Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/HfieAyyFiGHzuxK88Qqlcm0jHjE.roa
File:                     HfieAyyFiGHzuxK88Qqlcm0jHjE.roa (raw, json)
Hash identifier:          9hArFOOTkWsSdh7y1qMFDzyLMrMdzpKqI+tBBv6IzqM=
Subject key identifier:   1D:F8:9E:03:2C:85:88:61:F3:BB:12:BC:F1:0A:A5:72:6D:23:1E:31
Certificate issuer:       /CN=96f2da2fa1bc8ed2f2bc6b703a8bf15340f97cfa
Certificate serial:       01942143FBA88B1714F36BD07126475E2BDE
Authority key identifier: 96:F2:DA:2F:A1:BC:8E:D2:F2:BC:6B:70:3A:8B:F1:53:40:F9:7C:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lvLaL6G8jtLyvGtwOovxU0D5fPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/HfieAyyFiGHzuxK88Qqlcm0jHjE.roa
Signing time:             Wed 01 Jan 2025 09:48:10 +0000
ROA not before:           Wed 01 Jan 2025 09:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197645
IP address blocks:        91.223.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/lvLaL6G8jtLyvGtwOovxU0D5fPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/lvLaL6G8jtLyvGtwOovxU0D5fPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lvLaL6G8jtLyvGtwOovxU0D5fPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:fb:a8:8b:17:14:f3:6b:d0:71:26:47:5e:2b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=96f2da2fa1bc8ed2f2bc6b703a8bf15340f97cfa
        Validity
            Not Before: Jan  1 09:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1df89e032c858861f3bb12bcf10aa5726d231e31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2d:c5:60:e6:fa:3c:4e:eb:eb:9e:91:57:a0:
                    d5:06:61:72:c3:1b:7d:a2:89:28:1b:e6:5f:2b:40:
                    15:9e:ee:86:27:70:b5:14:42:3d:c5:9a:f9:f3:cf:
                    55:d4:59:e6:4c:d2:8f:7d:7f:9b:83:fd:93:7e:93:
                    3c:e0:e0:4a:13:f1:8f:8b:15:d5:66:89:35:a3:88:
                    15:a3:8e:87:c7:33:89:d3:b5:23:d0:c2:a7:b6:65:
                    3f:96:c6:cb:34:49:38:c5:95:02:05:ba:81:d0:f0:
                    a6:ba:14:80:13:33:f4:5d:96:de:b4:52:25:71:e4:
                    01:6d:c2:05:ad:b9:a6:91:af:00:0f:7f:f9:c3:24:
                    d9:49:d8:ef:6f:10:c7:bc:f9:5f:60:8f:e6:88:ac:
                    9e:f0:42:d2:6e:5a:94:ed:95:74:8b:cc:66:f1:76:
                    0c:e0:92:67:00:1e:7a:ea:9b:ca:ee:cf:9c:14:d8:
                    65:3f:59:0a:b9:f0:de:0e:85:e8:c8:40:7b:d1:62:
                    8f:0f:54:1a:65:09:41:44:bc:d1:49:25:a2:77:7f:
                    e9:3e:f7:56:19:f4:2e:f4:06:a5:f0:eb:4e:52:75:
                    4d:ec:70:2c:c9:97:da:2b:0f:41:80:36:5d:da:41:
                    60:ef:17:7e:a3:28:ce:e3:8f:7f:e4:d3:28:8e:75:
                    3e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:F8:9E:03:2C:85:88:61:F3:BB:12:BC:F1:0A:A5:72:6D:23:1E:31
            X509v3 Authority Key Identifier:
