Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/a48ohAuzOYw-D3deAcBdgdbuYdE.roa
File:                     a48ohAuzOYw-D3deAcBdgdbuYdE.roa (raw, json)
Hash identifier:          s6C2UNG19Y9Btn3B7Z6k8U1vX9nGyhjdM6XWlgIHyig=
Subject key identifier:   6B:8F:28:84:0B:B3:39:8C:3E:0F:77:5E:01:C0:5D:81:D6:EE:61:D1
Certificate issuer:       /CN=6689c3995e2461d5a52fd4f1000782f99a4d4822
Certificate serial:       019423D760E4E52BF1CA1154A975C9DFD9F3
Authority key identifier: 66:89:C3:99:5E:24:61:D5:A5:2F:D4:F1:00:07:82:F9:9A:4D:48:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/a48ohAuzOYw-D3deAcBdgdbuYdE.roa
Signing time:             Wed 01 Jan 2025 21:48:24 +0000
ROA not before:           Wed 01 Jan 2025 21:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200410
IP address blocks:        91.187.224.0/24 maxlen: 24
                          91.187.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:60:e4:e5:2b:f1:ca:11:54:a9:75:c9:df:d9:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6689c3995e2461d5a52fd4f1000782f99a4d4822
        Validity
            Not Before: Jan  1 21:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b8f28840bb3398c3e0f775e01c05d81d6ee61d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:ce:5c:eb:0f:52:59:b1:9d:e7:d7:2e:2f:5a:
                    d1:51:a3:a2:ad:57:9b:cd:cc:4e:46:f7:a1:0c:6c:
                    dc:ba:00:9a:7b:22:30:7f:f1:45:dd:88:ec:2d:a7:
                    c7:9e:5e:68:f6:10:7b:dd:f4:af:ed:39:30:43:dd:
                    0c:24:c7:ea:65:ff:05:73:8a:71:29:db:58:48:a5:
                    02:39:48:fd:a7:00:4a:4d:99:e6:f8:40:84:04:8f:
                    b1:7d:74:a5:66:a8:d0:b7:5b:92:6d:d2:50:84:bf:
                    79:a7:a0:e9:a4:49:80:d0:9f:21:5b:33:f6:29:86:
                    19:e4:48:7d:2f:7e:29:c2:71:ea:f4:89:0b:c4:75:
                    c5:4c:10:f0:f7:04:12:9f:43:b8:6c:e4:bc:52:22:
                    8e:58:91:a5:77:8f:30:ce:be:3d:e6:18:f6:14:d3:
                    60:fa:3c:7f:c1:2e:9a:e0:95:35:a1:9f:ea:1f:a2:
                    ff:d2:d9:59:a0:73:9e:b7:c7:37:de:cd:dd:0e:c8:
                    7e:5b:d4:63:0a:8a:36:f9:03:ff:5c:3f:0c:60:7a:
                    44:02:57:fa:7b:fb:22:14:6a:dc:ed:cc:2c:67:2b:
                    31:98:a8:f8:b2:65:14:b7:d7:e0:b4:cb:98:45:6d:
                    1b:92:8b:dd:f4:9e:74:3a:82:83:3b:86:be:97:e0:
                    f5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:8F:28:84:0B:B3:39:8C:3E:0F:77:5E:01:C0:5D:81:D6:EE:61:D1
            X509v3 Authority Key Identifier:
