Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/RwtCVfFtaPV9RdeIV0kETaXiDzU.roa
File:                     RwtCVfFtaPV9RdeIV0kETaXiDzU.roa (raw, json)
Hash identifier:          qGOs1nAXRnai3SqF63Pp3mOz35yOks9UR3jXK1Ksk+Y=
Subject key identifier:   47:0B:42:55:F1:6D:68:F5:7D:45:D7:88:57:49:04:4D:A5:E2:0F:35
Certificate issuer:       /CN=b91b91504983091506a1a944457a4558b94dab7f
Certificate serial:       01941FFA549862BA6B0156D755A743A34193
Authority key identifier: B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/RwtCVfFtaPV9RdeIV0kETaXiDzU.roa
Signing time:             Wed 01 Jan 2025 03:48:06 +0000
ROA not before:           Wed 01 Jan 2025 03:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51246
IP address blocks:        178.175.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:54:98:62:ba:6b:01:56:d7:55:a7:43:a3:41:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b91b91504983091506a1a944457a4558b94dab7f
        Validity
            Not Before: Jan  1 03:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=470b4255f16d68f57d45d7885749044da5e20f35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c2:60:d6:1e:0d:13:16:a5:52:da:07:5c:9e:
                    78:c8:70:c8:fa:18:ea:75:47:aa:15:61:b3:9c:36:
                    ba:dc:3c:6c:46:86:a0:dd:e3:05:49:59:c4:5a:51:
                    fa:8a:f5:6b:db:80:80:ad:7a:c2:87:0e:42:bd:bd:
                    72:8b:d2:82:6b:6a:6e:e0:62:2e:b1:48:16:00:52:
                    61:e8:55:34:c4:25:0e:d4:01:3e:1d:18:4e:46:80:
                    e9:73:bb:6e:7e:99:49:08:ae:a2:42:4c:a0:20:0a:
                    aa:2e:2d:a3:c7:74:e3:2d:37:a7:65:bc:bc:33:dc:
                    ba:27:41:b1:8c:ab:3e:27:24:17:e3:6f:0d:26:98:
                    7c:2c:e9:ea:c2:4f:47:b9:1a:35:81:78:00:2d:a3:
                    c0:d0:d0:85:78:bd:1b:d0:86:31:df:ed:46:f4:09:
                    18:ea:da:c9:b1:fc:c4:6f:2a:23:a4:73:1d:dc:df:
                    b2:1f:a5:ee:ae:c8:d4:ae:bc:8c:7e:05:19:03:66:
                    8f:40:11:d1:03:7f:3e:23:3b:06:41:38:14:56:a8:
                    36:cc:88:f6:8d:08:4c:eb:31:69:be:b6:6e:be:92:
                    5d:e2:2d:3e:48:ed:1c:de:9d:00:92:11:7d:50:47:
                    a9:c8:a7:95:c4:03:59:74:3e:23:25:1f:eb:19:ab:
                    10:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:0B:42:55:F1:6D:68:F5:7D:45:D7:88:57:49:04:4D:A5:E2:0F:35
            X509v3 Authority Key Identifier:
