Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/jcTO1fBkVXsp4y6wlcBbebFM8iw.roa
File:                     jcTO1fBkVXsp4y6wlcBbebFM8iw.roa (raw, json)
Hash identifier:          NkT9ooqiKYOuDT79Rkr1WXdOvqeB/1D8TcQH5fNDnzE=
Subject key identifier:   8D:C4:CE:D5:F0:64:55:7B:29:E3:2E:B0:95:C0:5B:79:B1:4C:F2:2C
Certificate issuer:       /CN=0fe1a7b6a6b85b3c3267c803996ed818a4a66479
Certificate serial:       0196102396776E2E0043AD984D4DC620493F
Authority key identifier: 0F:E1:A7:B6:A6:B8:5B:3C:32:67:C8:03:99:6E:D8:18:A4:A6:64:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/jcTO1fBkVXsp4y6wlcBbebFM8iw.roa
Signing time:             Mon 07 Apr 2025 12:04:49 +0000
ROA not before:           Mon 07 Apr 2025 12:04:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48654
IP address blocks:        91.211.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:10:23:96:77:6e:2e:00:43:ad:98:4d:4d:c6:20:49:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fe1a7b6a6b85b3c3267c803996ed818a4a66479
        Validity
            Not Before: Apr  7 12:04:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8dc4ced5f064557b29e32eb095c05b79b14cf22c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:22:e2:22:e0:f0:ac:31:10:cf:af:b8:fb:3c:
                    a4:82:a4:33:f4:b3:a2:be:23:ef:59:e6:9f:96:18:
                    ae:14:4b:bd:72:47:e8:55:54:20:62:56:f5:63:5a:
                    30:06:a4:f2:a2:f8:26:64:67:e8:41:9b:47:d4:17:
                    2d:b4:c1:ff:8e:78:ad:de:5a:c6:3d:4f:5b:39:75:
                    20:95:29:8c:ef:18:1a:f0:89:a8:06:73:33:c3:24:
                    e5:f5:76:a5:0b:43:35:91:dc:60:a0:8a:4e:ed:4e:
                    58:ac:83:8c:6e:35:a6:a1:ee:1a:7e:2f:6d:4f:c7:
                    66:b3:e2:91:a8:ad:17:24:ec:8c:b7:d6:a2:f1:a3:
                    6e:98:1f:93:93:00:d5:ed:d8:8f:36:9b:1f:83:12:
                    3a:78:6a:f5:18:86:ba:36:b1:88:06:d5:07:50:7f:
                    a1:a3:4c:7d:2b:c3:22:e5:26:f0:5b:6f:6d:4c:30:
                    7a:18:c7:e5:01:90:d2:4f:f5:b5:71:2a:4c:3a:ca:
                    48:8a:8c:31:16:03:2d:22:d5:34:76:5d:27:ff:bf:
                    23:61:5a:3b:3f:e9:9f:d0:5c:13:20:84:67:82:3a:
                    68:74:b2:ab:41:43:d2:9c:c3:90:de:05:90:59:a4:
                    83:0a:97:b3:84:5d:cd:44:76:ae:e7:80:ac:84:1b:
                    99:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:C4:CE:D5:F0:64:55:7B:29:E3:2E:B0:95:C0:5B:79:B1:4C:F2:2C
            X509v3 Authority Key Identifier:
                keyid:0F:E1:A7:B6:A6:B8:5B:3C:32:67:C8:03:99:6E:D8:18:A4:A6:64:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/jcTO1fBkVXsp4y6wlcBbebFM8iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/0841b5-1955-4f00-8bf1-289f95893e84/1/D-Gntqa4WzwyZ8gDmW7YGKSmZHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:02:86:81:52:49:f5:68:3f:50:c7:d2:3b:50:e5:5c:05:28:
