Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/Xdap8lWOk_OPrPnAHjZrax0V0YY.roa
File:                     Xdap8lWOk_OPrPnAHjZrax0V0YY.roa (raw, json)
Hash identifier:          36jUlYBcRqreAxC1qFacFfo9gII7DpsC+iKcaU5I/sQ=
Subject key identifier:   5D:D6:A9:F2:55:8E:93:F3:8F:AC:F9:C0:1E:36:6B:6B:1D:15:D1:86
Certificate issuer:       /CN=9f5646f7d8afc0a933fb33333f37013d83a04d00
Certificate serial:       019425FDD070D5DE36A1452BC11E3CE94FD2
Authority key identifier: 9F:56:46:F7:D8:AF:C0:A9:33:FB:33:33:3F:37:01:3D:83:A0:4D:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n1ZG99ivwKkz-zMzPzcBPYOgTQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/Xdap8lWOk_OPrPnAHjZrax0V0YY.roa
Signing time:             Thu 02 Jan 2025 07:49:38 +0000
ROA not before:           Thu 02 Jan 2025 07:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197642
IP address blocks:        91.223.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/n1ZG99ivwKkz-zMzPzcBPYOgTQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/n1ZG99ivwKkz-zMzPzcBPYOgTQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n1ZG99ivwKkz-zMzPzcBPYOgTQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d0:70:d5:de:36:a1:45:2b:c1:1e:3c:e9:4f:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f5646f7d8afc0a933fb33333f37013d83a04d00
        Validity
            Not Before: Jan  2 07:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dd6a9f2558e93f38facf9c01e366b6b1d15d186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:96:02:87:fb:99:7b:c8:b6:65:f8:c8:73:01:
                    22:a6:58:a9:ea:71:fc:20:0a:c8:bc:bd:f6:40:13:
                    9a:6e:c7:35:a1:06:a5:40:90:53:80:f1:82:35:f5:
                    6e:8c:0d:7d:20:ac:cf:8d:b4:fb:40:55:ff:90:5b:
                    b6:c1:7d:38:54:80:f7:1b:8d:fe:c3:fe:b7:29:10:
                    3c:2f:2b:fd:21:f4:7e:d2:c8:9f:d0:eb:62:a6:04:
                    38:a0:cc:0f:8f:34:c8:c7:f0:4a:cb:cf:0e:5c:33:
                    ca:1b:1f:dc:1a:3f:36:1e:da:94:9e:71:b3:df:34:
                    ba:bd:34:ad:79:82:a6:3f:a5:ce:f7:0a:b7:2f:6d:
                    f1:b7:82:33:1d:96:0f:fe:8a:1b:f2:79:68:13:9b:
                    42:56:dc:45:35:ab:d0:f3:c1:11:14:66:a0:7c:04:
                    3a:5c:f1:ea:ac:9d:e9:35:7c:b7:80:9d:d6:20:27:
                    5f:19:00:97:22:ad:35:b4:03:66:d1:fc:85:94:34:
                    a5:44:d5:2e:be:d4:0a:a5:eb:78:f9:8c:01:df:b2:
                    f2:93:4e:7c:0d:29:a6:67:30:ff:c5:2b:a8:f0:d5:
                    d8:62:21:59:20:ef:33:f8:e3:0e:9d:90:1c:14:e8:
                    13:51:14:91:87:49:5b:d7:01:6b:d0:c9:a8:d7:7d:
                    ca:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D6:A9:F2:55:8E:93:F3:8F:AC:F9:C0:1E:36:6B:6B:1D:15:D1:86
            X509v3 Authority Key Identifier:
                keyid:9F:56:46:F7:D8:AF:C0:A9:33:FB:33:33:3F:37:01:3D:83:A0:4D:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n1ZG99ivwKkz-zMzPzcBPYOgTQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/Xdap8lWOk_OPrPnAHjZrax0V0YY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/916917-88c5-4e7b-811e-7d32ca065b66/1/n1ZG99ivwKkz-zMzPzcBPYOgTQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:05:07:9a:67:56:8e:25:34:08:13:91:a7:d8:24:85:ed:f1:
         7f:92:7b:bb:81:bd:83:ba:f5:2e:2c:fc:9b:ac:47:ea:70:88:
         d1:4a:f8:55:e0:64:c6:df:e2:55:6e:87:9b:c0:21:d6:87:d8:
         96:32:a5:4b:bc:19:39:5c:84:d2:bc:98:05:40:c8:42:d7:8b:
         bd:e9:cf:42:93:dd:cf:1e:79:89:0a:36:4d:ed:f1:0b:cd:2b:
         3c:d9:2d:2e:e7:d0:56:98:50:4c:cd:44:e4:8a:41:2f:7e:bf:
         f5:16:b5:63:78:7f:c4:f5:ec:6c:47:5c:c0:85:02:93:b3:56:
         94:68:67:c9:06:e3:84:6e:ec:9b:b5:c2:7a:7b:a4:49:fa:a8:
         9b:77:ec:03:21:6c:83:4c:b8:ea:06:31:ee:ba:34:1f:bd:45:
         fb:33:f8:44:d5:a4:0d:66:0a:0e:8f:b7:25:c5:ac:e0:c8:6f:
         f8:6d:00:70:98:a7:38:44:4c:c1:63:e8:31:ef:98:3e:82:ae:
         bb:67:16:78:fc:4f:cf:69:a0:a7:4f:1e:cf:ea:e9:8a:b5:21:
         13:3f:91:5b:4f:7d:d6:2b:22:c0:c7:56:f7:49:c1:a4:5b:6b:
         84:99:f9:b8:cd:c8:e3:56:22:d7:51:35:d7:2c:ad:20:dc:57:
         2b:5c:b1:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/dBw1d42oUUrwR486U/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNTY0NmY3ZDhhZmMwYTkzM2ZiMzMzMzNmMzcwMTNkODNh
MDRkMDAwHhcNMjUwMTAyMDc0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQ2YTlmMjU1OGU5M2YzOGZhY2Y5YzAxZTM2NmI2YjFkMTVkMTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6JYCh/uZe8i2ZfjIcwEiplip6nH8
IArIvL32QBOabsc1oQalQJBTgPGCNfVujA19IKzPjbT7QFX/kFu2wX04VID3G43+
w/63KRA8Lyv9IfR+0sif0OtipgQ4oMwPjzTIx/BKy88OXDPKGx/cGj82HtqUnnGz
3zS6vTSteYKmP6XO9wq3L23xt4IzHZYP/oob8nloE5tCVtxFNavQ88ERFGagfAQ6
XPHqrJ3pNXy3gJ3WICdfGQCXIq01tANm0fyFlDSlRNUuvtQKpet4+YwB37Lyk058
DSmmZzD/xSuo8NXYYiFZIO8z+OMOnZAcFOgTURSRh0lb1wFr0Mmo133KBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3WqfJVjpPzj6z5wB42a2sdFdGGMB8GA1UdIwQY
MBaAFJ9WRvfYr8CpM/szMz83AT2DoE0AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjFaRzk5aXZ3S2t6LXpNelB6Y0JQWU9nVFFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi85MTY5MTctODhjNS00ZTdiLTgxMWUt
N2QzMmNhMDY1YjY2LzEvWGRhcDhsV09rX09QclBuQUhqWnJheDBWMFlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi85MTY5MTctODhjNS00ZTdiLTgxMWUtN2QzMmNhMDY1YjY2
LzEvbjFaRzk5aXZ3S2t6LXpNelB6Y0JQWU9nVFFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/RMA0G
CSqGSIb3DQEBCwUAA4IBAQCwBQeaZ1aOJTQIE5Gn2CSF7fF/knu7gb2DuvUuLPyb
rEfqcIjRSvhV4GTG3+JVboebwCHWh9iWMqVLvBk5XITSvJgFQMhC14u96c9Ck93P
HnmJCjZN7fELzSs82S0u59BWmFBMzUTkikEvfr/1FrVjeH/E9exsR1zAhQKTs1aU
aGfJBuOEbuybtcJ6e6RJ+qibd+wDIWyDTLjqBjHuujQfvUX7M/hE1aQNZgoOj7cl
xazgyG/4bQBwmKc4REzBY+gx75g+gq67ZxZ4/E/PaaCnTx7P6umKtSETP5FbT33W
KyLAx1b3ScGkW2uEmfm4zcjjViLXUTXXLK0g3FcrXLE6
-----END CERTIFICATE-----