Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/aj0WVl4e2z2ZBYCahhraDL8ORdI.roa
File:                     aj0WVl4e2z2ZBYCahhraDL8ORdI.roa (raw, json)
Hash identifier:          F73B/tSwqY+Pedxj19hK+zjEl11bKyVtrVcIkgShsak=
Subject key identifier:   6A:3D:16:56:5E:1E:DB:3D:99:05:80:9A:86:1A:DA:0C:BF:0E:45:D2
Certificate issuer:       /CN=2d4873e6e8be4f9d3764184f13e5750f8c61f68b
Certificate serial:       019440B91602651460D24C696D1AB91FA5BA
Authority key identifier: 2D:48:73:E6:E8:BE:4F:9D:37:64:18:4F:13:E5:75:0F:8C:61:F6:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LUhz5ui-T503ZBhPE-V1D4xh9os.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/aj0WVl4e2z2ZBYCahhraDL8ORdI.roa
Signing time:             Tue 07 Jan 2025 12:24:19 +0000
ROA not before:           Tue 07 Jan 2025 12:24:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8758
IP address blocks:        91.132.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/LUhz5ui-T503ZBhPE-V1D4xh9os.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/LUhz5ui-T503ZBhPE-V1D4xh9os.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LUhz5ui-T503ZBhPE-V1D4xh9os.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:40:b9:16:02:65:14:60:d2:4c:69:6d:1a:b9:1f:a5:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d4873e6e8be4f9d3764184f13e5750f8c61f68b
        Validity
            Not Before: Jan  7 12:24:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a3d16565e1edb3d9905809a861ada0cbf0e45d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:58:d9:27:86:11:2b:cd:e3:c5:b1:f9:3f:a5:
                    ea:52:b8:37:74:fc:d4:4c:73:01:16:83:2b:03:74:
                    32:3a:d9:55:36:51:5b:15:73:a8:50:5f:4d:02:64:
                    50:3c:45:5e:3a:cb:30:85:7f:d3:73:b3:6a:15:8a:
                    42:4f:78:97:bb:6e:50:ec:18:41:c8:ce:e2:2e:0d:
                    53:86:fc:2c:21:fa:5e:36:4a:60:1d:49:69:77:af:
                    b2:7c:95:2d:16:e2:75:ce:f3:54:0e:2b:04:93:b4:
                    5c:f2:b5:aa:93:83:e9:62:1b:ff:78:1b:91:b3:77:
                    4e:5d:f3:91:0c:d2:d3:1d:db:ac:00:1f:3a:60:95:
                    05:79:0b:28:7b:e9:10:d3:c5:1c:dd:dd:56:81:1d:
                    7e:9e:66:87:d2:4f:20:07:b1:88:ed:48:b9:7e:21:
                    f9:90:2a:5a:71:61:bd:66:ce:49:72:76:6a:0c:b6:
                    92:5e:14:ab:28:61:39:56:3f:4a:5a:97:78:6f:a5:
                    5e:cc:43:ea:43:a0:44:89:83:6b:32:c3:fa:2b:0d:
                    27:59:e5:56:84:97:82:89:f3:97:bc:2c:5b:0e:97:
                    45:b0:50:0a:e6:d9:50:48:de:0c:c0:e1:3a:8e:30:
                    28:a0:09:5a:16:c2:b6:2f:7b:1f:a1:00:b5:ee:8d:
                    71:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:3D:16:56:5E:1E:DB:3D:99:05:80:9A:86:1A:DA:0C:BF:0E:45:D2
            X509v3 Authority Key Identifier:
