Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/vWNF9c9xh0UQ-FU-UmVlKKmFXu0.roa
File:                     vWNF9c9xh0UQ-FU-UmVlKKmFXu0.roa (raw, json)
Hash identifier:          6rkEiKqMQhH3x9WDxfo0uMKCtMaKKNiS0hRACYb4UZY=
Subject key identifier:   BD:63:45:F5:CF:71:87:45:10:F8:55:3E:52:65:65:28:A9:85:5E:ED
Certificate issuer:       /CN=8b511865930299763e0e5f2d82567dc5a1d53e79
Certificate serial:       019421B22C1155A6CD7D1EE2332160D7FD52
Authority key identifier: 8B:51:18:65:93:02:99:76:3E:0E:5F:2D:82:56:7D:C5:A1:D5:3E:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/vWNF9c9xh0UQ-FU-UmVlKKmFXu0.roa
Signing time:             Wed 01 Jan 2025 11:48:32 +0000
ROA not before:           Wed 01 Jan 2025 11:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15461
IP address blocks:        91.219.220.0/22 maxlen: 32
                          193.93.12.0/22 maxlen: 32
                          2001:67c:f84::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 05:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:2c:11:55:a6:cd:7d:1e:e2:33:21:60:d7:fd:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b511865930299763e0e5f2d82567dc5a1d53e79
        Validity
            Not Before: Jan  1 11:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bd6345f5cf71874510f8553e52656528a9855eed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9a:59:e3:d8:08:67:1d:7d:a0:36:95:82:ed:
                    a0:a5:a0:e4:40:a4:8d:e9:90:89:e9:6f:d9:63:7d:
                    d5:7a:60:a9:dd:24:c9:ee:05:0d:d6:8a:f9:2a:d7:
                    40:fa:ef:fa:4f:83:49:f8:3b:af:c7:05:cf:35:38:
                    d8:b7:89:9c:e0:e6:71:29:cf:7d:ef:aa:a4:a9:d5:
                    5d:e3:01:54:c1:09:65:38:ef:c6:4a:22:c7:06:b9:
                    66:55:39:9b:3e:98:b4:6f:4d:ff:7d:26:7f:da:87:
                    89:33:10:9e:74:5e:f7:69:32:62:82:97:b5:e7:07:
                    c4:2e:58:90:32:bd:81:72:fb:a2:80:2f:d3:a7:22:
                    1b:5b:ae:fc:d0:18:7a:d8:c7:cf:bc:2d:23:68:7c:
                    0e:c0:a0:6d:02:72:9e:97:e0:02:4c:d8:18:de:f3:
                    39:d4:f4:26:a3:37:69:3a:11:da:c5:6f:6a:6f:ef:
                    bc:77:37:65:cb:c7:ae:09:c9:af:1d:15:3c:3e:48:
                    ef:5d:17:16:7a:15:10:a5:75:1c:b1:f7:10:3c:05:
                    39:98:76:3d:e1:49:22:84:4d:43:7a:61:ac:4a:f2:
                    ba:2d:84:25:58:d9:be:12:aa:32:44:18:03:5b:b2:
                    9f:82:18:08:4f:27:fe:d8:b8:9d:20:13:4b:95:03:
                    f7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:63:45:F5:CF:71:87:45:10:F8:55:3E:52:65:65:28:A9:85:5E:ED
            X509v3 Authority Key Identifier:
