Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/42NnB3jW5n3RbWWrHMDd_7NubAY.roa
File:                     42NnB3jW5n3RbWWrHMDd_7NubAY.roa (raw, json)
Hash identifier:          bZyySLXxgMQfpoBtEuXSmgHgMgLKQxBjV3IqMenXg0E=
Subject key identifier:   E3:63:67:07:78:D6:E6:7D:D1:6D:65:AB:1C:C0:DD:FF:B3:6E:6C:06
Certificate issuer:       /CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
Certificate serial:       019423D7BA6DAC845234EE95559DF8562C10
Authority key identifier: 5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/42NnB3jW5n3RbWWrHMDd_7NubAY.roa
Signing time:             Wed 01 Jan 2025 21:48:48 +0000
ROA not before:           Wed 01 Jan 2025 21:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211936
IP address blocks:        91.198.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:ba:6d:ac:84:52:34:ee:95:55:9d:f8:56:2c:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
        Validity
            Not Before: Jan  1 21:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e363670778d6e67dd16d65ab1cc0ddffb36e6c06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:8d:d9:11:38:a5:a3:1f:8e:c7:01:3d:ab:5d:
                    78:fc:0d:39:1b:b2:4d:be:7a:7a:cb:c6:13:1b:af:
                    26:0d:12:ff:a9:2b:58:41:8d:d4:f2:b8:f7:5d:1e:
                    f2:e4:90:c5:8a:f2:1d:4c:63:78:23:86:ad:5d:a1:
                    ea:7b:e9:e6:ff:d2:01:a2:17:f2:3d:0e:09:53:5b:
                    85:cc:14:71:29:1a:bd:c7:27:68:48:51:9f:5f:72:
                    ae:da:ad:b8:cb:de:86:e1:7f:3c:8c:65:e3:48:28:
                    b8:61:12:09:43:d7:00:0c:51:43:b6:60:ed:3b:64:
                    5c:98:ef:19:d2:66:95:a7:b2:5b:fc:b0:c2:1a:31:
                    ea:db:b8:71:b9:ba:99:db:b2:d9:af:11:7e:ff:d3:
                    a8:47:12:79:52:54:f0:59:e2:04:fa:5a:51:83:66:
                    25:36:6f:8b:ce:84:04:07:f8:de:98:54:d5:93:ae:
                    d3:8c:f8:1a:c9:88:38:c2:1b:46:c3:d0:16:51:08:
                    e4:0f:7a:05:8c:19:70:83:20:04:f3:9f:5c:f4:e6:
                    69:08:1d:3a:ad:b8:8c:77:97:d3:73:cd:f8:4c:02:
                    54:03:99:76:bb:37:4a:ae:c2:52:5e:f2:c3:bf:6e:
                    2d:0d:61:8b:81:8c:a7:3a:b3:6b:86:3b:71:94:ed:
                    89:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:63:67:07:78:D6:E6:7D:D1:6D:65:AB:1C:C0:DD:FF:B3:6E:6C:06
            X509v3 Authority Key Identifier:
                keyid:5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/42NnB3jW5n3RbWWrHMDd_7NubAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:76:84:9e:d4:51:95:fa:2c:93:32:49:57:f3:bc:8f:56:19:
         58:9c:92:61:48:77:98:2e:04:fd:87:e5:0e:64:93:5f:53:ce:
         7c:7a:b5:26:bc:c9:92:be:ec:4c:05:5e:62:9a:2d:f6:0e:20:
         cd:8b:95:c3:84:7c:4d:c2:e4:a5:4d:96:a2:0d:1e:e1:db:f9:
         02:3f:b4:3b:05:9a:8a:a8:c0:5d:a6:38:d7:8b:77:eb:a7:a3:
         e5:a2:dd:10:87:3e:dd:f7:16:af:15:3a:fa:1f:51:0f:0e:23:
         22:30:94:13:f2:7f:98:17:0b:aa:85:b1:e3:9d:63:08:8a:84:
         44:6c:ac:78:5c:42:d6:59:eb:93:4d:37:6a:54:b4:a4:20:57:
         18:15:25:72:6b:46:9c:10:19:ba:b1:06:94:8e:35:1e:d1:81:
         77:15:e4:28:c0:ea:08:e0:d0:c0:41:c3:37:ed:98:62:5f:25:
         22:38:bb:74:ec:e5:7c:84:fb:12:42:94:49:c9:44:96:74:a9:
         c8:48:a4:56:e3:c8:c4:40:45:64:83:0a:19:0c:03:62:ee:61:
         3c:78:f9:82:33:6b:a5:3c:b3:80:c8:16:c6:62:7b:7c:d8:78:
         4d:d9:1f:05:cf:22:45:5d:46:79:1a:25:2b:35:e4:55:16:5c:
         00:df:72:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj17ptrIRSNO6VVZ34ViwQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOGQwN2I0NWY3ZDgzMTI0YzlmOGMwZmFjMDNiZWMwMjQ2
OGIzN2UwHhcNMjUwMTAxMjE0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzYzNjcwNzc4ZDZlNjdkZDE2ZDY1YWIxY2MwZGRmZmIzNmU2YzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1o3ZETilox+OxwE9q114/A05G7JN
vnp6y8YTG68mDRL/qStYQY3U8rj3XR7y5JDFivIdTGN4I4atXaHqe+nm/9IBohfy
PQ4JU1uFzBRxKRq9xydoSFGfX3Ku2q24y96G4X88jGXjSCi4YRIJQ9cADFFDtmDt
O2RcmO8Z0maVp7Jb/LDCGjHq27hxubqZ27LZrxF+/9OoRxJ5UlTwWeIE+lpRg2Yl
Nm+LzoQEB/jemFTVk67TjPgayYg4whtGw9AWUQjkD3oFjBlwgyAE859c9OZpCB06
rbiMd5fTc834TAJUA5l2uzdKrsJSXvLDv24tDWGLgYynOrNrhjtxlO2JkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONjZwd41uZ90W1lqxzA3f+zbmwGMB8GA1UdIwQY
MBaAFF6NB7RffYMSTJ+MD6wDvsAkaLN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQt
NmM4ZmQ4NGJiNWY1LzEvNDJObkIzalc1bjNSYldXckhNRGRfN051YkFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQtNmM4ZmQ4NGJiNWY1
LzEvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZRMA0G
CSqGSIb3DQEBCwUAA4IBAQAodoSe1FGV+iyTMklX87yPVhlYnJJhSHeYLgT9h+UO
ZJNfU858erUmvMmSvuxMBV5imi32DiDNi5XDhHxNwuSlTZaiDR7h2/kCP7Q7BZqK
qMBdpjjXi3frp6Plot0Qhz7d9xavFTr6H1EPDiMiMJQT8n+YFwuqhbHjnWMIioRE
bKx4XELWWeuTTTdqVLSkIFcYFSVya0acEBm6sQaUjjUe0YF3FeQowOoI4NDAQcM3
7ZhiXyUiOLt07OV8hPsSQpRJyUSWdKnISKRW48jEQEVkgwoZDANi7mE8ePmCM2ul
PLOAyBbGYnt82HhN2R8FzyJFXUZ5GiUrNeRVFlwA33K5
-----END CERTIFICATE-----