27:11:53:10:c0:8f:dd:ac:16:49:5b:b6:bd:
         bc:d7:41:52:f2:cf:10:5b:36:c8:ad:d0:dd:7a:0f:b0:4d:b6:
         82:bd:0d:d8:4f:e8:dd:89:3e:bc:30:66:6e:f0:af:ca:08:45:
         ca:da:c0:a2:44:94:42:dc:9c:23:62:7e:a5:aa:e5:cd:35:89:
         3d:61:6c:87:cf:d9:46:96:ec:8d:a2:86:13:e9:b5:cb:87:f0:
         2a:ba:29:ec:77:84:da:f1:69:c1:df:da:d6:7a:f7:fa:74:17:
         b2:9c:5d:4d:f7:25:97:a8:ce:0b:97:ea:8c:5b:f3:90:a8:2b:
         42:aa:46:6f:1f:80:87:fd:34:58:bd:72:1c:0c:fc:23:de:d7:
         4f:b4:2c:c5:40:c9:1e:6a:5f:d4:89:99:07:d8:68:21:e5:97:
         c4:0f:4b:85:f4:05:cc:24:6d:e5:7f:9e:63:c5:d6:8c:ea:a9:
         fb:5c:f8:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiID4kKwuyKizWrWk/T0f/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0M2RhZjEyMmUzYTg3YWNhYTZmZGI2MmMzNWEyNTJhMTk5
YTU4ZDkwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzJlNzhiZTgxNjk0MWU5OWE1OWQ4NDk3NGJkZDFlODhmOTk3ZGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxZTwBy7Om+Y/G38WFgjwskWBcV7H
mKExxfb2ou/wxgr0rPJ4yvsqGz2wA/aywPn+G+Bg7VA/z6QlqKS6kT4WKLFeKrNC
DK+Ld71sr55ck6QJauYyDmOtK6scmMjgchyNhEckkt86gminwjul3TBC2WMamg9A
rPnh4zLnfZxjpH3Q/x25En9HRM68uPl2+5Wz+BAM//MgneJ9FnkhGP0tE/R/1Lw/
KM5HQVktQdRDkQuKjj2fz5VH5AeYhf4oQAk+/GcaNUCKEBt23CmhO1slxPXpaCKQ
VRyE/BIw/J1F0O3MzCwzDZUtVhTDd7pqdhi9h4aBsDn3QEsSiZ+VT2jSlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcueL6BaUHpmlnYSXS90eiPmX3WMB8GA1UdIwQY
MBaAFGQ9rxIuOoesqm/bYsNaJSoZmljZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkQydkVpNDZoNnlxYjl0aXcxb2xLaG1hV05rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9lZDNkNGEtNzA0Zi00YWE0LTgyMWYt
ZGNkNWU5NDc4MDg0LzEvNXk1NHZvRnBRZW1hV2RoSmRMM1I2SS1aZmRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9lZDNkNGEtNzA0Zi00YWE0LTgyMWYtZGNkNWU5NDc4MDg0
LzEvWkQydkVpNDZoNnlxYjl0aXcxb2xLaG1hV05rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+0qMA0G
CSqGSIb3DQEBCwUAA4IBAQAQEjGfepV8hMyC6oBJVKQOikeTLX6xNMLNOjw0Harr
wHT+yvz/HJhjySXB7jU51KrVvondPXzysvQ8pczJKhcTpzsFGYnA/BM/ssLmsCcR
UxDAj92sFklbtr2810FS8s8QWzbIrdDdeg+wTbaCvQ3YT+jdiT68MGZu8K/KCEXK
2sCiRJRC3JwjYn6lquXNNYk9YWyHz9lGluyNooYT6bXLh/Aquinsd4Ta8WnB39rW
evf6dBeynF1N9yWXqM4Ll+qMW/OQqCtCqkZvH4CH/TRYvXIcDPwj3tdPtCzFQMke
al/UiZkH2Ggh5ZfED0uF9AXMJG3lf55jxdaM6qn7XPjv
-----END CERTIFICATE-----