                keyid:96:F2:DA:2F:A1:BC:8E:D2:F2:BC:6B:70:3A:8B:F1:53:40:F9:7C:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lvLaL6G8jtLyvGtwOovxU0D5fPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/HfieAyyFiGHzuxK88Qqlcm0jHjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/fc4690-080f-4018-89a1-93b4fe5157ec/1/lvLaL6G8jtLyvGtwOovxU0D5fPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:51:7d:43:89:80:34:7b:6f:52:f1:00:4a:48:d0:e2:19:34:
         d5:e4:04:78:31:76:de:8a:38:63:b2:e2:b4:e1:88:46:be:04:
         c9:7c:17:32:8f:c0:48:6b:cd:e4:72:d3:6c:a0:4e:c4:bf:d8:
         21:7d:30:71:eb:56:6c:b8:43:f6:c4:e2:ba:61:99:d3:41:cf:
         a6:6c:4e:2f:53:f6:ea:c4:7e:02:10:d4:9a:c2:1a:4e:aa:26:
         a6:b9:4a:0e:cb:e2:46:4a:c9:a4:cc:aa:41:61:d5:35:06:d3:
         da:92:2a:c9:76:18:1f:3d:55:93:64:62:7d:69:af:c0:7c:5a:
         21:b8:06:d9:c5:29:9e:4e:09:9b:52:95:6c:f5:fc:82:0a:95:
         ca:f3:21:50:f0:a0:90:f5:95:06:76:ff:b1:fb:f3:82:54:66:
         d5:b1:6e:dd:54:ad:aa:b3:e5:ff:f7:ed:62:79:51:1f:c9:f9:
         da:99:a7:33:55:99:19:00:a6:bf:62:24:32:17:b0:ac:16:95:
         41:17:92:a7:ca:3a:c0:d0:e6:21:75:97:a2:cc:ab:ec:40:62:
         4f:14:0f:3a:bf:ef:f5:f2:bd:26:26:a5:3b:d6:8e:9e:e6:db:
         9e:26:60:16:d3:22:0a:0c:69:b1:2c:9f:5c:e2:83:56:9f:2d:
         36:98:23:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/uoixcU82vQcSZHXiveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2ZjJkYTJmYTFiYzhlZDJmMmJjNmI3MDNhOGJmMTUzNDBm
OTdjZmEwHhcNMjUwMTAxMDk0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGY4OWUwMzJjODU4ODYxZjNiYjEyYmNmMTBhYTU3MjZkMjMxZTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvi3FYOb6PE7r656RV6DVBmFywxt9
ookoG+ZfK0AVnu6GJ3C1FEI9xZr5889V1FnmTNKPfX+bg/2TfpM84OBKE/GPixXV
Zok1o4gVo46HxzOJ07Uj0MKntmU/lsbLNEk4xZUCBbqB0PCmuhSAEzP0XZbetFIl
ceQBbcIFrbmmka8AD3/5wyTZSdjvbxDHvPlfYI/miKye8ELSblqU7ZV0i8xm8XYM
4JJnAB566pvK7s+cFNhlP1kKufDeDoXoyEB70WKPD1QaZQlBRLzRSSWid3/pPvdW
GfQu9Aal8OtOUnVN7HAsyZfaKw9BgDZd2kFg7xd+oyjO449/5NMojnU+MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB34ngMshYhh87sSvPEKpXJtIx4xMB8GA1UdIwQY
MBaAFJby2i+hvI7S8rxrcDqL8VNA+Xz6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHZMYUw2RzhqdEx5dkd0d09vdnhVMEQ1ZlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9mYzQ2OTAtMDgwZi00MDE4LTg5YTEt
OTNiNGZlNTE1N2VjLzEvSGZpZUF5eUZpR0h6dXhLODhRcWxjbTBqSGpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9mYzQ2OTAtMDgwZi00MDE4LTg5YTEtOTNiNGZlNTE1N2Vj
LzEvbHZMYUw2RzhqdEx5dkd0d09vdnhVMEQ1ZlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/UMA0G
CSqGSIb3DQEBCwUAA4IBAQAHUX1DiYA0e29S8QBKSNDiGTTV5AR4MXbeijhjsuK0
4YhGvgTJfBcyj8BIa83kctNsoE7Ev9ghfTBx61ZsuEP2xOK6YZnTQc+mbE4vU/bq
xH4CENSawhpOqiamuUoOy+JGSsmkzKpBYdU1BtPakirJdhgfPVWTZGJ9aa/AfFoh
uAbZxSmeTgmbUpVs9fyCCpXK8yFQ8KCQ9ZUGdv+x+/OCVGbVsW7dVK2qs+X/9+1i
eVEfyfnamaczVZkZAKa/YiQyF7CsFpVBF5KnyjrA0OYhdZeizKvsQGJPFA86v+/1
8r0mJqU71o6e5tueJmAW0yIKDGmxLJ9c4oNWny02mCOF
-----END CERTIFICATE-----