Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/990506-41bc-4098-af7f-cc8bf3fbef99/1/DTxczwIBr_nfZRTIPgBtQYWGTi8.roa
File:                     DTxczwIBr_nfZRTIPgBtQYWGTi8.roa (raw, json)
Hash identifier:          +VMycRtyrx3wbrRNOQ5x4frKIMykN9VHtpPYdKmVF5w=
Subject key identifier:   0D:3C:5C:CF:02:01:AF:F9:DF:65:14:C8:3E:00:6D:41:85:86:4E:2F
Certificate issuer:       /CN=af478ccdc0480a6b43bacd8aaee0079b16ec2e68
Certificate serial:       01943671DBC9BE18062F4BE59E1B65E3CEF4
Authority key identifier: AF:47:8C:CD:C0:48:0A:6B:43:BA:CD:8A:AE:E0:07:9B:16:EC:2E:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r0eMzcBICmtDus2KruAHmxbsLmg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/990506-41bc-4098-af7f-cc8bf3fbef99/1/DTxczwIBr_nfZRTIPgBtQYWGTi8.roa
Signing time:             Sun 05 Jan 2025 12:30:18 +0000
ROA not before:           Sun 05 Jan 2025 12:30:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30857
IP address blocks:        91.206.134.0/23 maxlen: 23
                          91.206.134.0/24 maxlen: 24
                          91.206.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/990506-41bc-4098-af7f-cc8bf3fbef99/1/r0eMzcBICmtDus2KruAHmxbsLmg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/990506-41bc-4098-af7f-cc8bf3fbef99/1/r0eMzcBICmtDus2KruAHmxbsLmg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r0eMzcBICmtDus2KruAHmxbsLmg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 15:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:36:71:db:c9:be:18:06:2f:4b:e5:9e:1b:65:e3:ce:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af478ccdc0480a6b43bacd8aaee0079b16ec2e68
        Validity
            Not Before: Jan  5 12:30:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d3c5ccf0201aff9df6514c83e006d4185864e2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:57:90:61:75:46:52:3b:27:46:81:d4:49:fb:
                    20:a5:fc:48:9d:87:0c:68:45:bb:c0:d5:84:7c:0e:
                    d5:1b:03:23:da:d7:2a:df:2b:d2:7b:60:ac:18:03:
                    ea:b3:0d:36:43:a3:88:9d:15:dc:e1:69:b9:48:34:
                    7e:06:2c:73:e4:44:87:e3:6d:fb:81:4e:02:45:9a:
                    1e:d8:c0:55:4c:e7:d1:6e:74:ec:c4:82:70:db:96:
                    49:a1:13:a4:ae:bd:40:23:76:0b:92:21:0d:60:a8:
                    0c:fb:75:e4:9d:e4:a6:26:b0:46:29:fa:dc:a8:bc:
                    b3:e7:62:41:09:b6:a3:98:a6:53:91:e7:b6:37:3d:
                    01:59:d0:f6:c7:78:5c:d4:a2:2a:b1:07:9a:13:af:
                    8b:df:52:2c:c1:54:56:b2:86:1b:d9:d2:7d:cd:48:
                    4a:61:a4:da:e5:39:78:91:61:2c:cc:5d:9d:fc:0d:
                    6d:0c:b1:6a:1a:aa:2f:e7:17:3f:b3:f9:51:05:9d:
                    f4:ae:31:ed:f3:2d:b0:52:b9:5f:9f:34:ac:7e:a6:
                    d7:95:97:c6:da:da:d5:57:48:84:eb:c0:7f:e5:10:
                    14:28:b8:77:82:57:ca:ee:60:f3:e2:a9:44:5d:04:
                    d3:1e:c1:42:38:fa:eb:7d:d6:f7:36:41:7a:19:04:
                    0c:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:3C:5C:CF:02:01:AF:F9:DF:65:14:C8:3E:00:6D:41:85:86:4E:2F
