Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/8983af-5c18-4bc8-a3f5-07509191f953/1/1gXwwzbhOt1hhfZYV2fBPdSTJbg.roa
File:                     1gXwwzbhOt1hhfZYV2fBPdSTJbg.roa (raw, json)
Hash identifier:          /+nPsAg4u83TQZZz46kK0QTPr5Dhmsg+FCh0CrrMzt0=
Subject key identifier:   D6:05:F0:C3:36:E1:3A:DD:61:85:F6:58:57:67:C1:3D:D4:93:25:B8
Certificate issuer:       /CN=5c30d95046331bdce3018b7ffe0f13dbf9fc718d
Certificate serial:       0194228D582BF10A99CEB865696D87CAF646
Authority key identifier: 5C:30:D9:50:46:33:1B:DC:E3:01:8B:7F:FE:0F:13:DB:F9:FC:71:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XDDZUEYzG9zjAYt__g8T2_n8cY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/8983af-5c18-4bc8-a3f5-07509191f953/1/1gXwwzbhOt1hhfZYV2fBPdSTJbg.roa
Signing time:             Wed 01 Jan 2025 15:47:55 +0000
ROA not before:           Wed 01 Jan 2025 15:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42160
IP address blocks:        91.230.64.0/24 maxlen: 24
                          164.138.104.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/8983af-5c18-4bc8-a3f5-07509191f953/1/XDDZUEYzG9zjAYt__g8T2_n8cY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/8983af-5c18-4bc8-a3f5-07509191f953/1/XDDZUEYzG9zjAYt__g8T2_n8cY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XDDZUEYzG9zjAYt__g8T2_n8cY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 21:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:58:2b:f1:0a:99:ce:b8:65:69:6d:87:ca:f6:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c30d95046331bdce3018b7ffe0f13dbf9fc718d
        Validity
            Not Before: Jan  1 15:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d605f0c336e13add6185f6585767c13dd49325b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:23:4e:bb:81:79:aa:c7:fb:b6:db:3f:2a:51:
                    26:15:91:a0:62:d3:d2:a1:e7:c9:30:35:17:24:cc:
                    f7:c1:51:12:7a:fe:d7:a6:df:fd:ae:bc:6a:1d:25:
                    e9:9b:35:70:56:f7:1e:96:77:39:65:dd:82:f3:28:
                    65:24:a7:3e:d3:ac:88:42:24:28:bd:26:2e:5e:c0:
                    6d:5d:e5:93:27:c6:2d:26:f2:ad:c0:89:39:e2:17:
                    20:f7:79:42:66:78:bb:51:0f:f0:9c:ce:eb:ea:f9:
                    bd:1a:f1:8c:1e:89:9e:53:cd:1c:04:d3:b4:38:b9:
                    8d:b4:48:8e:02:50:32:7f:31:39:3a:0f:b6:e4:c8:
                    5c:51:6a:28:f4:a7:84:22:e6:a8:62:2c:ee:5a:db:
                    ae:16:2a:69:b2:5a:d1:7e:2c:11:cf:0b:80:27:73:
                    1f:e0:b9:7e:61:c4:ae:47:53:2a:ed:52:d0:a4:c5:
                    d2:fb:34:40:9e:03:86:25:a7:62:a6:ed:91:2c:f1:
                    54:d0:22:ac:02:65:9f:61:a9:6a:b6:dc:cc:b8:0b:
                    11:30:dc:36:a8:fe:aa:4a:29:aa:48:79:66:24:ce:
                    17:5c:53:b5:5f:dd:05:f0:e6:d4:aa:a1:a2:dc:b6:
                    07:5d:e0:7d:42:cc:ed:b6:99:19:c4:7e:c7:2d:a3:
                    e3:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:05:F0:C3:36:E1:3A:DD:61:85:F6:58:57:67:C1:3D:D4:93:25:B8
            X509v3 Authority Key Identifier:
                keyid:5C:30:D9:50:46:33:1B:DC:E3:01:8B:7F:FE:0F:13:DB:F9:FC:71:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XDDZUEYzG9zjAYt__g8T2_n8cY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/8983af-5c18-4bc8-a3f5-07509191f953/1/1gXwwzbhOt1hhfZYV2fBPdSTJbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/8983af-5c18-4bc8-a3f5-07509191f953/1/XDDZUEYzG9zjAYt__g8T2_n8cY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.64.0/24
                  164.138.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1c:eb:1c:a5:27:a1:96:4b:41:dd:99:f8:d1:e2:74:70:27:bb:
         e4:ed:01:43:6f:8e:9b:59:8f:a3:36:08:38:c3:ab:13:f8:91:
         ad:03:be:c4:2b:c9:6c:5c:d3:7b:c2:0e:f3:65:b8:de:30:ef:
         d6:68:e8:90:2b:5d:40:24:ff:11:dc:dc:f6:07:1b:64:fc:8c:
         60:48:13:a5:8d:8b:57:22:45:ed:33:59:93:51:76:19:71:8f:
         62:3b:f6:91:64:ad:32:d9:25:43:df:7e:57:9b:08:ab:fe:ff:
         79:bd:dd:88:f8:09:b5:6d:35:46:75:f4:44:50:6f:ca:18:92:
         b8:a3:40:54:5c:d9:5a:0f:87:1d:c0:ea:ce:b8:c4:50:c9:39:
         c8:a8:1a:62:05:e7:9e:17:ed:18:47:65:37:69:7f:80:44:9d:
         09:3c:0d:07:ef:29:f8:f1:8f:bc:8b:22:a2:ff:32:eb:f5:fb:
         dc:3f:09:76:87:5d:31:e8:18:d1:1e:ca:f0:77:ca:cf:c0:81:
         40:85:3a:94:2e:cd:29:2a:7c:17:74:b6:15:33:fc:65:2b:e3:
         55:d7:a3:78:fa:2a:bd:74:d3:c1:b1:42:3c:e3:1f:3a:ed:2c:
         32:09:79:74:e4:87:f2:de:88:e6:3b:c4:2c:53:24:b6:54:ee:
         17:c6:c2:f1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijVgr8QqZzrhlaW2HyvZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjMzBkOTUwNDYzMzFiZGNlMzAxOGI3ZmZlMGYxM2RiZjlm
YzcxOGQwHhcNMjUwMTAxMTU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjA1ZjBjMzM2ZTEzYWRkNjE4NWY2NTg1NzY3YzEzZGQ0OTMyNWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3yNOu4F5qsf7tts/KlEmFZGgYtPS
oefJMDUXJMz3wVESev7Xpt/9rrxqHSXpmzVwVvcelnc5Zd2C8yhlJKc+06yIQiQo
vSYuXsBtXeWTJ8YtJvKtwIk54hcg93lCZni7UQ/wnM7r6vm9GvGMHomeU80cBNO0
OLmNtEiOAlAyfzE5Og+25MhcUWoo9KeEIuaoYizuWtuuFippslrRfiwRzwuAJ3Mf
4Ll+YcSuR1Mq7VLQpMXS+zRAngOGJadipu2RLPFU0CKsAmWfYalqttzMuAsRMNw2
qP6qSimqSHlmJM4XXFO1X90F8ObUqqGi3LYHXeB9QszttpkZxH7HLaPjwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNYF8MM24TrdYYX2WFdnwT3UkyW4MB8GA1UdIwQY
MBaAFFww2VBGMxvc4wGLf/4PE9v5/HGNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEREWlVFWXpHOXpqQVl0X19nOFQyX244Y1kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC84OTgzYWYtNWMxOC00YmM4LWEzZjUt
MDc1MDkxOTFmOTUzLzEvMWdYd3d6YmhPdDFoaGZaWVYyZkJQZFNUSmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC84OTgzYWYtNWMxOC00YmM4LWEzZjUtMDc1MDkxOTFmOTUz
LzEvWEREWlVFWXpHOXpqQVl0X19nOFQyX244Y1kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+ZAAwQD
pIpoMA0GCSqGSIb3DQEBCwUAA4IBAQAc6xylJ6GWS0HdmfjR4nRwJ7vk7QFDb46b
WY+jNgg4w6sT+JGtA77EK8lsXNN7wg7zZbjeMO/WaOiQK11AJP8R3Nz2Bxtk/Ixg
SBOljYtXIkXtM1mTUXYZcY9iO/aRZK0y2SVD335Xmwir/v95vd2I+Am1bTVGdfRE
UG/KGJK4o0BUXNlaD4cdwOrOuMRQyTnIqBpiBeeeF+0YR2U3aX+ARJ0JPA0H7yn4
8Y+8iyKi/zLr9fvcPwl2h10x6BjRHsrwd8rPwIFAhTqULs0pKnwXdLYVM/xlK+NV
16N4+iq9dNPBsUI84x867SwyCXl05Ify3ojmO8QsUyS2VO4XxsLx
-----END CERTIFICATE-----