Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/3RDyrZvZCaLxq028Ow5HCrsQefI.roa
File:                     3RDyrZvZCaLxq028Ow5HCrsQefI.roa (raw, json)
Hash identifier:          NXFuVuevT7dKqj3U3xabeRYu8pGJV55BCTjMmY4c/fY=
Subject key identifier:   DD:10:F2:AD:9B:D9:09:A2:F1:AB:4D:BC:3B:0E:47:0A:BB:10:79:F2
Certificate issuer:       /CN=2d0719ebd9a7b253e14b25cdec4cdd154a111e30
Certificate serial:       019426D9343F8909430739D97A8C001189DB
Authority key identifier: 2D:07:19:EB:D9:A7:B2:53:E1:4B:25:CD:EC:4C:DD:15:4A:11:1E:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LQcZ69mnslPhSyXN7EzdFUoRHjA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/3RDyrZvZCaLxq028Ow5HCrsQefI.roa
Signing time:             Thu 02 Jan 2025 11:49:16 +0000
ROA not before:           Thu 02 Jan 2025 11:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197198
IP address blocks:        91.216.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/LQcZ69mnslPhSyXN7EzdFUoRHjA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/LQcZ69mnslPhSyXN7EzdFUoRHjA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LQcZ69mnslPhSyXN7EzdFUoRHjA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:34:3f:89:09:43:07:39:d9:7a:8c:00:11:89:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d0719ebd9a7b253e14b25cdec4cdd154a111e30
        Validity
            Not Before: Jan  2 11:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd10f2ad9bd909a2f1ab4dbc3b0e470abb1079f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a8:9f:06:4b:04:15:e4:fe:dd:ed:72:e6:77:
                    9e:24:7b:fc:75:f1:40:28:85:9d:43:67:a0:9b:8a:
                    4e:89:ed:95:ef:e8:80:0d:26:ca:cc:8d:86:0d:9e:
                    89:fa:11:78:f0:15:6a:5c:3a:04:d4:43:a9:94:3e:
                    5f:b8:7c:9a:ac:4a:f2:b5:e7:88:e1:1e:c0:33:4f:
                    b3:64:6e:ff:7d:e3:ef:31:66:de:ad:82:99:b8:27:
                    1c:34:86:b3:9e:10:c3:b9:3f:5f:bd:a0:91:b3:0f:
                    ad:83:14:fe:cd:b2:79:d4:be:c7:7b:8b:71:17:de:
                    4c:a2:3d:b5:68:7b:f9:c0:ce:32:25:1f:19:ea:32:
                    38:8a:50:a9:43:fb:96:26:25:6c:12:9f:88:7e:0a:
                    5d:9c:a7:46:e1:f9:56:0b:d6:c7:ad:c8:76:95:fa:
                    76:6d:78:d2:9e:c6:22:f9:9b:80:c6:bf:a2:e7:79:
                    2d:e3:56:21:6e:77:01:b7:e8:ef:dd:77:22:ef:0e:
                    08:02:b9:71:77:43:58:46:e0:a7:6a:53:b8:50:1a:
                    d9:fe:e8:ff:4f:fb:97:e0:0a:32:8c:a6:13:f6:ef:
                    2a:b2:5d:84:3b:93:a1:3e:d3:b0:d6:bd:73:a2:b0:
                    8b:29:02:78:3a:d6:16:58:18:ed:6d:fc:a2:1e:30:
                    16:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:10:F2:AD:9B:D9:09:A2:F1:AB:4D:BC:3B:0E:47:0A:BB:10:79:F2
            X509v3 Authority Key Identifier:
                keyid:2D:07:19:EB:D9:A7:B2:53:E1:4B:25:CD:EC:4C:DD:15:4A:11:1E:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LQcZ69mnslPhSyXN7EzdFUoRHjA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/3RDyrZvZCaLxq028Ow5HCrsQefI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/a1a2a5-38e0-458f-8600-377493ce5877/1/LQcZ69mnslPhSyXN7EzdFUoRHjA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:b9:bc:fe:bf:5e:7a:b7:e1:3a:d9:40:52:ac:46:91:09:bf:
         a4:20:89:6b:c3:7c:18:46:f7:12:0b:77:30:11:23:e6:f2:a2:
         28:28:ed:93:4c:d9:9c:8b:de:e2:d7:c8:fd:19:24:31:a4:81:
         2b:25:f8:b1:7d:92:54:75:a1:58:7a:7b:6f:e3:69:65:fd:bf:
         a5:cb:33:8c:87:45:3e:5f:2f:36:8e:94:d2:2d:e3:4e:61:f0:
         37:d6:82:9a:eb:26:4a:c7:74:00:4d:a5:09:14:d4:42:f2:9c:
         4e:84:6d:0d:ca:63:a0:4e:ac:9a:33:93:12:1d:82:2a:e5:26:
         b6:ab:0c:05:6b:8e:2f:d1:85:4e:c4:eb:cd:c3:84:20:4c:5e:
         28:68:77:41:51:e1:a1:a6:c6:fa:60:aa:61:5a:05:20:99:c9:
         bb:68:b6:ca:9b:54:71:c8:f0:0b:a0:62:c7:3b:11:b1:6c:9e:
         87:0b:21:0c:12:c1:f3:f1:5b:33:7c:82:2f:24:0e:1d:d7:b0:
         02:07:e3:aa:af:dd:f8:38:02:8c:c2:3c:e4:4c:17:4d:7e:07:
         41:dc:ac:a4:09:07:8f:64:43:4d:56:c2:7f:2d:55:89:27:98:
         26:a3:d4:9f:16:bb:28:e3:cc:ec:f8:52:2e:fc:68:ad:9b:b1:
         5c:c2:f9:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2TQ/iQlDBznZeowAEYnbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkMDcxOWViZDlhN2IyNTNlMTRiMjVjZGVjNGNkZDE1NGEx
MTFlMzAwHhcNMjUwMTAyMTE0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDEwZjJhZDliZDkwOWEyZjFhYjRkYmMzYjBlNDcwYWJiMTA3OWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6ifBksEFeT+3e1y5neeJHv8dfFA
KIWdQ2egm4pOie2V7+iADSbKzI2GDZ6J+hF48BVqXDoE1EOplD5fuHyarEryteeI
4R7AM0+zZG7/fePvMWberYKZuCccNIaznhDDuT9fvaCRsw+tgxT+zbJ51L7He4tx
F95Moj21aHv5wM4yJR8Z6jI4ilCpQ/uWJiVsEp+IfgpdnKdG4flWC9bHrch2lfp2
bXjSnsYi+ZuAxr+i53kt41YhbncBt+jv3Xci7w4IArlxd0NYRuCnalO4UBrZ/uj/
T/uX4AoyjKYT9u8qsl2EO5OhPtOw1r1zorCLKQJ4OtYWWBjtbfyiHjAWowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN0Q8q2b2Qmi8atNvDsORwq7EHnyMB8GA1UdIwQY
MBaAFC0HGevZp7JT4UslzexM3RVKER4wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFFjWjY5bW5zbFBoU3lYTjdFemRGVW9SSGpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9hMWEyYTUtMzhlMC00NThmLTg2MDAt
Mzc3NDkzY2U1ODc3LzEvM1JEeXJadlpDYUx4cTAyOE93NUhDcnNRZWZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9hMWEyYTUtMzhlMC00NThmLTg2MDAtMzc3NDkzY2U1ODc3
LzEvTFFjWjY5bW5zbFBoU3lYTjdFemRGVW9SSGpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9jmMA0G
CSqGSIb3DQEBCwUAA4IBAQBcubz+v156t+E62UBSrEaRCb+kIIlrw3wYRvcSC3cw
ESPm8qIoKO2TTNmci97i18j9GSQxpIErJfixfZJUdaFYentv42ll/b+lyzOMh0U+
Xy82jpTSLeNOYfA31oKa6yZKx3QATaUJFNRC8pxOhG0NymOgTqyaM5MSHYIq5Sa2
qwwFa44v0YVOxOvNw4QgTF4oaHdBUeGhpsb6YKphWgUgmcm7aLbKm1RxyPALoGLH
OxGxbJ6HCyEMEsHz8VszfIIvJA4d17ACB+Oqr934OAKMwjzkTBdNfgdB3KykCQeP
ZENNVsJ/LVWJJ5gmo9SfFrso48zs+FIu/Gitm7FcwvkZ
-----END CERTIFICATE-----