Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/3Vc8GAv3OdpXw-IEwIeY1NxUP6c.roa
File:                     3Vc8GAv3OdpXw-IEwIeY1NxUP6c.roa (raw, json)
Hash identifier:          qDWay94UtnkH+WvsjYkj9wPwpR3+5E60OgC2LXVgLK8=
Subject key identifier:   DD:57:3C:18:0B:F7:39:DA:57:C3:E2:04:C0:87:98:D4:DC:54:3F:A7
Certificate issuer:       /CN=bdd4262f642b1bb0b53b2a6d7798c0899d1e4d43
Certificate serial:       0194228D28A2348AFCE4878607A09B8241C8
Authority key identifier: BD:D4:26:2F:64:2B:1B:B0:B5:3B:2A:6D:77:98:C0:89:9D:1E:4D:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/3Vc8GAv3OdpXw-IEwIeY1NxUP6c.roa
Signing time:             Wed 01 Jan 2025 15:47:43 +0000
ROA not before:           Wed 01 Jan 2025 15:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43708
IP address blocks:        91.221.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:28:a2:34:8a:fc:e4:87:86:07:a0:9b:82:41:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdd4262f642b1bb0b53b2a6d7798c0899d1e4d43
        Validity
            Not Before: Jan  1 15:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd573c180bf739da57c3e204c08798d4dc543fa7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ce:42:27:0e:88:76:86:23:34:69:69:b4:2c:
                    12:ec:aa:8a:b0:0d:f9:67:f4:e5:86:08:18:7f:71:
                    11:ff:b6:a0:9e:3a:e2:41:c0:7b:81:99:96:84:88:
                    94:8f:26:f6:41:55:76:7b:17:2f:27:41:7c:3f:00:
                    9b:f7:93:1e:f9:69:cc:eb:dd:8c:52:9e:90:8a:7e:
                    cd:5a:cd:f1:3c:cd:bf:8e:0b:21:25:93:c9:2c:52:
                    68:aa:eb:58:e5:1c:ba:ae:07:a5:0d:52:8c:cb:df:
                    8f:0f:9e:61:c9:ef:e4:58:93:d3:b2:52:09:98:ea:
                    7d:b7:66:98:50:1c:71:6a:4e:60:8e:32:c7:76:66:
                    da:79:16:fe:8d:cf:2b:7d:0a:a3:c4:34:3f:83:55:
                    86:a8:da:e5:d1:f2:51:37:6d:f4:9c:59:16:08:99:
                    74:8a:c3:bc:e9:ad:6c:96:0c:da:f1:e9:19:63:37:
                    59:d8:35:76:11:9f:96:42:44:b6:a2:c4:a0:60:c4:
                    42:f8:02:f8:3e:59:5f:1e:ac:cd:d9:7d:49:bf:41:
                    a9:59:00:39:da:fd:7a:d4:35:9b:2e:55:38:40:a6:
                    e7:0b:a6:69:d7:cc:6a:40:52:b0:54:15:c4:46:c3:
                    d3:42:49:46:ba:51:98:d7:4d:f7:5a:a4:f3:59:b3:
                    d5:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:57:3C:18:0B:F7:39:DA:57:C3:E2:04:C0:87:98:D4:DC:54:3F:A7
            X509v3 Authority Key Identifier:
                keyid:BD:D4:26:2F:64:2B:1B:B0:B5:3B:2A:6D:77:98:C0:89:9D:1E:4D:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/3Vc8GAv3OdpXw-IEwIeY1NxUP6c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         52:5c:56:a5:a9:b5:b7:73:61:69:c9:9b:8e:81:09:a8:8d:c6:
         38:72:4e:81:5f:64:93:ae:21:74:08:0a:a1:5b:22:2e:c6:da:
         83:ca:c1:03:89:40:23:6e:84:93:cc:37:18:49:56:31:53:cd:
         b9:3e:db:25:e5:5d:d3:0b:f2:f5:15:35:77:6b:9c:7f:ce:d6:
         88:f2:42:04:06:a6:04:07:ab:e7:7f:bc:d8:30:f5:09:5e:80:
         ea:94:9c:46:5e:62:06:bc:7d:23:87:93:bb:16:f5:af:32:21:
         27:ca:7f:79:8c:1d:f3:af:e9:81:fc:22:c0:c8:fb:4d:52:e0:
         e2:f5:03:e0:70:1b:45:a7:a2:25:30:1e:f6:f4:34:1d:3b:a0:
         e3:c7:25:a0:49:62:43:dc:a8:ea:1d:ac:cf:ab:d7:7a:59:3d:
         64:5c:fa:bb:54:c2:5f:8f:f5:45:ec:7e:f5:eb:86:ab:3e:09:
         67:11:0d:35:78:b4:d1:fa:56:3b:9c:12:a7:fb:b6:5d:bf:ac:
         75:35:05:66:a8:5f:20:0f:0a:32:89:03:e2:38:a1:67:9e:11:
         e8:e6:a8:01:52:1d:a3:b0:be:18:64:37:c3:76:9a:1f:ca:9b:
         8e:25:0e:e0:e1:49:c3:e5:6e:fb:c9:23:d1:71:cf:c8:14:b6:
         b8:84:d8:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSiiNIr85IeGB6CbgkHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZDQyNjJmNjQyYjFiYjBiNTNiMmE2ZDc3OThjMDg5OWQx
ZTRkNDMwHhcNMjUwMTAxMTU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDU3M2MxODBiZjczOWRhNTdjM2UyMDRjMDg3OThkNGRjNTQzZmE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsc5CJw6IdoYjNGlptCwS7KqKsA35
Z/TlhggYf3ER/7agnjriQcB7gZmWhIiUjyb2QVV2excvJ0F8PwCb95Me+WnM692M
Up6Qin7NWs3xPM2/jgshJZPJLFJoqutY5Ry6rgelDVKMy9+PD55hye/kWJPTslIJ
mOp9t2aYUBxxak5gjjLHdmbaeRb+jc8rfQqjxDQ/g1WGqNrl0fJRN230nFkWCJl0
isO86a1slgza8ekZYzdZ2DV2EZ+WQkS2osSgYMRC+AL4PllfHqzN2X1Jv0GpWQA5
2v161DWbLlU4QKbnC6Zp18xqQFKwVBXERsPTQklGulGY1033WqTzWbPVOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN1XPBgL9znaV8PiBMCHmNTcVD+nMB8GA1UdIwQY
MBaAFL3UJi9kKxuwtTsqbXeYwImdHk1DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmRRbUwyUXJHN0MxT3lwdGQ1akFpWjBlVFVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85MGM1YmUtMmY2ZS00NDQxLTk0NjEt
M2JkNzlmZmM2Mzk4LzEvM1ZjOEdBdjNPZHBYdy1JRXdJZVkxTnhVUDZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85MGM1YmUtMmY2ZS00NDQxLTk0NjEtM2JkNzlmZmM2Mzk4
LzEvdmRRbUwyUXJHN0MxT3lwdGQ1akFpWjBlVFVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW90CMA0G
CSqGSIb3DQEBCwUAA4IBAQBSXFalqbW3c2FpyZuOgQmojcY4ck6BX2STriF0CAqh
WyIuxtqDysEDiUAjboSTzDcYSVYxU825Ptsl5V3TC/L1FTV3a5x/ztaI8kIEBqYE
B6vnf7zYMPUJXoDqlJxGXmIGvH0jh5O7FvWvMiEnyn95jB3zr+mB/CLAyPtNUuDi
9QPgcBtFp6IlMB729DQdO6DjxyWgSWJD3KjqHazPq9d6WT1kXPq7VMJfj/VF7H71
64arPglnEQ01eLTR+lY7nBKn+7Zdv6x1NQVmqF8gDwoyiQPiOKFnnhHo5qgBUh2j
sL4YZDfDdpofypuOJQ7g4UnD5W77ySPRcc/IFLa4hNgq
-----END CERTIFICATE-----