Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/255149-8c4b-4cd8-919f-77bb532228b4/1/3ktEzDL0WvhnsuJm2C6DIk-mHBM.roa
File:                     3ktEzDL0WvhnsuJm2C6DIk-mHBM.roa (raw, json)
Hash identifier:          OJtb++yW5+MtXw5QSymaUjcZIRPMQ11YahPbPvwPK4Q=
Subject key identifier:   DE:4B:44:CC:32:F4:5A:F8:67:B2:E2:66:D8:2E:83:22:4F:A6:1C:13
Certificate issuer:       /CN=738e893dcd347f7dab5f70d351f8fce1deaa65d1
Certificate serial:       0194221F92955478291CE0DA6C48E81BA7C4
Authority key identifier: 73:8E:89:3D:CD:34:7F:7D:AB:5F:70:D3:51:F8:FC:E1:DE:AA:65:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c46JPc00f32rX3DTUfj84d6qZdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/255149-8c4b-4cd8-919f-77bb532228b4/1/3ktEzDL0WvhnsuJm2C6DIk-mHBM.roa
Signing time:             Wed 01 Jan 2025 13:48:02 +0000
ROA not before:           Wed 01 Jan 2025 13:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51924
IP address blocks:        91.220.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/255149-8c4b-4cd8-919f-77bb532228b4/1/c46JPc00f32rX3DTUfj84d6qZdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/255149-8c4b-4cd8-919f-77bb532228b4/1/c46JPc00f32rX3DTUfj84d6qZdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c46JPc00f32rX3DTUfj84d6qZdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:92:95:54:78:29:1c:e0:da:6c:48:e8:1b:a7:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=738e893dcd347f7dab5f70d351f8fce1deaa65d1
        Validity
            Not Before: Jan  1 13:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de4b44cc32f45af867b2e266d82e83224fa61c13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:1d:41:49:39:98:26:f9:4e:ff:a7:be:91:9b:
                    f8:1f:4f:41:87:eb:73:66:fd:f7:90:97:88:19:cd:
                    42:ed:cc:b1:2f:68:1b:28:ec:90:b8:e8:c5:3f:9c:
                    65:50:3c:c2:5e:14:db:07:c2:7d:bd:57:98:8d:a1:
                    9e:48:3c:10:6d:4b:31:10:cb:89:a6:2d:3a:a3:d4:
                    83:60:58:14:bc:6b:d3:da:0b:c3:76:0b:41:fd:38:
                    12:8d:e3:01:20:f2:3c:8a:0d:58:fa:c8:99:e7:62:
                    f3:88:ba:63:32:f4:b7:4d:ab:61:02:f1:6e:ff:34:
                    e6:e2:ba:13:c2:fe:de:a4:ff:37:96:fc:46:65:2e:
                    6b:66:95:5d:c6:9f:4d:1c:6e:6f:d0:6e:95:ae:e4:
                    a0:57:e2:9e:1c:c8:14:69:4e:81:c0:06:d2:9b:38:
                    26:65:af:3d:78:63:78:b8:f9:3b:4e:b6:3b:bd:d9:
                    0a:27:7f:35:8b:bc:d9:ec:d1:86:24:27:9d:8a:37:
                    07:fe:98:3a:4e:53:89:c2:ad:79:17:18:33:00:54:
                    b5:1e:41:3e:24:c7:40:6c:6a:f2:ed:0a:43:db:88:
                    6b:1f:9d:cb:7b:97:87:b7:b6:8b:4a:19:8a:a2:f7:
                    fd:9b:03:e6:e7:c0:02:38:29:aa:03:c6:f2:d7:3f:
                    f7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:4B:44:CC:32:F4:5A:F8:67:B2:E2:66:D8:2E:83:22:4F:A6:1C:13
            X509v3 Authority Key Identifier:
                keyid:73:8E:89:3D:CD:34:7F:7D:AB:5F:70:D3:51:F8:FC:E1:DE:AA:65:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c46JPc00f32rX3DTUfj84d6qZdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/255149-8c4b-4cd8-919f-77bb532228b4/1/3ktEzDL0WvhnsuJm2C6DIk-mHBM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/255149-8c4b-4cd8-919f-77bb532228b4/1/c46JPc00f32rX3DTUfj84d6qZdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:62:f7:dc:9e:d2:70:ec:57:f8:e5:14:c0:64:a3:ae:49:17:
         2b:e2:c0:37:ff:db:6a:e7:35:a4:d9:7b:b2:40:71:2d:7b:a2:
         bf:af:1a:ac:5a:4c:dd:18:0a:66:bb:d3:95:f8:00:4e:04:df:
         ba:d1:04:0c:3e:50:fd:91:d4:bf:73:8e:7a:8f:be:66:31:71:
         75:df:98:47:de:3a:63:34:ec:ba:f6:24:9b:f8:bb:07:a0:97:
         e6:8f:a5:7a:5e:d6:a4:70:ae:cb:e1:ce:74:c7:85:23:de:58:
         9f:82:2d:76:d9:11:75:e8:de:c4:f0:6a:4c:ad:1d:6a:f7:63:
         09:75:67:01:a0:d7:c7:f9:82:f6:6b:6b:dd:15:1f:2a:b6:3e:
         dd:ae:6c:65:09:06:5d:7c:29:18:b5:14:4b:5b:79:06:88:d0:
         f0:db:96:db:0e:a2:80:90:91:d2:75:50:b8:c0:1a:e7:c3:e3:
         8f:51:9f:2f:f7:96:5d:af:ba:53:5d:32:83:e1:31:27:8f:39:
         bf:fd:56:73:49:3f:4a:36:57:45:8d:35:26:0e:fb:00:e3:6f:
         a6:45:5d:81:81:2c:48:50:0b:e3:25:ff:10:be:7f:25:38:07:
         94:1b:df:a1:20:3e:20:e1:f0:6b:fb:25:61:2d:23:c6:b5:c3:
         87:46:bd:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH5KVVHgpHODabEjoG6fEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczOGU4OTNkY2QzNDdmN2RhYjVmNzBkMzUxZjhmY2UxZGVh
YTY1ZDEwHhcNMjUwMTAxMTM0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTRiNDRjYzMyZjQ1YWY4NjdiMmUyNjZkODJlODMyMjRmYTYxYzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3h1BSTmYJvlO/6e+kZv4H09Bh+tz
Zv33kJeIGc1C7cyxL2gbKOyQuOjFP5xlUDzCXhTbB8J9vVeYjaGeSDwQbUsxEMuJ
pi06o9SDYFgUvGvT2gvDdgtB/TgSjeMBIPI8ig1Y+siZ52LziLpjMvS3TathAvFu
/zTm4roTwv7epP83lvxGZS5rZpVdxp9NHG5v0G6VruSgV+KeHMgUaU6BwAbSmzgm
Za89eGN4uPk7TrY7vdkKJ381i7zZ7NGGJCedijcH/pg6TlOJwq15FxgzAFS1HkE+
JMdAbGry7QpD24hrH53Le5eHt7aLShmKovf9mwPm58ACOCmqA8by1z/3/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5LRMwy9Fr4Z7LiZtgugyJPphwTMB8GA1UdIwQY
MBaAFHOOiT3NNH99q19w01H4/OHeqmXRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzQ2SlBjMDBmMzJyWDNEVFVmajg0ZDZxWmRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi8yNTUxNDktOGM0Yi00Y2Q4LTkxOWYt
NzdiYjUzMjIyOGI0LzEvM2t0RXpETDBXdmhuc3VKbTJDNkRJay1tSEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi8yNTUxNDktOGM0Yi00Y2Q4LTkxOWYtNzdiYjUzMjIyOGI0
LzEvYzQ2SlBjMDBmMzJyWDNEVFVmajg0ZDZxWmRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9y7MA0G
CSqGSIb3DQEBCwUAA4IBAQBSYvfcntJw7Ff45RTAZKOuSRcr4sA3/9tq5zWk2Xuy
QHEte6K/rxqsWkzdGApmu9OV+ABOBN+60QQMPlD9kdS/c456j75mMXF135hH3jpj
NOy69iSb+LsHoJfmj6V6XtakcK7L4c50x4Uj3lifgi122RF16N7E8GpMrR1q92MJ
dWcBoNfH+YL2a2vdFR8qtj7drmxlCQZdfCkYtRRLW3kGiNDw25bbDqKAkJHSdVC4
wBrnw+OPUZ8v95Zdr7pTXTKD4TEnjzm//VZzST9KNldFjTUmDvsA42+mRV2BgSxI
UAvjJf8Qvn8lOAeUG9+hID4g4fBr+yVhLSPGtcOHRr28
-----END CERTIFICATE-----