Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/AmbhHmgyu8yrBMkbzGnkI8tsxAo.roa
File:                     AmbhHmgyu8yrBMkbzGnkI8tsxAo.roa (raw, json)
Hash identifier:          uwxXW79FBxLkGN+Si8BRtGUDQUqQKGnxx/ByuHQICRk=
Subject key identifier:   02:66:E1:1E:68:32:BB:CC:AB:04:C9:1B:CC:69:E4:23:CB:6C:C4:0A
Certificate issuer:       /CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
Certificate serial:       01942521C3FBC8159DCCC05087071714EF3F
Authority key identifier: 8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/AmbhHmgyu8yrBMkbzGnkI8tsxAo.roa
Signing time:             Thu 02 Jan 2025 03:49:17 +0000
ROA not before:           Thu 02 Jan 2025 03:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     10010
IP address blocks:        91.200.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:c3:fb:c8:15:9d:cc:c0:50:87:07:17:14:ef:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
        Validity
            Not Before: Jan  2 03:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0266e11e6832bbccab04c91bcc69e423cb6cc40a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:33:84:8b:ca:f0:9b:80:88:a8:f0:17:4d:20:
                    be:80:fc:72:0d:2c:e6:4b:ed:c7:0f:d8:39:7c:68:
                    a6:bc:a2:4a:b6:e3:6a:bd:23:74:4f:b1:a8:e0:0c:
                    3f:b4:c4:9e:4f:93:27:9e:da:b5:50:2f:50:b9:d5:
                    91:f9:62:ce:e8:89:cb:ca:c2:66:05:29:cd:c9:b6:
                    42:fe:fb:11:69:df:88:09:ef:79:09:2e:2e:39:58:
                    67:6f:97:09:98:b7:81:5f:47:00:21:b1:cd:61:44:
                    b2:bb:57:72:a2:8e:a0:2f:cb:83:0e:3a:88:38:46:
                    37:2a:93:f4:4f:d2:58:b6:ed:9e:da:f1:da:7e:76:
                    72:fc:2b:fb:2c:e3:52:bf:7f:9a:e7:8a:1b:5f:a4:
                    b2:ec:46:b2:b1:97:93:82:1b:2b:98:89:6f:76:c2:
                    b3:80:66:1f:8a:68:64:57:3e:a0:21:b3:a9:82:cd:
                    1c:62:d9:8f:95:be:f7:51:0a:fc:6e:8e:12:12:41:
                    14:5f:f6:94:b3:cb:f2:09:4c:6d:7b:8b:61:1b:21:
                    e6:15:d3:d6:81:59:56:3b:6c:98:c2:af:31:6e:19:
                    ec:a3:bf:da:aa:6f:65:5a:f0:ab:72:9c:69:20:02:
                    8f:86:cc:72:01:61:55:44:82:70:5d:9a:97:af:b0:
                    59:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:66:E1:1E:68:32:BB:CC:AB:04:C9:1B:CC:69:E4:23:CB:6C:C4:0A
            X509v3 Authority Key Identifier:
                keyid:8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/AmbhHmgyu8yrBMkbzGnkI8tsxAo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:b1:bd:f6:83:9a:4f:35:f6:79:d4:05:49:5c:f6:7e:7a:ed:
         ac:dc:96:60:bb:3c:6a:7b:34:5f:f8:e8:41:ca:3a:85:53:c1:
         06:60:2e:ed:6b:02:0b:91:a4:e6:d5:78:fc:bb:86:a3:44:7d:
         d3:2e:a1:f9:f6:ed:59:9f:c3:cb:c5:7b:fd:82:e1:79:db:bf:
         06:b5:bb:bf:89:f3:3e:cb:25:7d:f2:c5:b5:47:dd:d9:a4:6b:
         ed:d1:1b:4f:03:f9:8f:1f:1d:a3:52:d2:e8:0c:de:5a:a4:37:
         99:ce:4d:c3:69:0d:ab:fd:22:e2:61:e3:31:f5:69:0c:1a:ff:
         9a:60:84:be:40:7a:11:0c:9a:a5:ae:17:86:49:4f:37:97:47:
         73:12:47:0b:30:6a:2a:d5:c4:d1:44:cb:22:a5:3d:e1:08:ac:
         7a:38:56:be:32:6c:7c:23:0d:81:ed:d6:a1:b7:38:35:89:78:
         36:10:67:e5:2c:38:33:86:e8:df:c4:05:92:df:ee:f2:dd:85:
         01:3d:2d:94:3d:cb:41:4d:95:26:58:f7:18:e1:79:95:ef:9e:
         e2:24:ff:31:71:ec:ba:ca:50:b5:f5:54:9e:c2:6a:ca:67:6e:
         78:86:7e:36:85:f5:0b:ef:22:80:a3:ff:b4:60:17:27:77:c8:
         5e:2c:c7:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIcP7yBWdzMBQhwcXFO8/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjAyNGIyYzI3YTY3ZGZmNWI2NTRlZmEwNmJmN2JmYzEy
MjI2MjUwHhcNMjUwMTAyMDM0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjY2ZTExZTY4MzJiYmNjYWIwNGM5MWJjYzY5ZTQyM2NiNmNjNDBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DOEi8rwm4CIqPAXTSC+gPxyDSzm
S+3HD9g5fGimvKJKtuNqvSN0T7Go4Aw/tMSeT5Mnntq1UC9QudWR+WLO6InLysJm
BSnNybZC/vsRad+ICe95CS4uOVhnb5cJmLeBX0cAIbHNYUSyu1dyoo6gL8uDDjqI
OEY3KpP0T9JYtu2e2vHafnZy/Cv7LONSv3+a54obX6Sy7EaysZeTghsrmIlvdsKz
gGYfimhkVz6gIbOpgs0cYtmPlb73UQr8bo4SEkEUX/aUs8vyCUxte4thGyHmFdPW
gVlWO2yYwq8xbhnso7/aqm9lWvCrcpxpIAKPhsxyAWFVRIJwXZqXr7BZhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJm4R5oMrvMqwTJG8xp5CPLbMQKMB8GA1UdIwQY
MBaAFIpgJLLCemff9bZU76Br97/BIiYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEt
MDhlOGYwY2JiODQwLzEvQW1iaEhtZ3l1OHlyQk1rYnpHbmtJOHRzeEFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEtMDhlOGYwY2JiODQw
LzEvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8g6MA0G
CSqGSIb3DQEBCwUAA4IBAQDDsb32g5pPNfZ51AVJXPZ+eu2s3JZguzxqezRf+OhB
yjqFU8EGYC7tawILkaTm1Xj8u4ajRH3TLqH59u1Zn8PLxXv9guF5278Gtbu/ifM+
yyV98sW1R93ZpGvt0RtPA/mPHx2jUtLoDN5apDeZzk3DaQ2r/SLiYeMx9WkMGv+a
YIS+QHoRDJqlrheGSU83l0dzEkcLMGoq1cTRRMsipT3hCKx6OFa+Mmx8Iw2B7dah
tzg1iXg2EGflLDgzhujfxAWS3+7y3YUBPS2UPctBTZUmWPcY4XmV757iJP8xcey6
ylC19VSewmrKZ254hn42hfUL7yKAo/+0YBcnd8heLMd2
-----END CERTIFICATE-----