Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/_01k3y56cEMdQ42iOKunr2RMUeM.roa
File:                     _01k3y56cEMdQ42iOKunr2RMUeM.roa (raw, json)
Hash identifier:          DGyUgtSPD/8CoWC86Wf/mLLAiyFkCUgpPiidGCEavaM=
Subject key identifier:   FF:4D:64:DF:2E:7A:70:43:1D:43:8D:A2:38:AB:A7:AF:64:4C:51:E3
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       01973F35796A891BC7B3F5DC4B2E9B2F6DF6
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/_01k3y56cEMdQ42iOKunr2RMUeM.roa
Signing time:             Thu 05 Jun 2025 08:29:18 +0000
ROA not before:           Thu 05 Jun 2025 08:29:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209811
IP address blocks:        91.224.41.0/24 maxlen: 24
                          93.120.8.0/23 maxlen: 23
                          94.232.96.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 20:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:35:79:6a:89:1b:c7:b3:f5:dc:4b:2e:9b:2f:6d:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jun  5 08:29:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff4d64df2e7a70431d438da238aba7af644c51e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a5:1d:7d:d0:22:58:7f:c9:b1:48:19:b4:65:
                    04:78:27:41:90:b1:59:63:24:1f:5f:77:87:06:eb:
                    95:47:4e:f9:1e:40:b5:72:a3:5e:f8:ae:57:9a:e6:
                    38:88:33:93:56:7b:d4:4f:31:42:19:5d:1a:b3:1b:
                    c9:80:06:73:f7:d6:f6:2a:f0:8f:ab:6b:19:a9:db:
                    43:21:d2:8f:7f:5f:c7:4e:b0:96:62:94:08:92:dd:
                    e6:1f:53:5f:ac:98:1c:a9:d7:35:69:f0:05:b5:a4:
                    d7:21:bf:fc:c4:85:fd:7a:4a:63:23:da:2b:7d:ad:
                    b3:28:82:39:95:21:5d:48:f8:cb:eb:79:51:84:9b:
                    5e:c2:a3:59:d3:af:73:79:b0:c3:c8:5c:d5:5b:ef:
                    e4:98:8a:e6:d5:34:20:6f:b8:c1:a8:f6:3c:35:de:
                    39:93:85:5b:e5:25:6e:79:63:ad:57:98:b0:33:56:
                    be:ff:7e:72:22:48:23:71:21:67:10:aa:be:82:da:
                    c2:56:d1:68:ad:85:83:ca:51:1d:86:ea:97:24:b4:
                    c8:0e:df:93:7f:c2:ba:51:78:f3:72:22:f4:1a:db:
                    c2:1e:a6:8c:fd:6f:47:07:e6:6e:c8:4b:0e:29:1f:
                    56:ae:b2:91:79:37:7e:b5:42:cc:c7:0e:3e:03:78:
                    40:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:4D:64:DF:2E:7A:70:43:1D:43:8D:A2:38:AB:A7:AF:64:4C:51:E3
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/_01k3y56cEMdQ42iOKunr2RMUeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.41.0/24
                  93.120.8.0/23
                  94.232.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:9f:8d:92:2f:2a:b6:7f:c2:ca:b4:48:89:72:63:92:8d:3a:
         30:65:50:b3:36:60:d4:23:ee:f1:c1:aa:e8:9b:0b:33:70:94:
         76:2d:f7:c8:23:1e:39:a6:8d:8e:5b:2e:08:02:b2:01:96:3d:
         37:51:bf:f6:5c:98:19:32:f6:38:13:9b:44:bc:7f:a5:4e:47:
         61:e6:32:63:9d:b7:fa:3a:5f:74:56:1c:2a:2d:5f:d8:ef:cd:
         bf:0c:9d:29:9b:29:55:00:7f:cd:0d:7f:f8:fc:eb:63:ef:2d:
         eb:46:38:9a:f5:b5:02:56:a4:49:73:7b:eb:d6:62:3d:b3:88:
         43:c1:d5:20:26:98:74:df:a9:ae:be:e0:cd:70:6f:b7:84:91:
         c7:d3:4f:58:36:16:a4:62:d1:65:64:33:23:ca:ff:3c:c8:20:
         ed:2c:1e:6e:48:b4:01:9c:ed:de:26:2f:55:1d:c6:fb:fd:96:
         bb:23:7a:55:ca:96:14:92:5f:f6:71:f3:53:d5:a1:30:e5:03:
         09:01:5f:99:ed:ca:83:ca:89:12:ed:38:ac:9e:37:7c:eb:fc:
         fb:e9:54:0c:5d:66:57:0c:b3:f7:d6:92:ae:5b:ff:f7:a2:fd:
         99:d4:80:04:bb:3f:79:91:aa:3a:d7:86:8b:47:9d:18:f4:86:
         23:14:39:64
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZc/NXlqiRvHs/XcSy6bL232MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwNjA1MDgyOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjRkNjRkZjJlN2E3MDQzMWQ0MzhkYTIzOGFiYTdhZjY0NGM1MWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraUdfdAiWH/JsUgZtGUEeCdBkLFZ
YyQfX3eHBuuVR075HkC1cqNe+K5XmuY4iDOTVnvUTzFCGV0asxvJgAZz99b2KvCP
q2sZqdtDIdKPf1/HTrCWYpQIkt3mH1NfrJgcqdc1afAFtaTXIb/8xIX9ekpjI9or
fa2zKII5lSFdSPjL63lRhJtewqNZ069zebDDyFzVW+/kmIrm1TQgb7jBqPY8Nd45
k4Vb5SVueWOtV5iwM1a+/35yIkgjcSFnEKq+gtrCVtForYWDylEdhuqXJLTIDt+T
f8K6UXjzciL0GtvCHqaM/W9HB+ZuyEsOKR9WrrKReTd+tULMxw4+A3hA1wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP9NZN8uenBDHUONojirp69kTFHjMB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEvXzAxazN5NTZjRU1kUTQyaU9LdW5yMlJNVWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+ApAwQB
XXgIAwQCXuhgMA0GCSqGSIb3DQEBCwUAA4IBAQA9n42SLyq2f8LKtEiJcmOSjTow
ZVCzNmDUI+7xwaromwszcJR2LffIIx45po2OWy4IArIBlj03Ub/2XJgZMvY4E5tE
vH+lTkdh5jJjnbf6Ol90VhwqLV/Y782/DJ0pmylVAH/NDX/4/Otj7y3rRjia9bUC
VqRJc3vr1mI9s4hDwdUgJph036muvuDNcG+3hJHH009YNhakYtFlZDMjyv88yCDt
LB5uSLQBnO3eJi9VHcb7/Za7I3pVypYUkl/2cfNT1aEw5QMJAV+Z7cqDyokS7Tis
njd86/z76VQMXWZXDLP31pKuW//3ov2Z1IAEuz95kao614aLR50Y9IYjFDlk
-----END CERTIFICATE-----