Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/aceb1d-28f6-41fa-acca-7fa5ebcf574e/1/ITkDnxBUCa7czYpTJZyNVLNjyA0.roa
File:                     ITkDnxBUCa7czYpTJZyNVLNjyA0.roa (raw, json)
Hash identifier:          jfV0oxUpYfbneBe41fxD2D9b2Qocc8MoRl7L2nQ2juk=
Subject key identifier:   21:39:03:9F:10:54:09:AE:DC:CD:8A:53:25:9C:8D:54:B3:63:C8:0D
Certificate issuer:       /CN=20bd702dd7800b61c96c50f42a46b6949b228dbb
Certificate serial:       019421B209B89895A4795E794FC68D4F7612
Authority key identifier: 20:BD:70:2D:D7:80:0B:61:C9:6C:50:F4:2A:46:B6:94:9B:22:8D:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IL1wLdeAC2HJbFD0Kka2lJsijbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/aceb1d-28f6-41fa-acca-7fa5ebcf574e/1/ITkDnxBUCa7czYpTJZyNVLNjyA0.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43866
IP address blocks:        91.195.202.0/23 maxlen: 23
                          91.195.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/aceb1d-28f6-41fa-acca-7fa5ebcf574e/1/IL1wLdeAC2HJbFD0Kka2lJsijbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/aceb1d-28f6-41fa-acca-7fa5ebcf574e/1/IL1wLdeAC2HJbFD0Kka2lJsijbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IL1wLdeAC2HJbFD0Kka2lJsijbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:09:b8:98:95:a4:79:5e:79:4f:c6:8d:4f:76:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20bd702dd7800b61c96c50f42a46b6949b228dbb
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2139039f105409aedccd8a53259c8d54b363c80d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:08:b6:55:e5:db:03:06:71:b0:5a:28:4d:0f:
                    e0:71:5b:4e:b7:19:2b:59:fb:55:93:ea:38:b9:fb:
                    ff:4e:9b:ea:43:bd:0e:4e:ef:31:1f:e1:5e:68:b2:
                    26:4d:8a:eb:ff:27:93:2f:f3:22:ed:53:82:79:1a:
                    26:c0:5f:30:38:ab:af:90:31:75:28:61:11:a6:2f:
                    46:a0:eb:f6:2c:ee:e4:7f:b8:92:2c:23:1a:a7:50:
                    26:6c:c1:ed:07:79:6c:32:53:f1:1c:56:40:b5:e2:
                    83:b2:e8:c3:fc:81:81:cf:36:b9:4b:e5:42:a3:03:
                    62:d9:2e:da:de:9b:ef:72:db:30:9d:a3:75:4c:f0:
                    75:7d:c3:ae:06:17:77:6e:2e:fa:d3:77:5a:be:dd:
                    6f:26:60:d8:35:87:8d:f9:06:c0:5a:9c:e7:23:2c:
                    21:16:33:ce:ab:35:70:0c:8d:99:e5:91:3a:0c:f4:
                    da:49:3b:a1:a3:93:40:75:8a:3f:dc:b3:8b:5f:9c:
                    91:16:d4:13:2f:3b:9c:96:8b:0f:1e:d3:19:66:f6:
                    a2:bc:c7:08:9f:f3:e4:50:a9:5f:b0:e5:7e:2e:29:
                    18:3b:9c:99:2b:57:d3:38:0d:41:fc:3b:47:95:99:
                    7b:9b:90:a9:88:b9:87:87:c2:fa:75:b3:89:d2:26:
                    62:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:39:03:9F:10:54:09:AE:DC:CD:8A:53:25:9C:8D:54:B3:63:C8:0D
            X509v3 Authority Key Identifier:
                keyid:20:BD:70:2D:D7:80:0B:61:C9:6C:50:F4:2A:46:B6:94:9B:22:8D:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IL1wLdeAC2HJbFD0Kka2lJsijbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/aceb1d-28f6-41fa-acca-7fa5ebcf574e/1/ITkDnxBUCa7czYpTJZyNVLNjyA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/aceb1d-28f6-41fa-acca-7fa5ebcf574e/1/IL1wLdeAC2HJbFD0Kka2lJsijbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:18:15:7b:97:ef:66:05:d7:0c:36:ab:6f:2b:5a:f1:74:ef:
         5b:ac:3b:3d:c3:5c:bb:4b:60:4d:72:9a:71:78:b3:5c:12:b5:
         7f:ce:08:1c:89:8b:64:59:ed:23:da:08:7a:71:db:ed:ac:77:
         b7:80:d3:7a:b3:0a:ed:a3:be:a8:ef:44:51:c6:70:97:eb:be:
         14:9f:fc:70:d2:a9:ac:99:ba:16:a2:ad:4a:18:81:b7:e0:c0:
         17:97:89:6d:fa:91:55:96:6c:3f:58:4e:98:28:4a:9b:b0:cc:
         e5:0b:84:2f:e5:b3:e5:21:56:d6:b7:76:49:f4:db:4a:f7:35:
         ec:31:3e:6d:bc:83:52:50:ec:4a:15:53:84:09:f2:0e:7b:4a:
         9a:1b:41:58:22:be:f6:af:01:bf:c5:39:b1:74:6b:15:46:cc:
         a5:37:51:fe:e1:f9:a5:0f:a9:02:6e:63:2b:2e:6b:ec:b1:c7:
         07:05:d7:e5:c5:fa:7b:ea:89:73:73:2f:ec:09:b6:17:68:2b:
         36:16:a9:2b:dc:00:77:0c:99:e3:61:5b:fc:2e:8f:a3:f0:77:
         c7:10:8a:b4:39:32:ca:78:0c:20:22:98:5b:98:00:84:a7:66:
         1b:2c:56:29:17:62:6a:99:7a:b4:4c:e1:45:4b:71:8d:7f:b9:
         89:23:cc:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsgm4mJWkeV55T8aNT3YSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwYmQ3MDJkZDc4MDBiNjFjOTZjNTBmNDJhNDZiNjk0OWIy
MjhkYmIwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTM5MDM5ZjEwNTQwOWFlZGNjZDhhNTMyNTljOGQ1NGIzNjNjODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4wi2VeXbAwZxsFooTQ/gcVtOtxkr
WftVk+o4ufv/TpvqQ70OTu8xH+FeaLImTYrr/yeTL/Mi7VOCeRomwF8wOKuvkDF1
KGERpi9GoOv2LO7kf7iSLCMap1AmbMHtB3lsMlPxHFZAteKDsujD/IGBzza5S+VC
owNi2S7a3pvvctswnaN1TPB1fcOuBhd3bi7603davt1vJmDYNYeN+QbAWpznIywh
FjPOqzVwDI2Z5ZE6DPTaSTuho5NAdYo/3LOLX5yRFtQTLzuclosPHtMZZvaivMcI
n/PkUKlfsOV+LikYO5yZK1fTOA1B/DtHlZl7m5CpiLmHh8L6dbOJ0iZiLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCE5A58QVAmu3M2KUyWcjVSzY8gNMB8GA1UdIwQY
MBaAFCC9cC3XgAthyWxQ9CpGtpSbIo27MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUwxd0xkZUFDMkhKYkZEMEtrYTJsSnNpamJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9hY2ViMWQtMjhmNi00MWZhLWFjY2Et
N2ZhNWViY2Y1NzRlLzEvSVRrRG54QlVDYTdjellwVEpaeU5WTE5qeUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9hY2ViMWQtMjhmNi00MWZhLWFjY2EtN2ZhNWViY2Y1NzRl
LzEvSUwxd0xkZUFDMkhKYkZEMEtrYTJsSnNpamJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8PKMA0G
CSqGSIb3DQEBCwUAA4IBAQApGBV7l+9mBdcMNqtvK1rxdO9brDs9w1y7S2BNcppx
eLNcErV/zggciYtkWe0j2gh6cdvtrHe3gNN6swrto76o70RRxnCX674Un/xw0qms
mboWoq1KGIG34MAXl4lt+pFVlmw/WE6YKEqbsMzlC4Qv5bPlIVbWt3ZJ9NtK9zXs
MT5tvINSUOxKFVOECfIOe0qaG0FYIr72rwG/xTmxdGsVRsylN1H+4fmlD6kCbmMr
LmvssccHBdflxfp76olzcy/sCbYXaCs2Fqkr3AB3DJnjYVv8Lo+j8HfHEIq0OTLK
eAwgIphbmACEp2YbLFYpF2JqmXq0TOFFS3GNf7mJI8zk
-----END CERTIFICATE-----