Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/3rwXWtFbCIuCgGU96PeqAGUhWU4.roa
File:                     3rwXWtFbCIuCgGU96PeqAGUhWU4.roa (raw, json)
Hash identifier:          rp0bCqxBlPPCcVLUBh0MkWETtPWfiqbHwRVpOhMjnK4=
Subject key identifier:   DE:BC:17:5A:D1:5B:08:8B:82:80:65:3D:E8:F7:AA:00:65:21:59:4E
Certificate issuer:       /CN=082100f0b1991d80a46421d9fe5147f2d55ac930
Certificate serial:       01948ED8965AEC25FDFFD106C9736FEC562E
Authority key identifier: 08:21:00:F0:B1:99:1D:80:A4:64:21:D9:FE:51:47:F2:D5:5A:C9:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CCEA8LGZHYCkZCHZ_lFH8tVayTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/3rwXWtFbCIuCgGU96PeqAGUhWU4.roa
Signing time:             Wed 22 Jan 2025 16:29:06 +0000
ROA not before:           Wed 22 Jan 2025 16:29:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43013
IP address blocks:        91.241.0.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/CCEA8LGZHYCkZCHZ_lFH8tVayTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/CCEA8LGZHYCkZCHZ_lFH8tVayTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CCEA8LGZHYCkZCHZ_lFH8tVayTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:8e:d8:96:5a:ec:25:fd:ff:d1:06:c9:73:6f:ec:56:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=082100f0b1991d80a46421d9fe5147f2d55ac930
        Validity
            Not Before: Jan 22 16:29:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=debc175ad15b088b8280653de8f7aa006521594e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:56:32:e0:6d:1a:31:eb:9a:e2:eb:c8:84:fd:
                    e9:98:55:c0:5f:f9:81:7c:c7:06:29:21:12:e4:94:
                    99:a5:ed:f8:5f:d2:ec:ae:43:84:bf:df:9b:49:30:
                    a4:1b:db:cd:3d:93:89:dd:90:18:da:76:18:c3:58:
                    7c:79:71:0b:8c:a7:54:d6:d0:69:fb:ee:0f:e9:f7:
                    64:27:71:7c:61:ad:74:a6:e7:2d:15:2e:ff:9a:9f:
                    2c:f9:f2:74:63:84:31:e5:e1:f9:e7:8d:e9:ea:a2:
                    f9:32:41:29:a0:4e:e7:06:1b:f6:e1:45:10:38:fc:
                    c7:49:a4:c0:38:44:78:4c:13:b5:9d:6f:f7:9d:8d:
                    5a:dd:3b:e7:9c:6c:f4:b1:3f:5c:6f:53:88:a2:38:
                    8b:8f:66:ef:bc:43:19:fe:ce:5b:d5:fe:a8:fa:38:
                    2b:59:42:ed:78:cb:1c:80:c7:c7:2a:e3:87:e3:53:
                    34:55:f3:35:b7:f9:a9:b0:a3:70:6d:29:3e:a3:7b:
                    c7:73:6b:13:d7:fb:f8:de:49:5f:36:95:00:71:66:
                    d8:2e:cc:59:83:6e:db:07:4e:9d:bc:02:e9:bb:d9:
                    53:67:d9:58:16:30:60:46:95:fc:82:54:87:21:b5:
                    16:67:07:11:6d:b2:06:dc:f0:15:c5:80:54:01:b8:
                    f7:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:BC:17:5A:D1:5B:08:8B:82:80:65:3D:E8:F7:AA:00:65:21:59:4E
            X509v3 Authority Key Identifier:
                keyid:08:21:00:F0:B1:99:1D:80:A4:64:21:D9:FE:51:47:F2:D5:5A:C9:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CCEA8LGZHYCkZCHZ_lFH8tVayTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/3rwXWtFbCIuCgGU96PeqAGUhWU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/46cf2c-5bea-4861-8e5d-40989d0dfc5c/1/CCEA8LGZHYCkZCHZ_lFH8tVayTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:6a:1c:fc:3a:40:43:fd:63:19:28:8a:61:5a:12:78:d6:99:
         dd:a8:4b:cf:a1:9e:b9:41:b7:9d:0a:73:37:2f:9b:fd:67:3d:
         55:b6:f0:3d:48:6c:e1:5a:dd:66:ca:95:18:dc:12:f6:fd:c1:
         1d:3d:f7:33:95:d9:21:cc:3d:cb:03:0c:22:d1:d3:38:a3:92:
         78:5b:1a:38:f4:43:1b:1c:e1:07:ab:fe:23:72:32:94:05:53:
         64:2e:db:14:fe:34:27:87:54:9e:c9:b5:e9:f8:40:ae:86:d3:
         83:6f:79:38:e3:5c:12:dc:84:15:9a:56:de:3c:7d:0d:b7:96:
         af:55:d4:65:a4:02:57:08:2e:7b:2b:28:50:0b:6d:be:e7:ae:
         20:1d:a3:8e:f6:85:4a:c7:89:65:ad:bb:6d:4f:01:06:b9:cc:
         71:a7:e6:77:12:91:eb:18:c0:0e:49:9e:ab:9f:d1:ec:0e:c5:
         5e:b4:32:4c:71:d4:dc:cf:fd:fd:61:50:d0:2e:95:b2:7f:c0:
         f1:ba:9d:f9:40:14:bd:a2:dd:0b:77:a4:fb:b2:54:9a:55:6e:
         d6:91:95:48:de:30:ad:45:9b:99:7b:6e:26:5e:ea:8b:a3:55:
         b7:fe:c7:8e:de:99:fc:06:50:a2:7d:68:27:a8:8a:34:53:13:
         41:c7:5b:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSO2JZa7CX9/9EGyXNv7FYuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MjEwMGYwYjE5OTFkODBhNDY0MjFkOWZlNTE0N2YyZDU1
YWM5MzAwHhcNMjUwMTIyMTYyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWJjMTc1YWQxNWIwODhiODI4MDY1M2RlOGY3YWEwMDY1MjE1OTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu1Yy4G0aMeua4uvIhP3pmFXAX/mB
fMcGKSES5JSZpe34X9LsrkOEv9+bSTCkG9vNPZOJ3ZAY2nYYw1h8eXELjKdU1tBp
++4P6fdkJ3F8Ya10puctFS7/mp8s+fJ0Y4Qx5eH5543p6qL5MkEpoE7nBhv24UUQ
OPzHSaTAOER4TBO1nW/3nY1a3TvnnGz0sT9cb1OIojiLj2bvvEMZ/s5b1f6o+jgr
WULteMscgMfHKuOH41M0VfM1t/mpsKNwbSk+o3vHc2sT1/v43klfNpUAcWbYLsxZ
g27bB06dvALpu9lTZ9lYFjBgRpX8glSHIbUWZwcRbbIG3PAVxYBUAbj35wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN68F1rRWwiLgoBlPej3qgBlIVlOMB8GA1UdIwQY
MBaAFAghAPCxmR2ApGQh2f5RR/LVWskwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0NFQThMR1pIWUNrWkNIWl9sRkg4dFZheVRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80NmNmMmMtNWJlYS00ODYxLThlNWQt
NDA5ODlkMGRmYzVjLzEvM3J3WFd0RmJDSXVDZ0dVOTZQZXFBR1VoV1U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80NmNmMmMtNWJlYS00ODYxLThlNWQtNDA5ODlkMGRmYzVj
LzEvQ0NFQThMR1pIWUNrWkNIWl9sRkg4dFZheVRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW/EAMA0G
CSqGSIb3DQEBCwUAA4IBAQAGahz8OkBD/WMZKIphWhJ41pndqEvPoZ65QbedCnM3
L5v9Zz1VtvA9SGzhWt1mypUY3BL2/cEdPfczldkhzD3LAwwi0dM4o5J4Wxo49EMb
HOEHq/4jcjKUBVNkLtsU/jQnh1SeybXp+ECuhtODb3k441wS3IQVmlbePH0Nt5av
VdRlpAJXCC57KyhQC22+564gHaOO9oVKx4llrbttTwEGucxxp+Z3EpHrGMAOSZ6r
n9HsDsVetDJMcdTcz/39YVDQLpWyf8Dxup35QBS9ot0Ld6T7slSaVW7WkZVI3jCt
RZuZe24mXuqLo1W3/seO3pn8BlCifWgnqIo0UxNBx1t1
-----END CERTIFICATE-----