Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/11cfb5-acb5-4052-9f83-5e2c9dab8403/1/1patb8mkVp0mJa0slQ7qQ-5WVBk.roa
File:                     1patb8mkVp0mJa0slQ7qQ-5WVBk.roa (raw, json)
Hash identifier:          DsUMv9vQW0wvlxaSYrdoCYfaCKpNMHSpozAHeICWqOw=
Subject key identifier:   D6:96:AD:6F:C9:A4:56:9D:26:25:AD:2C:95:0E:EA:43:EE:56:54:19
Certificate issuer:       /CN=b9112c804a7f4a74ce58cc71c994f5a9d56122b1
Certificate serial:       019424459BF1BDF15EECB17577C9278FA7F3
Authority key identifier: B9:11:2C:80:4A:7F:4A:74:CE:58:CC:71:C9:94:F5:A9:D5:61:22:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uREsgEp_SnTOWMxxyZT1qdVhIrE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/11cfb5-acb5-4052-9f83-5e2c9dab8403/1/1patb8mkVp0mJa0slQ7qQ-5WVBk.roa
Signing time:             Wed 01 Jan 2025 23:48:49 +0000
ROA not before:           Wed 01 Jan 2025 23:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209467
IP address blocks:        91.217.175.0/24 maxlen: 24
                          2001:678:93c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/11cfb5-acb5-4052-9f83-5e2c9dab8403/1/uREsgEp_SnTOWMxxyZT1qdVhIrE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/11cfb5-acb5-4052-9f83-5e2c9dab8403/1/uREsgEp_SnTOWMxxyZT1qdVhIrE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uREsgEp_SnTOWMxxyZT1qdVhIrE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:9b:f1:bd:f1:5e:ec:b1:75:77:c9:27:8f:a7:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9112c804a7f4a74ce58cc71c994f5a9d56122b1
        Validity
            Not Before: Jan  1 23:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d696ad6fc9a4569d2625ad2c950eea43ee565419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f1:40:80:89:36:39:8d:46:bd:3f:98:05:aa:
                    9a:e4:cc:19:04:12:9c:1d:eb:ca:f4:56:6e:59:f3:
                    0a:7a:64:d5:cc:71:eb:3d:4a:f8:42:bb:54:4f:03:
                    26:2d:d9:5f:4d:80:35:de:ca:c4:65:94:13:44:26:
                    c0:08:6d:f7:25:bc:a3:fe:1b:b3:d9:07:6e:53:cd:
                    0d:94:c4:22:c4:c8:38:07:de:1f:0a:1c:c9:09:94:
                    2a:7d:55:cc:6d:4e:12:ec:71:88:8d:06:0b:45:a1:
                    a9:f7:c7:04:9f:b2:01:cd:08:5b:a2:b5:dc:5a:24:
                    1e:a0:88:47:a4:f6:79:76:7d:33:e4:66:51:61:0c:
                    ca:7f:26:f5:36:24:f0:5b:23:cb:d4:18:a5:7f:86:
                    82:07:37:30:08:fa:2b:e7:aa:6f:30:af:4b:4c:95:
                    fa:07:d7:4e:ce:39:50:35:d6:76:e8:03:7e:13:b9:
                    ba:bb:e8:16:43:59:29:c3:71:cc:93:fa:86:af:be:
                    a0:35:01:48:bd:f7:79:f4:4e:69:36:33:61:eb:75:
                    27:23:85:6f:fd:bf:09:34:8a:53:5f:f5:14:28:33:
                    3f:59:f0:5a:d3:f5:6b:b7:59:af:3b:2c:33:c3:be:
                    a4:af:5c:c0:29:45:4f:f0:4c:c3:99:76:22:00:93:
                    04:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:96:AD:6F:C9:A4:56:9D:26:25:AD:2C:95:0E:EA:43:EE:56:54:19
            X509v3 Authority Key Identifier:
