Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/e46168-9818-4b51-94ad-c618dec07462/1/RVpE5x4ewK-16qeOmC4zQhoP4D0.roa
File:                     RVpE5x4ewK-16qeOmC4zQhoP4D0.roa (raw, json)
Hash identifier:          hUGCkNpwy4m/7VpqWBt6q2aDAeStLb3YaDGvbWD+DDQ=
Subject key identifier:   45:5A:44:E7:1E:1E:C0:AF:B5:EA:A7:8E:98:2E:33:42:1A:0F:E0:3D
Certificate issuer:       /CN=c0d0437cdf7cba9f3967eb328a08686d06e47d56
Certificate serial:       01942823544F0910CA0324EDD23CEF36E659
Authority key identifier: C0:D0:43:7C:DF:7C:BA:9F:39:67:EB:32:8A:08:68:6D:06:E4:7D:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wNBDfN98up85Z-syighobQbkfVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/e46168-9818-4b51-94ad-c618dec07462/1/RVpE5x4ewK-16qeOmC4zQhoP4D0.roa
Signing time:             Thu 02 Jan 2025 17:49:51 +0000
ROA not before:           Thu 02 Jan 2025 17:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196863
IP address blocks:        91.223.88.0/24 maxlen: 24
                          91.227.206.0/23 maxlen: 23
                          91.234.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/e46168-9818-4b51-94ad-c618dec07462/1/wNBDfN98up85Z-syighobQbkfVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/e46168-9818-4b51-94ad-c618dec07462/1/wNBDfN98up85Z-syighobQbkfVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wNBDfN98up85Z-syighobQbkfVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:54:4f:09:10:ca:03:24:ed:d2:3c:ef:36:e6:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0d0437cdf7cba9f3967eb328a08686d06e47d56
        Validity
            Not Before: Jan  2 17:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=455a44e71e1ec0afb5eaa78e982e33421a0fe03d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:da:ec:01:6d:72:ef:7a:2b:b4:89:fa:e4:18:
                    7f:15:f2:55:62:13:52:9f:b3:d0:74:bf:51:d7:ff:
                    50:1b:65:a3:46:79:3d:a8:87:86:61:26:5b:3c:fd:
                    a9:8c:f5:0d:00:b7:51:af:5a:94:d6:8f:c5:0a:51:
                    a2:00:6d:cf:6a:5b:b3:5c:76:ec:49:7c:67:7f:1d:
                    6a:21:79:5c:1f:5a:c9:6b:8d:11:a9:d0:08:ae:07:
                    76:a4:25:f0:1a:ca:c1:1a:bc:59:41:3b:b3:9c:71:
                    ae:20:ca:9a:b8:7f:5c:47:53:cc:d8:72:e3:d2:8e:
                    29:b5:b8:f0:52:e7:40:c8:b0:d2:d0:7a:ac:6c:1e:
                    62:b3:b3:0e:1f:5d:99:82:ad:fe:35:25:49:78:a8:
                    89:dc:0b:1c:83:78:0d:2b:e0:1d:0d:e7:ff:4c:eb:
                    a0:25:4f:94:0c:bc:a8:5e:2f:f9:8b:2e:5b:7a:d0:
                    47:69:56:6d:1b:53:cc:f9:b2:a8:33:ca:f2:55:cb:
                    85:fe:d9:08:51:1d:ea:ca:47:59:b5:7e:72:02:44:
                    ce:cb:cd:b1:18:e9:4d:a5:3b:eb:b2:d7:ef:bf:7b:
                    14:ad:35:53:cf:15:59:1b:eb:ec:3f:5d:0a:b5:aa:
                    b4:2b:27:0a:4d:bb:2f:ac:40:e0:a1:c3:c3:6b:ff:
                    aa:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:5A:44:E7:1E:1E:C0:AF:B5:EA:A7:8E:98:2E:33:42:1A:0F:E0:3D
            X509v3 Authority Key Identifier:
                keyid:C0:D0:43:7C:DF:7C:BA:9F:39:67:EB:32:8A:08:68:6D:06:E4:7D:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wNBDfN98up85Z-syighobQbkfVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/e46168-9818-4b51-94ad-c618dec07462/1/RVpE5x4ewK-16qeOmC4zQhoP4D0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/e46168-9818-4b51-94ad-c618dec07462/1/wNBDfN98up85Z-syighobQbkfVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.88.0/24
                  91.227.206.0/23
                  91.234.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:3d:6d:48:40:1f:83:e9:9a:c4:e5:24:bc:fe:1e:e1:8a:47:
         ad:e9:43:0f:19:87:db:49:39:7e:ce:69:e6:65:97:f0:a4:ef:
         6b:11:9b:7b:51:0c:cf:7b:63:27:bd:2d:48:4d:75:e5:12:96:
         16:34:00:87:ca:90:75:f6:e7:1c:3a:cf:d1:cf:60:7b:86:ce:
         a6:5d:54:b4:92:2f:70:c3:c1:f6:71:99:6e:a8:d6:d5:6e:61:
         f9:b2:3a:1d:a9:6f:0e:cd:cb:71:4b:ee:b6:87:db:86:61:ce:
         05:d9:75:c3:a6:4c:46:40:90:b8:05:a5:63:6c:e0:80:7a:3c:
         85:72:d0:3b:4f:4d:32:13:be:9d:ea:81:06:27:76:4f:0b:18:
         03:01:db:4b:57:9d:73:bb:e1:ad:8e:70:42:aa:ab:d9:3f:ab:
         37:a9:46:4a:67:6a:d6:8d:b6:5e:76:53:db:65:02:ae:a2:56:
         32:26:fb:50:e6:b7:21:4f:ca:53:d3:d5:f7:78:fe:b0:2c:0a:
         ee:3f:7f:c8:85:b5:29:a1:59:68:12:47:f0:15:28:0b:ae:db:
         7e:6b:aa:e5:bc:f1:b0:a2:06:5b:6f:99:90:4e:38:ea:73:b0:
         18:e9:84:e1:bf:80:9e:1b:e9:dc:83:48:bd:a6:a9:1b:20:7a:
         30:d3:51:af
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoI1RPCRDKAyTt0jzvNuZZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZDA0MzdjZGY3Y2JhOWYzOTY3ZWIzMjhhMDg2ODZkMDZl
NDdkNTYwHhcNMjUwMTAyMTc0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTVhNDRlNzFlMWVjMGFmYjVlYWE3OGU5ODJlMzM0MjFhMGZlMDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAidrsAW1y73ortIn65Bh/FfJVYhNS
n7PQdL9R1/9QG2WjRnk9qIeGYSZbPP2pjPUNALdRr1qU1o/FClGiAG3PaluzXHbs
SXxnfx1qIXlcH1rJa40RqdAIrgd2pCXwGsrBGrxZQTuznHGuIMqauH9cR1PM2HLj
0o4ptbjwUudAyLDS0HqsbB5is7MOH12Zgq3+NSVJeKiJ3Ascg3gNK+AdDef/TOug
JU+UDLyoXi/5iy5betBHaVZtG1PM+bKoM8ryVcuF/tkIUR3qykdZtX5yAkTOy82x
GOlNpTvrstfvv3sUrTVTzxVZG+vsP10Ktaq0KycKTbsvrEDgocPDa/+qjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEVaROceHsCvteqnjpguM0IaD+A9MB8GA1UdIwQY
MBaAFMDQQ3zffLqfOWfrMooIaG0G5H1WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd05CRGZOOTh1cDg1Wi1zeWlnaG9iUWJrZlZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9lNDYxNjgtOTgxOC00YjUxLTk0YWQt
YzYxOGRlYzA3NDYyLzEvUlZwRTV4NGV3Sy0xNnFlT21DNHpRaG9QNEQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9lNDYxNjgtOTgxOC00YjUxLTk0YWQtYzYxOGRlYzA3NDYy
LzEvd05CRGZOOTh1cDg1Wi1zeWlnaG9iUWJrZlZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW99YAwQB
W+POAwQCW+oAMA0GCSqGSIb3DQEBCwUAA4IBAQA9PW1IQB+D6ZrE5SS8/h7hiket
6UMPGYfbSTl+zmnmZZfwpO9rEZt7UQzPe2MnvS1ITXXlEpYWNACHypB19uccOs/R
z2B7hs6mXVS0ki9ww8H2cZluqNbVbmH5sjodqW8OzctxS+62h9uGYc4F2XXDpkxG
QJC4BaVjbOCAejyFctA7T00yE76d6oEGJ3ZPCxgDAdtLV51zu+GtjnBCqqvZP6s3
qUZKZ2rWjbZedlPbZQKuolYyJvtQ5rchT8pT09X3eP6wLAruP3/IhbUpoVloEkfw
FSgLrtt+a6rlvPGwogZbb5mQTjjqc7AY6YThv4CeG+ncg0i9pqkbIHow01Gv
-----END CERTIFICATE-----