         ec:e7:eb:e5:f0:22:19:b7:b5:7d:04:bd:27:5e:d5:ae:8d:e6:
         bd:4d:8f:30:cf:6c:4c:ae:78:cb:3d:5c:ea:fc:71:3b:aa:ba:
         06:ab:26:1e:3b:41:02:c7:c7:56:ee:08:9f:92:c0:78:f6:6c:
         ee:3c:e4:34:35:62:78:e0:78:50:f7:c1:cf:06:5e:74:b8:a8:
         a1:ca:01:e5:a6:0e:c7:16:53:d8:f6:ff:58:6e:e9:9e:f7:d8:
         24:0f:81:cf:89:93:be:29:81:0f:ea:72:c9:86:9b:a2:67:29:
         5b:ea:db:08:27:df:6e:19:5e:c7:75:b3:9a:99:14:72:10:d5:
         6a:ad:c0:8c:1b:bd:58:56:69:40:54:c8:11:c3:3a:c9:0e:ba:
         61:04:98:4f:20:29:88:00:d7:d4:ba:a7:1f:1a:31:44:41:dc:
         4e:c4:1c:72:a9:50:70:2b:b3:99:77:55:be:7a:68:a1:5d:87:
         b7:8e:e2:b8:02:72:54:25:22:73:8b:0b:17:d3:48:65:14:46:
         4c:74:ac:19:72:da:87:0b:ac:e8:51:38:d4:d8:d7:7b:cc:af:
         ec:e4:5f:a5:89:e1:03:2f:28:33:0f:39:97:2d:72:1b:18:61:
         25:3c:0a:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYQI5Z3bi4AQ62YTU3GIEk/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZTFhN2I2YTZiODViM2MzMjY3YzgwMzk5NmVkODE4YTRh
NjY0NzkwHhcNMjUwNDA3MTIwNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGM0Y2VkNWYwNjQ1NTdiMjllMzJlYjA5NWMwNWI3OWIxNGNmMjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiLiIuDwrDEQz6+4+zykgqQz9LOi
viPvWeaflhiuFEu9ckfoVVQgYlb1Y1owBqTyovgmZGfoQZtH1BcttMH/jnit3lrG
PU9bOXUglSmM7xga8ImoBnMzwyTl9XalC0M1kdxgoIpO7U5YrIOMbjWmoe4afi9t
T8dms+KRqK0XJOyMt9ai8aNumB+TkwDV7diPNpsfgxI6eGr1GIa6NrGIBtUHUH+h
o0x9K8Mi5SbwW29tTDB6GMflAZDST/W1cSpMOspIiowxFgMtItU0dl0n/78jYVo7
P+mf0FwTIIRngjpodLKrQUPSnMOQ3gWQWaSDCpezhF3NRHau54CshBuZWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3EztXwZFV7KeMusJXAW3mxTPIsMB8GA1UdIwQY
MBaAFA/hp7amuFs8MmfIA5lu2BikpmR5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC1HbnRxYTRXend5WjhnRG1XN1lHS1NtWkhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8wODQxYjUtMTk1NS00ZjAwLThiZjEt
Mjg5Zjk1ODkzZTg0LzEvamNUTzFmQmtWWHNwNHk2d2xjQmJlYkZNOGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8wODQxYjUtMTk1NS00ZjAwLThiZjEtMjg5Zjk1ODkzZTg0
LzEvRC1HbnRxYTRXend5WjhnRG1XN1lHS1NtWkhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9NoMA0G
CSqGSIb3DQEBCwUAA4IBAQBzAoaBUkn1aD9Qx9I7UOVcBSjs5+vl8CIZt7V9BL0n
XtWujea9TY8wz2xMrnjLPVzq/HE7qroGqyYeO0ECx8dW7gifksB49mzuPOQ0NWJ4
4HhQ98HPBl50uKihygHlpg7HFlPY9v9Ybume99gkD4HPiZO+KYEP6nLJhpuiZylb
6tsIJ99uGV7HdbOamRRyENVqrcCMG71YVmlAVMgRwzrJDrphBJhPICmIANfUuqcf
GjFEQdxOxBxyqVBwK7OZd1W+emihXYe3juK4AnJUJSJziwsX00hlFEZMdKwZctqH
C6zoUTjU2Nd7zK/s5F+lieEDLygzDzmXLXIbGGElPAot
-----END CERTIFICATE-----