Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/b-VOh1iyKHVcDysv8XYced0xnLo.roa
File:                     b-VOh1iyKHVcDysv8XYced0xnLo.roa (raw, json)
Hash identifier:          0b/hMsK4rsISxKd+Kzt0DOFihl9RrwFHAkmEpylmN4I=
Subject key identifier:   6F:E5:4E:87:58:B2:28:75:5C:0F:2B:2F:F1:76:1C:79:DD:31:9C:BA
Certificate issuer:       /CN=df8089aa9e1d5c12abad43a701511da1c65f9fa6
Certificate serial:       01942220307AE06F0A071DAF444C90ED742F
Authority key identifier: DF:80:89:AA:9E:1D:5C:12:AB:AD:43:A7:01:51:1D:A1:C6:5F:9F:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34CJqp4dXBKrrUOnAVEdocZfn6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/b-VOh1iyKHVcDysv8XYced0xnLo.roa
Signing time:             Wed 01 Jan 2025 13:48:42 +0000
ROA not before:           Wed 01 Jan 2025 13:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50673
IP address blocks:        91.247.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/34CJqp4dXBKrrUOnAVEdocZfn6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/34CJqp4dXBKrrUOnAVEdocZfn6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34CJqp4dXBKrrUOnAVEdocZfn6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:30:7a:e0:6f:0a:07:1d:af:44:4c:90:ed:74:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df8089aa9e1d5c12abad43a701511da1c65f9fa6
        Validity
            Not Before: Jan  1 13:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fe54e8758b228755c0f2b2ff1761c79dd319cba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:89:7d:c7:54:ff:98:db:8c:a2:39:a6:e6:24:
                    b1:c0:22:c6:c3:d5:ec:69:5f:bd:cf:11:e3:ae:ab:
                    7d:42:60:cd:eb:0b:43:07:58:2a:58:68:98:ac:61:
                    1e:d8:8a:a2:4e:68:82:39:7a:50:61:f2:fb:7a:16:
                    cf:f3:46:08:b2:45:19:46:84:90:33:6a:7b:86:e1:
                    93:c3:23:2a:72:65:23:a3:0b:d8:5e:6c:69:ca:2b:
                    08:88:ae:88:56:74:fa:ce:0c:8e:55:92:4a:87:f5:
                    03:be:2b:e9:83:4d:35:84:8a:e4:b5:6e:7f:79:89:
                    36:1c:97:f7:31:c5:ed:63:6c:67:b8:6a:ef:2b:fa:
                    5a:02:d9:45:bf:48:fa:94:0a:81:8c:66:a6:53:e7:
                    ab:b6:96:ed:ce:f6:60:2d:c4:ec:2c:47:6e:aa:51:
                    ef:01:8c:34:64:7c:bf:1f:5e:93:63:7a:5d:e7:f1:
                    db:3a:c9:d9:7e:6d:f1:e5:28:4a:21:58:5a:96:46:
                    d4:8d:73:82:23:69:ad:03:a5:0b:55:af:73:0a:42:
                    fb:b2:a4:b6:30:c9:b3:98:4e:14:f4:91:08:cb:9a:
                    10:99:ad:f3:4b:83:2b:ae:0c:68:5e:26:e9:50:9d:
                    80:a2:54:42:64:89:dd:1b:45:b9:f5:af:2f:ce:02:
                    1e:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E5:4E:87:58:B2:28:75:5C:0F:2B:2F:F1:76:1C:79:DD:31:9C:BA
            X509v3 Authority Key Identifier:
                keyid:DF:80:89:AA:9E:1D:5C:12:AB:AD:43:A7:01:51:1D:A1:C6:5F:9F:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34CJqp4dXBKrrUOnAVEdocZfn6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/b-VOh1iyKHVcDysv8XYced0xnLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/f5475b-a6f9-4cc7-b70f-fd644657ca2b/1/34CJqp4dXBKrrUOnAVEdocZfn6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:6a:36:6a:90:e0:94:64:f4:0d:22:97:c1:49:71:38:df:e4:
         bd:01:6f:a9:a4:66:89:65:f1:f4:f2:74:91:8b:ce:b3:2d:93:
         fe:b9:9b:31:bf:4f:47:e6:53:32:5d:42:dd:cc:8d:d6:94:51:
         c8:26:8f:c2:a7:d0:b0:2e:7f:55:bd:c1:1b:4f:a3:fe:71:dd:
         62:7f:33:1c:98:09:c9:ea:96:c4:8a:95:4e:17:24:aa:37:df:
         34:23:73:b3:e2:d3:82:e3:b4:3f:63:9d:5f:ed:23:ce:04:19:
         19:a0:b4:3b:d5:a5:eb:d6:50:7f:1d:a1:77:e7:cc:4a:3b:89:
         79:27:20:7a:4d:c2:15:7f:c5:96:28:35:b1:34:de:33:52:e3:
         11:ac:1a:87:79:2d:1a:d8:8f:45:4a:c0:60:b5:d3:25:b6:31:
         1c:82:82:97:d7:74:01:67:45:18:f9:5c:29:33:27:ac:a5:d9:
         ae:62:17:18:68:8d:e7:94:89:92:de:76:1a:56:28:4c:4a:a5:
         e1:0b:95:c6:db:1d:fe:78:4c:b1:c8:37:84:16:3c:28:19:51:
         5a:0c:b8:de:30:38:e6:60:2c:41:79:c4:0e:2f:96:35:6e:a5:
         b8:4c:18:71:65:53:f0:a2:72:f4:4d:ed:2a:09:e7:e2:fa:90:
         5b:90:fd:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDB64G8KBx2vREyQ7XQvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmODA4OWFhOWUxZDVjMTJhYmFkNDNhNzAxNTExZGExYzY1
ZjlmYTYwHhcNMjUwMTAxMTM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmU1NGU4NzU4YjIyODc1NWMwZjJiMmZmMTc2MWM3OWRkMzE5Y2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ol9x1T/mNuMojmm5iSxwCLGw9Xs
aV+9zxHjrqt9QmDN6wtDB1gqWGiYrGEe2IqiTmiCOXpQYfL7ehbP80YIskUZRoSQ
M2p7huGTwyMqcmUjowvYXmxpyisIiK6IVnT6zgyOVZJKh/UDvivpg001hIrktW5/
eYk2HJf3McXtY2xnuGrvK/paAtlFv0j6lAqBjGamU+ertpbtzvZgLcTsLEduqlHv
AYw0ZHy/H16TY3pd5/HbOsnZfm3x5ShKIVhalkbUjXOCI2mtA6ULVa9zCkL7sqS2
MMmzmE4U9JEIy5oQma3zS4MrrgxoXibpUJ2AolRCZIndG0W59a8vzgIeGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/lTodYsih1XA8rL/F2HHndMZy6MB8GA1UdIwQY
MBaAFN+AiaqeHVwSq61DpwFRHaHGX5+mMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzRDSnFwNGRYQktyclVPbkFWRWRvY1pmbjZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy9mNTQ3NWItYTZmOS00Y2M3LWI3MGYt
ZmQ2NDQ2NTdjYTJiLzEvYi1WT2gxaXlLSFZjRHlzdjhYWWNlZDB4bkxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy9mNTQ3NWItYTZmOS00Y2M3LWI3MGYtZmQ2NDQ2NTdjYTJi
LzEvMzRDSnFwNGRYQktyclVPbkFWRWRvY1pmbjZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/e1MA0G
CSqGSIb3DQEBCwUAA4IBAQCAajZqkOCUZPQNIpfBSXE43+S9AW+ppGaJZfH08nSR
i86zLZP+uZsxv09H5lMyXULdzI3WlFHIJo/Cp9CwLn9VvcEbT6P+cd1ifzMcmAnJ
6pbEipVOFySqN980I3Oz4tOC47Q/Y51f7SPOBBkZoLQ71aXr1lB/HaF358xKO4l5
JyB6TcIVf8WWKDWxNN4zUuMRrBqHeS0a2I9FSsBgtdMltjEcgoKX13QBZ0UY+Vwp
MyespdmuYhcYaI3nlImS3nYaVihMSqXhC5XG2x3+eEyxyDeEFjwoGVFaDLjeMDjm
YCxBecQOL5Y1bqW4TBhxZVPwonL0Te0qCefi+pBbkP36
-----END CERTIFICATE-----