Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/wbh15XPn1kgCYyJ-XkIl20Yytuw.roa
File:                     wbh15XPn1kgCYyJ-XkIl20Yytuw.roa (raw, json)
Hash identifier:          aWvLndo6Gq/HOzsYU6uHpO8FpYdNLyOKJEg8ZgZ7QAI=
Subject key identifier:   C1:B8:75:E5:73:E7:D6:48:02:63:22:7E:5E:42:25:DB:46:32:B6:EC
Certificate issuer:       /CN=169ea0275c765e17603eb59eef39e2fab5380ef0
Certificate serial:       019423D73B10CCE03AAAC7960A796C3FCCA8
Authority key identifier: 16:9E:A0:27:5C:76:5E:17:60:3E:B5:9E:EF:39:E2:FA:B5:38:0E:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/wbh15XPn1kgCYyJ-XkIl20Yytuw.roa
Signing time:             Wed 01 Jan 2025 21:48:15 +0000
ROA not before:           Wed 01 Jan 2025 21:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44309
IP address blocks:        91.201.172.0/22 maxlen: 24
                          91.237.56.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:3b:10:cc:e0:3a:aa:c7:96:0a:79:6c:3f:cc:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=169ea0275c765e17603eb59eef39e2fab5380ef0
        Validity
            Not Before: Jan  1 21:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c1b875e573e7d6480263227e5e4225db4632b6ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:12:bc:6e:c9:9e:25:9a:db:6b:b1:18:bc:f7:
                    02:e1:4c:eb:31:0b:db:c9:95:2a:42:3e:46:4d:bd:
                    c1:35:58:e0:2b:b7:73:6c:0b:68:83:c1:f5:20:ac:
                    6b:44:ad:b3:7f:fd:1c:8d:9e:87:da:81:6e:56:d7:
                    0e:3c:4e:8b:2c:78:70:66:31:03:b7:cb:84:5d:9d:
                    d6:6d:6c:1b:1d:6b:95:03:e1:79:51:c8:f5:36:34:
                    b5:e6:bf:fe:c3:00:9b:ae:36:c0:c0:79:e8:b7:db:
                    24:1c:3f:1b:b1:6b:1f:49:58:58:7d:f8:de:ad:83:
                    be:df:ec:6e:6e:7a:f8:f6:08:ee:22:78:3d:22:7d:
                    24:f5:f2:bc:ad:5e:a0:c7:09:4e:58:f4:40:9d:fa:
                    c2:4b:6d:59:b9:c5:04:77:0f:6f:96:ac:c5:44:d4:
                    58:3c:43:aa:e1:0b:e8:cd:6f:93:e4:81:d5:42:8c:
                    d1:d4:f5:f3:d6:c8:b1:f3:ba:9a:4d:1f:f9:e8:d3:
                    d0:f3:dd:17:65:62:74:e7:7a:84:1f:bb:ad:57:7b:
                    10:08:35:47:d3:5f:4d:6b:b3:6c:f2:ef:79:45:a0:
                    8f:9a:b5:1f:78:f3:00:22:7a:58:c6:3f:42:5f:ba:
                    b9:ae:b9:e7:da:af:e6:d9:c6:b7:80:2b:7c:8c:16:
                    65:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:B8:75:E5:73:E7:D6:48:02:63:22:7E:5E:42:25:DB:46:32:B6:EC
            X509v3 Authority Key Identifier:
                keyid:16:9E:A0:27:5C:76:5E:17:60:3E:B5:9E:EF:39:E2:FA:B5:38:0E:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/wbh15XPn1kgCYyJ-XkIl20Yytuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/4a54fd-bbea-415a-b969-d69ef422c167/1/Fp6gJ1x2XhdgPrWe7zni-rU4DvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.172.0/22
