Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/o3kVjVR-Bk2kY6NJIMAGFLe8Jgw.roa
File:                     o3kVjVR-Bk2kY6NJIMAGFLe8Jgw.roa (raw, json)
Hash identifier:          RhEyDbo5nJOAevwisCtwUttff0SfpdFcDo7LzXQNDoo=
Subject key identifier:   A3:79:15:8D:54:7E:06:4D:A4:63:A3:49:20:C0:06:14:B7:BC:26:0C
Certificate issuer:       /CN=bdd4262f642b1bb0b53b2a6d7798c0899d1e4d43
Certificate serial:       0194B678A1BB2E372DA50397894E1BCFF433
Authority key identifier: BD:D4:26:2F:64:2B:1B:B0:B5:3B:2A:6D:77:98:C0:89:9D:1E:4D:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/o3kVjVR-Bk2kY6NJIMAGFLe8Jgw.roa
Signing time:             Thu 30 Jan 2025 09:09:06 +0000
ROA not before:           Thu 30 Jan 2025 09:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15614
IP address blocks:        91.221.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b6:78:a1:bb:2e:37:2d:a5:03:97:89:4e:1b:cf:f4:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdd4262f642b1bb0b53b2a6d7798c0899d1e4d43
        Validity
            Not Before: Jan 30 09:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a379158d547e064da463a34920c00614b7bc260c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:63:75:14:b7:60:14:2d:22:64:69:46:78:3e:
                    4a:69:13:bb:0f:19:ad:c6:58:c2:c4:ef:26:07:69:
                    69:d6:bd:d2:5c:13:e4:43:33:1e:1b:f5:d9:0e:04:
                    1a:8f:52:90:75:d7:ed:fd:98:5f:f1:85:0c:c1:8b:
                    03:8f:20:77:48:e0:9a:67:8c:43:63:79:2b:43:31:
                    d9:c5:90:eb:27:16:4f:6e:21:d8:d8:2b:be:e2:8a:
                    af:ef:b0:74:87:cd:e9:54:f3:7a:00:4a:a4:9f:20:
                    1b:d6:89:0c:57:c3:d1:b8:11:7a:05:5e:0a:d4:8a:
                    c0:f4:b5:99:61:40:12:7e:dd:94:55:e9:0d:9e:34:
                    09:66:72:9e:64:10:f3:4a:c6:fe:20:ca:67:a7:1e:
                    65:45:72:86:17:52:3a:83:10:69:77:f8:b5:63:df:
                    1f:ed:bf:40:85:74:d2:d1:ab:40:49:40:14:52:16:
                    4e:60:c7:3a:15:11:3e:41:5a:06:ea:9b:85:2e:cb:
                    90:67:c9:d2:97:b0:16:0e:29:bd:e5:13:11:c0:ea:
                    72:be:3f:fc:f9:70:52:49:5f:2b:d7:35:f4:03:4e:
                    1c:20:6f:97:50:34:b1:a7:3d:28:8f:ed:bf:b6:2f:
                    c7:0e:16:65:4a:55:4d:09:0e:db:3a:3e:97:a6:77:
                    3c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:79:15:8D:54:7E:06:4D:A4:63:A3:49:20:C0:06:14:B7:BC:26:0C
            X509v3 Authority Key Identifier:
                keyid:BD:D4:26:2F:64:2B:1B:B0:B5:3B:2A:6D:77:98:C0:89:9D:1E:4D:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/o3kVjVR-Bk2kY6NJIMAGFLe8Jgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:aa:a0:94:8e:d3:5a:69:53:7b:16:f1:e2:9e:35:ce:8a:04:
         ac:02:fa:98:23:40:98:2a:76:33:f3:b3:48:0a:e1:1a:22:63:
         d3:fb:82:f6:56:99:f5:c3:f9:49:98:fe:a4:af:15:15:68:70:
         dd:02:36:e5:7b:6c:57:c1:a6:ca:e3:9d:85:38:72:f4:0f:b7:
         b6:b6:8b:59:cc:ca:33:6b:90:82:9b:c5:b9:f5:15:07:82:8d:
         e6:d3:82:c0:1b:2b:d1:d5:ca:88:06:e2:26:5e:af:26:79:6a:
         80:39:2e:92:1c:41:dc:13:67:67:00:55:c1:13:3d:66:97:f1:
         2c:aa:a2:e0:e9:73:fc:70:ce:68:f5:f4:dd:2c:68:69:ef:57:
         ad:f3:8d:d7:fd:63:99:2a:53:02:97:a1:29:75:3e:78:b4:3c:
         c2:93:e4:68:b9:72:5c:8a:79:c1:e9:48:ba:0a:78:57:4a:2d:
         d9:d8:60:e9:9e:a7:6a:a6:7c:49:20:ef:4b:0f:ec:e2:b1:10:
         42:9a:46:4e:6d:16:f8:d1:1a:fc:dd:84:ce:71:0e:15:b7:f8:
         3f:ec:5b:94:69:b8:d7:72:0d:16:e6:24:ca:16:37:94:2a:b0:
         d8:04:ce:9b:de:6d:6c:24:a2:57:e9:c0:38:c1:28:cc:b6:0e:
         0e:56:65:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS2eKG7LjctpQOXiU4bz/QzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZDQyNjJmNjQyYjFiYjBiNTNiMmE2ZDc3OThjMDg5OWQx
ZTRkNDMwHhcNMjUwMTMwMDkwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzc5MTU4ZDU0N2UwNjRkYTQ2M2EzNDkyMGMwMDYxNGI3YmMyNjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GN1FLdgFC0iZGlGeD5KaRO7Dxmt
xljCxO8mB2lp1r3SXBPkQzMeG/XZDgQaj1KQddft/Zhf8YUMwYsDjyB3SOCaZ4xD
Y3krQzHZxZDrJxZPbiHY2Cu+4oqv77B0h83pVPN6AEqknyAb1okMV8PRuBF6BV4K
1IrA9LWZYUASft2UVekNnjQJZnKeZBDzSsb+IMpnpx5lRXKGF1I6gxBpd/i1Y98f
7b9AhXTS0atASUAUUhZOYMc6FRE+QVoG6puFLsuQZ8nSl7AWDim95RMRwOpyvj/8
+XBSSV8r1zX0A04cIG+XUDSxpz0oj+2/ti/HDhZlSlVNCQ7bOj6Xpnc8VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKN5FY1UfgZNpGOjSSDABhS3vCYMMB8GA1UdIwQY
MBaAFL3UJi9kKxuwtTsqbXeYwImdHk1DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmRRbUwyUXJHN0MxT3lwdGQ1akFpWjBlVFVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85MGM1YmUtMmY2ZS00NDQxLTk0NjEt
M2JkNzlmZmM2Mzk4LzEvbzNrVmpWUi1CazJrWTZOSklNQUdGTGU4Smd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85MGM1YmUtMmY2ZS00NDQxLTk0NjEtM2JkNzlmZmM2Mzk4
LzEvdmRRbUwyUXJHN0MxT3lwdGQ1akFpWjBlVFVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW90CMA0G
CSqGSIb3DQEBCwUAA4IBAQBRqqCUjtNaaVN7FvHinjXOigSsAvqYI0CYKnYz87NI
CuEaImPT+4L2Vpn1w/lJmP6krxUVaHDdAjble2xXwabK452FOHL0D7e2totZzMoz
a5CCm8W59RUHgo3m04LAGyvR1cqIBuImXq8meWqAOS6SHEHcE2dnAFXBEz1ml/Es
qqLg6XP8cM5o9fTdLGhp71et843X/WOZKlMCl6EpdT54tDzCk+RouXJcinnB6Ui6
CnhXSi3Z2GDpnqdqpnxJIO9LD+zisRBCmkZObRb40Rr83YTOcQ4Vt/g/7FuUabjX
cg0W5iTKFjeUKrDYBM6b3m1sJKJX6cA4wSjMtg4OVmVo
-----END CERTIFICATE-----