Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/W0dMAnO6aF0Yx6O8KQpDYw42KzU.roa
File:                     W0dMAnO6aF0Yx6O8KQpDYw42KzU.roa (raw, json)
Hash identifier:          hYKeaXsd87cAB8WiR9boDz94K2aYD6Hd49egFLgXH3M=
Subject key identifier:   5B:47:4C:02:73:BA:68:5D:18:C7:A3:BC:29:0A:43:63:0E:36:2B:35
Certificate issuer:       /CN=950082a85946722c7fc1c864f0fbd80dc54dcd29
Certificate serial:       019427B5C545AA7DDE3869C960EEFEF9FAD7
Authority key identifier: 95:00:82:A8:59:46:72:2C:7F:C1:C8:64:F0:FB:D8:0D:C5:4D:CD:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lQCCqFlGcix_wchk8PvYDcVNzSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/W0dMAnO6aF0Yx6O8KQpDYw42KzU.roa
Signing time:             Thu 02 Jan 2025 15:50:11 +0000
ROA not before:           Thu 02 Jan 2025 15:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.240.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/lQCCqFlGcix_wchk8PvYDcVNzSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/lQCCqFlGcix_wchk8PvYDcVNzSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lQCCqFlGcix_wchk8PvYDcVNzSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c5:45:aa:7d:de:38:69:c9:60:ee:fe:f9:fa:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=950082a85946722c7fc1c864f0fbd80dc54dcd29
        Validity
            Not Before: Jan  2 15:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5b474c0273ba685d18c7a3bc290a43630e362b35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2a:2d:c6:53:09:69:9b:3d:78:bd:80:6f:30:
                    23:ec:59:ee:5c:4e:b1:8c:78:7a:ac:9e:a9:8a:c7:
                    6a:e2:fa:c2:f0:92:d5:df:0e:8e:53:b1:1f:12:d4:
                    c1:b4:e2:ad:69:25:8b:bc:60:a8:63:86:27:30:d3:
                    75:a2:c0:b7:03:d6:e1:a0:1a:e5:6f:5f:ef:49:b8:
                    e1:ce:c1:53:86:f2:8d:e6:a3:44:84:db:d1:01:7c:
                    39:ba:c2:b0:08:db:e9:6c:e1:e4:9b:65:69:c2:99:
                    f0:8a:d3:f5:1c:4c:9e:44:e7:cd:8f:a5:29:7a:cf:
                    f5:55:83:5d:4e:d1:56:30:a8:c2:28:3b:9a:bd:57:
                    d5:74:28:30:3b:72:d4:2c:0a:63:8c:b3:17:19:5a:
                    e5:c4:3f:0f:51:5e:bb:73:cb:74:e1:3d:00:92:e4:
                    14:f9:d0:ac:96:8c:78:d6:df:58:36:10:ec:1f:da:
                    6f:52:23:b9:90:fc:6c:e4:2d:c1:04:f1:98:48:f7:
                    46:41:47:5c:74:90:97:f0:eb:46:d7:cb:ae:20:c9:
                    4a:19:0d:66:62:22:37:9c:65:0a:8a:6c:7d:8d:10:
                    28:6b:f6:ff:1f:1f:00:e7:f0:c2:1d:5e:00:28:ee:
                    cb:54:9a:45:9f:80:c5:c3:cf:d7:37:b9:1d:27:6a:
                    97:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:47:4C:02:73:BA:68:5D:18:C7:A3:BC:29:0A:43:63:0E:36:2B:35
            X509v3 Authority Key Identifier:
