Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/Cr7WIZXJqqSxx1MgWk3fJvY56gA.roa
File:                     Cr7WIZXJqqSxx1MgWk3fJvY56gA.roa (raw, json)
Hash identifier:          W0p2Ng/L4A+CUhGlPSgje47dkJ8+aMEjdUAnh4zo9Rc=
Subject key identifier:   0A:BE:D6:21:95:C9:AA:A4:B1:C7:53:20:5A:4D:DF:26:F6:39:EA:00
Certificate issuer:       /CN=b6ed9b5cb4b64866c383dee4576bff3ff875242d
Certificate serial:       01942068618889141B6B6C24896B877F0366
Authority key identifier: B6:ED:9B:5C:B4:B6:48:66:C3:83:DE:E4:57:6B:FF:3F:F8:75:24:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tu2bXLS2SGbDg97kV2v_P_h1JC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/Cr7WIZXJqqSxx1MgWk3fJvY56gA.roa
Signing time:             Wed 01 Jan 2025 05:48:19 +0000
ROA not before:           Wed 01 Jan 2025 05:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41694
IP address blocks:        91.220.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/tu2bXLS2SGbDg97kV2v_P_h1JC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/tu2bXLS2SGbDg97kV2v_P_h1JC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tu2bXLS2SGbDg97kV2v_P_h1JC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:61:88:89:14:1b:6b:6c:24:89:6b:87:7f:03:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6ed9b5cb4b64866c383dee4576bff3ff875242d
        Validity
            Not Before: Jan  1 05:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0abed62195c9aaa4b1c753205a4ddf26f639ea00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:b8:76:01:52:37:18:78:9f:7e:95:b8:89:fa:
                    3a:06:a6:ac:4d:12:30:96:51:6f:5b:58:01:0a:db:
                    d8:21:72:8e:2f:2a:d0:56:23:28:0b:03:2c:62:83:
                    94:fe:fa:ad:d0:a4:7b:43:1d:29:0b:94:a9:7d:ff:
                    38:7d:6c:bd:69:14:37:10:04:c3:c7:56:62:57:61:
                    b1:08:5f:ef:7b:48:45:30:54:56:b6:87:17:96:26:
                    41:ef:97:57:19:e6:e5:cf:fc:ee:f5:f8:7c:86:5f:
                    8e:21:37:bc:94:fb:53:54:ae:c3:f1:e2:d7:6a:0c:
                    22:76:92:04:95:66:f2:63:e1:9a:f5:fa:25:0b:fd:
                    16:dd:ab:fc:1b:b6:17:f2:97:a7:7f:b6:76:9d:10:
                    ef:c1:a7:19:4f:09:91:b3:b2:9f:be:5f:d3:bb:81:
                    3a:a9:f0:af:83:67:36:5d:0b:8b:7e:e9:84:50:3a:
                    61:fa:0a:30:0a:0c:27:79:ad:f7:fc:97:64:6f:83:
                    9e:ad:57:c6:1f:ee:12:95:2b:0b:54:ae:77:90:fe:
                    b2:8c:34:68:ae:01:d8:5b:0a:c0:c4:b8:28:8a:8f:
                    ec:81:f0:8d:ed:2b:04:1c:f7:cc:05:07:68:0d:f0:
                    ea:23:b9:30:a8:ee:57:f0:40:f4:8d:29:94:e7:9c:
                    ce:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:BE:D6:21:95:C9:AA:A4:B1:C7:53:20:5A:4D:DF:26:F6:39:EA:00
            X509v3 Authority Key Identifier:
                keyid:B6:ED:9B:5C:B4:B6:48:66:C3:83:DE:E4:57:6B:FF:3F:F8:75:24:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tu2bXLS2SGbDg97kV2v_P_h1JC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/Cr7WIZXJqqSxx1MgWk3fJvY56gA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/171cea-3d78-4513-ad49-5a905af507c3/1/tu2bXLS2SGbDg97kV2v_P_h1JC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:f5:62:9b:ab:a9:71:e7:42:f4:e7:52:f3:fc:2a:33:b0:2f:
         27:da:b4:1d:a5:40:0d:1a:87:46:79:a8:e7:63:27:0c:4c:32:
         a9:6a:0b:a8:b8:8e:47:66:68:a4:0b:7c:e5:05:cc:cb:38:be:
         63:8e:43:cb:a1:fc:45:47:96:30:06:f9:d4:b7:65:e6:bb:10:
         58:b1:a0:e8:cd:99:43:34:7e:ff:63:ae:ad:86:9b:c2:60:7d:
         b8:0c:e4:db:3e:76:d0:a1:23:d9:b4:02:c2:12:d6:8e:b5:be:
         d9:76:ac:21:91:79:ac:5a:34:28:5b:fa:1c:be:4c:f8:ae:9b:
         e3:5d:a5:12:90:e4:ab:ae:62:c9:44:92:5a:c3:30:55:79:eb:
         bd:08:55:c8:1c:69:9f:18:4f:5d:c5:4c:20:48:cb:b4:d0:3c:
         2a:6f:59:41:c0:01:bf:53:59:49:93:ae:d0:04:d0:10:96:94:
         73:2b:bc:2e:f3:74:fe:c4:f8:7f:41:9d:45:e4:74:c1:9b:cc:
         6f:30:55:5f:9b:cf:56:23:30:22:96:65:16:5c:7d:3e:78:c0:
         38:63:3f:52:2b:5e:f6:ce:49:84:62:00:c4:6f:81:10:8d:b0:
         de:0a:75:72:de:9e:65:01:da:bc:72:8b:5a:a3:f0:d9:29:2f:
         fb:6b:5b:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaGGIiRQba2wkiWuHfwNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2ZWQ5YjVjYjRiNjQ4NjZjMzgzZGVlNDU3NmJmZjNmZjg3
NTI0MmQwHhcNMjUwMTAxMDU0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWJlZDYyMTk1YzlhYWE0YjFjNzUzMjA1YTRkZGYyNmY2MzllYTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzbh2AVI3GHiffpW4ifo6BqasTRIw
llFvW1gBCtvYIXKOLyrQViMoCwMsYoOU/vqt0KR7Qx0pC5Spff84fWy9aRQ3EATD
x1ZiV2GxCF/ve0hFMFRWtocXliZB75dXGeblz/zu9fh8hl+OITe8lPtTVK7D8eLX
agwidpIElWbyY+Ga9folC/0W3av8G7YX8penf7Z2nRDvwacZTwmRs7Kfvl/Tu4E6
qfCvg2c2XQuLfumEUDph+gowCgwnea33/Jdkb4OerVfGH+4SlSsLVK53kP6yjDRo
rgHYWwrAxLgoio/sgfCN7SsEHPfMBQdoDfDqI7kwqO5X8ED0jSmU55zO9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAq+1iGVyaqkscdTIFpN3yb2OeoAMB8GA1UdIwQY
MBaAFLbtm1y0tkhmw4Pe5Fdr/z/4dSQtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHUyYlhMUzJTR2JEZzk3a1Yydl9QX2gxSkMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8xNzFjZWEtM2Q3OC00NTEzLWFkNDkt
NWE5MDVhZjUwN2MzLzEvQ3I3V0laWEpxcVN4eDFNZ1drM2ZKdlk1NmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8xNzFjZWEtM2Q3OC00NTEzLWFkNDktNWE5MDVhZjUwN2Mz
LzEvdHUyYlhMUzJTR2JEZzk3a1Yydl9QX2gxSkMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9ysMA0G
CSqGSIb3DQEBCwUAA4IBAQAW9WKbq6lx50L051Lz/CozsC8n2rQdpUANGodGeajn
YycMTDKpaguouI5HZmikC3zlBczLOL5jjkPLofxFR5YwBvnUt2XmuxBYsaDozZlD
NH7/Y66thpvCYH24DOTbPnbQoSPZtALCEtaOtb7ZdqwhkXmsWjQoW/ocvkz4rpvj
XaUSkOSrrmLJRJJawzBVeeu9CFXIHGmfGE9dxUwgSMu00Dwqb1lBwAG/U1lJk67Q
BNAQlpRzK7wu83T+xPh/QZ1F5HTBm8xvMFVfm89WIzAilmUWXH0+eMA4Yz9SK172
zkmEYgDEb4EQjbDeCnVy3p5lAdq8cotao/DZKS/7a1tX
-----END CERTIFICATE-----