Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/N4O1f1HdN3aaUng8Ezj5qGov-Js.roa
File:                     N4O1f1HdN3aaUng8Ezj5qGov-Js.roa (raw, json)
Hash identifier:          sfcsuhZVAT4PlLRFtuXFGetuMIfE20AC6DkhL2YQizc=
Subject key identifier:   37:83:B5:7F:51:DD:37:76:9A:52:78:3C:13:38:F9:A8:6A:2F:F8:9B
Certificate issuer:       /CN=4f908a6d868ab9e9bdb10472fbec31c966e94274
Certificate serial:       019427478EB901123D788D6244EBB58253A3
Authority key identifier: 4F:90:8A:6D:86:8A:B9:E9:BD:B1:04:72:FB:EC:31:C9:66:E9:42:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T5CKbYaKuem9sQRy--wxyWbpQnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/N4O1f1HdN3aaUng8Ezj5qGov-Js.roa
Signing time:             Thu 02 Jan 2025 13:49:48 +0000
ROA not before:           Thu 02 Jan 2025 13:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        91.206.52.0/23 maxlen: 23
                          2001:7f8:24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/T5CKbYaKuem9sQRy--wxyWbpQnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/T5CKbYaKuem9sQRy--wxyWbpQnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T5CKbYaKuem9sQRy--wxyWbpQnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:8e:b9:01:12:3d:78:8d:62:44:eb:b5:82:53:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f908a6d868ab9e9bdb10472fbec31c966e94274
        Validity
            Not Before: Jan  2 13:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3783b57f51dd37769a52783c1338f9a86a2ff89b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:e4:d1:6a:d8:68:0e:3d:00:52:8f:91:58:6b:
                    29:ea:c0:c8:87:ac:8c:3e:77:5a:7a:77:8e:41:e6:
                    80:3d:87:6e:35:85:38:b4:bf:80:5f:9a:28:a2:21:
                    b4:89:c5:24:57:8a:dd:a6:f0:a8:36:20:97:c4:39:
                    15:5f:1c:8a:91:cd:a0:01:8a:ee:5c:42:0b:3d:fa:
                    e7:d5:1c:0d:06:33:50:13:88:2e:4d:69:56:a8:40:
                    b8:45:07:5e:1d:1c:3f:65:47:9f:64:1d:6a:0d:f3:
                    34:d6:06:82:57:8e:bb:5b:f2:d5:5f:18:47:56:42:
                    d4:35:1b:2a:bc:da:d1:c3:f1:31:8c:9b:c1:3f:8d:
                    0d:2b:f5:8b:c9:34:88:a9:c3:ef:40:52:52:f2:a4:
                    36:d6:7e:db:ef:ae:31:eb:c3:64:a2:52:2b:57:f8:
                    c1:9a:d9:1b:54:12:96:4e:87:00:49:25:1d:77:0b:
                    d5:3d:77:24:6a:55:80:a1:6e:a0:5e:d9:81:b3:c2:
                    0a:a3:da:9e:b8:fc:0c:40:81:20:6c:c1:1a:53:2d:
                    a6:82:b2:24:98:e1:21:6e:fe:94:22:d4:b3:10:03:
                    67:c2:30:cf:1a:de:0c:37:d2:0f:7e:11:cd:c5:96:
                    05:92:c3:0c:18:1e:2a:90:97:97:2a:cd:09:3f:0f:
                    23:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:83:B5:7F:51:DD:37:76:9A:52:78:3C:13:38:F9:A8:6A:2F:F8:9B
            X509v3 Authority Key Identifier:
                keyid:4F:90:8A:6D:86:8A:B9:E9:BD:B1:04:72:FB:EC:31:C9:66:E9:42:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T5CKbYaKuem9sQRy--wxyWbpQnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/N4O1f1HdN3aaUng8Ezj5qGov-Js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/4d77d9-b0a3-48ad-aa2a-1c6ee5bbeb66/1/T5CKbYaKuem9sQRy--wxyWbpQnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.52.0/23
                IPv6:
                  2001:7f8:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:72:0d:95:94:17:34:0a:c1:d8:0b:a3:4f:f3:c4:99:3f:4e:
         3a:10:d9:02:1a:d6:5e:ba:1b:1f:6c:16:e7:20:08:a5:df:d0:
         ee:f3:c6:fc:c1:eb:b6:95:7b:31:cf:5f:b5:76:3e:c1:c4:46:
         bf:2f:fe:52:c6:2e:ff:60:f2:9d:7c:65:74:c0:38:e2:21:08:
         3f:8d:bb:49:a8:c4:a0:a5:26:6c:bc:3d:c7:3e:3e:9f:00:91:
         bf:6c:d8:e7:8e:02:d7:d0:99:60:07:78:6f:a2:3f:ad:0b:8c:
         6b:fe:cb:78:19:87:c3:0e:b4:21:ce:f2:09:6a:a9:9a:ed:be:
         25:08:11:fa:60:47:e1:51:26:2f:53:b4:50:1f:43:12:eb:a2:
         79:58:2a:92:1b:be:ed:d6:1f:54:3e:e2:e2:74:d3:c1:0c:dc:
         89:6b:a1:c7:68:d5:d0:df:c1:f5:b7:79:16:5e:fe:c3:b9:e6:
         b7:3a:c2:ed:49:cf:13:d2:df:de:e8:8a:ec:f2:c1:1e:4f:72:
         27:bc:c6:3a:d1:c2:10:c6:02:2b:5a:30:5d:ee:a9:be:ba:8c:
         05:e6:7e:0e:c5:8e:5f:4e:9d:76:52:08:41:04:48:fc:55:a6:
         ff:b1:56:b1:a5:14:1f:88:31:dd:4e:dd:e5:e4:3b:dd:16:c1:
         73:45:d6:7e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQnR465ARI9eI1iROu1glOjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmOTA4YTZkODY4YWI5ZTliZGIxMDQ3MmZiZWMzMWM5NjZl
OTQyNzQwHhcNMjUwMTAyMTM0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzgzYjU3ZjUxZGQzNzc2OWE1Mjc4M2MxMzM4ZjlhODZhMmZmODliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7eTRathoDj0AUo+RWGsp6sDIh6yM
PndaeneOQeaAPYduNYU4tL+AX5oooiG0icUkV4rdpvCoNiCXxDkVXxyKkc2gAYru
XEILPfrn1RwNBjNQE4guTWlWqEC4RQdeHRw/ZUefZB1qDfM01gaCV467W/LVXxhH
VkLUNRsqvNrRw/ExjJvBP40NK/WLyTSIqcPvQFJS8qQ21n7b764x68NkolIrV/jB
mtkbVBKWTocASSUddwvVPXckalWAoW6gXtmBs8IKo9qeuPwMQIEgbMEaUy2mgrIk
mOEhbv6UItSzEANnwjDPGt4MN9IPfhHNxZYFksMMGB4qkJeXKs0JPw8jNwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDeDtX9R3Td2mlJ4PBM4+ahqL/ibMB8GA1UdIwQY
MBaAFE+Qim2GirnpvbEEcvvsMclm6UJ0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDVDS2JZYUt1ZW05c1FSeS0td3h5V2JwUW5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC80ZDc3ZDktYjBhMy00OGFkLWFhMmEt
MWM2ZWU1YmJlYjY2LzEvTjRPMWYxSGROM2FhVW5nOEV6ajVxR292LUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC80ZDc3ZDktYjBhMy00OGFkLWFhMmEtMWM2ZWU1YmJlYjY2
LzEvVDVDS2JZYUt1ZW05c1FSeS0td3h5V2JwUW5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW840MA8E
AgACMAkDBwAgAQf4ACQwDQYJKoZIhvcNAQELBQADggEBAINyDZWUFzQKwdgLo0/z
xJk/TjoQ2QIa1l66Gx9sFucgCKXf0O7zxvzB67aVezHPX7V2PsHERr8v/lLGLv9g
8p18ZXTAOOIhCD+Nu0moxKClJmy8Pcc+Pp8Akb9s2OeOAtfQmWAHeG+iP60LjGv+
y3gZh8MOtCHO8glqqZrtviUIEfpgR+FRJi9TtFAfQxLronlYKpIbvu3WH1Q+4uJ0
08EM3Ilrocdo1dDfwfW3eRZe/sO55rc6wu1JzxPS397oiuzywR5Pcie8xjrRwhDG
AitaMF3uqb66jAXmfg7Fjl9OnXZSCEEESPxVpv+xVrGlFB+IMd1O3eXkO90WwXNF
1n4=
-----END CERTIFICATE-----