Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/e22f15-85a8-4318-ab75-b6e867941f7e/1/hi5ZHldjJLIMs_WwcUjXAobxn_E.roa
File:                     hi5ZHldjJLIMs_WwcUjXAobxn_E.roa (raw, json)
Hash identifier:          K7O/p6BErwsTAP5GquRxOQd6mPGtBXsqXpbnYVE78oE=
Subject key identifier:   86:2E:59:1E:57:63:24:B2:0C:B3:F5:B0:71:48:D7:02:86:F1:9F:F1
Certificate issuer:       /CN=8c7b6e183c8d52cc4605ba8b5daddc66326293ec
Certificate serial:       01942369AA982EEA79FD5A584B3CA66BC592
Authority key identifier: 8C:7B:6E:18:3C:8D:52:CC:46:05:BA:8B:5D:AD:DC:66:32:62:93:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jHtuGDyNUsxGBbqLXa3cZjJik-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/e22f15-85a8-4318-ab75-b6e867941f7e/1/hi5ZHldjJLIMs_WwcUjXAobxn_E.roa
Signing time:             Wed 01 Jan 2025 19:48:34 +0000
ROA not before:           Wed 01 Jan 2025 19:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48152
IP address blocks:        91.198.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/e22f15-85a8-4318-ab75-b6e867941f7e/1/jHtuGDyNUsxGBbqLXa3cZjJik-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/e22f15-85a8-4318-ab75-b6e867941f7e/1/jHtuGDyNUsxGBbqLXa3cZjJik-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jHtuGDyNUsxGBbqLXa3cZjJik-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:aa:98:2e:ea:79:fd:5a:58:4b:3c:a6:6b:c5:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c7b6e183c8d52cc4605ba8b5daddc66326293ec
        Validity
            Not Before: Jan  1 19:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=862e591e576324b20cb3f5b07148d70286f19ff1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:51:8a:31:e1:69:21:54:54:6d:6e:b4:45:1d:
                    7c:b6:8c:9f:25:a5:4a:72:c6:59:9f:35:5e:80:7a:
                    a0:bd:fa:11:90:ca:6d:fc:64:f7:67:e5:9a:62:ef:
                    20:67:9e:87:ce:7f:d1:5d:f3:84:4e:d0:42:0b:77:
                    b6:8c:42:4b:eb:29:b8:47:0f:f5:42:77:ac:82:7c:
                    3a:2b:50:a1:53:ce:25:b2:32:4f:26:46:36:ce:d2:
                    b3:fd:5c:a9:5c:5e:0f:c6:e5:9f:b9:26:30:60:71:
                    d0:41:59:66:92:74:11:a2:c7:48:29:6e:b0:79:76:
                    ef:a7:e7:91:26:23:bb:91:b5:4f:b6:c4:69:f5:7a:
                    df:e9:fc:7b:3d:89:f2:13:51:b7:c0:2d:fe:69:99:
                    e5:33:0b:c6:b5:2f:c6:b3:69:53:13:09:af:3d:9e:
                    a5:1e:62:26:06:fa:5a:2a:63:4b:71:f7:44:9a:a3:
                    c2:88:f3:18:8c:11:3e:98:c9:87:5e:29:89:b4:89:
                    d0:4b:7c:e6:c7:52:17:72:c1:a4:fa:fe:97:8f:2b:
                    6c:5f:c6:5a:44:4a:82:6b:fd:eb:89:19:ab:ad:60:
                    15:fc:8e:6f:0f:53:42:e4:7b:ca:db:4a:17:76:ac:
                    fd:3f:e3:5b:64:90:7d:c1:5d:16:42:f2:5f:92:a7:
                    f2:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2E:59:1E:57:63:24:B2:0C:B3:F5:B0:71:48:D7:02:86:F1:9F:F1
            X509v3 Authority Key Identifier:
                keyid:8C:7B:6E:18:3C:8D:52:CC:46:05:BA:8B:5D:AD:DC:66:32:62:93:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jHtuGDyNUsxGBbqLXa3cZjJik-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e22f15-85a8-4318-ab75-b6e867941f7e/1/hi5ZHldjJLIMs_WwcUjXAobxn_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/e22f15-85a8-4318-ab75-b6e867941f7e/1/jHtuGDyNUsxGBbqLXa3cZjJik-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:d2:3d:ef:08:4c:ac:76:c0:44:dc:db:89:c5:fe:6e:a8:c0:
         b9:91:e1:a2:23:11:04:7d:bc:4c:af:95:88:17:b8:a9:3e:67:
         89:03:b0:5e:bd:26:2e:50:a8:28:66:e8:56:3f:3b:cb:af:ac:
         e5:e1:12:bc:01:98:8c:e4:52:66:df:43:e2:6f:bf:2d:70:34:
         f1:7d:dc:4d:38:53:d2:d1:ce:ad:2e:8f:69:cc:a9:75:80:b1:
         86:95:ea:4c:8d:e5:b6:cb:59:8d:e8:74:dd:89:5b:cd:a0:1d:
         41:6f:d7:61:c6:b1:9b:3b:81:7e:da:75:dc:c1:8d:d8:19:a8:
         1b:23:3b:51:1f:39:f2:d4:10:8d:a1:c0:c5:3d:0a:0a:79:fe:
         25:31:d2:68:97:6d:e3:e2:a7:01:b0:2f:33:a0:f6:87:a2:fd:
         21:fa:b8:4d:fd:f8:b4:9e:a2:1b:69:c2:ef:d7:9a:b0:b5:1e:
         73:bc:b6:65:42:06:ee:15:ff:65:23:d2:72:f6:43:81:a7:41:
         65:5c:8d:d3:41:1b:a7:1b:a5:5f:1f:7c:f6:69:24:92:6f:0f:
         8f:67:e5:e6:75:0b:35:5d:22:0e:89:f7:92:4d:98:40:bb:b6:
         2f:f9:31:03:01:df:5b:14:e4:0d:f3:fa:71:6e:e8:57:82:e5:
         be:2e:d7:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaaqYLup5/VpYSzyma8WSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjN2I2ZTE4M2M4ZDUyY2M0NjA1YmE4YjVkYWRkYzY2MzI2
MjkzZWMwHhcNMjUwMTAxMTk0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjJlNTkxZTU3NjMyNGIyMGNiM2Y1YjA3MTQ4ZDcwMjg2ZjE5ZmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11GKMeFpIVRUbW60RR18toyfJaVK
csZZnzVegHqgvfoRkMpt/GT3Z+WaYu8gZ56Hzn/RXfOETtBCC3e2jEJL6ym4Rw/1
Qnesgnw6K1ChU84lsjJPJkY2ztKz/VypXF4PxuWfuSYwYHHQQVlmknQRosdIKW6w
eXbvp+eRJiO7kbVPtsRp9Xrf6fx7PYnyE1G3wC3+aZnlMwvGtS/Gs2lTEwmvPZ6l
HmImBvpaKmNLcfdEmqPCiPMYjBE+mMmHXimJtInQS3zmx1IXcsGk+v6XjytsX8Za
REqCa/3riRmrrWAV/I5vD1NC5HvK20oXdqz9P+NbZJB9wV0WQvJfkqfyrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYuWR5XYySyDLP1sHFI1wKG8Z/xMB8GA1UdIwQY
MBaAFIx7bhg8jVLMRgW6i12t3GYyYpPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakh0dUdEeU5Vc3hHQmJxTFhhM2Naakppay13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9lMjJmMTUtODVhOC00MzE4LWFiNzUt
YjZlODY3OTQxZjdlLzEvaGk1WkhsZGpKTElNc19Xd2NValhBb2J4bl9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9lMjJmMTUtODVhOC00MzE4LWFiNzUtYjZlODY3OTQxZjdl
LzEvakh0dUdEeU5Vc3hHQmJxTFhhM2Naakppay13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8YrMA0G
CSqGSIb3DQEBCwUAA4IBAQBD0j3vCEysdsBE3NuJxf5uqMC5keGiIxEEfbxMr5WI
F7ipPmeJA7BevSYuUKgoZuhWPzvLr6zl4RK8AZiM5FJm30Pib78tcDTxfdxNOFPS
0c6tLo9pzKl1gLGGlepMjeW2y1mN6HTdiVvNoB1Bb9dhxrGbO4F+2nXcwY3YGagb
IztRHzny1BCNocDFPQoKef4lMdJol23j4qcBsC8zoPaHov0h+rhN/fi0nqIbacLv
15qwtR5zvLZlQgbuFf9lI9Jy9kOBp0FlXI3TQRunG6VfH3z2aSSSbw+PZ+XmdQs1
XSIOifeSTZhAu7Yv+TEDAd9bFOQN8/pxbuhXguW+Ltcc
-----END CERTIFICATE-----