Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/9An93QZ5VcdXnM-SpuqFZ7HTYmU.roa
File:                     9An93QZ5VcdXnM-SpuqFZ7HTYmU.roa (raw, json)
Hash identifier:          FvzvcUzn3akzojaHHdMGtSYsI1uUN+lMDojMlOkLqXs=
Subject key identifier:   F4:09:FD:DD:06:79:55:C7:57:9C:CF:92:A6:EA:85:67:B1:D3:62:65
Certificate issuer:       /CN=010a7d4c64aed4bc98c6b5b064ff0a9b82eada82
Certificate serial:       0194252163FDFA204FE368338DE775E8584C
Authority key identifier: 01:0A:7D:4C:64:AE:D4:BC:98:C6:B5:B0:64:FF:0A:9B:82:EA:DA:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/9An93QZ5VcdXnM-SpuqFZ7HTYmU.roa
Signing time:             Thu 02 Jan 2025 03:48:52 +0000
ROA not before:           Thu 02 Jan 2025 03:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201355
IP address blocks:        91.220.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:63:fd:fa:20:4f:e3:68:33:8d:e7:75:e8:58:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=010a7d4c64aed4bc98c6b5b064ff0a9b82eada82
        Validity
            Not Before: Jan  2 03:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f409fddd067955c7579ccf92a6ea8567b1d36265
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:76:4e:db:ef:96:de:b4:45:d6:3d:7c:02:9e:
                    ca:3a:48:91:f4:21:12:2b:7e:fe:b3:8d:0e:df:bc:
                    27:94:51:a8:f3:d1:08:0f:86:c7:a8:b7:9a:e0:53:
                    6c:d0:73:f0:49:b0:5c:1c:04:77:fe:b2:fd:7e:88:
                    3b:32:fd:43:ad:4c:9b:be:93:a9:f4:40:13:bc:4b:
                    6c:be:ca:30:8a:3c:5c:54:95:40:e8:65:7b:4d:fd:
                    e7:ee:d1:28:96:2c:57:47:cf:1b:36:4d:2d:dc:80:
                    ee:62:65:ae:e9:13:bb:d5:fd:24:49:8a:c3:16:3a:
                    2c:35:b8:84:81:1b:b5:1a:01:90:d7:b4:3a:f7:e6:
                    6e:99:08:c4:2e:85:d6:62:30:b9:3b:ab:a9:f4:08:
                    5a:22:40:1e:e1:58:70:b6:7d:2c:b0:9b:1a:01:78:
                    06:77:04:30:0b:f9:10:08:92:8a:a9:61:09:f2:e8:
                    8a:ba:fa:59:77:0c:92:d8:87:20:6b:2d:2d:64:5a:
                    e0:a4:14:0c:78:de:d8:b4:df:f9:00:94:42:ff:82:
                    66:e9:82:d8:81:dc:76:00:57:49:5f:e6:65:c0:c4:
                    d2:69:ec:09:05:66:cf:c9:d2:47:0a:66:6a:53:e4:
                    b9:e0:c0:3d:ab:4c:30:ed:ca:43:8c:4a:ae:ca:ed:
                    f1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:09:FD:DD:06:79:55:C7:57:9C:CF:92:A6:EA:85:67:B1:D3:62:65
            X509v3 Authority Key Identifier:
                keyid:01:0A:7D:4C:64:AE:D4:BC:98:C6:B5:B0:64:FF:0A:9B:82:EA:DA:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/9An93QZ5VcdXnM-SpuqFZ7HTYmU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/d3363e-4832-4d57-9da5-dbf76ed3939f/1/AQp9TGSu1LyYxrWwZP8Km4Lq2oI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:0b:69:d7:67:e4:f8:2b:21:2c:1a:05:2b:dd:92:d7:14:88:
         0f:05:ca:59:d2:92:19:c5:04:16:cb:35:d6:7c:45:67:b9:64:
         24:61:27:93:22:67:21:f4:2c:e4:63:d0:91:e0:f6:4c:61:92:
         f0:4e:f7:ee:48:ff:43:4e:fb:eb:3c:75:b5:09:5c:f9:15:4f:
         4e:a1:bf:33:72:94:de:a6:c7:b5:d5:93:9a:f6:c2:f4:19:73:
         10:7c:e3:7c:cc:79:97:71:b9:9f:74:41:61:e2:cd:da:8b:92:
         62:3d:43:d3:41:fd:cb:a0:0b:0b:f6:08:3c:84:ed:27:1a:44:
         d2:18:0c:5e:ae:35:d1:8a:af:89:f0:49:bb:bf:95:06:65:d2:
         c5:70:24:b4:e2:bb:4b:23:c2:2e:49:c4:85:75:dc:43:bd:42:
         a9:e1:19:63:e5:74:02:6a:00:2b:ba:36:bf:64:21:ff:34:5b:
         dc:0e:67:8b:7a:5c:33:4d:4b:df:79:d7:40:a9:25:71:3f:4d:
         12:4e:61:3f:cf:f3:ac:74:e4:a6:ff:63:ea:da:58:69:b4:54:
         d5:bc:a3:69:08:78:26:26:99:71:35:3d:63:90:42:4e:4b:a1:
         b5:f3:57:c8:65:3b:9f:bf:6e:95:9b:7c:f0:43:fc:ff:c7:35:
         3b:d8:63:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWP9+iBP42gzjed16FhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxMGE3ZDRjNjRhZWQ0YmM5OGM2YjViMDY0ZmYwYTliODJl
YWRhODIwHhcNMjUwMTAyMDM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDA5ZmRkZDA2Nzk1NWM3NTc5Y2NmOTJhNmVhODU2N2IxZDM2MjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXZO2++W3rRF1j18Ap7KOkiR9CES
K37+s40O37wnlFGo89EID4bHqLea4FNs0HPwSbBcHAR3/rL9fog7Mv1DrUybvpOp
9EATvEtsvsowijxcVJVA6GV7Tf3n7tEolixXR88bNk0t3IDuYmWu6RO71f0kSYrD
FjosNbiEgRu1GgGQ17Q69+ZumQjELoXWYjC5O6up9AhaIkAe4Vhwtn0ssJsaAXgG
dwQwC/kQCJKKqWEJ8uiKuvpZdwyS2Icgay0tZFrgpBQMeN7YtN/5AJRC/4Jm6YLY
gdx2AFdJX+ZlwMTSaewJBWbPydJHCmZqU+S54MA9q0ww7cpDjEquyu3x2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQJ/d0GeVXHV5zPkqbqhWex02JlMB8GA1UdIwQY
MBaAFAEKfUxkrtS8mMa1sGT/CpuC6tqCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVFwOVRHU3UxTHlZeHJXd1pQOEttNExxMm9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9kMzM2M2UtNDgzMi00ZDU3LTlkYTUt
ZGJmNzZlZDM5MzlmLzEvOUFuOTNRWjVWY2RYbk0tU3B1cUZaN0hUWW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9kMzM2M2UtNDgzMi00ZDU3LTlkYTUtZGJmNzZlZDM5Mzlm
LzEvQVFwOVRHU3UxTHlZeHJXd1pQOEttNExxMm9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9z7MA0G
CSqGSIb3DQEBCwUAA4IBAQA5C2nXZ+T4KyEsGgUr3ZLXFIgPBcpZ0pIZxQQWyzXW
fEVnuWQkYSeTImch9CzkY9CR4PZMYZLwTvfuSP9DTvvrPHW1CVz5FU9Oob8zcpTe
pse11ZOa9sL0GXMQfON8zHmXcbmfdEFh4s3ai5JiPUPTQf3LoAsL9gg8hO0nGkTS
GAxerjXRiq+J8Em7v5UGZdLFcCS04rtLI8IuScSFddxDvUKp4Rlj5XQCagAruja/
ZCH/NFvcDmeLelwzTUvfeddAqSVxP00STmE/z/OsdOSm/2Pq2lhptFTVvKNpCHgm
JplxNT1jkEJOS6G181fIZTufv26Vm3zwQ/z/xzU72GOT
-----END CERTIFICATE-----