Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/cin36IkcVIQMWPjd44GqXKLQuWQ.roa
File:                     cin36IkcVIQMWPjd44GqXKLQuWQ.roa (raw, json)
Hash identifier:          OwdXlpnQGHCbD8dLSbClcbklFBICkGpHdsNc3VSAeno=
Subject key identifier:   72:29:F7:E8:89:1C:54:84:0C:58:F8:DD:E3:81:AA:5C:A2:D0:B9:64
Certificate issuer:       /CN=cc1e7c46b81ddab2744270c5bad986af86df4f60
Certificate serial:       0194258F60B052E130314A0B0787CE17D6AC
Authority key identifier: CC:1E:7C:46:B8:1D:DA:B2:74:42:70:C5:BA:D9:86:AF:86:DF:4F:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zB58Rrgd2rJ0QnDFutmGr4bfT2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/cin36IkcVIQMWPjd44GqXKLQuWQ.roa
Signing time:             Thu 02 Jan 2025 05:49:00 +0000
ROA not before:           Thu 02 Jan 2025 05:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.193.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/zB58Rrgd2rJ0QnDFutmGr4bfT2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/zB58Rrgd2rJ0QnDFutmGr4bfT2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zB58Rrgd2rJ0QnDFutmGr4bfT2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:60:b0:52:e1:30:31:4a:0b:07:87:ce:17:d6:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc1e7c46b81ddab2744270c5bad986af86df4f60
        Validity
            Not Before: Jan  2 05:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7229f7e8891c54840c58f8dde381aa5ca2d0b964
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f2:ed:a8:88:db:81:73:53:cc:c5:d7:48:9e:
                    c1:66:75:80:fd:6e:e2:55:1c:52:3c:6c:7e:db:23:
                    5b:15:05:5f:f2:f5:8d:3a:91:cc:c1:5b:1b:d8:11:
                    ca:90:22:b2:07:54:59:7b:b8:e4:59:72:18:47:72:
                    b5:df:0f:16:36:80:f5:cd:c3:f8:bd:6c:d7:c5:e1:
                    b7:8e:a5:0a:34:a0:52:3f:b1:8b:fb:b5:67:3d:ba:
                    4b:c9:e5:02:25:b5:c7:6f:31:1e:23:56:3c:c0:4f:
                    11:b5:3c:4b:d0:aa:e5:1d:eb:4d:e1:43:95:8d:79:
                    dc:d1:31:06:2b:6d:16:80:06:5b:8c:d4:36:c4:ae:
                    13:7b:23:16:47:1a:91:6d:00:fd:de:a7:a4:dc:72:
                    c1:4f:6a:9a:f1:34:9e:db:e9:28:b6:7f:55:11:64:
                    1a:3c:9f:c1:e8:c4:2d:cf:99:7f:ea:20:6d:e5:94:
                    ab:9b:d2:3c:97:bf:93:bf:ee:23:57:ac:f5:7b:06:
                    9b:f3:86:ff:7a:b3:6b:80:e7:31:b8:c0:b6:b8:22:
                    c1:ed:68:0c:4c:57:74:15:42:1c:1b:e3:32:2b:da:
                    fd:04:20:a6:75:73:9f:ee:fa:82:61:47:0a:58:15:
                    d7:db:63:8d:eb:7e:f1:03:b5:48:e2:e8:7c:e6:57:
                    28:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:29:F7:E8:89:1C:54:84:0C:58:F8:DD:E3:81:AA:5C:A2:D0:B9:64
            X509v3 Authority Key Identifier:
                keyid:CC:1E:7C:46:B8:1D:DA:B2:74:42:70:C5:BA:D9:86:AF:86:DF:4F:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zB58Rrgd2rJ0QnDFutmGr4bfT2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/cin36IkcVIQMWPjd44GqXKLQuWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/zB58Rrgd2rJ0QnDFutmGr4bfT2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:11:4f:7b:91:52:36:c6:01:9a:b2:b9:8d:e8:d0:fa:7f:fc:
         39:85:ce:41:4a:27:59:8a:7d:ec:d5:3f:9e:ca:38:af:fd:1f:
         69:22:37:c6:45:d4:00:dc:88:fe:28:c7:1c:fb:ee:96:cb:59:
         4e:93:83:38:95:cc:f2:6b:0f:93:2a:86:8b:13:41:50:1d:0b:
         e1:43:17:96:9e:2a:7b:59:39:e5:2a:85:33:0a:4e:ec:c7:9d:
         70:69:85:4a:ae:6f:4d:c5:07:9c:d0:53:be:65:89:69:17:80:
         34:6d:58:c4:2f:56:98:d7:8d:6c:90:b4:69:eb:09:5c:c9:b2:
         4c:cb:48:09:4b:d4:bc:9e:5e:e2:c7:64:66:85:0b:f5:d3:64:
         25:f0:86:e7:04:e2:c8:4c:27:f1:92:aa:ac:e2:73:47:34:ca:
         2b:59:db:34:e2:16:ac:07:05:8d:9e:55:a3:c2:a4:72:4e:8f:
         05:8a:9d:75:42:45:22:26:1c:d9:de:0a:d5:5b:6e:03:e9:f8:
         f9:47:89:3e:b5:59:54:11:86:9c:73:4d:76:8d:d5:9f:f5:37:
         61:93:ae:f3:b4:7b:81:a5:75:b7:5d:77:11:3e:9a:6b:aa:d2:
         bb:4e:78:80:d0:33:f9:15:be:5c:0a:b0:ba:c9:b9:a1:df:1d:
         66:bc:6c:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj2CwUuEwMUoLB4fOF9asMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMWU3YzQ2YjgxZGRhYjI3NDQyNzBjNWJhZDk4NmFmODZk
ZjRmNjAwHhcNMjUwMTAyMDU0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjI5ZjdlODg5MWM1NDg0MGM1OGY4ZGRlMzgxYWE1Y2EyZDBiOTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPLtqIjbgXNTzMXXSJ7BZnWA/W7i
VRxSPGx+2yNbFQVf8vWNOpHMwVsb2BHKkCKyB1RZe7jkWXIYR3K13w8WNoD1zcP4
vWzXxeG3jqUKNKBSP7GL+7VnPbpLyeUCJbXHbzEeI1Y8wE8RtTxL0KrlHetN4UOV
jXnc0TEGK20WgAZbjNQ2xK4TeyMWRxqRbQD93qek3HLBT2qa8TSe2+kotn9VEWQa
PJ/B6MQtz5l/6iBt5ZSrm9I8l7+Tv+4jV6z1ewab84b/erNrgOcxuMC2uCLB7WgM
TFd0FUIcG+MyK9r9BCCmdXOf7vqCYUcKWBXX22ON637xA7VI4uh85lcoyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHIp9+iJHFSEDFj43eOBqlyi0LlkMB8GA1UdIwQY
MBaAFMwefEa4HdqydEJwxbrZhq+G309gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekI1OFJyZ2QyckowUW5ERnV0bUdyNGJmVDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9kZDNmMTUtYmJhYy00OWQ0LTk0MzUt
Mzk5YjdhM2IyMGNmLzEvY2luMzZJa2NWSVFNV1BqZDQ0R3FYS0xRdVdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9kZDNmMTUtYmJhYy00OWQ0LTk0MzUtMzk5YjdhM2IyMGNm
LzEvekI1OFJyZ2QyckowUW5ERnV0bUdyNGJmVDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8EqMA0G
CSqGSIb3DQEBCwUAA4IBAQBqEU97kVI2xgGasrmN6ND6f/w5hc5BSidZin3s1T+e
yjiv/R9pIjfGRdQA3Ij+KMcc++6Wy1lOk4M4lczyaw+TKoaLE0FQHQvhQxeWnip7
WTnlKoUzCk7sx51waYVKrm9NxQec0FO+ZYlpF4A0bVjEL1aY141skLRp6wlcybJM
y0gJS9S8nl7ix2RmhQv102Ql8IbnBOLITCfxkqqs4nNHNMorWds04hasBwWNnlWj
wqRyTo8Fip11QkUiJhzZ3grVW24D6fj5R4k+tVlUEYacc012jdWf9Tdhk67ztHuB
pXW3XXcRPpprqtK7TniA0DP5Fb5cCrC6ybmh3x1mvGxA
-----END CERTIFICATE-----