Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/d5104c-f64a-44ca-a37b-6e1f2f6851cf/1/0fMiJFl550osRSOwJ53RLThidmY.roa
File:                     0fMiJFl550osRSOwJ53RLThidmY.roa (raw, json)
Hash identifier:          62Jum/5Ter4OZqqvtTzk7nbCXv0FL6G77xoVhVQlYjw=
Subject key identifier:   D1:F3:22:24:59:79:E7:4A:2C:45:23:B0:27:9D:D1:2D:38:62:76:66
Certificate issuer:       /CN=e5c340ee5b9daf1a6818f0df407fa5975886b10f
Certificate serial:       01956642AAB23C606A276F6AA53DFF5DBCC2
Authority key identifier: E5:C3:40:EE:5B:9D:AF:1A:68:18:F0:DF:40:7F:A5:97:58:86:B1:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5cNA7ludrxpoGPDfQH-ll1iGsQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/d5104c-f64a-44ca-a37b-6e1f2f6851cf/1/0fMiJFl550osRSOwJ53RLThidmY.roa
Signing time:             Wed 05 Mar 2025 12:23:19 +0000
ROA not before:           Wed 05 Mar 2025 12:23:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50673
IP address blocks:        91.216.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/d5104c-f64a-44ca-a37b-6e1f2f6851cf/1/5cNA7ludrxpoGPDfQH-ll1iGsQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/d5104c-f64a-44ca-a37b-6e1f2f6851cf/1/5cNA7ludrxpoGPDfQH-ll1iGsQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5cNA7ludrxpoGPDfQH-ll1iGsQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:42:aa:b2:3c:60:6a:27:6f:6a:a5:3d:ff:5d:bc:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5c340ee5b9daf1a6818f0df407fa5975886b10f
        Validity
            Not Before: Mar  5 12:23:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1f322245979e74a2c4523b0279dd12d38627666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:28:d4:80:76:10:82:e1:f8:73:4e:bc:71:d9:
                    7e:0d:8d:9a:64:eb:99:58:c8:ce:aa:0d:24:32:7e:
                    01:80:d6:18:7d:1e:80:29:82:3c:ee:b9:50:b4:4a:
                    a7:e4:58:27:69:e9:3a:d3:63:84:a2:cf:ed:c3:be:
                    12:62:7a:cc:1b:5e:af:e2:29:6b:58:d6:f4:22:7b:
                    7e:a1:5b:7a:58:64:9b:c7:23:01:19:a0:02:0b:ae:
                    7f:e1:9f:bd:21:a3:0b:3b:fa:27:a2:c8:ae:e2:41:
                    9d:d8:5c:0f:05:59:24:bd:e5:c6:0e:bc:9d:05:19:
                    92:6a:00:fa:7c:68:06:48:0c:3e:43:31:0e:86:b8:
                    ae:ef:ab:0e:0b:73:2b:59:21:7a:f9:9d:c6:c5:b3:
                    36:bd:46:32:3b:22:00:1b:8c:4f:6d:54:b7:cf:58:
                    23:5c:11:3f:ae:db:3e:c1:ed:73:a1:a5:e4:b6:df:
                    43:a6:d9:15:32:b8:53:9a:cf:6e:a5:c0:b5:1d:e8:
                    0b:cb:ef:c2:47:25:3c:5e:35:aa:2d:43:79:95:30:
                    e5:b1:88:44:52:50:90:b8:08:46:3d:72:17:96:5e:
                    a0:90:d8:5c:01:ba:a2:b8:59:78:44:ff:45:b5:73:
                    42:3a:7e:30:7a:84:27:a3:b9:3c:e8:20:5c:99:36:
                    3f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F3:22:24:59:79:E7:4A:2C:45:23:B0:27:9D:D1:2D:38:62:76:66
            X509v3 Authority Key Identifier:
