Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/8a140b-0e51-4fc7-9c01-d67b9aca6417/1/DRrOJLgDL5rmiSF6D3RMJURdhRI.roa
File:                     DRrOJLgDL5rmiSF6D3RMJURdhRI.roa (raw, json)
Hash identifier:          7NgLPdqIa5BkuBXQmhxzkicPEWRt/mYhR9CY8DkwoYg=
Subject key identifier:   0D:1A:CE:24:B8:03:2F:9A:E6:89:21:7A:0F:74:4C:25:44:5D:85:12
Certificate issuer:       /CN=4f41c56ea069ee7b1c1df6686bd36e0e14528a20
Certificate serial:       019422FB8E3300DBA8470A05866B10BA1008
Authority key identifier: 4F:41:C5:6E:A0:69:EE:7B:1C:1D:F6:68:6B:D3:6E:0E:14:52:8A:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0HFbqBp7nscHfZoa9NuDhRSiiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/8a140b-0e51-4fc7-9c01-d67b9aca6417/1/DRrOJLgDL5rmiSF6D3RMJURdhRI.roa
Signing time:             Wed 01 Jan 2025 17:48:18 +0000
ROA not before:           Wed 01 Jan 2025 17:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59619
IP address blocks:        91.240.226.0/24 maxlen: 24
                          91.240.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/8a140b-0e51-4fc7-9c01-d67b9aca6417/1/T0HFbqBp7nscHfZoa9NuDhRSiiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/8a140b-0e51-4fc7-9c01-d67b9aca6417/1/T0HFbqBp7nscHfZoa9NuDhRSiiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0HFbqBp7nscHfZoa9NuDhRSiiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:8e:33:00:db:a8:47:0a:05:86:6b:10:ba:10:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f41c56ea069ee7b1c1df6686bd36e0e14528a20
        Validity
            Not Before: Jan  1 17:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d1ace24b8032f9ae689217a0f744c25445d8512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:33:a5:7c:e1:6c:81:2b:26:59:9f:2f:85:2a:
                    71:e6:88:82:82:cf:32:a3:5a:6e:b3:c6:a7:e1:a1:
                    88:ca:ad:a2:02:c9:cc:d3:ef:29:c3:63:ee:48:4d:
                    85:48:1f:ac:4d:c3:04:92:38:3c:d4:bd:80:8f:fc:
                    ba:58:cc:3b:b8:8b:35:b8:3b:f9:5f:c6:bd:02:e9:
                    e3:b3:f0:8e:f1:3c:9f:f3:a0:51:05:85:b8:05:4d:
                    16:29:57:c2:a9:7c:d6:09:af:3d:d2:90:dc:72:c4:
                    c9:84:4c:95:2f:09:55:5f:1f:0d:ef:c9:17:fa:07:
                    14:e5:67:c8:51:3b:de:46:b4:6b:05:80:ae:17:30:
                    2e:7a:f4:0c:52:fb:70:9e:4b:d7:6c:9d:8b:bb:64:
                    14:16:17:e7:3b:b7:19:6c:f3:86:8d:22:45:93:1e:
                    99:a3:22:ac:29:90:76:f0:4a:2f:78:b3:33:7a:f0:
                    e2:52:db:68:2d:cb:52:02:a3:7e:63:b8:95:7a:c3:
                    b8:2e:0e:f3:19:a2:87:94:ff:07:2c:40:f8:5f:6d:
                    a5:10:f8:97:dc:fb:89:0f:8d:90:fa:e5:74:f1:58:
                    9d:1d:6d:98:3b:11:21:79:fb:47:d4:23:55:31:81:
                    c7:44:4e:31:ec:12:97:07:dd:75:c1:d3:97:f5:ac:
                    7f:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:1A:CE:24:B8:03:2F:9A:E6:89:21:7A:0F:74:4C:25:44:5D:85:12
            X509v3 Authority Key Identifier:
                keyid:4F:41:C5:6E:A0:69:EE:7B:1C:1D:F6:68:6B:D3:6E:0E:14:52:8A:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0HFbqBp7nscHfZoa9NuDhRSiiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8a140b-0e51-4fc7-9c01-d67b9aca6417/1/DRrOJLgDL5rmiSF6D3RMJURdhRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/8a140b-0e51-4fc7-9c01-d67b9aca6417/1/T0HFbqBp7nscHfZoa9NuDhRSiiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5b:83:2e:a3:3b:f9:67:35:3e:97:19:52:c1:7f:83:88:45:65:
         61:1a:9d:1e:78:29:0a:18:41:af:9f:43:5f:15:7d:3a:28:e0:
         be:00:fa:a9:13:06:00:c3:5b:ae:84:98:0b:96:4d:ae:fa:5c:
         db:7d:f4:8c:e1:ce:ef:b4:34:a9:c8:b0:b9:6a:9b:28:5c:62:
         38:05:c9:60:da:f9:ae:33:93:24:dc:91:65:dd:47:3a:3f:be:
         ba:46:41:bb:03:8b:00:0f:1b:ec:97:d4:cc:be:0a:89:22:91:
         c4:c9:00:30:b3:9d:c9:f4:9a:8a:6e:5a:6a:77:a0:d6:63:13:
         9e:f5:e3:34:7b:94:2d:3e:40:a6:fe:ee:20:4c:b1:64:09:4e:
         fe:48:54:4d:9a:e0:a6:66:58:4e:71:28:84:80:34:2a:3b:6c:
         07:64:6a:8e:07:f5:0e:95:eb:18:74:21:dd:cd:06:53:e8:69:
         f6:b9:97:b3:a7:cf:e4:36:1b:2d:36:df:f0:db:df:95:09:51:
         29:b3:eb:0f:79:2f:d7:79:84:1a:0b:f8:0d:8f:eb:ba:de:01:
         84:be:d8:7c:54:fe:d2:1a:f8:82:fe:64:92:74:8e:a9:5c:69:
         75:13:8a:e0:7a:f5:f8:d0:8a:d6:55:39:e2:7a:8e:34:d9:88:
         93:85:a2:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+44zANuoRwoFhmsQuhAIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNDFjNTZlYTA2OWVlN2IxYzFkZjY2ODZiZDM2ZTBlMTQ1
MjhhMjAwHhcNMjUwMTAxMTc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDFhY2UyNGI4MDMyZjlhZTY4OTIxN2EwZjc0NGMyNTQ0NWQ4NTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTOlfOFsgSsmWZ8vhSpx5oiCgs8y
o1pus8an4aGIyq2iAsnM0+8pw2PuSE2FSB+sTcMEkjg81L2Aj/y6WMw7uIs1uDv5
X8a9Aunjs/CO8Tyf86BRBYW4BU0WKVfCqXzWCa890pDccsTJhEyVLwlVXx8N78kX
+gcU5WfIUTveRrRrBYCuFzAuevQMUvtwnkvXbJ2Lu2QUFhfnO7cZbPOGjSJFkx6Z
oyKsKZB28EoveLMzevDiUttoLctSAqN+Y7iVesO4Lg7zGaKHlP8HLED4X22lEPiX
3PuJD42Q+uV08VidHW2YOxEheftH1CNVMYHHRE4x7BKXB911wdOX9ax/qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0aziS4Ay+a5okheg90TCVEXYUSMB8GA1UdIwQY
MBaAFE9BxW6gae57HB32aGvTbg4UUoogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBIRmJxQnA3bnNjSGZab2E5TnVEaFJTaWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi84YTE0MGItMGU1MS00ZmM3LTljMDEt
ZDY3YjlhY2E2NDE3LzEvRFJyT0pMZ0RMNXJtaVNGNkQzUk1KVVJkaFJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi84YTE0MGItMGU1MS00ZmM3LTljMDEtZDY3YjlhY2E2NDE3
LzEvVDBIRmJxQnA3bnNjSGZab2E5TnVEaFJTaWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/DiMA0G
CSqGSIb3DQEBCwUAA4IBAQBbgy6jO/lnNT6XGVLBf4OIRWVhGp0eeCkKGEGvn0Nf
FX06KOC+APqpEwYAw1uuhJgLlk2u+lzbffSM4c7vtDSpyLC5apsoXGI4Bclg2vmu
M5Mk3JFl3Uc6P766RkG7A4sADxvsl9TMvgqJIpHEyQAws53J9JqKblpqd6DWYxOe
9eM0e5QtPkCm/u4gTLFkCU7+SFRNmuCmZlhOcSiEgDQqO2wHZGqOB/UOlesYdCHd
zQZT6Gn2uZezp8/kNhstNt/w29+VCVEps+sPeS/XeYQaC/gNj+u63gGEvth8VP7S
GviC/mSSdI6pXGl1E4rgevX40IrWVTnieo402YiThaKt
-----END CERTIFICATE-----