Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/hxG-StCBPxemsj2qpKGT4GGzhQk.roa
File:                     hxG-StCBPxemsj2qpKGT4GGzhQk.roa (raw, json)
Hash identifier:          MYz1XQtFxhUeNPc3mCJTjKjV6pO6a8sxO3y4ixSgakg=
Subject key identifier:   87:11:BE:4A:D0:81:3F:17:A6:B2:3D:AA:A4:A1:93:E0:61:B3:85:09
Certificate issuer:       /CN=57c0bd9f8331ea8438fd2a2f671b71af4a2dec17
Certificate serial:       0194266C268486C85A42E97044DBBC61E5C0
Authority key identifier: 57:C0:BD:9F:83:31:EA:84:38:FD:2A:2F:67:1B:71:AF:4A:2D:EC:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/hxG-StCBPxemsj2qpKGT4GGzhQk.roa
Signing time:             Thu 02 Jan 2025 09:50:09 +0000
ROA not before:           Thu 02 Jan 2025 09:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50245
IP address blocks:        91.216.220.0/24 maxlen: 24
                          2a13:f980::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:26:84:86:c8:5a:42:e9:70:44:db:bc:61:e5:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c0bd9f8331ea8438fd2a2f671b71af4a2dec17
        Validity
            Not Before: Jan  2 09:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8711be4ad0813f17a6b23daaa4a193e061b38509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:b8:f3:6f:b4:74:38:00:62:cc:9f:3f:4e:6b:
                    71:08:ce:63:25:37:45:25:5d:89:bb:45:8c:0a:2d:
                    eb:1f:69:3b:ed:2c:7f:63:75:5c:92:3b:48:85:90:
                    65:f3:76:fa:6f:4c:56:a0:7c:c6:84:02:4c:98:c6:
                    9d:72:8a:a9:47:ca:fb:11:fc:c6:cf:a9:b4:60:f3:
                    30:08:02:b6:d0:8e:8a:10:ec:91:ef:97:ee:65:59:
                    9c:c0:12:62:a7:d6:92:1e:49:98:ba:9b:01:b5:7f:
                    f1:4c:9f:aa:1f:ed:ad:2a:04:4e:3c:8d:21:77:0c:
                    bb:1f:a1:70:60:05:9d:00:16:e1:01:69:d2:b2:38:
                    9c:bb:75:70:3a:fc:58:cc:90:b2:50:93:76:2c:8d:
                    32:a3:38:ea:45:3a:a2:aa:1f:76:bb:04:98:f4:46:
                    78:bd:3d:61:3c:08:f0:2a:3e:2e:e9:92:a7:4c:7f:
                    51:24:c7:2c:e6:e9:93:08:a9:ae:37:71:7e:95:12:
                    30:b5:05:c0:e0:0e:b1:55:10:fe:1c:1e:d9:f7:d1:
                    4f:fe:35:67:93:82:3c:6a:0f:8e:d6:c9:81:1f:87:
                    6c:21:10:0d:74:c1:44:5f:19:06:6d:95:28:f8:6b:
                    dc:b9:23:07:ff:96:67:3f:ee:3d:2b:78:3b:b8:01:
                    c5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:11:BE:4A:D0:81:3F:17:A6:B2:3D:AA:A4:A1:93:E0:61:B3:85:09
            X509v3 Authority Key Identifier:
                keyid:57:C0:BD:9F:83:31:EA:84:38:FD:2A:2F:67:1B:71:AF:4A:2D:EC:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/hxG-StCBPxemsj2qpKGT4GGzhQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.220.0/24