                keyid:B9:1B:91:50:49:83:09:15:06:A1:A9:44:45:7A:45:58:B9:4D:AB:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uRuRUEmDCRUGoalERXpFWLlNq38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/RwtCVfFtaPV9RdeIV0kETaXiDzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/74e17f-f9f4-4789-92b7-9dd6e88fcc8d/1/uRuRUEmDCRUGoalERXpFWLlNq38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.175.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:e0:55:cf:ea:a5:43:9c:74:1d:0d:49:ec:37:b7:f5:01:7f:
         96:29:ed:08:2c:70:03:e5:1e:20:70:90:88:f6:cd:67:ee:1e:
         46:d7:88:8b:b5:15:0b:a8:57:14:8f:56:1e:33:69:9a:21:69:
         61:b9:68:18:3b:7c:26:0b:64:94:2a:72:9e:b4:5d:1d:4f:97:
         00:a5:79:b5:c7:eb:69:7b:91:5d:de:34:36:3f:79:e8:cb:4d:
         ae:29:e5:bc:96:1b:e0:57:13:99:a2:ec:43:f4:fd:c6:fe:07:
         5f:78:ab:9d:02:84:e4:82:f4:00:78:c8:32:df:4b:ef:42:ae:
         e6:04:d8:96:86:6a:94:c6:fd:06:ed:c6:d6:48:d3:d4:6b:b4:
         0a:5e:b2:6e:db:b8:97:3d:d8:e3:5b:1a:5f:a2:39:c1:d3:d2:
         a8:4a:81:35:07:91:ae:b1:d7:d2:1d:18:28:47:0d:38:0c:dc:
         b3:ed:c0:c1:8d:45:8b:d7:4b:9f:d9:a1:0e:6a:47:db:11:c5:
         8e:93:c9:22:bc:60:30:0d:73:ef:d3:df:ee:a2:a7:68:c3:62:
         ff:b5:fa:94:40:07:1b:3e:d4:85:f9:2f:94:d4:bc:71:86:81:
         f1:3b:42:64:8c:c0:9e:d4:e8:d8:0c:c2:85:68:49:48:db:f0:
         57:7b:a1:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+lSYYrprAVbXVadDo0GTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5MWI5MTUwNDk4MzA5MTUwNmExYTk0NDQ1N2E0NTU4Yjk0
ZGFiN2YwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzBiNDI1NWYxNmQ2OGY1N2Q0NWQ3ODg1NzQ5MDQ0ZGE1ZTIwZjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosJg1h4NExalUtoHXJ54yHDI+hjq
dUeqFWGznDa63DxsRoag3eMFSVnEWlH6ivVr24CArXrChw5Cvb1yi9KCa2pu4GIu
sUgWAFJh6FU0xCUO1AE+HRhORoDpc7tufplJCK6iQkygIAqqLi2jx3TjLTenZby8
M9y6J0GxjKs+JyQX428NJph8LOnqwk9HuRo1gXgALaPA0NCFeL0b0IYx3+1G9AkY
6trJsfzEbyojpHMd3N+yH6XursjUrryMfgUZA2aPQBHRA38+IzsGQTgUVqg2zIj2
jQhM6zFpvrZuvpJd4i0+SO0c3p0AkhF9UEepyKeVxANZdD4jJR/rGasQTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcLQlXxbWj1fUXXiFdJBE2l4g81MB8GA1UdIwQY
MBaAFLkbkVBJgwkVBqGpREV6RVi5Tat/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjct
OWRkNmU4OGZjYzhkLzEvUnd0Q1ZmRnRhUFY5UmRlSVYwa0VUYVhpRHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83NGUxN2YtZjlmNC00Nzg5LTkyYjctOWRkNmU4OGZjYzhk
LzEvdVJ1UlVFbURDUlVHb2FsRVJYcEZXTGxOcTM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsq+WMA0G
CSqGSIb3DQEBCwUAA4IBAQBh4FXP6qVDnHQdDUnsN7f1AX+WKe0ILHAD5R4gcJCI
9s1n7h5G14iLtRULqFcUj1YeM2maIWlhuWgYO3wmC2SUKnKetF0dT5cApXm1x+tp
e5Fd3jQ2P3noy02uKeW8lhvgVxOZouxD9P3G/gdfeKudAoTkgvQAeMgy30vvQq7m
BNiWhmqUxv0G7cbWSNPUa7QKXrJu27iXPdjjWxpfojnB09KoSoE1B5GusdfSHRgo
Rw04DNyz7cDBjUWL10uf2aEOakfbEcWOk8kivGAwDXPv09/uoqdow2L/tfqUQAcb
PtSF+S+U1LxxhoHxO0JkjMCe1OjYDMKFaElI2/BXe6Ga
-----END CERTIFICATE-----