Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/ProilHJF12XNjqluZhoel5qmzGE.roa
File:                     ProilHJF12XNjqluZhoel5qmzGE.roa (raw, json)
Hash identifier:          vqODFTpOMw/oRhmj5asnKLbaDrVfLd9DrvwDm7QE1Gw=
Subject key identifier:   3E:BA:22:94:72:45:D7:65:CD:8E:A9:6E:66:1A:1E:97:9A:A6:CC:61
Certificate issuer:       /CN=ea846006cf8b9e388f31451358092502cecc1136
Certificate serial:       0194258F9955EBA73E52F92891A83C332507
Authority key identifier: EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/ProilHJF12XNjqluZhoel5qmzGE.roa
Signing time:             Thu 02 Jan 2025 05:49:15 +0000
ROA not before:           Thu 02 Jan 2025 05:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        91.197.55.0/24 maxlen: 24
                          2a06:8ac0::/45 maxlen: 45
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:99:55:eb:a7:3e:52:f9:28:91:a8:3c:33:25:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea846006cf8b9e388f31451358092502cecc1136
        Validity
            Not Before: Jan  2 05:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3eba22947245d765cd8ea96e661a1e979aa6cc61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9a:a1:49:6d:58:39:05:db:69:ba:0b:0c:d8:
                    f4:79:87:9a:2b:07:ba:e8:fe:af:33:4f:49:05:d4:
                    10:9e:a2:45:24:22:a1:0a:9c:12:8a:aa:a8:36:8a:
                    24:1e:ae:1f:f7:d8:e3:6b:06:bb:55:55:c2:e1:cf:
                    47:b6:eb:24:11:15:61:3b:fe:52:93:fd:35:a0:31:
                    00:06:e2:57:0b:ac:69:1a:4a:b1:da:39:68:0e:15:
                    54:55:73:70:e5:44:66:c1:4f:96:f5:be:d3:96:81:
                    51:c1:7d:d7:ab:f3:74:3b:3a:f5:b3:6b:6a:a8:89:
                    6f:93:31:28:e5:26:aa:e4:d1:8b:97:66:c6:ff:09:
                    1c:94:4f:b7:45:5d:f5:a4:fb:09:1c:ae:9c:b7:45:
                    4e:06:69:8d:ba:c3:d0:b5:d7:62:c7:09:42:89:48:
                    d1:67:8d:8e:28:fa:02:c8:1e:40:6f:20:d3:68:2b:
                    87:a7:1b:ba:ca:12:0b:9c:92:11:c8:90:53:97:56:
                    dc:1d:c3:8b:15:8f:2e:9d:39:7b:8a:98:fc:c5:6f:
                    67:53:37:38:96:85:3c:6a:b6:31:d5:5b:83:6b:13:
                    40:44:05:5d:69:6a:65:bb:f3:63:dc:74:e9:80:8f:
                    1a:8d:f6:37:e9:fd:0c:06:8c:22:73:5e:88:42:26:
                    51:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:BA:22:94:72:45:D7:65:CD:8E:A9:6E:66:1A:1E:97:9A:A6:CC:61
            X509v3 Authority Key Identifier:
                keyid:EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/ProilHJF12XNjqluZhoel5qmzGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.55.0/24
                IPv6:
                  2a06:8ac0::/45

    Signature Algorithm: sha256WithRSAEncryption
         95:e5:b8:f9:4e:3a:58:da:03:e3:3c:af:b1:2a:d5:9e:f9:30:
         5b:98:02:70:d1:b4:3f:38:5d:b6:cb:2f:06:03:3e:dd:86:84:
         cc:2f:7e:9b:6a:7d:2b:d3:76:d1:8b:05:6a:98:b7:16:02:2e:
         fa:e3:50:9d:9b:3f:21:a1:1b:4d:e3:fc:62:2d:2d:9a:b8:c8:
         b6:54:3e:3e:17:0b:60:f7:4d:70:bc:07:29:ca:a9:33:8f:16:
         dc:85:36:92:9f:d5:69:e9:39:dc:94:d4:fb:3f:f4:e7:49:66:
         8b:e0:9a:12:07:70:92:4f:92:ca:2e:95:8b:dd:e6:77:72:16:
         4b:e1:24:7a:55:67:52:16:14:47:ad:c9:68:2c:76:3c:fa:2b:
         0a:25:e6:9f:46:3a:4e:46:79:b7:4f:35:d6:a4:11:5d:52:f7:
         4d:a4:60:09:a2:63:df:40:6e:01:88:f7:93:28:7c:d3:f8:56:
         3b:c8:d2:ba:3a:fc:c9:55:7b:52:f3:71:c4:53:91:f5:47:a7:
         89:0a:c0:c3:0a:4a:f6:08:aa:63:de:8a:90:dd:30:2e:4f:5b:
         0c:9a:10:3c:e7:aa:c7:95:57:03:8f:3f:52:70:e3:d5:23:ee:
         da:49:3d:01:42:83:83:88:2f:79:0d:d1:69:c8:64:e7:4a:84:
         06:75:dd:c9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlj5lV66c+Uvkokag8MyUHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhODQ2MDA2Y2Y4YjllMzg4ZjMxNDUxMzU4MDkyNTAyY2Vj
YzExMzYwHhcNMjUwMTAyMDU0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWJhMjI5NDcyNDVkNzY1Y2Q4ZWE5NmU2NjFhMWU5NzlhYTZjYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JqhSW1YOQXbaboLDNj0eYeaKwe6
6P6vM09JBdQQnqJFJCKhCpwSiqqoNookHq4f99jjawa7VVXC4c9HtuskERVhO/5S
k/01oDEABuJXC6xpGkqx2jloDhVUVXNw5URmwU+W9b7TloFRwX3Xq/N0Ozr1s2tq
qIlvkzEo5Saq5NGLl2bG/wkclE+3RV31pPsJHK6ct0VOBmmNusPQtddixwlCiUjR
Z42OKPoCyB5AbyDTaCuHpxu6yhILnJIRyJBTl1bcHcOLFY8unTl7ipj8xW9nUzc4
loU8arYx1VuDaxNARAVdaWplu/Nj3HTpgI8ajfY36f0MBowic16IQiZRgQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFD66IpRyRddlzY6pbmYaHpeapsxhMB8GA1UdIwQY
MBaAFOqEYAbPi544jzFFE1gJJQLOzBE2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEt
Zjc0Y2NjYzRlMGExLzEvUHJvaWxISkYxMlhOanFsdVpob2VsNXFtekdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEtZjc0Y2NjYzRlMGEx
LzEvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8U3MA8E
AgACMAkDBwMqBorAAAAwDQYJKoZIhvcNAQELBQADggEBAJXluPlOOljaA+M8r7Eq
1Z75MFuYAnDRtD84XbbLLwYDPt2GhMwvfptqfSvTdtGLBWqYtxYCLvrjUJ2bPyGh
G03j/GItLZq4yLZUPj4XC2D3TXC8BynKqTOPFtyFNpKf1WnpOdyU1Ps/9OdJZovg
mhIHcJJPksoulYvd5ndyFkvhJHpVZ1IWFEetyWgsdjz6Kwol5p9GOk5GebdPNdak
EV1S902kYAmiY99AbgGI95MofNP4VjvI0ro6/MlVe1LzccRTkfVHp4kKwMMKSvYI
qmPeipDdMC5PWwyaEDznqseVVwOPP1Jw49Uj7tpJPQFCg4OIL3kN0WnIZOdKhAZ1
3ck=
-----END CERTIFICATE-----