                  91.237.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         41:9f:a3:e8:4b:7f:9a:2a:02:87:3f:3a:9c:e5:81:06:f7:da:
         cc:61:52:e0:91:bf:a0:93:83:15:6b:5d:34:12:a1:a2:73:a8:
         d6:4c:dd:b4:fe:5d:cc:b2:38:bb:f7:96:45:72:f5:c6:cf:e6:
         35:33:cb:46:56:27:cf:b6:94:14:22:6c:50:0c:7b:7b:ee:9e:
         ac:1c:5d:c9:09:8b:5a:fd:d7:6a:b8:ae:3a:1c:0c:b8:3c:f0:
         a1:4b:ef:6e:fb:ed:b1:2f:8d:4a:23:e7:f7:52:01:16:12:bd:
         aa:1d:c6:27:ab:c9:f0:ab:77:75:a7:2d:f9:13:fb:b0:73:ee:
         96:d2:0f:64:5d:11:cf:e8:09:b7:91:71:c5:4e:61:e1:60:10:
         fe:10:64:3a:e1:32:e5:66:de:4c:64:68:60:5c:41:9d:c4:3b:
         ee:14:16:b2:f6:97:fc:81:45:75:3d:94:ea:a2:24:bd:4d:9b:
         96:41:8f:d6:64:b8:44:33:2a:58:b1:c5:1f:68:aa:10:27:1b:
         14:87:d4:5e:a4:5c:84:ec:70:5c:56:1e:f1:bf:ed:a7:17:db:
         33:e9:ae:90:87:53:2a:da:90:c3:83:96:31:4f:62:12:b2:80:
         e9:4c:e0:12:6b:5c:b0:78:6c:51:e6:52:56:36:57:83:b5:a6:
         6c:01:15:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1zsQzOA6qseWCnlsP8yoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OWVhMDI3NWM3NjVlMTc2MDNlYjU5ZWVmMzllMmZhYjUz
ODBlZjAwHhcNMjUwMTAxMjE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWI4NzVlNTczZTdkNjQ4MDI2MzIyN2U1ZTQyMjVkYjQ2MzJiNmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhK8bsmeJZrba7EYvPcC4UzrMQvb
yZUqQj5GTb3BNVjgK7dzbAtog8H1IKxrRK2zf/0cjZ6H2oFuVtcOPE6LLHhwZjED
t8uEXZ3WbWwbHWuVA+F5Ucj1NjS15r/+wwCbrjbAwHnot9skHD8bsWsfSVhYffje
rYO+3+xubnr49gjuIng9In0k9fK8rV6gxwlOWPRAnfrCS21ZucUEdw9vlqzFRNRY
PEOq4QvozW+T5IHVQozR1PXz1six87qaTR/56NPQ890XZWJ053qEH7utV3sQCDVH
019Na7Ns8u95RaCPmrUfePMAInpYxj9CX7q5rrnn2q/m2ca3gCt8jBZlkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMG4deVz59ZIAmMifl5CJdtGMrbsMB8GA1UdIwQY
MBaAFBaeoCdcdl4XYD61nu854vq1OA7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnA2Z0oxeDJYaGRnUHJXZTd6bmktclU0RHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi80YTU0ZmQtYmJlYS00MTVhLWI5Njkt
ZDY5ZWY0MjJjMTY3LzEvd2JoMTVYUG4xa2dDWXlKLVhrSWwyMFl5dHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi80YTU0ZmQtYmJlYS00MTVhLWI5NjktZDY5ZWY0MjJjMTY3
LzEvRnA2Z0oxeDJYaGRnUHJXZTd6bmktclU0RHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8msAwQC
W+04MA0GCSqGSIb3DQEBCwUAA4IBAQBBn6PoS3+aKgKHPzqc5YEG99rMYVLgkb+g
k4MVa100EqGic6jWTN20/l3Msji795ZFcvXGz+Y1M8tGVifPtpQUImxQDHt77p6s
HF3JCYta/ddquK46HAy4PPChS+9u++2xL41KI+f3UgEWEr2qHcYnq8nwq3d1py35
E/uwc+6W0g9kXRHP6Am3kXHFTmHhYBD+EGQ64TLlZt5MZGhgXEGdxDvuFBay9pf8
gUV1PZTqoiS9TZuWQY/WZLhEMypYscUfaKoQJxsUh9RepFyE7HBcVh7xv+2nF9sz
6a6Qh1Mq2pDDg5YxT2ISsoDpTOASa1yweGxR5lJWNleDtaZsARVV
-----END CERTIFICATE-----