Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/O4gR5xOTs4Ka7RxFw5S-suo9Yt4.roa
File:                     O4gR5xOTs4Ka7RxFw5S-suo9Yt4.roa (raw, json)
Hash identifier:          cOb09Q56rNsrHJDt4uCS16lJBMq8eR81lrUaHpUt4e0=
Subject key identifier:   3B:88:11:E7:13:93:B3:82:9A:ED:1C:45:C3:94:BE:B2:EA:3D:62:DE
Certificate issuer:       /CN=ba838f1ca8bdcd81c04b6b678e79be614e51b111
Certificate serial:       01974008F426DAB4F38E1D7FDD38E2D7D1F4
Authority key identifier: BA:83:8F:1C:A8:BD:CD:81:C0:4B:6B:67:8E:79:BE:61:4E:51:B1:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uoOPHKi9zYHAS2tnjnm-YU5RsRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/O4gR5xOTs4Ka7RxFw5S-suo9Yt4.roa
Signing time:             Thu 05 Jun 2025 12:20:17 +0000
ROA not before:           Thu 05 Jun 2025 12:20:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60633
IP address blocks:        91.230.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/uoOPHKi9zYHAS2tnjnm-YU5RsRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/uoOPHKi9zYHAS2tnjnm-YU5RsRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uoOPHKi9zYHAS2tnjnm-YU5RsRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:08:f4:26:da:b4:f3:8e:1d:7f:dd:38:e2:d7:d1:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba838f1ca8bdcd81c04b6b678e79be614e51b111
        Validity
            Not Before: Jun  5 12:20:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b8811e71393b3829aed1c45c394beb2ea3d62de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d4:39:70:8f:a9:0c:2d:5a:67:25:eb:f9:13:
                    48:5b:db:82:f6:4f:46:de:57:fa:8c:84:14:60:51:
                    bf:96:e6:ad:ba:6f:8e:80:1c:0f:f2:a7:08:60:24:
                    c7:3b:4a:e7:97:9a:f9:64:9e:1a:f1:0a:57:1e:d8:
                    aa:d3:62:18:45:8c:08:0a:c5:b9:2b:2d:35:68:73:
                    14:93:06:ac:f8:a6:ae:b7:24:2d:9f:83:56:ae:fe:
                    89:65:75:c7:4b:c0:d3:ba:f6:df:db:07:f1:37:38:
                    3a:49:3c:bd:bd:37:99:98:27:f2:19:04:73:6c:d7:
                    8a:56:a8:4f:01:e6:87:43:7c:6d:ff:5b:d3:d8:f3:
                    af:30:5a:07:c3:83:83:fe:c4:05:3e:9b:42:90:57:
                    13:9b:f0:cd:aa:d8:2f:5f:91:9a:c8:b0:ae:7b:dd:
                    88:8b:d6:5a:59:5e:33:c7:28:16:76:77:0c:1f:e1:
                    a4:ac:ed:0d:20:58:8f:e8:40:03:3d:e1:8e:15:17:
                    82:6b:4d:0f:f6:13:a0:e6:07:d3:ac:55:e7:9c:b8:
                    0b:f1:97:ed:1e:12:71:09:6e:fc:ba:a5:4a:54:1e:
                    c0:60:44:91:4a:52:9f:8f:6d:5b:b1:a7:65:ad:1d:
                    ec:eb:20:1e:44:df:22:75:9e:ed:d5:e7:a9:d9:f8:
                    ca:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:88:11:E7:13:93:B3:82:9A:ED:1C:45:C3:94:BE:B2:EA:3D:62:DE
            X509v3 Authority Key Identifier:
                keyid:BA:83:8F:1C:A8:BD:CD:81:C0:4B:6B:67:8E:79:BE:61:4E:51:B1:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uoOPHKi9zYHAS2tnjnm-YU5RsRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/O4gR5xOTs4Ka7RxFw5S-suo9Yt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/db4e88-e58d-4345-80c7-093eb9a9aa8b/1/uoOPHKi9zYHAS2tnjnm-YU5RsRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:f9:ff:56:5f:e5:68:3a:26:fd:ab:23:9a:50:df:48:1b:bf:
         ba:33:0f:8d:12:8b:63:b5:fb:fc:72:93:3d:a5:fe:80:1c:41:
         cf:14:91:b4:ec:44:24:2c:7a:f2:06:40:c3:04:9b:b8:47:d2:
         92:a1:3a:b4:ea:a3:3a:0f:ac:2b:20:b9:e2:17:c1:35:5f:3c:
         1e:5f:db:d3:e4:a0:00:7a:11:6c:01:ed:80:9a:8e:33:8e:5b:
         8b:73:f3:a6:be:4e:cd:71:fb:12:70:e0:3c:56:02:c2:aa:86:
         8c:e8:a1:69:10:90:6e:30:11:fd:b8:8f:b4:00:69:9d:c3:1c:
         87:ef:0b:4c:6b:b0:2a:dd:b8:e7:dc:51:78:97:a6:27:ee:d8:
         dc:8b:ca:cc:53:67:2b:27:38:de:4c:ff:4f:c0:37:ff:66:89:
         96:05:da:6e:7e:ea:e2:64:99:f0:40:4d:88:f0:13:f4:c0:de:
         00:a6:cc:ae:a2:f9:ff:e4:1a:d2:13:87:c6:72:b1:58:5f:c2:
         e3:3c:2a:a4:40:bb:30:30:22:28:a4:b0:7e:df:4c:d5:29:a5:
         3c:15:b9:c4:c3:3c:fe:6f:fe:18:15:74:3e:4a:3c:36:a7:f3:
         8c:ad:78:02:87:3b:c3:27:06:38:ce:8c:d0:96:e3:06:8f:b2:
         ab:b4:7e:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdACPQm2rTzjh1/3Tji19H0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhODM4ZjFjYThiZGNkODFjMDRiNmI2NzhlNzliZTYxNGU1
MWIxMTEwHhcNMjUwNjA1MTIyMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg4MTFlNzEzOTNiMzgyOWFlZDFjNDVjMzk0YmViMmVhM2Q2MmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19Q5cI+pDC1aZyXr+RNIW9uC9k9G
3lf6jIQUYFG/luatum+OgBwP8qcIYCTHO0rnl5r5ZJ4a8QpXHtiq02IYRYwICsW5
Ky01aHMUkwas+KautyQtn4NWrv6JZXXHS8DTuvbf2wfxNzg6STy9vTeZmCfyGQRz
bNeKVqhPAeaHQ3xt/1vT2POvMFoHw4OD/sQFPptCkFcTm/DNqtgvX5GayLCue92I
i9ZaWV4zxygWdncMH+GkrO0NIFiP6EADPeGOFReCa00P9hOg5gfTrFXnnLgL8Zft
HhJxCW78uqVKVB7AYESRSlKfj21bsadlrR3s6yAeRN8idZ7t1eep2fjK6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuIEecTk7OCmu0cRcOUvrLqPWLeMB8GA1UdIwQY
MBaAFLqDjxyovc2BwEtrZ455vmFOUbERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW9PUEhLaTl6WUhBUzJ0bmpubS1ZVTVSc1JFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kYjRlODgtZTU4ZC00MzQ1LTgwYzct
MDkzZWI5YTlhYThiLzEvTzRnUjV4T1RzNEthN1J4Rnc1Uy1zdW85WXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kYjRlODgtZTU4ZC00MzQ1LTgwYzctMDkzZWI5YTlhYThi
LzEvdW9PUEhLaTl6WUhBUzJ0bmpubS1ZVTVSc1JFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+b5MA0G
CSqGSIb3DQEBCwUAA4IBAQBe+f9WX+VoOib9qyOaUN9IG7+6Mw+NEotjtfv8cpM9
pf6AHEHPFJG07EQkLHryBkDDBJu4R9KSoTq06qM6D6wrILniF8E1XzweX9vT5KAA
ehFsAe2Amo4zjluLc/Omvk7NcfsScOA8VgLCqoaM6KFpEJBuMBH9uI+0AGmdwxyH
7wtMa7Aq3bjn3FF4l6Yn7tjci8rMU2crJzjeTP9PwDf/ZomWBdpufuriZJnwQE2I
8BP0wN4Apsyuovn/5BrSE4fGcrFYX8LjPCqkQLswMCIopLB+30zVKaU8FbnEwzz+
b/4YFXQ+Sjw2p/OMrXgChzvDJwY4zozQluMGj7KrtH45
-----END CERTIFICATE-----