                keyid:B9:11:2C:80:4A:7F:4A:74:CE:58:CC:71:C9:94:F5:A9:D5:61:22:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uREsgEp_SnTOWMxxyZT1qdVhIrE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/11cfb5-acb5-4052-9f83-5e2c9dab8403/1/1patb8mkVp0mJa0slQ7qQ-5WVBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/11cfb5-acb5-4052-9f83-5e2c9dab8403/1/uREsgEp_SnTOWMxxyZT1qdVhIrE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.175.0/24
                IPv6:
                  2001:678:93c::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:e6:5e:71:53:f9:0c:2c:73:df:e3:7a:06:cd:e7:6f:85:86:
         d1:05:2e:33:65:dd:9e:7e:4a:0a:fb:3f:da:0c:2a:76:ec:21:
         ef:cc:92:3a:28:de:14:4a:e2:67:6c:a6:d2:fd:d9:51:40:f7:
         be:90:f4:03:c8:25:cb:15:03:c7:28:6b:01:7f:5a:8f:c3:d9:
         96:48:04:8f:ec:cf:9d:a6:c5:d9:25:94:c5:01:60:b6:4d:2e:
         f0:8b:91:f3:80:f5:cc:56:23:05:e5:80:7b:0b:76:39:ca:3d:
         2e:ff:78:53:21:ce:c0:60:ad:6f:18:ce:39:fc:43:2c:c8:8f:
         b0:3e:74:87:2d:b6:f2:cf:99:a4:fb:6a:a0:2d:83:9e:82:70:
         43:1b:0e:ae:68:69:23:3b:3a:eb:8e:2a:28:70:1f:3d:02:b8:
         98:4f:07:dc:df:21:8f:0d:1b:35:f4:c4:d2:3c:4d:2a:73:cd:
         d2:03:ad:92:df:b1:8a:a7:51:45:10:05:d0:5b:cb:84:63:fb:
         99:31:14:4f:39:91:f0:17:b5:49:45:ba:7a:cb:d4:71:61:22:
         c3:b7:d7:81:20:2c:cd:27:2f:ec:2c:8d:ab:ec:73:9c:3f:97:
         b2:8e:bf:97:ff:ef:cd:f8:7a:4f:a8:88:71:c3:4c:fd:55:95:
         da:11:43:69
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRZvxvfFe7LF1d8knj6fzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MTEyYzgwNGE3ZjRhNzRjZTU4Y2M3MWM5OTRmNWE5ZDU2
MTIyYjEwHhcNMjUwMTAxMjM0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjk2YWQ2ZmM5YTQ1NjlkMjYyNWFkMmM5NTBlZWE0M2VlNTY1NDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvFAgIk2OY1GvT+YBaqa5MwZBBKc
HevK9FZuWfMKemTVzHHrPUr4QrtUTwMmLdlfTYA13srEZZQTRCbACG33Jbyj/huz
2QduU80NlMQixMg4B94fChzJCZQqfVXMbU4S7HGIjQYLRaGp98cEn7IBzQhborXc
WiQeoIhHpPZ5dn0z5GZRYQzKfyb1NiTwWyPL1Bilf4aCBzcwCPor56pvMK9LTJX6
B9dOzjlQNdZ26AN+E7m6u+gWQ1kpw3HMk/qGr76gNQFIvfd59E5pNjNh63UnI4Vv
/b8JNIpTX/UUKDM/WfBa0/Vrt1mvOywzw76kr1zAKUVP8EzDmXYiAJME6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNaWrW/JpFadJiWtLJUO6kPuVlQZMB8GA1UdIwQY
MBaAFLkRLIBKf0p0zljMccmU9anVYSKxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJFc2dFcF9TblRPV014eHlaVDFxZFZoSXJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8xMWNmYjUtYWNiNS00MDUyLTlmODMt
NWUyYzlkYWI4NDAzLzEvMXBhdGI4bWtWcDBtSmEwc2xRN3FRLTVXVkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8xMWNmYjUtYWNiNS00MDUyLTlmODMtNWUyYzlkYWI4NDAz
LzEvdVJFc2dFcF9TblRPV014eHlaVDFxZFZoSXJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9mvMA8E
AgACMAkDBwAgAQZ4CTwwDQYJKoZIhvcNAQELBQADggEBAFPmXnFT+Qwsc9/jegbN
52+FhtEFLjNl3Z5+Sgr7P9oMKnbsIe/Mkjoo3hRK4mdsptL92VFA976Q9APIJcsV
A8coawF/Wo/D2ZZIBI/sz52mxdkllMUBYLZNLvCLkfOA9cxWIwXlgHsLdjnKPS7/
eFMhzsBgrW8Yzjn8QyzIj7A+dIcttvLPmaT7aqAtg56CcEMbDq5oaSM7OuuOKihw
Hz0CuJhPB9zfIY8NGzX0xNI8TSpzzdIDrZLfsYqnUUUQBdBby4Rj+5kxFE85kfAX
tUlFunrL1HFhIsO314EgLM0nL+wsjavsc5w/l7KOv5f/7834ek+oiHHDTP1VldoR
Q2k=
-----END CERTIFICATE-----