                keyid:95:00:82:A8:59:46:72:2C:7F:C1:C8:64:F0:FB:D8:0D:C5:4D:CD:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lQCCqFlGcix_wchk8PvYDcVNzSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/W0dMAnO6aF0Yx6O8KQpDYw42KzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/34e40f-e1d2-4d29-89c5-c69a7f03e18f/1/lQCCqFlGcix_wchk8PvYDcVNzSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:7f:ed:f7:ec:9f:0e:a0:c0:c0:76:3b:3e:c5:17:57:d3:4e:
         45:6e:bb:59:1c:f4:ac:c0:ef:14:a0:61:c3:52:0d:9e:03:c2:
         3f:a0:40:8e:32:61:d7:6d:0b:be:62:8e:f2:07:1d:09:bf:d8:
         09:6b:92:ae:0d:aa:bb:5d:cb:1d:77:c2:c3:e2:85:f3:5c:c6:
         3f:28:5a:83:67:62:25:ee:c0:15:21:f8:bd:8a:c5:af:03:94:
         f5:10:bb:b3:31:75:6a:05:6c:19:5e:03:57:4d:7b:83:66:cc:
         69:41:0d:81:a5:33:cc:ee:ff:8f:ae:dc:44:e6:c6:5f:73:f7:
         fb:ee:5c:e9:59:65:cd:10:55:6a:9a:5a:3b:ac:66:6f:a9:8c:
         b6:d7:8e:43:db:c7:96:5a:41:f2:7e:be:ed:c8:03:cd:c3:a4:
         0e:27:0c:9a:02:ad:92:f1:8e:4c:f5:c2:f4:ab:e8:e0:b6:49:
         ee:e7:09:d0:58:24:31:6f:06:ee:75:54:f4:35:48:33:26:96:
         68:e1:6d:fd:b4:b7:c5:dc:0a:44:f5:95:13:01:99:5f:39:f5:
         d5:bd:cc:84:e7:d9:13:e3:60:9e:a3:62:14:54:cb:ac:9e:02:
         38:a2:9a:0c:08:ed:5b:be:35:74:69:ce:bc:00:23:21:88:f7:
         94:98:22:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntcVFqn3eOGnJYO7++frXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MDA4MmE4NTk0NjcyMmM3ZmMxYzg2NGYwZmJkODBkYzU0
ZGNkMjkwHhcNMjUwMTAyMTU1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjQ3NGMwMjczYmE2ODVkMThjN2EzYmMyOTBhNDM2MzBlMzYyYjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSotxlMJaZs9eL2AbzAj7FnuXE6x
jHh6rJ6pisdq4vrC8JLV3w6OU7EfEtTBtOKtaSWLvGCoY4YnMNN1osC3A9bhoBrl
b1/vSbjhzsFThvKN5qNEhNvRAXw5usKwCNvpbOHkm2VpwpnwitP1HEyeROfNj6Up
es/1VYNdTtFWMKjCKDuavVfVdCgwO3LULApjjLMXGVrlxD8PUV67c8t04T0AkuQU
+dCslox41t9YNhDsH9pvUiO5kPxs5C3BBPGYSPdGQUdcdJCX8OtG18uuIMlKGQ1m
YiI3nGUKimx9jRAoa/b/Hx8A5/DCHV4AKO7LVJpFn4DFw8/XN7kdJ2qXTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtHTAJzumhdGMejvCkKQ2MONis1MB8GA1UdIwQY
MBaAFJUAgqhZRnIsf8HIZPD72A3FTc0pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFFDQ3FGbEdjaXhfd2NoazhQdllEY1ZOelNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8zNGU0MGYtZTFkMi00ZDI5LTg5YzUt
YzY5YTdmMDNlMThmLzEvVzBkTUFuTzZhRjBZeDZPOEtRcERZdzQyS3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8zNGU0MGYtZTFkMi00ZDI5LTg5YzUtYzY5YTdmMDNlMThm
LzEvbFFDQ3FGbEdjaXhfd2NoazhQdllEY1ZOelNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/DpMA0G
CSqGSIb3DQEBCwUAA4IBAQCff+337J8OoMDAdjs+xRdX005FbrtZHPSswO8UoGHD
Ug2eA8I/oECOMmHXbQu+Yo7yBx0Jv9gJa5KuDaq7Xcsdd8LD4oXzXMY/KFqDZ2Il
7sAVIfi9isWvA5T1ELuzMXVqBWwZXgNXTXuDZsxpQQ2BpTPM7v+PrtxE5sZfc/f7
7lzpWWXNEFVqmlo7rGZvqYy2145D28eWWkHyfr7tyAPNw6QOJwyaAq2S8Y5M9cL0
q+jgtknu5wnQWCQxbwbudVT0NUgzJpZo4W39tLfF3ApE9ZUTAZlfOfXVvcyE59kT
42Ceo2IUVMusngI4opoMCO1bvjV0ac68ACMhiPeUmCIv
-----END CERTIFICATE-----