                IPv6:
                  2a13:f980::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:4c:ba:50:d1:d8:fb:2d:e6:4b:14:21:74:67:bc:48:2c:5d:
         42:36:3d:f8:b1:15:32:ab:25:c1:0a:8b:7c:e4:4f:a0:93:1e:
         c2:b6:bc:9c:df:48:8d:d1:67:da:c7:b6:62:62:36:29:30:42:
         40:cd:98:a0:2f:08:c6:9d:af:d1:ca:de:fa:68:b7:ef:07:cf:
         36:4f:f1:eb:7d:c1:88:ee:f5:16:d1:6b:36:85:c4:f6:f2:4c:
         55:cc:70:fe:6e:ad:c0:65:12:3d:55:b0:39:b2:17:51:61:bb:
         5d:ad:6a:3d:ad:d4:8b:e7:e2:c9:7a:4e:f0:2e:15:53:89:1c:
         a9:d9:2a:be:41:a2:e8:71:aa:49:da:ce:d3:d2:74:2a:bc:40:
         37:36:38:25:fa:ea:11:3d:1c:1e:6f:f5:da:58:4c:3e:89:1a:
         02:3b:23:4a:d1:eb:68:58:c8:60:50:48:11:a5:e9:19:a8:b4:
         91:d7:a0:9d:43:55:9c:df:b4:14:68:83:2b:56:48:0e:d0:f7:
         22:46:8c:b3:dd:2b:94:41:8a:4f:ae:18:1e:96:13:8b:6e:38:
         13:04:44:b1:7f:cb:ba:36:3d:d6:90:22:48:99:3a:0a:8b:fe:
         d6:f7:45:02:b6:9f:c1:63:f3:23:0d:ec:85:ca:6a:16:20:9b:
         2e:10:82:8d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmbCaEhshaQulwRNu8YeXAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzBiZDlmODMzMWVhODQzOGZkMmEyZjY3MWI3MWFmNGEy
ZGVjMTcwHhcNMjUwMTAyMDk1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzExYmU0YWQwODEzZjE3YTZiMjNkYWFhNGExOTNlMDYxYjM4NTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqbjzb7R0OABizJ8/TmtxCM5jJTdF
JV2Ju0WMCi3rH2k77Sx/Y3VckjtIhZBl83b6b0xWoHzGhAJMmMadcoqpR8r7EfzG
z6m0YPMwCAK20I6KEOyR75fuZVmcwBJip9aSHkmYupsBtX/xTJ+qH+2tKgROPI0h
dwy7H6FwYAWdABbhAWnSsjicu3VwOvxYzJCyUJN2LI0yozjqRTqiqh92uwSY9EZ4
vT1hPAjwKj4u6ZKnTH9RJMcs5umTCKmuN3F+lRIwtQXA4A6xVRD+HB7Z99FP/jVn
k4I8ag+O1smBH4dsIRANdMFEXxkGbZUo+GvcuSMH/5ZnP+49K3g7uAHF0wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIcRvkrQgT8XprI9qqShk+Bhs4UJMB8GA1UdIwQY
MBaAFFfAvZ+DMeqEOP0qL2cbca9KLewXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhDOW40TXg2b1E0X1Nvdlp4dHhyMG90N0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kNWU5ZjYtM2Y2ZC00Njk0LTg5Yjgt
YTA5M2QxMDA4NzRjLzEvaHhHLVN0Q0JQeGVtc2oycXBLR1Q0R0d6aFFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kNWU5ZjYtM2Y2ZC00Njk0LTg5YjgtYTA5M2QxMDA4NzRj
LzEvVjhDOW40TXg2b1E0X1Nvdlp4dHhyMG90N0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9jcMA0E
AgACMAcDBQMqE/mAMA0GCSqGSIb3DQEBCwUAA4IBAQBBTLpQ0dj7LeZLFCF0Z7xI
LF1CNj34sRUyqyXBCot85E+gkx7Ctryc30iN0Wfax7ZiYjYpMEJAzZigLwjGna/R
yt76aLfvB882T/HrfcGI7vUW0Ws2hcT28kxVzHD+bq3AZRI9VbA5shdRYbtdrWo9
rdSL5+LJek7wLhVTiRyp2Sq+QaLocapJ2s7T0nQqvEA3Njgl+uoRPRweb/XaWEw+
iRoCOyNK0etoWMhgUEgRpekZqLSR16CdQ1Wc37QUaIMrVkgO0PciRoyz3SuUQYpP
rhgelhOLbjgTBESxf8u6Nj3WkCJImToKi/7W90UCtp/BY/MjDeyFymoWIJsuEIKN
-----END CERTIFICATE-----