                keyid:E5:C3:40:EE:5B:9D:AF:1A:68:18:F0:DF:40:7F:A5:97:58:86:B1:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5cNA7ludrxpoGPDfQH-ll1iGsQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d5104c-f64a-44ca-a37b-6e1f2f6851cf/1/0fMiJFl550osRSOwJ53RLThidmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/d5104c-f64a-44ca-a37b-6e1f2f6851cf/1/5cNA7ludrxpoGPDfQH-ll1iGsQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:94:9e:fb:dc:1a:fe:d5:08:37:1a:5a:2a:54:4f:bb:25:ad:
         d1:f6:56:db:75:d7:01:dc:cb:34:63:86:2c:0d:7b:51:75:17:
         b9:13:b5:35:4f:b7:e7:aa:60:33:06:6c:b9:4d:87:d8:6f:44:
         ce:1a:52:66:93:0e:77:e8:e7:c7:bf:06:5f:55:bd:d9:a1:62:
         27:c1:ae:32:73:a4:dc:38:fc:c9:51:d1:a1:76:94:b8:1a:6e:
         b5:83:f2:8e:ab:fe:9a:e9:65:cc:fc:1e:4e:c0:fd:27:05:eb:
         31:f3:2c:2f:ca:e8:ff:83:44:32:9d:f0:62:ad:2b:d9:82:f6:
         cf:28:9b:63:1e:b1:97:8a:57:ca:f2:67:6c:d2:7d:e1:69:e4:
         6e:3d:8e:17:bc:90:2f:f2:5b:58:64:c6:ac:9f:d2:73:31:df:
         b3:65:0c:2a:22:ed:21:9b:e2:00:7e:a8:3c:bd:2c:1e:fb:f3:
         3c:27:2a:a0:89:d1:4d:e0:28:b2:a1:43:7a:bb:76:ec:37:a6:
         e6:47:b0:61:09:4a:b8:92:9f:38:c7:b6:91:2a:4f:ba:45:7a:
         ce:e4:bc:0a:35:3d:e8:45:e4:7d:8a:90:60:eb:59:d2:d6:3f:
         85:0f:fc:93:2f:a0:37:8b:ee:23:40:74:d7:bb:75:15:cb:e8:
         92:9c:9b:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVmQqqyPGBqJ29qpT3/XbzCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YzM0MGVlNWI5ZGFmMWE2ODE4ZjBkZjQwN2ZhNTk3NTg4
NmIxMGYwHhcNMjUwMzA1MTIyMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWYzMjIyNDU5NzllNzRhMmM0NTIzYjAyNzlkZDEyZDM4NjI3NjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuSjUgHYQguH4c068cdl+DY2aZOuZ
WMjOqg0kMn4BgNYYfR6AKYI87rlQtEqn5Fgnaek602OEos/tw74SYnrMG16v4ilr
WNb0Int+oVt6WGSbxyMBGaACC65/4Z+9IaMLO/onosiu4kGd2FwPBVkkveXGDryd
BRmSagD6fGgGSAw+QzEOhriu76sOC3MrWSF6+Z3GxbM2vUYyOyIAG4xPbVS3z1gj
XBE/rts+we1zoaXktt9DptkVMrhTms9upcC1HegLy+/CRyU8XjWqLUN5lTDlsYhE
UlCQuAhGPXIXll6gkNhcAbqiuFl4RP9FtXNCOn4weoQno7k86CBcmTY/bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHzIiRZeedKLEUjsCed0S04YnZmMB8GA1UdIwQY
MBaAFOXDQO5bna8aaBjw30B/pZdYhrEPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWNOQTdsdWRyeHBvR1BEZlFILWxsMWlHc1E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9kNTEwNGMtZjY0YS00NGNhLWEzN2It
NmUxZjJmNjg1MWNmLzEvMGZNaUpGbDU1MG9zUlNPd0o1M1JMVGhpZG1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9kNTEwNGMtZjY0YS00NGNhLWEzN2ItNmUxZjJmNjg1MWNm
LzEvNWNOQTdsdWRyeHBvR1BEZlFILWxsMWlHc1E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9giMA0G
CSqGSIb3DQEBCwUAA4IBAQBHlJ773Br+1Qg3GloqVE+7Ja3R9lbbddcB3Ms0Y4Ys
DXtRdRe5E7U1T7fnqmAzBmy5TYfYb0TOGlJmkw536OfHvwZfVb3ZoWInwa4yc6Tc
OPzJUdGhdpS4Gm61g/KOq/6a6WXM/B5OwP0nBesx8ywvyuj/g0QynfBirSvZgvbP
KJtjHrGXilfK8mds0n3haeRuPY4XvJAv8ltYZMasn9JzMd+zZQwqIu0hm+IAfqg8
vSwe+/M8JyqgidFN4CiyoUN6u3bsN6bmR7BhCUq4kp84x7aRKk+6RXrO5LwKNT3o
ReR9ipBg61nS1j+FD/yTL6A3i+4jQHTXu3UVy+iSnJvK
-----END CERTIFICATE-----