Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/xaaOuiTsUCwOo5hhwkfZiBvLcJ8.roa
File:                     xaaOuiTsUCwOo5hhwkfZiBvLcJ8.roa (raw, json)
Hash identifier:          Iz6qbI3mhpm0/uLd5TTzINoKeImEElZtBrUi0Q8Z2Ek=
Subject key identifier:   C5:A6:8E:BA:24:EC:50:2C:0E:A3:98:61:C2:47:D9:88:1B:CB:70:9F
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       01941F8C24A6FB5F399A78D19F7561940F04
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/xaaOuiTsUCwOo5hhwkfZiBvLcJ8.roa
Signing time:             Wed 01 Jan 2025 01:47:45 +0000
ROA not before:           Wed 01 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201119
IP address blocks:        91.228.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:24:a6:fb:5f:39:9a:78:d1:9f:75:61:94:0f:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  1 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5a68eba24ec502c0ea39861c247d9881bcb709f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:52:32:62:17:3f:61:80:57:6d:ae:7a:95:11:
                    59:30:5f:05:50:43:ee:e1:c2:59:53:a6:49:56:df:
                    7d:d9:28:ef:29:55:00:2e:25:27:5b:16:fe:b7:95:
                    6f:80:8b:37:dd:ea:95:c1:0b:5d:9e:f7:2f:15:2f:
                    43:7b:8c:a4:2e:bf:a6:3b:09:d0:02:31:ac:fd:73:
                    a9:bc:cf:e3:a2:46:d1:f0:a3:8c:43:7b:66:ec:29:
                    73:56:44:89:24:a1:51:01:37:e0:69:58:4f:ce:5f:
                    f5:87:98:0a:0f:e0:be:b6:f5:ce:16:4b:03:93:50:
                    5b:74:30:03:e7:87:25:17:36:1c:e4:63:5f:32:ce:
                    40:ad:66:cc:54:84:74:d2:7c:63:d8:8a:88:5d:26:
                    a5:5e:1d:8f:d5:3e:2b:00:b5:ab:5f:b4:4f:50:3c:
                    bb:7e:72:29:62:fd:a6:13:9a:26:1b:96:ef:ec:88:
                    92:0e:cb:4b:52:7c:b6:cf:9f:7b:29:0e:c3:64:e8:
                    57:74:6b:e8:e3:cf:14:6c:d0:dc:bc:2d:5e:5b:62:
                    54:32:e1:07:61:99:43:21:32:d0:d4:14:bd:9f:8c:
                    1a:da:07:ce:87:5c:cb:ce:a5:b8:a9:f5:77:3b:2d:
                    ad:9e:8c:cc:84:37:88:91:26:61:ef:52:62:70:57:
                    1d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:A6:8E:BA:24:EC:50:2C:0E:A3:98:61:C2:47:D9:88:1B:CB:70:9F
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/xaaOuiTsUCwOo5hhwkfZiBvLcJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:7d:a6:16:9a:d3:8c:02:d8:9b:b9:1a:84:e4:91:3d:17:82:
         64:a7:74:b2:a1:a6:cb:b0:a0:ce:53:d1:7f:70:6a:4e:e7:1b:
         96:12:c8:e4:7a:c2:71:0c:85:95:b7:ca:5e:8a:d1:cb:cf:bb:
         6c:f9:53:40:dd:23:b2:7b:65:ad:3c:ee:5a:2d:f1:ab:90:77:
         e4:98:15:43:e2:29:61:92:7f:d9:87:73:52:37:ef:cd:61:01:
         7a:96:38:8c:c8:9d:63:9f:ed:76:e2:6c:22:34:a6:7c:0c:73:
         8a:08:d9:f1:14:73:44:9f:e6:a9:6d:f0:52:6e:4c:b7:b5:cc:
         8d:70:76:76:ca:c3:27:c7:e2:bd:75:d9:37:6f:d6:bd:ce:f5:
         74:c1:93:f1:10:4d:1c:d2:33:84:62:a4:4f:55:7b:ff:3c:82:
         22:3e:73:91:fe:99:1d:96:46:39:89:07:3d:06:96:90:71:a3:
         87:f7:57:da:cf:c1:84:86:8d:e5:4d:b5:33:a4:c3:21:1e:96:
         d3:73:1a:05:da:f2:dd:4a:a3:9e:53:f5:0a:18:c9:db:c7:a3:
         df:6d:3d:6a:ab:c5:78:a5:2a:bd:27:e8:0d:dc:29:ac:f4:02:
         7e:f0:22:6f:69:61:55:67:15:e0:7b:6f:b2:b6:70:6a:56:5d:
         58:0c:d4:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjCSm+185mnjRn3VhlA8EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjUwMTAxMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWE2OGViYTI0ZWM1MDJjMGVhMzk4NjFjMjQ3ZDk4ODFiY2I3MDlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvFIyYhc/YYBXba56lRFZMF8FUEPu
4cJZU6ZJVt992SjvKVUALiUnWxb+t5VvgIs33eqVwQtdnvcvFS9De4ykLr+mOwnQ
AjGs/XOpvM/jokbR8KOMQ3tm7ClzVkSJJKFRATfgaVhPzl/1h5gKD+C+tvXOFksD
k1BbdDAD54clFzYc5GNfMs5ArWbMVIR00nxj2IqIXSalXh2P1T4rALWrX7RPUDy7
fnIpYv2mE5omG5bv7IiSDstLUny2z597KQ7DZOhXdGvo488UbNDcvC1eW2JUMuEH
YZlDITLQ1BS9n4wa2gfOh1zLzqW4qfV3Oy2tnozMhDeIkSZh71JicFcdUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWmjrok7FAsDqOYYcJH2Ygby3CfMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEveGFhT3VpVHNVQ3dPbzVoaHdrZlppQnZMY0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+TKMA0G
CSqGSIb3DQEBCwUAA4IBAQBofaYWmtOMAtibuRqE5JE9F4Jkp3SyoabLsKDOU9F/
cGpO5xuWEsjkesJxDIWVt8peitHLz7ts+VNA3SOye2WtPO5aLfGrkHfkmBVD4ilh
kn/Zh3NSN+/NYQF6ljiMyJ1jn+124mwiNKZ8DHOKCNnxFHNEn+apbfBSbky3tcyN
cHZ2ysMnx+K9ddk3b9a9zvV0wZPxEE0c0jOEYqRPVXv/PIIiPnOR/pkdlkY5iQc9
BpaQcaOH91faz8GEho3lTbUzpMMhHpbTcxoF2vLdSqOeU/UKGMnbx6PfbT1qq8V4
pSq9J+gN3Cms9AJ+8CJvaWFVZxXge2+ytnBqVl1YDNTa
-----END CERTIFICATE-----