Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/RPPTqZmnNvl2bA9DvWRxFrRscgI.roa
File:                     RPPTqZmnNvl2bA9DvWRxFrRscgI.roa (raw, json)
Hash identifier:          YgRGyj6aWmN2IaQPkK0Kj/BzDTssAu4x00Xm44EizOQ=
Subject key identifier:   44:F3:D3:A9:99:A7:36:F9:76:6C:0F:43:BD:64:71:16:B4:6C:72:02
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       01944A64B759285ECBB5571D7AE772D93326
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/RPPTqZmnNvl2bA9DvWRxFrRscgI.roa
Signing time:             Thu 09 Jan 2025 09:28:21 +0000
ROA not before:           Thu 09 Jan 2025 09:28:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136258
IP address blocks:        91.148.134.0/24 maxlen: 24
                          91.148.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:4a:64:b7:59:28:5e:cb:b5:57:1d:7a:e7:72:d9:33:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  9 09:28:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44f3d3a999a736f9766c0f43bd647116b46c7202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:7a:c4:51:fc:07:e5:3c:12:f0:eb:8a:88:45:
                    10:36:dd:8a:fc:a2:d9:ab:91:53:bf:9c:98:d0:dd:
                    24:0c:08:e8:98:0e:57:2d:e5:af:ef:f9:3a:42:94:
                    75:97:51:5d:68:bd:c2:0c:90:c5:cd:34:72:68:c1:
                    19:93:d6:a4:77:96:dd:26:03:b9:b4:8c:4c:3f:04:
                    fa:c2:b9:3c:52:31:db:a4:a3:92:a9:ee:63:d3:b7:
                    2f:16:f0:2e:98:fe:19:52:df:ec:ee:33:01:7e:23:
                    c5:98:6a:08:76:b5:39:84:ff:2b:89:cc:e6:fe:09:
                    1b:b9:8a:e1:68:a1:60:a2:88:28:0e:0b:15:65:a9:
                    af:8d:94:97:94:c0:88:0c:a1:0d:10:8f:73:76:53:
                    65:31:8f:24:88:13:de:5d:ba:07:d8:1d:0a:d5:cb:
                    63:24:0d:cf:91:eb:43:22:97:1f:66:96:27:80:59:
                    67:00:4f:aa:09:6f:71:f5:ab:9e:2e:0c:eb:66:e0:
                    85:cb:77:7b:6c:88:18:8f:b2:e8:27:3d:62:dd:70:
                    8f:e8:dd:91:44:e8:87:54:da:fe:4c:9a:55:2f:cb:
                    e7:48:57:55:23:80:47:a3:53:58:81:88:3d:8b:4f:
                    b6:29:9b:1d:85:a9:bf:4a:9c:08:94:be:bd:f6:74:
                    83:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:F3:D3:A9:99:A7:36:F9:76:6C:0F:43:BD:64:71:16:B4:6C:72:02
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/RPPTqZmnNvl2bA9DvWRxFrRscgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.148.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         63:82:75:c5:0e:b6:05:ca:94:c8:88:b0:5d:19:8b:92:f7:75:
         91:29:f8:87:e7:d7:4c:80:b5:49:c3:ee:aa:90:36:b7:83:33:
         0f:3d:5d:ec:9c:a1:53:7f:87:71:b0:ea:41:5c:bd:19:99:76:
         28:4f:c0:6f:21:a2:7d:f7:ea:f1:4e:1f:b4:69:44:62:e4:c0:
         dd:0e:91:41:9c:4b:fb:e2:a4:b2:4f:29:36:9a:6a:56:e4:bb:
         5d:d6:f8:60:52:c3:5a:be:e8:1a:36:65:51:6a:ec:21:3e:49:
         e1:40:11:7a:84:e5:ef:ba:8a:49:df:f0:4e:5f:cc:07:97:e5:
         49:0e:65:ff:fa:3b:a5:ce:f2:f5:07:11:d0:8a:40:0f:38:54:
         8c:77:bc:b0:22:e4:b8:92:04:96:af:e0:ba:bb:82:98:e0:a2:
         9a:11:98:ae:fc:89:fb:7f:e7:d1:c9:a5:e1:16:bb:38:92:a8:
         81:8e:ff:4d:3c:c2:8b:0e:08:46:a5:1c:36:65:3c:6a:45:07:
         18:32:0e:57:52:99:6c:4f:d2:a9:50:a2:15:4d:49:d5:fd:d7:
         75:d4:b6:89:7a:79:f6:9f:3f:04:8d:ff:e5:8e:7f:95:6a:3f:
         aa:8d:68:1c:f6:9f:93:83:54:90:17:24:25:cb:d3:ca:8b:a4:
         1d:f9:86:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRKZLdZKF7LtVcdeudy2TMmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTA5MDkyODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGYzZDNhOTk5YTczNmY5NzY2YzBmNDNiZDY0NzExNmI0NmM3MjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XrEUfwH5TwS8OuKiEUQNt2K/KLZ
q5FTv5yY0N0kDAjomA5XLeWv7/k6QpR1l1FdaL3CDJDFzTRyaMEZk9akd5bdJgO5
tIxMPwT6wrk8UjHbpKOSqe5j07cvFvAumP4ZUt/s7jMBfiPFmGoIdrU5hP8riczm
/gkbuYrhaKFgoogoDgsVZamvjZSXlMCIDKENEI9zdlNlMY8kiBPeXboH2B0K1ctj
JA3PketDIpcfZpYngFlnAE+qCW9x9aueLgzrZuCFy3d7bIgYj7LoJz1i3XCP6N2R
ROiHVNr+TJpVL8vnSFdVI4BHo1NYgYg9i0+2KZsdham/SpwIlL699nSDOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETz06mZpzb5dmwPQ71kcRa0bHICMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvUlBQVHFabW5OdmwyYkE5RHZXUnhGclJzY2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW5SGMA0G
CSqGSIb3DQEBCwUAA4IBAQBjgnXFDrYFypTIiLBdGYuS93WRKfiH59dMgLVJw+6q
kDa3gzMPPV3snKFTf4dxsOpBXL0ZmXYoT8BvIaJ99+rxTh+0aURi5MDdDpFBnEv7
4qSyTyk2mmpW5Ltd1vhgUsNavugaNmVRauwhPknhQBF6hOXvuopJ3/BOX8wHl+VJ
DmX/+julzvL1BxHQikAPOFSMd7ywIuS4kgSWr+C6u4KY4KKaEZiu/In7f+fRyaXh
Frs4kqiBjv9NPMKLDghGpRw2ZTxqRQcYMg5XUplsT9KpUKIVTUnV/dd11LaJenn2
nz8Ejf/ljn+Vaj+qjWgc9p+Tg1SQFyQly9PKi6Qd+YZM
-----END CERTIFICATE-----