                keyid:2D:48:73:E6:E8:BE:4F:9D:37:64:18:4F:13:E5:75:0F:8C:61:F6:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LUhz5ui-T503ZBhPE-V1D4xh9os.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/aj0WVl4e2z2ZBYCahhraDL8ORdI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/47b413-6416-402a-b5e1-6596d5036362/1/LUhz5ui-T503ZBhPE-V1D4xh9os.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:bf:06:c2:be:82:43:49:2f:3a:80:5e:82:4a:e4:50:5d:2b:
         ff:90:d2:6c:27:86:0d:5a:16:c3:3c:66:aa:98:9e:17:2d:79:
         0c:d4:1f:4f:a3:67:c4:6a:1b:c6:26:20:0d:d6:b5:91:5b:89:
         12:0b:cd:56:98:f2:7c:36:ae:9e:9d:13:f8:4e:87:65:75:46:
         45:cd:f2:81:aa:19:c6:03:4b:4e:50:8f:02:ba:90:01:4e:13:
         52:db:03:c1:c6:9e:ee:c0:92:35:70:59:22:84:33:77:8a:22:
         08:72:3b:99:fb:04:d0:29:7e:65:c2:6f:2a:67:b0:0a:84:4d:
         40:9a:d7:e6:0a:f7:75:7b:ac:e4:98:0e:75:e0:33:7f:b7:75:
         24:bb:99:b3:a4:54:e9:fc:95:dd:55:a3:b0:fe:0b:56:0d:4b:
         36:ec:7b:8e:0c:ae:0e:41:b9:ca:14:3b:c6:15:fc:70:49:96:
         b6:e9:60:dc:36:6c:13:3a:06:9b:16:c8:b3:a9:85:45:55:d5:
         aa:7e:02:c8:f3:68:fb:27:30:82:bd:6b:e1:a9:62:c7:7f:7c:
         8f:f6:05:73:8e:b9:34:ef:80:9f:bc:17:a5:f9:43:a0:03:71:
         a5:63:b4:b3:fb:5d:b2:af:d4:f8:e8:1c:ca:47:6e:82:8a:52:
         76:fa:f6:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRAuRYCZRRg0kxpbRq5H6W6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNDg3M2U2ZThiZTRmOWQzNzY0MTg0ZjEzZTU3NTBmOGM2
MWY2OGIwHhcNMjUwMTA3MTIyNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTNkMTY1NjVlMWVkYjNkOTkwNTgwOWE4NjFhZGEwY2JmMGU0NWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FjZJ4YRK83jxbH5P6XqUrg3dPzU
THMBFoMrA3QyOtlVNlFbFXOoUF9NAmRQPEVeOsswhX/Tc7NqFYpCT3iXu25Q7BhB
yM7iLg1ThvwsIfpeNkpgHUlpd6+yfJUtFuJ1zvNUDisEk7Rc8rWqk4PpYhv/eBuR
s3dOXfORDNLTHdusAB86YJUFeQsoe+kQ08Uc3d1WgR1+nmaH0k8gB7GI7Ui5fiH5
kCpacWG9Zs5JcnZqDLaSXhSrKGE5Vj9KWpd4b6VezEPqQ6BEiYNrMsP6Kw0nWeVW
hJeCifOXvCxbDpdFsFAK5tlQSN4MwOE6jjAooAlaFsK2L3sfoQC17o1x6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGo9FlZeHts9mQWAmoYa2gy/DkXSMB8GA1UdIwQY
MBaAFC1Ic+bovk+dN2QYTxPldQ+MYfaLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFVoejV1aS1UNTAzWkJoUEUtVjFENHhoOW9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80N2I0MTMtNjQxNi00MDJhLWI1ZTEt
NjU5NmQ1MDM2MzYyLzEvYWowV1ZsNGUyejJaQllDYWhocmFETDhPUmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80N2I0MTMtNjQxNi00MDJhLWI1ZTEtNjU5NmQ1MDM2MzYy
LzEvTFVoejV1aS1UNTAzWkJoUEUtVjFENHhoOW9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4S0MA0G
CSqGSIb3DQEBCwUAA4IBAQBfvwbCvoJDSS86gF6CSuRQXSv/kNJsJ4YNWhbDPGaq
mJ4XLXkM1B9Po2fEahvGJiAN1rWRW4kSC81WmPJ8Nq6enRP4TodldUZFzfKBqhnG
A0tOUI8CupABThNS2wPBxp7uwJI1cFkihDN3iiIIcjuZ+wTQKX5lwm8qZ7AKhE1A
mtfmCvd1e6zkmA514DN/t3Uku5mzpFTp/JXdVaOw/gtWDUs27HuODK4OQbnKFDvG
FfxwSZa26WDcNmwTOgabFsizqYVFVdWqfgLI82j7JzCCvWvhqWLHf3yP9gVzjrk0
74CfvBel+UOgA3GlY7Sz+12yr9T46BzKR26CilJ2+vaY
-----END CERTIFICATE-----