Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/U0b6gboi64n531Jc6zyEuav6vyg.roa
File:                     U0b6gboi64n531Jc6zyEuav6vyg.roa (raw, json)
Hash identifier:          PZafjNuKkOPJe0JHguIOtwXHpUoa+ViotM7w88t40Yc=
Subject key identifier:   53:46:FA:81:BA:22:EB:89:F9:DF:52:5C:EB:3C:84:B9:AB:FA:BF:28
Certificate issuer:       /CN=6703f258d47becc2cb4b4fc572b229b2e64b6b92
Certificate serial:       019420684AD7F324029F7EDE3040E96A49DF
Authority key identifier: 67:03:F2:58:D4:7B:EC:C2:CB:4B:4F:C5:72:B2:29:B2:E6:4B:6B:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZwPyWNR77MLLS0_FcrIpsuZLa5I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/U0b6gboi64n531Jc6zyEuav6vyg.roa
Signing time:             Wed 01 Jan 2025 05:48:13 +0000
ROA not before:           Wed 01 Jan 2025 05:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20860
IP address blocks:        91.245.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/ZwPyWNR77MLLS0_FcrIpsuZLa5I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/ZwPyWNR77MLLS0_FcrIpsuZLa5I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZwPyWNR77MLLS0_FcrIpsuZLa5I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4a:d7:f3:24:02:9f:7e:de:30:40:e9:6a:49:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6703f258d47becc2cb4b4fc572b229b2e64b6b92
        Validity
            Not Before: Jan  1 05:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5346fa81ba22eb89f9df525ceb3c84b9abfabf28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8e:b9:c3:f0:9f:83:7a:95:a6:94:9b:96:e9:
                    23:06:17:0e:66:cd:df:37:77:30:40:91:3c:41:cc:
                    6a:a4:1f:5a:d6:29:30:9e:46:ff:ce:c3:2a:a8:be:
                    dd:6d:a6:83:3d:6c:f0:2f:44:1c:25:95:ca:d1:a4:
                    54:61:69:61:45:4b:28:b7:7e:e3:c8:e2:23:b5:f0:
                    9b:c3:8c:9d:fd:55:92:55:dd:97:16:16:b7:6f:2b:
                    1d:a4:99:cf:00:2c:0a:b7:2c:cd:11:2c:a9:a0:b2:
                    21:ec:58:b7:0f:a0:ad:d8:22:ce:20:a9:06:46:99:
                    9d:c0:11:3d:4f:dc:2e:0b:7c:d8:39:ce:98:7f:1d:
                    77:d9:10:40:26:90:03:6b:fa:b1:53:e4:8d:9b:73:
                    da:d3:c5:a1:0b:f1:66:de:f9:3d:d1:30:62:f4:81:
                    3b:95:2c:2a:6a:4c:5e:f6:07:12:e8:32:73:f3:78:
                    f2:ee:3f:46:8b:30:1e:3c:dd:54:a8:7b:40:54:01:
                    2e:3f:56:3a:5d:28:19:fd:72:ae:e7:df:5c:44:09:
                    c1:60:51:2a:ab:e3:aa:95:94:23:f4:ce:af:33:02:
                    5b:b0:d5:91:9f:5b:36:8e:e9:68:2b:db:67:8e:ef:
                    aa:96:cf:f2:43:45:ec:9b:84:0f:a7:d6:1b:15:32:
                    b2:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:46:FA:81:BA:22:EB:89:F9:DF:52:5C:EB:3C:84:B9:AB:FA:BF:28
            X509v3 Authority Key Identifier:
                keyid:67:03:F2:58:D4:7B:EC:C2:CB:4B:4F:C5:72:B2:29:B2:E6:4B:6B:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZwPyWNR77MLLS0_FcrIpsuZLa5I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/U0b6gboi64n531Jc6zyEuav6vyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/2a07cb-f6c0-49ba-a7d1-1b01453347da/1/ZwPyWNR77MLLS0_FcrIpsuZLa5I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:a2:bc:63:39:20:c6:9d:a1:74:6a:b2:ec:93:62:90:90:93:
         ab:fa:63:c7:c7:6c:16:88:f0:fb:cb:49:67:77:17:41:24:00:
         ce:1e:37:b9:34:cb:bd:29:71:96:27:f3:bd:73:fb:a6:79:2a:
         a0:28:1d:6b:1b:35:c5:62:91:c1:7c:3f:80:4f:c3:11:1c:95:
         a1:bc:28:bb:cd:80:98:a9:4f:8d:09:64:17:de:69:e2:47:7d:
         99:d2:53:ff:a9:8d:69:90:86:a9:21:ce:80:9f:32:9b:63:e6:
         cb:4c:6b:e4:d6:f3:01:c4:78:db:8a:c7:b4:7f:2d:47:43:6c:
         c0:12:bc:3f:47:86:16:ae:d9:49:57:85:5d:b9:d6:dd:aa:27:
         e5:b7:dc:f0:19:bd:b3:d7:e9:19:8b:13:3a:ea:10:0c:02:6c:
         ba:d0:a7:cc:95:57:64:17:32:1b:40:b7:c4:33:a5:4a:46:53:
         ab:a1:55:ee:36:63:25:95:50:49:bb:60:94:16:9d:37:0d:0a:
         a1:e4:4c:32:8b:d2:95:07:eb:7d:3e:84:bf:bd:91:da:9a:99:
         5a:25:6c:e5:81:8b:2c:4f:20:21:b3:48:d2:2c:0f:9a:59:97:
         89:79:bf:1e:5e:58:cd:34:f5:71:78:85:c6:6b:e1:f0:ca:47:
         35:06:96:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaErX8yQCn37eMEDpaknfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3MDNmMjU4ZDQ3YmVjYzJjYjRiNGZjNTcyYjIyOWIyZTY0
YjZiOTIwHhcNMjUwMTAxMDU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzQ2ZmE4MWJhMjJlYjg5ZjlkZjUyNWNlYjNjODRiOWFiZmFiZjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApI65w/Cfg3qVppSblukjBhcOZs3f
N3cwQJE8QcxqpB9a1ikwnkb/zsMqqL7dbaaDPWzwL0QcJZXK0aRUYWlhRUsot37j
yOIjtfCbw4yd/VWSVd2XFha3bysdpJnPACwKtyzNESypoLIh7Fi3D6Ct2CLOIKkG
RpmdwBE9T9wuC3zYOc6Yfx132RBAJpADa/qxU+SNm3Pa08WhC/Fm3vk90TBi9IE7
lSwqakxe9gcS6DJz83jy7j9GizAePN1UqHtAVAEuP1Y6XSgZ/XKu599cRAnBYFEq
q+OqlZQj9M6vMwJbsNWRn1s2juloK9tnju+qls/yQ0Xsm4QPp9YbFTKyhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFNG+oG6IuuJ+d9SXOs8hLmr+r8oMB8GA1UdIwQY
MBaAFGcD8ljUe+zCy0tPxXKyKbLmS2uSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWndQeVdOUjc3TUxMUzBfRmNySXBzdVpMYTVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8yYTA3Y2ItZjZjMC00OWJhLWE3ZDEt
MWIwMTQ1MzM0N2RhLzEvVTBiNmdib2k2NG41MzFKYzZ6eUV1YXY2dnlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8yYTA3Y2ItZjZjMC00OWJhLWE3ZDEtMWIwMTQ1MzM0N2Rh
LzEvWndQeVdOUjc3TUxMUzBfRmNySXBzdVpMYTVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/XaMA0G
CSqGSIb3DQEBCwUAA4IBAQC0orxjOSDGnaF0arLsk2KQkJOr+mPHx2wWiPD7y0ln
dxdBJADOHje5NMu9KXGWJ/O9c/umeSqgKB1rGzXFYpHBfD+AT8MRHJWhvCi7zYCY
qU+NCWQX3mniR32Z0lP/qY1pkIapIc6AnzKbY+bLTGvk1vMBxHjbise0fy1HQ2zA
Erw/R4YWrtlJV4Vdudbdqiflt9zwGb2z1+kZixM66hAMAmy60KfMlVdkFzIbQLfE
M6VKRlOroVXuNmMllVBJu2CUFp03DQqh5Ewyi9KVB+t9PoS/vZHamplaJWzlgYss
TyAhs0jSLA+aWZeJeb8eXljNNPVxeIXGa+Hwykc1Bpb7
-----END CERTIFICATE-----