Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/1e4a1c-b14c-46b5-87cc-5d14a0ff6dee/1/BBmeL_y8dFZnZVsyof-5HOdh9rM.roa
File:                     BBmeL_y8dFZnZVsyof-5HOdh9rM.roa (raw, json)
Hash identifier:          l+ylGzhBzhl0JipTi0n6QhNTnBVAyKKM7zWtPfY+z3s=
Subject key identifier:   04:19:9E:2F:FC:BC:74:56:67:65:5B:32:A1:FF:B9:1C:E7:61:F6:B3
Certificate issuer:       /CN=cc642b1f5dd73af7d3ad05487e086001dff9b2e7
Certificate serial:       0194228DC4ADE850F8ADC2897F0DF42C288F
Authority key identifier: CC:64:2B:1F:5D:D7:3A:F7:D3:AD:05:48:7E:08:60:01:DF:F9:B2:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zGQrH13XOvfTrQVIfghgAd_5suc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/1e4a1c-b14c-46b5-87cc-5d14a0ff6dee/1/BBmeL_y8dFZnZVsyof-5HOdh9rM.roa
Signing time:             Wed 01 Jan 2025 15:48:23 +0000
ROA not before:           Wed 01 Jan 2025 15:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44557
IP address blocks:        91.214.148.0/24 maxlen: 24
                          91.214.149.0/24 maxlen: 24
                          91.214.150.0/24 maxlen: 24
                          91.214.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/1e4a1c-b14c-46b5-87cc-5d14a0ff6dee/1/zGQrH13XOvfTrQVIfghgAd_5suc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/1e4a1c-b14c-46b5-87cc-5d14a0ff6dee/1/zGQrH13XOvfTrQVIfghgAd_5suc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zGQrH13XOvfTrQVIfghgAd_5suc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:c4:ad:e8:50:f8:ad:c2:89:7f:0d:f4:2c:28:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc642b1f5dd73af7d3ad05487e086001dff9b2e7
        Validity
            Not Before: Jan  1 15:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=04199e2ffcbc745667655b32a1ffb91ce761f6b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:fc:35:29:18:72:88:cd:ac:d2:db:3c:19:f5:
                    1e:4f:18:19:df:92:1e:6c:ad:fe:1c:a1:03:c4:20:
                    56:67:f7:1e:d8:8b:7f:2b:ab:97:7a:74:6b:e6:36:
                    57:6a:7e:15:54:99:22:ac:10:1e:f6:3a:bb:70:6a:
                    da:68:5a:8c:73:a7:6b:60:29:ae:e2:f2:54:04:67:
                    9c:33:bf:6c:57:cb:50:ce:ec:52:e2:01:9e:17:22:
                    78:81:23:09:e0:bd:42:7d:0b:bd:d0:13:d0:0c:1d:
                    69:44:58:5d:ac:e4:39:4b:55:ad:89:f0:3b:2f:d3:
                    9d:75:2f:d8:dd:1d:f4:9d:a2:9e:20:9d:cb:6d:6c:
                    5a:99:67:02:61:67:b3:6b:96:96:07:6a:c1:ec:b7:
                    45:00:bd:42:37:25:3e:ae:88:15:c8:4e:14:cd:c4:
                    e1:25:e2:01:69:29:5f:6e:e8:a7:99:86:41:06:c7:
                    79:f0:e0:32:b2:2b:fc:a2:85:83:40:e9:4b:cb:e2:
                    d6:e8:92:05:67:af:f3:7f:9e:99:ac:c1:29:94:30:
                    67:89:c8:dd:5c:2a:7e:13:fb:33:52:68:b6:f4:4f:
                    eb:12:ae:80:b8:c3:77:81:ef:19:92:f0:b1:b4:0b:
                    ae:0a:cb:2b:0a:bc:23:79:43:52:3f:c4:44:d8:d9:
                    43:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:19:9E:2F:FC:BC:74:56:67:65:5B:32:A1:FF:B9:1C:E7:61:F6:B3
