Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/sTJ8g6TTY2UuXfLwNf59KxMe0Ck.roa
File:                     sTJ8g6TTY2UuXfLwNf59KxMe0Ck.roa (raw, json)
Hash identifier:          +jqZMtdreDLK//f5JbKCQ0ZFiAghZAZLwWdEli3rEUE=
Subject key identifier:   B1:32:7C:83:A4:D3:63:65:2E:5D:F2:F0:35:FE:7D:2B:13:1E:D0:29
Certificate issuer:       /CN=6b22ad4cf647a48b631ff84f227ea0252130552d
Certificate serial:       019420D59CB3B29AC143C8961D2FC7849847
Authority key identifier: 6B:22:AD:4C:F6:47:A4:8B:63:1F:F8:4F:22:7E:A0:25:21:30:55:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayKtTPZHpItjH_hPIn6gJSEwVS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/sTJ8g6TTY2UuXfLwNf59KxMe0Ck.roa
Signing time:             Wed 01 Jan 2025 07:47:37 +0000
ROA not before:           Wed 01 Jan 2025 07:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     149440
IP address blocks:        91.218.183.0/24 maxlen: 24
                          193.247.144.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/ayKtTPZHpItjH_hPIn6gJSEwVS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/ayKtTPZHpItjH_hPIn6gJSEwVS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ayKtTPZHpItjH_hPIn6gJSEwVS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:9c:b3:b2:9a:c1:43:c8:96:1d:2f:c7:84:98:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b22ad4cf647a48b631ff84f227ea0252130552d
        Validity
            Not Before: Jan  1 07:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1327c83a4d363652e5df2f035fe7d2b131ed029
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:65:d0:38:c8:5f:38:af:70:d0:e8:d8:d2:21:
                    68:01:ec:3c:2c:0f:70:9c:98:75:cf:61:5d:21:e4:
                    a0:5c:34:9a:57:a9:88:a8:da:8d:88:30:0c:30:3c:
                    54:eb:41:a8:ec:0c:f6:52:e7:a1:2f:71:b2:65:96:
                    68:b3:16:02:e1:24:ba:c6:f5:a1:e2:db:57:ef:9d:
                    0f:3e:82:90:9e:b5:7a:59:38:52:b7:82:9c:30:a6:
                    7c:91:af:26:0a:08:f5:b2:e1:64:46:6f:81:93:7a:
                    bd:a1:bb:c8:15:94:0d:b0:66:d4:40:57:1f:4a:ef:
                    fe:ca:f9:60:ff:e6:8b:63:25:be:7f:b3:87:0b:86:
                    09:5c:55:c5:2f:cb:68:72:ee:a1:b4:94:38:02:ab:
                    01:aa:37:21:e2:31:85:8e:59:81:72:65:35:50:4c:
                    93:7c:34:97:16:b8:2f:37:89:13:21:a9:a8:e9:cb:
                    90:97:b4:5a:39:47:4e:35:72:98:3d:5e:6b:b0:32:
                    38:0b:9d:28:7b:7e:ea:5f:e4:e4:e6:da:b8:8b:77:
                    2b:f3:bd:d0:c3:d3:fb:db:59:7d:da:34:ea:b1:b2:
                    6d:f5:e2:a1:d5:35:4b:ff:a6:96:af:ed:4f:dc:93:
                    75:74:07:82:c8:d4:50:c1:7d:fc:44:81:40:7b:02:
                    c8:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:32:7C:83:A4:D3:63:65:2E:5D:F2:F0:35:FE:7D:2B:13:1E:D0:29
            X509v3 Authority Key Identifier:
                keyid:6B:22:AD:4C:F6:47:A4:8B:63:1F:F8:4F:22:7E:A0:25:21:30:55:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayKtTPZHpItjH_hPIn6gJSEwVS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/sTJ8g6TTY2UuXfLwNf59KxMe0Ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/ayKtTPZHpItjH_hPIn6gJSEwVS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.183.0/24
                  193.247.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:85:94:e4:d9:5b:6a:9f:ac:54:b7:c4:bb:08:06:79:49:79:
         f2:92:22:2f:e6:31:fc:15:f7:84:78:5f:ab:61:6b:22:27:75:
         c3:61:a0:ed:2e:89:f4:38:98:b4:5c:bc:68:67:12:c4:c7:69:
         17:5b:b9:0d:d7:f7:22:53:d1:a2:1e:04:14:d2:e6:0f:ef:3f:
         44:62:df:22:d0:c9:1e:0f:33:c3:f5:bb:95:1e:a3:5b:84:84:
         99:21:89:ca:05:d9:4e:83:60:0e:d7:ab:a9:b7:f0:f2:71:ee:
         85:e7:f6:93:22:51:bc:7b:d2:db:1f:50:52:4a:7a:86:d3:be:
         ea:eb:09:19:f4:38:31:37:6d:14:fe:56:2d:e5:8d:8e:a5:3d:
         1e:62:b1:7c:4a:9c:ed:6e:1c:aa:5d:b1:09:4e:ae:a2:47:85:
         2f:78:c5:c6:14:95:4c:54:34:da:ce:5a:53:35:38:74:18:05:
         8a:35:72:71:43:c8:7b:9f:7a:6c:98:de:8e:85:5f:5e:a0:83:
         c6:f8:31:ac:7a:85:89:a9:ba:95:70:30:33:35:17:40:11:03:
         24:e2:77:f6:02:6d:05:41:50:36:bb:db:3c:f3:d3:fd:43:ec:
         35:05:39:19:a0:1c:7a:42:ab:02:32:23:4e:cb:ec:a1:89:30:
         85:b8:2c:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQg1ZyzsprBQ8iWHS/HhJhHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjJhZDRjZjY0N2E0OGI2MzFmZjg0ZjIyN2VhMDI1MjEz
MDU1MmQwHhcNMjUwMTAxMDc0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTMyN2M4M2E0ZDM2MzY1MmU1ZGYyZjAzNWZlN2QyYjEzMWVkMDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmXQOMhfOK9w0OjY0iFoAew8LA9w
nJh1z2FdIeSgXDSaV6mIqNqNiDAMMDxU60Go7Az2UuehL3GyZZZosxYC4SS6xvWh
4ttX750PPoKQnrV6WThSt4KcMKZ8ka8mCgj1suFkRm+Bk3q9obvIFZQNsGbUQFcf
Su/+yvlg/+aLYyW+f7OHC4YJXFXFL8tocu6htJQ4AqsBqjch4jGFjlmBcmU1UEyT
fDSXFrgvN4kTIamo6cuQl7RaOUdONXKYPV5rsDI4C50oe37qX+Tk5tq4i3cr873Q
w9P721l92jTqsbJt9eKh1TVL/6aWr+1P3JN1dAeCyNRQwX38RIFAewLISQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLEyfIOk02NlLl3y8DX+fSsTHtApMB8GA1UdIwQY
MBaAFGsirUz2R6SLYx/4TyJ+oCUhMFUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlLdFRQWkhwSXRqSF9oUEluNmdKU0V3VlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC81OTUwMjQtOGJmZi00ZjE4LThjY2It
NjlhNDRmMDQ4ZGI4LzEvc1RKOGc2VFRZMlV1WGZMd05mNTlLeE1lMENrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC81OTUwMjQtOGJmZi00ZjE4LThjY2ItNjlhNDRmMDQ4ZGI4
LzEvYXlLdFRQWkhwSXRqSF9oUEluNmdKU0V3VlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9q3AwQA
wfeQMA0GCSqGSIb3DQEBCwUAA4IBAQBghZTk2Vtqn6xUt8S7CAZ5SXnykiIv5jH8
FfeEeF+rYWsiJ3XDYaDtLon0OJi0XLxoZxLEx2kXW7kN1/ciU9GiHgQU0uYP7z9E
Yt8i0MkeDzPD9buVHqNbhISZIYnKBdlOg2AO16upt/Dyce6F5/aTIlG8e9LbH1BS
SnqG077q6wkZ9DgxN20U/lYt5Y2OpT0eYrF8SpztbhyqXbEJTq6iR4UveMXGFJVM
VDTazlpTNTh0GAWKNXJxQ8h7n3psmN6OhV9eoIPG+DGseoWJqbqVcDAzNRdAEQMk
4nf2Am0FQVA2u9s889P9Q+w1BTkZoBx6QqsCMiNOy+yhiTCFuCzf
-----END CERTIFICATE-----