Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/ba30bb-ac0b-45a0-9f0c-cf8698757d37/1/0Qxf8BiMkAgDdKSfKwiEqluZDnA.roa
File:                     0Qxf8BiMkAgDdKSfKwiEqluZDnA.roa (raw, json)
Hash identifier:          H2LtKuGh5JchXV8W58yWszXP9g6XxzZIku1Ogk97V+Y=
Subject key identifier:   D1:0C:5F:F0:18:8C:90:08:03:74:A4:9F:2B:08:84:AA:5B:99:0E:70
Certificate issuer:       /CN=5f3a6c21941c1e13bffc4d44d61bd2595fdd8fe8
Certificate serial:       0195ED7D0BFFBE9B58FB4E65B44D57C152BD
Authority key identifier: 5F:3A:6C:21:94:1C:1E:13:BF:FC:4D:44:D6:1B:D2:59:5F:DD:8F:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XzpsIZQcHhO__E1E1hvSWV_dj-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/ba30bb-ac0b-45a0-9f0c-cf8698757d37/1/0Qxf8BiMkAgDdKSfKwiEqluZDnA.roa
Signing time:             Mon 31 Mar 2025 18:35:49 +0000
ROA not before:           Mon 31 Mar 2025 18:35:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215082
IP address blocks:        91.233.120.0/24 maxlen: 24
                          194.104.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/ba30bb-ac0b-45a0-9f0c-cf8698757d37/1/XzpsIZQcHhO__E1E1hvSWV_dj-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/ba30bb-ac0b-45a0-9f0c-cf8698757d37/1/XzpsIZQcHhO__E1E1hvSWV_dj-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XzpsIZQcHhO__E1E1hvSWV_dj-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 03:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:ed:7d:0b:ff:be:9b:58:fb:4e:65:b4:4d:57:c1:52:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5f3a6c21941c1e13bffc4d44d61bd2595fdd8fe8
        Validity
            Not Before: Mar 31 18:35:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d10c5ff0188c90080374a49f2b0884aa5b990e70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bc:59:69:07:39:a1:61:ab:3e:2d:02:fe:b4:
                    6f:d5:8f:94:39:ff:3f:ec:2c:d2:16:99:d0:87:e4:
                    80:63:7c:6c:99:3e:17:92:c6:1f:66:28:ec:cb:12:
                    b3:19:8f:2b:c3:b6:13:28:7e:85:6f:6f:e2:e2:51:
                    33:89:9a:28:84:82:4e:a9:c8:f3:ac:19:a4:6e:ec:
                    c7:43:35:46:6e:74:7f:fc:e5:4a:62:d0:a7:e3:bb:
                    86:c2:6f:3a:7d:e2:d9:ce:33:4e:d7:3f:97:08:6f:
                    7f:22:be:12:84:d6:a3:a2:37:f9:79:42:76:9c:5f:
                    1f:40:d0:88:22:5a:45:5b:ff:af:9b:a3:bc:d6:9e:
                    09:6f:c3:92:7c:94:f6:d5:58:78:84:fc:40:81:78:
                    22:2b:c8:76:8e:ca:94:b6:3f:f3:5d:56:3d:1e:95:
                    de:b0:82:cf:d9:d0:f5:71:74:8f:4e:70:94:98:03:
                    fc:be:28:71:9e:74:79:1a:6e:04:c0:2a:51:f1:fb:
                    a7:0d:b5:e9:36:9f:d2:2a:fc:bd:3b:97:a8:7d:5a:
                    54:5e:1d:44:af:73:38:8e:64:bb:54:5a:af:d6:d6:
                    6b:8f:3e:70:25:7e:0b:f7:75:87:80:db:d2:71:2e:
                    05:97:a3:9e:86:39:94:9a:de:38:bd:24:d0:c7:80:
                    6c:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:0C:5F:F0:18:8C:90:08:03:74:A4:9F:2B:08:84:AA:5B:99:0E:70
            X509v3 Authority Key Identifier:
                keyid:5F:3A:6C:21:94:1C:1E:13:BF:FC:4D:44:D6:1B:D2:59:5F:DD:8F:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XzpsIZQcHhO__E1E1hvSWV_dj-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ba30bb-ac0b-45a0-9f0c-cf8698757d37/1/0Qxf8BiMkAgDdKSfKwiEqluZDnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/ba30bb-ac0b-45a0-9f0c-cf8698757d37/1/XzpsIZQcHhO__E1E1hvSWV_dj-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.120.0/24
                  194.104.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:c2:ae:68:9f:c7:74:58:b3:c5:0a:8d:23:c7:9a:6c:57:64:
         36:c2:2f:5f:5e:3b:29:32:c9:d0:95:77:99:67:b5:44:90:90:
         09:98:3d:80:09:8a:93:52:30:bf:0a:23:f3:63:85:cf:ae:36:
         88:7c:ef:63:b7:bd:f0:35:2a:45:94:fd:64:aa:94:85:b8:9f:
         72:f0:d4:41:4c:b2:3a:91:a9:12:ae:df:57:1b:d9:8a:6d:f6:
         29:d8:a2:4c:9b:27:c7:78:24:01:fd:1c:06:c1:21:c1:9b:07:
         dd:da:63:c0:b8:a9:1c:0f:15:89:a0:38:c7:e1:b9:37:40:d2:
         af:f8:be:9b:6b:ac:c6:99:11:05:3c:4c:ff:5c:01:bb:50:df:
         e8:7e:7a:2e:bb:fb:de:2e:75:2c:f1:b8:49:a8:b6:97:b7:96:
         c8:49:88:ec:a7:a7:9d:a9:2d:d8:1b:e9:f5:26:4d:0a:c8:91:
         02:f7:99:94:6f:ac:83:b0:c3:49:b0:d5:68:99:c0:16:43:69:
         75:7b:a5:9b:fe:31:b4:64:ee:1b:78:c2:c7:d5:4b:c8:d9:15:
         f7:39:fc:dd:f7:f8:a5:fe:c8:62:39:c2:39:33:5b:d9:f7:17:
         3a:23:4f:0d:cf:e0:e8:e5:d6:af:42:aa:a7:cc:80:62:a2:41:
         ad:fd:e2:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZXtfQv/vptY+05ltE1XwVK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmM2E2YzIxOTQxYzFlMTNiZmZjNGQ0NGQ2MWJkMjU5NWZk
ZDhmZTgwHhcNMjUwMzMxMTgzNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTBjNWZmMDE4OGM5MDA4MDM3NGE0OWYyYjA4ODRhYTViOTkwZTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLxZaQc5oWGrPi0C/rRv1Y+UOf8/
7CzSFpnQh+SAY3xsmT4XksYfZijsyxKzGY8rw7YTKH6Fb2/i4lEziZoohIJOqcjz
rBmkbuzHQzVGbnR//OVKYtCn47uGwm86feLZzjNO1z+XCG9/Ir4ShNajojf5eUJ2
nF8fQNCIIlpFW/+vm6O81p4Jb8OSfJT21Vh4hPxAgXgiK8h2jsqUtj/zXVY9HpXe
sILP2dD1cXSPTnCUmAP8vihxnnR5Gm4EwCpR8funDbXpNp/SKvy9O5eofVpUXh1E
r3M4jmS7VFqv1tZrjz5wJX4L93WHgNvScS4Fl6OehjmUmt44vSTQx4BsJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNEMX/AYjJAIA3SknysIhKpbmQ5wMB8GA1UdIwQY
MBaAFF86bCGUHB4Tv/xNRNYb0llf3Y/oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHpwc0laUWNIaE9fX0UxRTFodlNXVl9kai1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9iYTMwYmItYWMwYi00NWEwLTlmMGMt
Y2Y4Njk4NzU3ZDM3LzEvMFF4ZjhCaU1rQWdEZEtTZkt3aUVxbHVaRG5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9iYTMwYmItYWMwYi00NWEwLTlmMGMtY2Y4Njk4NzU3ZDM3
LzEvWHpwc0laUWNIaE9fX0UxRTFodlNXVl9kai1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+l4AwQA
wmjrMA0GCSqGSIb3DQEBCwUAA4IBAQA2wq5on8d0WLPFCo0jx5psV2Q2wi9fXjsp
MsnQlXeZZ7VEkJAJmD2ACYqTUjC/CiPzY4XPrjaIfO9jt73wNSpFlP1kqpSFuJ9y
8NRBTLI6kakSrt9XG9mKbfYp2KJMmyfHeCQB/RwGwSHBmwfd2mPAuKkcDxWJoDjH
4bk3QNKv+L6ba6zGmREFPEz/XAG7UN/ofnouu/veLnUs8bhJqLaXt5bISYjsp6ed
qS3YG+n1Jk0KyJEC95mUb6yDsMNJsNVomcAWQ2l1e6Wb/jG0ZO4beMLH1UvI2RX3
Ofzd9/il/shiOcI5M1vZ9xc6I08Nz+Do5davQqqnzIBiokGt/eKD
-----END CERTIFICATE-----