Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/sdQpr9vBWbo2oFyAIJwywqV94V0.roa
File:                     sdQpr9vBWbo2oFyAIJwywqV94V0.roa (raw, json)
Hash identifier:          q2Hm5+yXKjxuN/cBMa4LO9usoHIS/gexRqRStEbsYf4=
Subject key identifier:   B1:D4:29:AF:DB:C1:59:BA:36:A0:5C:80:20:9C:32:C2:A5:7D:E1:5D
Certificate issuer:       /CN=1670e1bc5869c602b642449031d4b7116c9dfa26
Certificate serial:       019427B61D53E8CE1B6D3A5E70B960A102F9
Authority key identifier: 16:70:E1:BC:58:69:C6:02:B6:42:44:90:31:D4:B7:11:6C:9D:FA:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FnDhvFhpxgK2QkSQMdS3EWyd-iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/sdQpr9vBWbo2oFyAIJwywqV94V0.roa
Signing time:             Thu 02 Jan 2025 15:50:34 +0000
ROA not before:           Thu 02 Jan 2025 15:50:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56454
IP address blocks:        91.223.165.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/FnDhvFhpxgK2QkSQMdS3EWyd-iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/FnDhvFhpxgK2QkSQMdS3EWyd-iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FnDhvFhpxgK2QkSQMdS3EWyd-iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 06:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:1d:53:e8:ce:1b:6d:3a:5e:70:b9:60:a1:02:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1670e1bc5869c602b642449031d4b7116c9dfa26
        Validity
            Not Before: Jan  2 15:50:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1d429afdbc159ba36a05c80209c32c2a57de15d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b9:4d:40:78:3c:39:7e:ed:cf:ef:72:57:8c:
                    d7:ba:5e:2c:e6:df:00:06:89:86:7f:c9:55:93:54:
                    bc:bc:70:d7:e7:a3:bb:39:a7:96:63:3f:60:90:3b:
                    c8:7f:3d:4b:11:c1:78:c8:22:f9:67:3f:1c:76:e8:
                    26:29:89:76:af:46:e6:af:44:e1:16:4f:b9:1f:ea:
                    f3:f3:54:20:25:8c:7d:67:77:31:cb:60:8e:35:8f:
                    32:8d:d4:90:ab:b2:e5:87:9f:9e:37:9f:2d:01:78:
                    2d:8e:bd:18:51:49:3c:04:35:e3:e7:e0:4d:39:03:
                    b4:0a:fe:60:84:fa:a9:1c:75:52:6f:db:98:b3:d7:
                    01:a2:45:ab:d6:83:df:40:22:50:d1:20:de:e2:e5:
                    2c:74:19:44:4f:97:8f:4b:af:28:d1:b1:0d:23:bc:
                    41:98:c4:82:46:b8:fb:c6:15:af:53:97:af:f5:8a:
                    1a:57:f3:74:ae:ba:df:d0:9c:39:0a:f3:dd:3f:f0:
                    1f:d4:fd:89:84:90:00:01:f7:82:7e:9e:b1:34:0f:
                    3d:ca:48:a9:89:75:04:0e:a3:4c:8b:31:2a:5d:2a:
                    62:3a:66:35:a0:63:4b:c1:22:b3:5a:9b:f5:a0:7c:
                    9f:a2:38:d0:9e:13:31:25:ac:35:1a:9b:1e:77:ee:
                    bd:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D4:29:AF:DB:C1:59:BA:36:A0:5C:80:20:9C:32:C2:A5:7D:E1:5D
            X509v3 Authority Key Identifier:
                keyid:16:70:E1:BC:58:69:C6:02:B6:42:44:90:31:D4:B7:11:6C:9D:FA:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FnDhvFhpxgK2QkSQMdS3EWyd-iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/sdQpr9vBWbo2oFyAIJwywqV94V0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ecb2aa-5e5c-4fef-bc8d-c0ea28ac367a/1/FnDhvFhpxgK2QkSQMdS3EWyd-iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:09:98:f3:da:1c:64:91:c0:79:66:ba:ab:75:60:2a:fe:f8:
         bc:6e:60:7e:0b:30:3d:e1:8a:0a:a7:70:c0:20:a0:e5:a9:66:
         34:65:33:bc:04:2e:cb:62:85:3c:88:ec:06:7e:6a:56:ac:f2:
         17:d9:2d:c6:fa:4d:6b:64:f9:e2:f9:2e:75:7c:1e:11:4f:11:
         2d:f7:da:57:09:de:56:cc:61:85:7e:c4:20:35:17:0b:27:ba:
         4e:8e:5d:ad:56:25:fd:10:3a:5c:79:71:5d:89:02:1f:01:e0:
         9b:60:d8:06:10:66:11:bc:b9:85:2d:f4:d2:e7:ae:13:31:0c:
         6e:ec:d2:3f:e8:86:b0:89:57:cd:72:cd:f0:49:3d:77:ba:f5:
         e7:e5:49:2d:6f:c9:5f:4d:01:9b:e7:3a:f3:a7:a9:f7:8c:42:
         3f:0a:e8:cb:67:72:30:ee:3c:09:4b:e8:11:2c:49:86:8a:c9:
         85:78:dc:03:37:05:4e:f0:3b:f0:d1:4d:f6:ad:b7:d6:c2:ee:
         58:96:e1:e9:8c:7f:3c:a4:93:09:e0:3c:dd:2d:24:c5:b8:f1:
         0d:74:b4:ac:3a:af:b6:a9:f8:b1:81:ec:34:ce:31:22:af:0b:
         ca:77:cd:9c:b7:7c:4c:20:45:18:19:ce:7f:7b:af:5a:a1:63:
         79:e9:91:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnth1T6M4bbTpecLlgoQL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NzBlMWJjNTg2OWM2MDJiNjQyNDQ5MDMxZDRiNzExNmM5
ZGZhMjYwHhcNMjUwMTAyMTU1MDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQ0MjlhZmRiYzE1OWJhMzZhMDVjODAyMDljMzJjMmE1N2RlMTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrlNQHg8OX7tz+9yV4zXul4s5t8A
BomGf8lVk1S8vHDX56O7OaeWYz9gkDvIfz1LEcF4yCL5Zz8cdugmKYl2r0bmr0Th
Fk+5H+rz81QgJYx9Z3cxy2CONY8yjdSQq7Llh5+eN58tAXgtjr0YUUk8BDXj5+BN
OQO0Cv5ghPqpHHVSb9uYs9cBokWr1oPfQCJQ0SDe4uUsdBlET5ePS68o0bENI7xB
mMSCRrj7xhWvU5ev9YoaV/N0rrrf0Jw5CvPdP/Af1P2JhJAAAfeCfp6xNA89ykip
iXUEDqNMizEqXSpiOmY1oGNLwSKzWpv1oHyfojjQnhMxJaw1Gpsed+69sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHUKa/bwVm6NqBcgCCcMsKlfeFdMB8GA1UdIwQY
MBaAFBZw4bxYacYCtkJEkDHUtxFsnfomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRm5EaHZGaHB4Z0syUWtTUU1kUzNFV3lkLWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9lY2IyYWEtNWU1Yy00ZmVmLWJjOGQt
YzBlYTI4YWMzNjdhLzEvc2RRcHI5dkJXYm8yb0Z5QUlKd3l3cVY5NFYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9lY2IyYWEtNWU1Yy00ZmVmLWJjOGQtYzBlYTI4YWMzNjdh
LzEvRm5EaHZGaHB4Z0syUWtTUU1kUzNFV3lkLWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+lMA0G
CSqGSIb3DQEBCwUAA4IBAQBtCZjz2hxkkcB5ZrqrdWAq/vi8bmB+CzA94YoKp3DA
IKDlqWY0ZTO8BC7LYoU8iOwGfmpWrPIX2S3G+k1rZPni+S51fB4RTxEt99pXCd5W
zGGFfsQgNRcLJ7pOjl2tViX9EDpceXFdiQIfAeCbYNgGEGYRvLmFLfTS564TMQxu
7NI/6IawiVfNcs3wST13uvXn5Uktb8lfTQGb5zrzp6n3jEI/CujLZ3Iw7jwJS+gR
LEmGismFeNwDNwVO8Dvw0U32rbfWwu5YluHpjH88pJMJ4DzdLSTFuPENdLSsOq+2
qfixgew0zjEirwvKd82ct3xMIEUYGc5/e69aoWN56ZHD
-----END CERTIFICATE-----