Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/dOwbaQzqcRYTsS9whCXtEpuCSXk.roa
File:                     dOwbaQzqcRYTsS9whCXtEpuCSXk.roa (raw, json)
Hash identifier:          1R7jY8US+XVotTudXZJyXVeOcS1o5JnuJJgbbY55aZU=
Subject key identifier:   74:EC:1B:69:0C:EA:71:16:13:B1:2F:70:84:25:ED:12:9B:82:49:79
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       0194252152B94C384EA7885A5AD085AEDBE0
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/dOwbaQzqcRYTsS9whCXtEpuCSXk.roa
Signing time:             Thu 02 Jan 2025 03:48:48 +0000
ROA not before:           Thu 02 Jan 2025 03:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398343
IP address blocks:        91.190.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:52:b9:4c:38:4e:a7:88:5a:5a:d0:85:ae:db:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Jan  2 03:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74ec1b690cea711613b12f708425ed129b824979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:62:df:71:b1:67:05:57:fc:8c:8d:ed:46:62:
                    78:a1:9a:d0:23:cf:3d:30:74:e8:8f:8b:68:8c:aa:
                    ab:6a:a3:55:6b:0d:0a:89:a3:a8:be:c8:d1:ff:c5:
                    22:1c:2a:6e:bc:c9:a2:21:08:6b:6c:e6:a7:db:43:
                    88:2a:f9:f6:49:3e:66:cc:94:2f:4f:00:4c:92:6f:
                    07:89:0f:2e:e4:38:5c:ca:8b:39:a6:ad:50:56:98:
                    dd:93:e7:3f:3f:a5:2b:47:18:df:87:1e:ce:1d:01:
                    3b:06:63:c0:6c:03:b4:08:aa:13:03:58:1a:42:3d:
                    b5:d7:9e:ee:e3:bb:ca:8f:c2:4d:15:a2:b7:9f:34:
                    f3:a5:33:7e:f6:57:52:0a:3b:31:30:ae:99:3a:a6:
                    07:a8:1c:02:a5:d5:be:83:63:de:30:1c:e0:d8:e7:
                    3b:aa:eb:4b:9e:11:9b:e0:0c:0b:09:17:cd:32:d5:
                    e1:09:41:e4:80:d6:de:ed:91:01:75:22:96:15:99:
                    a5:ae:5e:c7:15:6c:42:52:ab:72:98:06:d2:5e:aa:
                    5b:e2:10:c1:52:0d:64:72:48:67:bc:20:0f:b9:0e:
                    b7:06:83:1c:5f:73:02:b3:6f:11:47:48:2e:5d:49:
                    14:ca:db:e5:e9:9f:5f:75:6b:4d:7a:d6:9e:75:7d:
                    98:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:EC:1B:69:0C:EA:71:16:13:B1:2F:70:84:25:ED:12:9B:82:49:79
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/dOwbaQzqcRYTsS9whCXtEpuCSXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:39:b3:33:97:92:04:68:2b:2e:f4:e0:86:9f:0b:80:36:f7:
         47:87:5a:d5:67:de:7f:2c:16:8e:00:04:82:81:4a:47:4b:0d:
         82:07:e7:93:1d:d3:c0:30:31:1c:d7:24:12:00:86:5e:32:f1:
         9f:6f:40:86:80:64:70:4b:04:23:7e:96:f3:8a:2f:1d:ab:50:
         4c:40:e5:4a:8e:b3:ea:fa:ac:31:6c:50:e5:f0:09:8e:40:0f:
         74:b9:87:45:0c:02:6e:3e:c2:f0:9e:c7:6f:c3:8a:a1:58:86:
         34:4d:31:96:05:b7:c8:ff:31:cf:59:6b:a5:60:5f:f3:53:c7:
         ad:9b:98:3f:f6:74:1f:99:dd:8a:28:63:6a:81:b2:90:68:b1:
         86:bd:86:0b:7e:85:21:76:f2:e5:57:23:9c:2e:65:66:f8:a4:
         28:c5:22:de:49:68:b5:c5:ce:c7:67:c2:81:e9:69:cc:12:3f:
         d4:71:44:5d:87:bd:94:2b:76:7d:0f:0a:66:33:69:b9:84:4a:
         88:8a:05:b7:bc:6f:bf:b7:34:d1:60:7d:55:5d:73:aa:d5:dd:
         52:87:b6:c2:76:5c:70:f5:7d:f8:aa:9a:61:da:6a:e4:b2:47:
         47:41:58:a1:f4:db:ea:77:da:fd:79:7b:79:f4:6a:51:f0:c5:
         34:02:b1:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIVK5TDhOp4haWtCFrtvgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjUwMTAyMDM0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVjMWI2OTBjZWE3MTE2MTNiMTJmNzA4NDI1ZWQxMjliODI0OTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2LfcbFnBVf8jI3tRmJ4oZrQI889
MHToj4tojKqraqNVaw0KiaOovsjR/8UiHCpuvMmiIQhrbOan20OIKvn2ST5mzJQv
TwBMkm8HiQ8u5Dhcyos5pq1QVpjdk+c/P6UrRxjfhx7OHQE7BmPAbAO0CKoTA1ga
Qj21157u47vKj8JNFaK3nzTzpTN+9ldSCjsxMK6ZOqYHqBwCpdW+g2PeMBzg2Oc7
qutLnhGb4AwLCRfNMtXhCUHkgNbe7ZEBdSKWFZmlrl7HFWxCUqtymAbSXqpb4hDB
Ug1kckhnvCAPuQ63BoMcX3MCs28RR0guXUkUytvl6Z9fdWtNetaedX2YJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTsG2kM6nEWE7EvcIQl7RKbgkl5MB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvZE93YmFRenFjUllUc1M5d2hDWHRFcHVDU1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW764MA0G
CSqGSIb3DQEBCwUAA4IBAQBoObMzl5IEaCsu9OCGnwuANvdHh1rVZ95/LBaOAASC
gUpHSw2CB+eTHdPAMDEc1yQSAIZeMvGfb0CGgGRwSwQjfpbzii8dq1BMQOVKjrPq
+qwxbFDl8AmOQA90uYdFDAJuPsLwnsdvw4qhWIY0TTGWBbfI/zHPWWulYF/zU8et
m5g/9nQfmd2KKGNqgbKQaLGGvYYLfoUhdvLlVyOcLmVm+KQoxSLeSWi1xc7HZ8KB
6WnMEj/UcURdh72UK3Z9DwpmM2m5hEqIigW3vG+/tzTRYH1VXXOq1d1Sh7bCdlxw
9X34qpph2mrkskdHQVih9Nvqd9r9eXt59GpR8MU0ArE8
-----END CERTIFICATE-----