Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/gTuMJj4zNk4inmWeuwHt2oopg5M.roa
File:                     gTuMJj4zNk4inmWeuwHt2oopg5M.roa (raw, json)
Hash identifier:          zopPOsMBU8dt9Dr0i+LUD1TPbnQUzJ4uDKxUzfrnRiY=
Subject key identifier:   81:3B:8C:26:3E:33:36:4E:22:9E:65:9E:BB:01:ED:DA:8A:29:83:93
Certificate issuer:       /CN=84a69fc568894cb3985edef22216bd99974de251
Certificate serial:       019422FC47802CB0B0630396E35178DAFED4
Authority key identifier: 84:A6:9F:C5:68:89:4C:B3:98:5E:DE:F2:22:16:BD:99:97:4D:E2:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hKafxWiJTLOYXt7yIha9mZdN4lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/gTuMJj4zNk4inmWeuwHt2oopg5M.roa
Signing time:             Wed 01 Jan 2025 17:49:06 +0000
ROA not before:           Wed 01 Jan 2025 17:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56339
IP address blocks:        91.243.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/hKafxWiJTLOYXt7yIha9mZdN4lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/hKafxWiJTLOYXt7yIha9mZdN4lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hKafxWiJTLOYXt7yIha9mZdN4lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:47:80:2c:b0:b0:63:03:96:e3:51:78:da:fe:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84a69fc568894cb3985edef22216bd99974de251
        Validity
            Not Before: Jan  1 17:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=813b8c263e33364e229e659ebb01edda8a298393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f4:12:59:4a:01:a4:6c:46:af:e1:e8:48:8c:
                    b3:0a:9a:e6:32:36:8d:e2:f6:0e:38:31:25:9c:c0:
                    8f:bf:a5:27:2f:a5:83:e0:ad:47:18:f8:3a:75:5b:
                    ee:10:9f:c3:c5:1b:ab:b8:59:78:46:35:08:31:a0:
                    85:2f:9a:45:25:83:ff:3a:20:de:12:8f:27:36:de:
                    a2:2b:b6:34:1e:64:63:a2:33:ca:9f:1c:02:24:76:
                    1c:1f:76:36:e7:cd:34:54:8f:a6:e3:04:aa:c6:72:
                    fc:2b:86:70:73:3a:29:7b:10:49:3c:f1:23:fd:74:
                    a4:b3:85:e3:2e:6e:a4:d6:38:66:6d:8d:1d:d2:fc:
                    3b:40:18:c1:42:2a:17:3c:6b:a5:74:70:8c:b0:75:
                    f7:e3:f1:8c:7a:c1:e7:3d:e0:ab:86:8c:98:4d:d4:
                    22:21:c8:81:2a:31:d6:b5:2c:fd:c7:20:fb:5b:a3:
                    38:2b:a5:9d:c2:d6:43:98:c4:ca:58:2c:02:fc:88:
                    ec:b4:6a:61:2a:5f:f5:f9:03:33:8b:25:18:4b:78:
                    75:ea:78:d6:70:de:1b:43:b2:26:d5:8f:55:0f:95:
                    09:d8:23:e2:33:36:a5:a9:fa:a4:24:f5:6a:ff:1f:
                    4f:40:12:cd:ca:36:ce:ce:99:30:1d:3b:5c:e3:8c:
                    c5:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:3B:8C:26:3E:33:36:4E:22:9E:65:9E:BB:01:ED:DA:8A:29:83:93
            X509v3 Authority Key Identifier:
                keyid:84:A6:9F:C5:68:89:4C:B3:98:5E:DE:F2:22:16:BD:99:97:4D:E2:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hKafxWiJTLOYXt7yIha9mZdN4lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/gTuMJj4zNk4inmWeuwHt2oopg5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c60a1e-9080-4b08-95da-437fe50bb4f7/1/hKafxWiJTLOYXt7yIha9mZdN4lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.243.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:e5:ce:11:54:a1:73:08:15:7b:87:7a:a4:e8:75:75:dc:75:
         f9:43:b2:fc:30:07:8c:45:2b:23:d8:05:a2:a7:35:13:15:7b:
         1b:29:b1:ba:52:d0:e4:b9:c7:19:46:c9:cc:c9:2a:41:11:b1:
         5d:a0:fc:6a:70:96:0e:f6:73:8d:d6:e9:c4:fb:e8:5d:60:8b:
         cf:f7:cb:93:b2:94:56:cc:8f:cd:69:84:a0:c8:77:f3:42:22:
         78:e4:b8:52:21:6b:27:bd:51:88:18:91:10:43:67:87:6f:d3:
         d0:1e:52:59:ea:66:44:1d:48:77:d5:6d:bb:1d:82:87:98:8f:
         98:8b:11:55:42:06:3b:f3:87:d5:ab:7a:18:0d:c0:a2:b5:2e:
         e4:cb:98:3e:af:26:9a:18:11:8f:43:5a:93:42:4b:cb:ca:93:
         d3:57:0d:11:f2:fa:8f:d9:c2:89:e5:51:0a:d9:e6:f7:dc:4a:
         15:20:cf:64:fb:5f:36:b3:f3:07:74:8d:b8:f1:f3:bf:1b:aa:
         42:ef:e6:3f:9c:e2:7f:8e:19:cc:96:5d:42:d0:39:cf:0b:9d:
         26:ce:b5:80:09:b3:d0:5c:a0:53:a5:23:56:9b:a7:79:7e:a8:
         bc:7d:87:17:35:29:6f:d1:55:98:5d:9b:dc:77:55:8e:fa:af:
         74:c4:63:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/EeALLCwYwOW41F42v7UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YTY5ZmM1Njg4OTRjYjM5ODVlZGVmMjIyMTZiZDk5OTc0
ZGUyNTEwHhcNMjUwMTAxMTc0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTNiOGMyNjNlMzMzNjRlMjI5ZTY1OWViYjAxZWRkYThhMjk4MzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/QSWUoBpGxGr+HoSIyzCprmMjaN
4vYOODElnMCPv6UnL6WD4K1HGPg6dVvuEJ/DxRuruFl4RjUIMaCFL5pFJYP/OiDe
Eo8nNt6iK7Y0HmRjojPKnxwCJHYcH3Y25800VI+m4wSqxnL8K4ZwczopexBJPPEj
/XSks4XjLm6k1jhmbY0d0vw7QBjBQioXPGuldHCMsHX34/GMesHnPeCrhoyYTdQi
IciBKjHWtSz9xyD7W6M4K6WdwtZDmMTKWCwC/IjstGphKl/1+QMziyUYS3h16njW
cN4bQ7Im1Y9VD5UJ2CPiMzalqfqkJPVq/x9PQBLNyjbOzpkwHTtc44zFQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIE7jCY+MzZOIp5lnrsB7dqKKYOTMB8GA1UdIwQY
MBaAFISmn8VoiUyzmF7e8iIWvZmXTeJRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEthZnhXaUpUTE9ZWHQ3eUloYTltWmRONGxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9jNjBhMWUtOTA4MC00YjA4LTk1ZGEt
NDM3ZmU1MGJiNGY3LzEvZ1R1TUpqNHpOazRpbm1XZXV3SHQyb29wZzVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9jNjBhMWUtOTA4MC00YjA4LTk1ZGEtNDM3ZmU1MGJiNGY3
LzEvaEthZnhXaUpUTE9ZWHQ3eUloYTltWmRONGxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/N1MA0G
CSqGSIb3DQEBCwUAA4IBAQBD5c4RVKFzCBV7h3qk6HV13HX5Q7L8MAeMRSsj2AWi
pzUTFXsbKbG6UtDkuccZRsnMySpBEbFdoPxqcJYO9nON1unE++hdYIvP98uTspRW
zI/NaYSgyHfzQiJ45LhSIWsnvVGIGJEQQ2eHb9PQHlJZ6mZEHUh31W27HYKHmI+Y
ixFVQgY784fVq3oYDcCitS7ky5g+ryaaGBGPQ1qTQkvLypPTVw0R8vqP2cKJ5VEK
2eb33EoVIM9k+182s/MHdI248fO/G6pC7+Y/nOJ/jhnMll1C0DnPC50mzrWACbPQ
XKBTpSNWm6d5fqi8fYcXNSlv0VWYXZvcd1WO+q90xGNu
-----END CERTIFICATE-----