            X509v3 Authority Key Identifier:
                keyid:CC:64:2B:1F:5D:D7:3A:F7:D3:AD:05:48:7E:08:60:01:DF:F9:B2:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zGQrH13XOvfTrQVIfghgAd_5suc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/1e4a1c-b14c-46b5-87cc-5d14a0ff6dee/1/BBmeL_y8dFZnZVsyof-5HOdh9rM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/1e4a1c-b14c-46b5-87cc-5d14a0ff6dee/1/zGQrH13XOvfTrQVIfghgAd_5suc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.148.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c7:87:1e:53:be:f7:0d:06:23:79:85:0c:47:74:98:d4:e2:bc:
         a3:a9:bf:87:3d:f2:d8:11:70:2f:8f:fc:95:c0:d8:b1:e0:24:
         c1:0a:27:1f:a9:58:97:e6:7d:de:a2:37:5a:1f:53:0c:76:8f:
         c4:68:a4:42:54:75:9c:4b:34:53:90:a3:2e:24:d7:4e:4d:54:
         af:6e:95:be:0a:da:63:29:73:05:18:8b:d9:84:65:18:5f:3e:
         4a:17:e8:07:fd:91:83:c1:5d:87:8f:e4:ae:41:70:59:e4:9d:
         61:1e:d4:72:c9:74:3a:49:5f:4a:74:e6:17:7f:19:52:34:d1:
         f5:b2:71:3a:bd:e5:11:6f:1b:19:b0:85:e7:ca:2b:c8:60:cc:
         66:49:8c:fd:d2:6d:20:cd:0d:af:23:31:95:29:23:f6:06:e8:
         11:ec:69:8f:10:1c:ff:fc:ae:22:f6:10:79:1a:ca:d2:37:6d:
         7c:17:d1:ef:b9:67:b2:51:16:a3:0c:85:f7:94:d4:13:cd:bf:
         c7:b1:b5:df:85:cc:5f:09:b7:6f:19:65:66:92:90:02:4f:a6:
         29:50:f1:49:66:36:cd:25:23:c2:e4:96:37:8f:92:dd:e7:d6:
         ac:ff:02:d3:a8:65:0b:28:bc:62:9b:50:55:86:cf:a2:e2:7b:
         5b:15:fc:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijcSt6FD4rcKJfw30LCiPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjNjQyYjFmNWRkNzNhZjdkM2FkMDU0ODdlMDg2MDAxZGZm
OWIyZTcwHhcNMjUwMTAxMTU0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDE5OWUyZmZjYmM3NDU2Njc2NTViMzJhMWZmYjkxY2U3NjFmNmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPw1KRhyiM2s0ts8GfUeTxgZ35Ie
bK3+HKEDxCBWZ/ce2It/K6uXenRr5jZXan4VVJkirBAe9jq7cGraaFqMc6drYCmu
4vJUBGecM79sV8tQzuxS4gGeFyJ4gSMJ4L1CfQu90BPQDB1pRFhdrOQ5S1WtifA7
L9OddS/Y3R30naKeIJ3LbWxamWcCYWeza5aWB2rB7LdFAL1CNyU+rogVyE4UzcTh
JeIBaSlfbuinmYZBBsd58OAysiv8ooWDQOlLy+LW6JIFZ6/zf56ZrMEplDBnicjd
XCp+E/szUmi29E/rEq6AuMN3ge8ZkvCxtAuuCssrCrwjeUNSP8RE2NlDGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAQZni/8vHRWZ2VbMqH/uRznYfazMB8GA1UdIwQY
MBaAFMxkKx9d1zr3060FSH4IYAHf+bLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekdRckgxM1hPdmZUclFWSWZnaGdBZF81c3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8xZTRhMWMtYjE0Yy00NmI1LTg3Y2Mt
NWQxNGEwZmY2ZGVlLzEvQkJtZUxfeThkRlpuWlZzeW9mLTVIT2RoOXJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8xZTRhMWMtYjE0Yy00NmI1LTg3Y2MtNWQxNGEwZmY2ZGVl
LzEvekdRckgxM1hPdmZUclFWSWZnaGdBZF81c3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9aUMA0G
CSqGSIb3DQEBCwUAA4IBAQDHhx5TvvcNBiN5hQxHdJjU4ryjqb+HPfLYEXAvj/yV
wNix4CTBCicfqViX5n3eojdaH1MMdo/EaKRCVHWcSzRTkKMuJNdOTVSvbpW+Ctpj
KXMFGIvZhGUYXz5KF+gH/ZGDwV2Hj+SuQXBZ5J1hHtRyyXQ6SV9KdOYXfxlSNNH1
snE6veURbxsZsIXnyivIYMxmSYz90m0gzQ2vIzGVKSP2BugR7GmPEBz//K4i9hB5
GsrSN218F9HvuWeyURajDIX3lNQTzb/HsbXfhcxfCbdvGWVmkpACT6YpUPFJZjbN
JSPC5JY3j5Ld59as/wLTqGULKLxim1BVhs+i4ntbFfwh
-----END CERTIFICATE-----