Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/GJD8bfj7CDyDTZI2kUpgDK-LxFE.roa
File:                     GJD8bfj7CDyDTZI2kUpgDK-LxFE.roa (raw, json)
Hash identifier:          PT10MFBUB5fp5Yrzzf9K0jem6hIintZDoPzR+wZ8gys=
Subject key identifier:   18:90:FC:6D:F8:FB:08:3C:83:4D:92:36:91:4A:60:0C:AF:8B:C4:51
Certificate issuer:       /CN=22c7cda75f4e15e486dee5a6501cbe2018bc0e0f
Certificate serial:       01941FFA27A8C9485188B05299A4D75CD361
Authority key identifier: 22:C7:CD:A7:5F:4E:15:E4:86:DE:E5:A6:50:1C:BE:20:18:BC:0E:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/GJD8bfj7CDyDTZI2kUpgDK-LxFE.roa
Signing time:             Wed 01 Jan 2025 03:47:55 +0000
ROA not before:           Wed 01 Jan 2025 03:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210610
IP address blocks:        91.219.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:27:a8:c9:48:51:88:b0:52:99:a4:d7:5c:d3:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c7cda75f4e15e486dee5a6501cbe2018bc0e0f
        Validity
            Not Before: Jan  1 03:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1890fc6df8fb083c834d9236914a600caf8bc451
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4a:88:6f:da:fd:70:19:96:16:52:9b:fe:ed:
                    2f:9e:c5:9b:d9:d6:80:1f:69:a0:35:99:2f:5c:50:
                    eb:a4:bf:c3:1a:0f:53:cf:98:4c:ea:0f:a7:c4:59:
                    03:61:34:f3:fe:57:96:4e:a1:73:ef:d6:21:c7:8c:
                    e4:fa:5c:8a:49:e5:01:f1:39:98:c6:73:49:a4:89:
                    b5:a6:5f:a7:6b:a5:99:75:13:ed:92:f2:86:aa:40:
                    a5:c7:45:32:0e:e7:39:ea:18:39:eb:30:e3:63:aa:
                    f5:6d:92:b8:e8:a8:c8:c6:39:5e:82:78:92:86:59:
                    a9:d3:da:bc:67:e8:6c:10:73:e3:e9:23:41:28:ec:
                    7c:0e:88:9f:5f:79:02:2a:d7:cf:a7:e8:17:a5:89:
                    bb:17:be:df:ec:57:a0:0b:28:76:39:81:23:e7:96:
                    95:28:bf:9a:bf:78:62:66:72:9b:84:99:ed:4d:b2:
                    ce:8b:c6:b9:09:74:cb:c4:c4:93:13:4b:5c:e9:6d:
                    2a:d0:d1:74:ac:41:03:e0:8f:2e:43:2b:4c:5c:f6:
                    cc:56:b4:fe:1a:bf:0e:7b:28:0b:40:ee:41:8a:73:
                    f0:dc:ac:95:72:32:1b:26:53:45:d2:3b:3a:ab:48:
                    ae:35:57:3b:fb:7e:fc:db:97:4d:02:47:4e:7b:fa:
                    56:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:90:FC:6D:F8:FB:08:3C:83:4D:92:36:91:4A:60:0C:AF:8B:C4:51
            X509v3 Authority Key Identifier:
                keyid:22:C7:CD:A7:5F:4E:15:E4:86:DE:E5:A6:50:1C:BE:20:18:BC:0E:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsfNp19OFeSG3uWmUBy-IBi8Dg8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/GJD8bfj7CDyDTZI2kUpgDK-LxFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/b92331-2bb4-4a59-9978-751b17d1c437/1/IsfNp19OFeSG3uWmUBy-IBi8Dg8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:57:44:ab:4b:62:d2:07:e5:93:23:0f:b4:a3:ce:43:d4:46:
         11:a5:63:24:19:9c:be:6d:64:20:f6:cf:9d:b3:41:61:36:dc:
         2a:a7:1e:be:b9:72:43:07:37:72:db:75:ea:59:a1:71:20:1d:
         20:97:54:bd:05:2e:3c:8c:f2:2c:a1:ba:25:ab:5b:37:62:52:
         ba:0f:30:46:24:97:b5:dd:40:e8:60:41:ce:cd:10:2d:b3:27:
         07:2a:bf:c6:f8:55:22:6d:63:0d:d3:f2:09:af:55:c3:bd:d5:
         52:01:ed:b5:fa:39:0e:81:cc:97:6f:bf:7c:ee:77:9c:59:4f:
         48:f7:66:0d:68:c0:bb:cc:83:a9:cf:15:19:7d:8c:5a:4b:ab:
         c5:3d:5e:63:52:09:40:ec:63:20:6b:a6:17:2d:8b:74:c5:6d:
         38:bc:8c:61:c3:20:c7:01:00:35:ae:cd:47:20:b9:19:22:37:
         9b:e6:6a:0e:57:b1:e6:2c:6e:07:1d:3a:a8:01:80:42:9a:e3:
         3b:7f:64:58:e6:73:b9:7d:1a:4d:14:29:9f:4e:12:72:58:50:
         70:9e:da:d9:a4:13:5e:55:26:48:cf:ea:93:20:3f:da:98:91:
         87:ce:3b:17:98:55:36:6e:84:9d:a5:72:cf:5a:44:58:5d:b6:
         e5:fb:3a:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+ieoyUhRiLBSmaTXXNNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzdjZGE3NWY0ZTE1ZTQ4NmRlZTVhNjUwMWNiZTIwMThi
YzBlMGYwHhcNMjUwMTAxMDM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODkwZmM2ZGY4ZmIwODNjODM0ZDkyMzY5MTRhNjAwY2FmOGJjNDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEqIb9r9cBmWFlKb/u0vnsWb2daA
H2mgNZkvXFDrpL/DGg9Tz5hM6g+nxFkDYTTz/leWTqFz79Yhx4zk+lyKSeUB8TmY
xnNJpIm1pl+na6WZdRPtkvKGqkClx0UyDuc56hg56zDjY6r1bZK46KjIxjlegniS
hlmp09q8Z+hsEHPj6SNBKOx8DoifX3kCKtfPp+gXpYm7F77f7FegCyh2OYEj55aV
KL+av3hiZnKbhJntTbLOi8a5CXTLxMSTE0tc6W0q0NF0rEED4I8uQytMXPbMVrT+
Gr8OeygLQO5BinPw3KyVcjIbJlNF0js6q0iuNVc7+37825dNAkdOe/pWkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBiQ/G34+wg8g02SNpFKYAyvi8RRMB8GA1UdIwQY
MBaAFCLHzadfThXkht7lplAcviAYvA4PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNmTnAxOU9GZVNHM3VXbVVCeS1JQmk4RGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy9iOTIzMzEtMmJiNC00YTU5LTk5Nzgt
NzUxYjE3ZDFjNDM3LzEvR0pEOGJmajdDRHlEVFpJMmtVcGdESy1MeEZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy9iOTIzMzEtMmJiNC00YTU5LTk5NzgtNzUxYjE3ZDFjNDM3
LzEvSXNmTnAxOU9GZVNHM3VXbVVCeS1JQmk4RGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9sVMA0G
CSqGSIb3DQEBCwUAA4IBAQAxV0SrS2LSB+WTIw+0o85D1EYRpWMkGZy+bWQg9s+d
s0FhNtwqpx6+uXJDBzdy23XqWaFxIB0gl1S9BS48jPIsobolq1s3YlK6DzBGJJe1
3UDoYEHOzRAtsycHKr/G+FUibWMN0/IJr1XDvdVSAe21+jkOgcyXb7987necWU9I
92YNaMC7zIOpzxUZfYxaS6vFPV5jUglA7GMga6YXLYt0xW04vIxhwyDHAQA1rs1H
ILkZIjeb5moOV7HmLG4HHTqoAYBCmuM7f2RY5nO5fRpNFCmfThJyWFBwntrZpBNe
VSZIz+qTID/amJGHzjsXmFU2boSdpXLPWkRYXbbl+zqI
-----END CERTIFICATE-----