Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/DxWkaJkNeo1GnfX8PTB6m_7NDo8.roa
File:                     DxWkaJkNeo1GnfX8PTB6m_7NDo8.roa (raw, json)
Hash identifier:          1C13Qsc+uAlJmXy/kak788lVFXMyWIaA+AZiv7RcjGk=
Subject key identifier:   0F:15:A4:68:99:0D:7A:8D:46:9D:F5:FC:3D:30:7A:9B:FE:CD:0E:8F
Certificate issuer:       /CN=d3142df2f670940ccf5a4b27a0d0c987ecc88656
Certificate serial:       019425FDAD43C1767635CC407C16D6D35D51
Authority key identifier: D3:14:2D:F2:F6:70:94:0C:CF:5A:4B:27:A0:D0:C9:87:EC:C8:86:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0xQt8vZwlAzPWksnoNDJh-zIhlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/DxWkaJkNeo1GnfX8PTB6m_7NDo8.roa
Signing time:             Thu 02 Jan 2025 07:49:29 +0000
ROA not before:           Thu 02 Jan 2025 07:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47283
IP address blocks:        91.203.164.0/22 maxlen: 22
                          91.203.164.0/23 maxlen: 23
                          91.203.166.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/0xQt8vZwlAzPWksnoNDJh-zIhlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/0xQt8vZwlAzPWksnoNDJh-zIhlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0xQt8vZwlAzPWksnoNDJh-zIhlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ad:43:c1:76:76:35:cc:40:7c:16:d6:d3:5d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3142df2f670940ccf5a4b27a0d0c987ecc88656
        Validity
            Not Before: Jan  2 07:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f15a468990d7a8d469df5fc3d307a9bfecd0e8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:b3:d0:4a:81:fa:a1:74:34:20:58:7a:85:0d:
                    b9:dd:80:18:d9:ac:3e:33:94:4c:3d:71:28:3a:41:
                    56:2e:c9:8f:76:31:ac:db:98:a6:3e:a4:f8:3c:83:
                    33:9c:ea:40:7b:e0:90:0c:ea:4a:0b:12:df:06:74:
                    1d:d8:a9:27:95:09:c8:00:9a:00:65:ad:90:2b:6f:
                    d1:c0:4b:a2:c8:55:25:0c:3d:d8:8e:ad:f2:0c:d9:
                    0f:69:85:b4:54:b5:5e:fa:bb:e6:42:2a:d4:69:f6:
                    a1:b8:b2:09:be:c0:c0:4f:12:a5:bf:b8:29:19:5f:
                    f8:61:40:0d:8d:f1:6a:91:3b:21:41:a1:46:6a:ac:
                    ea:36:f9:cd:f5:40:4f:28:0b:7e:a6:4a:fc:8e:47:
                    c1:64:1e:45:68:02:f1:d4:6b:b8:55:23:f0:b8:2f:
                    c9:1d:75:5c:3a:15:ce:d6:b2:27:5e:5b:70:ad:37:
                    7a:a6:90:c1:db:4c:36:44:6e:c9:6d:5b:04:29:2f:
                    99:47:ea:9d:35:0b:f2:4f:84:86:9f:83:67:c9:eb:
                    08:c0:17:17:71:3e:f0:22:e0:53:dd:a1:4f:81:47:
                    f1:97:30:3c:7b:93:72:5f:ce:6e:d6:75:b2:90:ac:
                    59:ae:d6:4d:c6:e1:c7:3d:20:1c:94:b1:3b:35:14:
                    69:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:15:A4:68:99:0D:7A:8D:46:9D:F5:FC:3D:30:7A:9B:FE:CD:0E:8F
            X509v3 Authority Key Identifier:
                keyid:D3:14:2D:F2:F6:70:94:0C:CF:5A:4B:27:A0:D0:C9:87:EC:C8:86:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0xQt8vZwlAzPWksnoNDJh-zIhlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/DxWkaJkNeo1GnfX8PTB6m_7NDo8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/ec39be-e227-4a2d-b4b2-632caeef4584/1/0xQt8vZwlAzPWksnoNDJh-zIhlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:af:92:bb:42:b7:12:c5:80:50:72:b4:5d:4a:a2:0f:17:2d:
         09:cd:e0:3e:2b:41:51:21:4a:ae:be:0a:d3:48:04:97:92:96:
         98:9b:ea:c1:f6:fa:b4:70:e9:4b:fc:39:cb:09:ff:32:17:32:
         a3:c9:b2:fa:7d:b9:c5:4b:b2:f6:8a:d4:62:4c:0f:51:98:22:
         39:e9:9a:0b:40:c7:29:33:37:22:95:a3:32:74:f4:52:59:ba:
         60:d0:b7:7c:ea:e5:6d:fe:11:65:2c:3d:fd:92:d6:30:47:94:
         09:85:ba:73:67:8d:8a:6f:88:2b:f3:2c:2f:81:ba:2c:30:5e:
         d3:05:65:f3:c4:b2:9c:34:bb:7c:36:25:1a:81:f3:d7:91:75:
         7e:80:ec:91:f5:ea:c0:24:d2:6f:c7:ec:46:9b:9c:6b:fd:66:
         f3:89:64:ea:a1:c0:22:75:b2:d7:a4:86:e3:6f:f7:c3:41:0e:
         11:23:aa:b5:24:83:91:31:78:08:9c:b1:d7:dd:a0:04:9a:88:
         87:b8:8b:5e:b9:75:ca:e1:3f:8b:b8:3f:bd:a2:a5:33:8a:f3:
         57:4d:b8:8b:20:31:56:4d:0e:6b:93:38:67:5b:f2:ae:8e:44:
         88:35:6b:54:a7:d3:d0:e9:b8:17:2f:93:a8:cd:5f:66:95:42:
         17:2e:c2:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/a1DwXZ2NcxAfBbW011RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMTQyZGYyZjY3MDk0MGNjZjVhNGIyN2EwZDBjOTg3ZWNj
ODg2NTYwHhcNMjUwMTAyMDc0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjE1YTQ2ODk5MGQ3YThkNDY5ZGY1ZmMzZDMwN2E5YmZlY2QwZThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1LPQSoH6oXQ0IFh6hQ253YAY2aw+
M5RMPXEoOkFWLsmPdjGs25imPqT4PIMznOpAe+CQDOpKCxLfBnQd2KknlQnIAJoA
Za2QK2/RwEuiyFUlDD3Yjq3yDNkPaYW0VLVe+rvmQirUafahuLIJvsDATxKlv7gp
GV/4YUANjfFqkTshQaFGaqzqNvnN9UBPKAt+pkr8jkfBZB5FaALx1Gu4VSPwuC/J
HXVcOhXO1rInXltwrTd6ppDB20w2RG7JbVsEKS+ZR+qdNQvyT4SGn4NnyesIwBcX
cT7wIuBT3aFPgUfxlzA8e5NyX85u1nWykKxZrtZNxuHHPSAclLE7NRRpFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8VpGiZDXqNRp31/D0wepv+zQ6PMB8GA1UdIwQY
MBaAFNMULfL2cJQMz1pLJ6DQyYfsyIZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHhRdDh2WndsQXpQV2tzbm9OREpoLXpJaGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9lYzM5YmUtZTIyNy00YTJkLWI0YjIt
NjMyY2FlZWY0NTg0LzEvRHhXa2FKa05lbzFHbmZYOFBUQjZtXzdORG84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9lYzM5YmUtZTIyNy00YTJkLWI0YjItNjMyY2FlZWY0NTg0
LzEvMHhRdDh2WndsQXpQV2tzbm9OREpoLXpJaGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8ukMA0G
CSqGSIb3DQEBCwUAA4IBAQA+r5K7QrcSxYBQcrRdSqIPFy0JzeA+K0FRIUquvgrT
SASXkpaYm+rB9vq0cOlL/DnLCf8yFzKjybL6fbnFS7L2itRiTA9RmCI56ZoLQMcp
MzcilaMydPRSWbpg0Ld86uVt/hFlLD39ktYwR5QJhbpzZ42Kb4gr8ywvgbosMF7T
BWXzxLKcNLt8NiUagfPXkXV+gOyR9erAJNJvx+xGm5xr/WbziWTqocAidbLXpIbj
b/fDQQ4RI6q1JIORMXgInLHX3aAEmoiHuIteuXXK4T+LuD+9oqUzivNXTbiLIDFW
TQ5rkzhnW/KujkSINWtUp9PQ6bgXL5OozV9mlUIXLsLV
-----END CERTIFICATE-----