Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/M10vf4QxH5-zWTvsa4ILhkuyN0k.roa
File:                     M10vf4QxH5-zWTvsa4ILhkuyN0k.roa (raw, json)
Hash identifier:          ddpmJOxtLixoYeVKM1qcWIIFhN7ghewh8wxesIUHdzI=
Subject key identifier:   33:5D:2F:7F:84:31:1F:9F:B3:59:3B:EC:6B:82:0B:86:4B:B2:37:49
Certificate issuer:       /CN=0fea8ae19061acc5489ac2719082acea5a2fc5d3
Certificate serial:       01941F8C63F8F6E8AC12910966CB62D794AA
Authority key identifier: 0F:EA:8A:E1:90:61:AC:C5:48:9A:C2:71:90:82:AC:EA:5A:2F:C5:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D-qK4ZBhrMVImsJxkIKs6lovxdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/M10vf4QxH5-zWTvsa4ILhkuyN0k.roa
Signing time:             Wed 01 Jan 2025 01:48:01 +0000
ROA not before:           Wed 01 Jan 2025 01:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62005
IP address blocks:        91.236.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/D-qK4ZBhrMVImsJxkIKs6lovxdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/D-qK4ZBhrMVImsJxkIKs6lovxdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D-qK4ZBhrMVImsJxkIKs6lovxdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:63:f8:f6:e8:ac:12:91:09:66:cb:62:d7:94:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0fea8ae19061acc5489ac2719082acea5a2fc5d3
        Validity
            Not Before: Jan  1 01:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=335d2f7f84311f9fb3593bec6b820b864bb23749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:5e:78:fd:2c:0d:ef:5d:78:7b:e9:e0:d3:14:
                    4b:ee:57:9c:a2:56:99:64:60:18:5c:df:50:38:37:
                    46:30:12:eb:c4:f1:d8:6c:34:12:0e:9d:17:c9:a5:
                    ed:39:9b:6b:c4:1e:be:93:ef:1e:b4:04:0e:fe:c8:
                    aa:04:26:aa:ea:c0:73:98:fd:79:a2:7b:35:54:82:
                    83:04:5f:e5:57:8d:e1:1b:43:9d:b1:4c:e2:04:97:
                    e6:c6:55:b5:bf:12:72:09:cb:f8:f7:18:a3:e6:4a:
                    b5:72:87:86:4e:b8:91:e0:37:2c:6c:f7:52:e3:49:
                    d7:cf:11:6b:d0:47:f6:9d:95:97:72:b8:46:d9:a3:
                    cb:15:78:c4:dc:3d:eb:05:23:5c:84:b9:0e:85:0f:
                    d8:35:51:bd:10:d1:23:c4:41:eb:fd:fa:45:f7:d0:
                    6c:27:8f:78:c7:dd:d7:fc:71:7a:6d:85:c2:c1:ab:
                    10:73:61:64:e9:a0:c1:04:e6:e8:48:41:d6:a4:0d:
                    8a:2d:b1:95:f9:4b:2e:9b:7b:6c:04:0c:e0:93:29:
                    83:11:1f:36:45:7f:6f:ed:5a:c0:f9:1c:a1:42:ab:
                    57:7d:1a:94:86:ec:d4:8c:07:cc:47:7f:a2:48:d3:
                    fb:0b:20:7d:40:a4:53:aa:5a:3b:17:26:43:38:74:
                    32:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:5D:2F:7F:84:31:1F:9F:B3:59:3B:EC:6B:82:0B:86:4B:B2:37:49
            X509v3 Authority Key Identifier:
                keyid:0F:EA:8A:E1:90:61:AC:C5:48:9A:C2:71:90:82:AC:EA:5A:2F:C5:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-qK4ZBhrMVImsJxkIKs6lovxdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/M10vf4QxH5-zWTvsa4ILhkuyN0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/6160c9-d2e5-439c-a25a-5d8700f65a38/1/D-qK4ZBhrMVImsJxkIKs6lovxdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:7b:ee:08:c4:94:c0:56:82:1c:0b:bb:4c:c0:40:5a:69:c8:
         71:cb:53:1a:30:b4:ae:d1:1a:47:46:e4:d0:bc:1a:b8:ba:eb:
         8c:1e:ae:74:dd:5e:86:69:c3:21:13:69:42:d7:95:53:6b:c4:
         d9:92:03:47:73:e6:55:34:90:a4:de:9c:9d:dc:b5:b7:7e:53:
         57:5e:b6:a4:83:6b:ab:95:70:6e:3e:24:6b:07:b3:ff:16:8f:
         a2:78:ce:2d:48:d8:73:38:62:39:12:5a:a9:bf:2d:20:53:76:
         1c:41:85:fe:60:51:5d:bb:fc:c3:2d:f1:4d:31:a7:3c:b5:12:
         c2:c0:f4:fe:ba:5c:42:d7:bd:29:ec:ef:dd:5c:7f:aa:83:ef:
         4a:fe:b9:ff:60:24:9d:2e:99:99:4a:13:70:eb:db:0f:b9:d6:
         e7:69:6c:40:14:b3:b0:b1:a8:24:f9:6f:cd:92:0c:77:d6:62:
         f7:01:f5:85:7e:c3:48:36:eb:31:25:90:16:17:b1:83:cd:89:
         86:67:49:ab:c9:db:39:4a:0a:c7:95:e3:64:8e:62:7a:8a:4c:
         c7:1d:9a:30:1f:4b:be:36:a6:8f:71:25:bf:5e:e8:4c:63:84:
         da:58:af:5b:f4:3c:6a:c3:ac:28:8c:68:a4:ae:79:77:17:d4:
         39:b3:5f:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjGP49uisEpEJZsti15SqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmZWE4YWUxOTA2MWFjYzU0ODlhYzI3MTkwODJhY2VhNWEy
ZmM1ZDMwHhcNMjUwMTAxMDE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzVkMmY3Zjg0MzExZjlmYjM1OTNiZWM2YjgyMGI4NjRiYjIzNzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1F54/SwN7114e+ng0xRL7lecolaZ
ZGAYXN9QODdGMBLrxPHYbDQSDp0XyaXtOZtrxB6+k+8etAQO/siqBCaq6sBzmP15
ons1VIKDBF/lV43hG0OdsUziBJfmxlW1vxJyCcv49xij5kq1coeGTriR4DcsbPdS
40nXzxFr0Ef2nZWXcrhG2aPLFXjE3D3rBSNchLkOhQ/YNVG9ENEjxEHr/fpF99Bs
J494x93X/HF6bYXCwasQc2Fk6aDBBOboSEHWpA2KLbGV+Usum3tsBAzgkymDER82
RX9v7VrA+RyhQqtXfRqUhuzUjAfMR3+iSNP7CyB9QKRTqlo7FyZDOHQyVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDNdL3+EMR+fs1k77GuCC4ZLsjdJMB8GA1UdIwQY
MBaAFA/qiuGQYazFSJrCcZCCrOpaL8XTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRC1xSzRaQmhyTVZJbXNKeGtJS3M2bG92eGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC82MTYwYzktZDJlNS00MzljLWEyNWEt
NWQ4NzAwZjY1YTM4LzEvTTEwdmY0UXhINS16V1R2c2E0SUxoa3V5TjBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC82MTYwYzktZDJlNS00MzljLWEyNWEtNWQ4NzAwZjY1YTM4
LzEvRC1xSzRaQmhyTVZJbXNKeGtJS3M2bG92eGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+zmMA0G
CSqGSIb3DQEBCwUAA4IBAQB/e+4IxJTAVoIcC7tMwEBaachxy1MaMLSu0RpHRuTQ
vBq4uuuMHq503V6GacMhE2lC15VTa8TZkgNHc+ZVNJCk3pyd3LW3flNXXrakg2ur
lXBuPiRrB7P/Fo+ieM4tSNhzOGI5Elqpvy0gU3YcQYX+YFFdu/zDLfFNMac8tRLC
wPT+ulxC170p7O/dXH+qg+9K/rn/YCSdLpmZShNw69sPudbnaWxAFLOwsagk+W/N
kgx31mL3AfWFfsNINusxJZAWF7GDzYmGZ0mryds5SgrHleNkjmJ6ikzHHZowH0u+
NqaPcSW/XuhMY4TaWK9b9Dxqw6wojGikrnl3F9Q5s1+I
-----END CERTIFICATE-----