Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/cVRIKyklOGb7gyBNTjf8ZM0mf7c.roa
File:                     cVRIKyklOGb7gyBNTjf8ZM0mf7c.roa (raw, json)
Hash identifier:          1zkBtP2Tn8VtUUwECLAshf+HOZ82qvOHUiN42yc3zEo=
Subject key identifier:   71:54:48:2B:29:25:38:66:FB:83:20:4D:4E:37:FC:64:CD:26:7F:B7
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0194266BC5349B8DA0F80E40FD5A1C890C52
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/cVRIKyklOGb7gyBNTjf8ZM0mf7c.roa
Signing time:             Thu 02 Jan 2025 09:49:44 +0000
ROA not before:           Thu 02 Jan 2025 09:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210576
IP address blocks:        91.226.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c5:34:9b:8d:a0:f8:0e:40:fd:5a:1c:89:0c:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 09:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7154482b29253866fb83204d4e37fc64cd267fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:9c:99:1a:ec:cd:24:ba:e5:19:73:44:a4:cf:
                    db:1e:9a:80:52:b2:6c:1d:ff:fd:41:f1:6c:73:3d:
                    2a:b6:30:1e:93:2f:ad:5f:2a:8f:b0:06:a1:8d:25:
                    d8:8a:3a:26:5c:0d:68:c2:7e:eb:8e:c2:73:75:1a:
                    6c:4d:23:f9:a1:1f:a6:d8:46:82:dd:9e:58:11:90:
                    b6:15:db:bf:69:2a:42:ad:03:18:27:33:a5:22:6e:
                    a8:18:07:ea:72:3a:a5:b1:78:8d:32:e9:df:12:70:
                    39:c7:93:ee:a5:7b:3b:4f:50:e7:e4:43:d5:07:2b:
                    29:65:88:76:8d:e7:a5:7e:a2:14:22:50:1e:e5:d7:
                    f9:c1:72:1e:b1:b4:d0:4a:d3:7e:fe:69:7b:d1:1f:
                    8e:fa:66:16:49:63:49:bb:35:90:98:cb:6b:06:51:
                    75:70:4e:23:bb:a7:eb:63:00:f3:a7:a1:8f:61:cd:
                    87:e3:38:5c:08:43:1c:cb:ab:ef:36:9d:07:14:3b:
                    a4:53:e8:8a:90:4f:79:3c:de:bc:c1:65:e7:93:01:
                    45:73:07:a0:d5:b7:6e:49:27:8c:8a:10:f4:61:0e:
                    69:2e:33:58:f7:5b:13:ba:a1:37:00:00:65:56:b9:
                    4f:48:87:bb:e4:d5:91:99:57:b2:ff:bf:54:fd:1d:
                    54:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:54:48:2B:29:25:38:66:FB:83:20:4D:4E:37:FC:64:CD:26:7F:B7
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/cVRIKyklOGb7gyBNTjf8ZM0mf7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:11:55:48:3d:31:33:b6:ed:db:b5:4c:64:d2:db:38:d0:f0:
         17:7e:23:b3:af:a1:93:12:30:2d:2b:92:9b:56:46:0b:22:f5:
         12:8e:5d:a4:01:95:3a:67:cd:3f:ad:04:c1:aa:b4:87:10:ca:
         9e:db:64:bb:67:dd:a5:9b:10:f3:89:56:d7:a3:a7:22:dc:f8:
         9a:b5:73:e3:71:a9:8a:f4:10:af:22:7d:96:a0:c6:ca:16:dd:
         cd:07:40:a3:04:7f:6e:72:f7:f4:d2:93:fd:c1:e5:d8:dc:1c:
         4f:d8:1e:93:2d:b7:58:8d:48:38:2e:c4:43:aa:80:43:c6:2c:
         1b:b0:78:e2:5f:c8:2c:22:f5:cd:6b:98:3a:9b:3b:84:28:e0:
         52:ef:65:9f:a0:9d:6e:15:6c:fd:14:e8:ed:19:d8:7c:d2:72:
         40:e5:b1:9c:af:a6:db:08:86:90:46:99:14:a8:c4:ae:96:72:
         60:e2:c3:bc:a5:02:8f:fc:79:6b:96:0e:05:13:71:5f:18:47:
         fb:4f:03:eb:5a:f1:f5:48:22:0d:39:df:d7:03:63:9a:63:e5:
         97:38:95:00:cf:3d:42:10:9b:6a:0c:87:78:8e:16:7d:b4:3b:
         df:f4:0a:48:c7:78:f0:b4:d6:da:18:eb:e6:8d:53:5d:fe:1f:
         32:fb:1a:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8U0m42g+A5A/VociQxSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMTAyMDk0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTU0NDgyYjI5MjUzODY2ZmI4MzIwNGQ0ZTM3ZmM2NGNkMjY3ZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA05yZGuzNJLrlGXNEpM/bHpqAUrJs
Hf/9QfFscz0qtjAeky+tXyqPsAahjSXYijomXA1own7rjsJzdRpsTSP5oR+m2EaC
3Z5YEZC2Fdu/aSpCrQMYJzOlIm6oGAfqcjqlsXiNMunfEnA5x5PupXs7T1Dn5EPV
ByspZYh2jeelfqIUIlAe5df5wXIesbTQStN+/ml70R+O+mYWSWNJuzWQmMtrBlF1
cE4ju6frYwDzp6GPYc2H4zhcCEMcy6vvNp0HFDukU+iKkE95PN68wWXnkwFFcweg
1bduSSeMihD0YQ5pLjNY91sTuqE3AABlVrlPSIe75NWRmVey/79U/R1UOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHFUSCspJThm+4MgTU43/GTNJn+3MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvY1ZSSUt5a2xPR2I3Z3lCTlRqZjhaTTBtZjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+I5MA0G
CSqGSIb3DQEBCwUAA4IBAQAREVVIPTEztu3btUxk0ts40PAXfiOzr6GTEjAtK5Kb
VkYLIvUSjl2kAZU6Z80/rQTBqrSHEMqe22S7Z92lmxDziVbXo6ci3PiatXPjcamK
9BCvIn2WoMbKFt3NB0CjBH9ucvf00pP9weXY3BxP2B6TLbdYjUg4LsRDqoBDxiwb
sHjiX8gsIvXNa5g6mzuEKOBS72WfoJ1uFWz9FOjtGdh80nJA5bGcr6bbCIaQRpkU
qMSulnJg4sO8pQKP/Hlrlg4FE3FfGEf7TwPrWvH1SCINOd/XA2OaY+WXOJUAzz1C
EJtqDId4jhZ9tDvf9ApIx3jwtNbaGOvmjVNd/h8y+xq6
-----END CERTIFICATE-----