                keyid:66:89:C3:99:5E:24:61:D5:A5:2F:D4:F1:00:07:82:F9:9A:4D:48:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/a48ohAuzOYw-D3deAcBdgdbuYdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.187.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:9f:e6:e9:05:c9:d0:7a:4b:7f:a2:3a:9e:e8:d0:09:18:5e:
         45:1f:be:5a:82:da:15:67:02:d5:da:0a:5a:9e:8f:74:ce:de:
         28:40:81:cd:7c:9f:d2:d5:9a:9a:98:f4:7d:53:87:68:30:83:
         e0:ae:5b:d2:e1:c4:b8:88:35:d1:68:b7:a7:a7:3f:92:ab:02:
         90:f1:2a:a3:0e:44:cd:48:2d:e7:96:f7:6e:67:ed:c8:61:46:
         0a:60:21:24:16:c6:80:13:21:56:00:b1:38:c2:ab:c7:85:b1:
         13:01:04:ed:fc:96:31:95:9e:41:16:42:ed:74:1b:6f:00:5b:
         db:fa:95:2d:95:36:20:84:33:4c:2e:49:a5:08:77:9d:ce:45:
         89:6f:aa:c1:78:92:ab:b8:29:eb:3d:37:01:74:b0:dd:7d:79:
         ed:2f:27:cd:94:29:e5:f3:7f:a3:7d:bf:a2:17:5c:de:41:a4:
         20:61:41:27:2e:6c:d4:6d:7d:3a:a5:2f:4f:80:22:a3:2d:2b:
         19:6e:0c:46:93:29:2e:66:50:2b:8a:22:71:0a:29:04:6f:09:
         dc:54:08:f6:62:b4:3c:7e:f8:3e:8f:7c:17:6b:60:82:ef:74:
         a6:c1:58:ae:29:da:e4:d6:51:a6:30:32:f5:b6:83:52:91:e7:
         41:01:64:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj12Dk5SvxyhFUqXXJ39nzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ODljMzk5NWUyNDYxZDVhNTJmZDRmMTAwMDc4MmY5OWE0
ZDQ4MjIwHhcNMjUwMTAxMjE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjhmMjg4NDBiYjMzOThjM2UwZjc3NWUwMWMwNWQ4MWQ2ZWU2MWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjc5c6w9SWbGd59cuL1rRUaOirVeb
zcxORvehDGzcugCaeyIwf/FF3YjsLafHnl5o9hB73fSv7TkwQ90MJMfqZf8Fc4px
KdtYSKUCOUj9pwBKTZnm+ECEBI+xfXSlZqjQt1uSbdJQhL95p6DppEmA0J8hWzP2
KYYZ5Eh9L34pwnHq9IkLxHXFTBDw9wQSn0O4bOS8UiKOWJGld48wzr495hj2FNNg
+jx/wS6a4JU1oZ/qH6L/0tlZoHOet8c33s3dDsh+W9RjCoo2+QP/XD8MYHpEAlf6
e/siFGrc7cwsZysxmKj4smUUt9fgtMuYRW0bkovd9J50OoKDO4a+l+D1QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuPKIQLszmMPg93XgHAXYHW7mHRMB8GA1UdIwQY
MBaAFGaJw5leJGHVpS/U8QAHgvmaTUgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm9uRG1WNGtZZFdsTDlUeEFBZUMtWnBOU0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDY5NjYtMDY5YS00MGIwLWIxNDMt
NDFlYWExZmRlMTFiLzEvYTQ4b2hBdXpPWXctRDNkZUFjQmRnZGJ1WWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDY5NjYtMDY5YS00MGIwLWIxNDMtNDFlYWExZmRlMTFi
LzEvWm9uRG1WNGtZZFdsTDlUeEFBZUMtWnBOU0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW7vgMA0G
CSqGSIb3DQEBCwUAA4IBAQAWn+bpBcnQekt/ojqe6NAJGF5FH75agtoVZwLV2gpa
no90zt4oQIHNfJ/S1ZqamPR9U4doMIPgrlvS4cS4iDXRaLenpz+SqwKQ8SqjDkTN
SC3nlvduZ+3IYUYKYCEkFsaAEyFWALE4wqvHhbETAQTt/JYxlZ5BFkLtdBtvAFvb
+pUtlTYghDNMLkmlCHedzkWJb6rBeJKruCnrPTcBdLDdfXntLyfNlCnl83+jfb+i
F1zeQaQgYUEnLmzUbX06pS9PgCKjLSsZbgxGkykuZlAriiJxCikEbwncVAj2YrQ8
fvg+j3wXa2CC73SmwViuKdrk1lGmMDL1toNSkedBAWS8
-----END CERTIFICATE-----