            X509v3 Authority Key Identifier:
                keyid:AF:47:8C:CD:C0:48:0A:6B:43:BA:CD:8A:AE:E0:07:9B:16:EC:2E:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r0eMzcBICmtDus2KruAHmxbsLmg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/990506-41bc-4098-af7f-cc8bf3fbef99/1/DTxczwIBr_nfZRTIPgBtQYWGTi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/990506-41bc-4098-af7f-cc8bf3fbef99/1/r0eMzcBICmtDus2KruAHmxbsLmg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1a:23:0b:b0:34:2f:43:10:e7:84:3f:51:05:78:05:7a:75:c7:
         51:ad:1b:0f:d0:82:24:b0:4d:85:c0:18:88:5f:e0:7d:51:03:
         46:69:0b:7e:66:86:33:ef:75:d7:2e:95:aa:0f:6b:2a:d7:bd:
         28:58:d2:27:d0:8e:a9:06:cc:12:ed:63:73:8e:06:b6:42:d4:
         b6:02:09:4a:e4:97:d0:12:8d:31:9a:fb:c3:c9:03:fc:7f:59:
         5b:f2:4e:53:e4:ab:08:34:a6:d3:2d:f3:0e:f5:4f:d0:49:39:
         e5:d4:ef:fd:30:f3:a8:94:99:d2:53:af:90:28:84:f0:1e:98:
         4f:0d:4f:c5:39:85:67:ce:cd:b1:07:29:77:cd:ed:94:01:0e:
         eb:de:50:51:08:b8:89:26:da:c4:7b:73:95:8a:55:cc:b3:80:
         55:7f:25:ac:24:28:c4:df:f4:16:16:8b:e5:e9:ab:e2:6a:c2:
         b6:3a:a0:5d:ea:54:6e:f7:a9:95:22:b3:81:c8:53:bc:a3:7e:
         64:a0:30:9c:71:85:14:b5:d4:4f:01:be:9f:7a:69:ce:42:08:
         cc:4c:83:71:b8:35:18:cd:62:24:15:b5:47:90:70:4c:35:51:
         c5:45:16:36:88:68:5e:44:9d:d4:92:38:bf:d6:10:d0:f9:43:
         97:a6:5b:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQ2cdvJvhgGL0vlnhtl4870MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNDc4Y2NkYzA0ODBhNmI0M2JhY2Q4YWFlZTAwNzliMTZl
YzJlNjgwHhcNMjUwMTA1MTIzMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDNjNWNjZjAyMDFhZmY5ZGY2NTE0YzgzZTAwNmQ0MTg1ODY0ZTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFeQYXVGUjsnRoHUSfsgpfxInYcM
aEW7wNWEfA7VGwMj2tcq3yvSe2CsGAPqsw02Q6OInRXc4Wm5SDR+Bixz5ESH4237
gU4CRZoe2MBVTOfRbnTsxIJw25ZJoROkrr1AI3YLkiENYKgM+3XkneSmJrBGKfrc
qLyz52JBCbajmKZTkee2Nz0BWdD2x3hc1KIqsQeaE6+L31IswVRWsoYb2dJ9zUhK
YaTa5Tl4kWEszF2d/A1tDLFqGqov5xc/s/lRBZ30rjHt8y2wUrlfnzSsfqbXlZfG
2trVV0iE68B/5RAUKLh3glfK7mDz4qlEXQTTHsFCOPrrfdb3NkF6GQQMswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA08XM8CAa/532UUyD4AbUGFhk4vMB8GA1UdIwQY
MBaAFK9HjM3ASAprQ7rNiq7gB5sW7C5oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjBlTXpjQklDbXREdXMyS3J1QUhteGJzTG1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS85OTA1MDYtNDFiYy00MDk4LWFmN2Yt
Y2M4YmYzZmJlZjk5LzEvRFR4Y3p3SUJyX25mWlJUSVBnQnRRWVdHVGk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS85OTA1MDYtNDFiYy00MDk4LWFmN2YtY2M4YmYzZmJlZjk5
LzEvcjBlTXpjQklDbXREdXMyS3J1QUhteGJzTG1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW86GMA0G
CSqGSIb3DQEBCwUAA4IBAQAaIwuwNC9DEOeEP1EFeAV6dcdRrRsP0IIksE2FwBiI
X+B9UQNGaQt+ZoYz73XXLpWqD2sq170oWNIn0I6pBswS7WNzjga2QtS2AglK5JfQ
Eo0xmvvDyQP8f1lb8k5T5KsINKbTLfMO9U/QSTnl1O/9MPOolJnSU6+QKITwHphP
DU/FOYVnzs2xByl3ze2UAQ7r3lBRCLiJJtrEe3OVilXMs4BVfyWsJCjE3/QWFovl
6aviasK2OqBd6lRu96mVIrOByFO8o35koDCccYUUtdRPAb6femnOQgjMTINxuDUY
zWIkFbVHkHBMNVHFRRY2iGheRJ3Ukji/1hDQ+UOXplv/
-----END CERTIFICATE-----