                keyid:8B:51:18:65:93:02:99:76:3E:0E:5F:2D:82:56:7D:C5:A1:D5:3E:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/vWNF9c9xh0UQ-FU-UmVlKKmFXu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/a8f02b-6563-40a9-a35a-1f09bb6db1b6/1/i1EYZZMCmXY-Dl8tglZ9xaHVPnk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.220.0/22
                  193.93.12.0/22
                IPv6:
                  2001:67c:f84::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:77:76:5e:73:b6:f8:fd:28:73:64:91:f4:0b:9e:c1:5d:d3:
         87:c6:d1:d8:94:9e:42:9a:38:05:c3:87:cf:ec:6c:31:10:b1:
         85:fe:f2:af:c9:80:51:c1:ef:fe:ba:ec:65:65:a1:5f:cb:f2:
         5b:b0:a6:42:7d:94:7d:be:ec:f8:e8:01:55:2f:eb:a5:1d:ee:
         95:0d:a6:0c:c8:ed:41:0e:9c:36:d2:a9:c3:fe:d8:7c:eb:a4:
         0f:65:f0:08:23:ae:8b:44:f3:3d:3f:f2:7b:79:04:57:63:c6:
         33:fb:3d:b4:e9:cd:91:28:bf:a4:db:21:c4:84:57:4c:98:f7:
         00:43:c2:4b:62:01:0c:09:05:f7:fb:e0:95:f8:df:0d:8d:1f:
         32:fb:df:14:a5:f9:70:7a:74:e5:95:b7:07:c7:8a:ca:00:65:
         e3:95:81:38:95:72:ad:a1:06:cd:6c:a7:02:8d:00:5c:6f:8e:
         8b:17:a4:06:58:a7:55:0a:29:9c:84:82:fb:f2:40:78:1a:a8:
         61:2d:c8:a1:a3:99:9b:59:f3:2b:02:f9:24:31:5e:6f:08:82:
         66:2c:7f:1a:60:75:8b:58:b2:25:81:82:cb:30:26:55:c9:54:
         36:8b:e7:6f:af:7d:f2:71:8e:d2:0a:76:5d:05:d5:b9:9f:07:
         b4:f3:f6:87
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQhsiwRVabNfR7iMyFg1/1SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNTExODY1OTMwMjk5NzYzZTBlNWYyZDgyNTY3ZGM1YTFk
NTNlNzkwHhcNMjUwMTAxMTE0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDYzNDVmNWNmNzE4NzQ1MTBmODU1M2U1MjY1NjUyOGE5ODU1ZWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJpZ49gIZx19oDaVgu2gpaDkQKSN
6ZCJ6W/ZY33VemCp3STJ7gUN1or5KtdA+u/6T4NJ+DuvxwXPNTjYt4mc4OZxKc99
76qkqdVd4wFUwQllOO/GSiLHBrlmVTmbPpi0b03/fSZ/2oeJMxCedF73aTJigpe1
5wfELliQMr2BcvuigC/TpyIbW6780Bh62MfPvC0jaHwOwKBtAnKel+ACTNgY3vM5
1PQmozdpOhHaxW9qb++8dzdly8euCcmvHRU8PkjvXRcWehUQpXUcsfcQPAU5mHY9
4UkihE1DemGsSvK6LYQlWNm+EqoyRBgDW7KfghgITyf+2LidIBNLlQP3zwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFL1jRfXPcYdFEPhVPlJlZSiphV7tMB8GA1UdIwQY
MBaAFItRGGWTApl2Pg5fLYJWfcWh1T55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTFFWVpaTUNtWFktRGw4dGdsWjl4YUhWUG5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC9hOGYwMmItNjU2My00MGE5LWEzNWEt
MWYwOWJiNmRiMWI2LzEvdldORjljOXhoMFVRLUZVLVVtVmxLS21GWHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC9hOGYwMmItNjU2My00MGE5LWEzNWEtMWYwOWJiNmRiMWI2
LzEvaTFFWVpaTUNtWFktRGw4dGdsWjl4YUhWUG5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCW9vcAwQC
wV0MMA8EAgACMAkDBwAgAQZ8D4QwDQYJKoZIhvcNAQELBQADggEBAH93dl5ztvj9
KHNkkfQLnsFd04fG0diUnkKaOAXDh8/sbDEQsYX+8q/JgFHB7/667GVloV/L8luw
pkJ9lH2+7PjoAVUv66Ud7pUNpgzI7UEOnDbSqcP+2HzrpA9l8AgjrotE8z0/8nt5
BFdjxjP7PbTpzZEov6TbIcSEV0yY9wBDwktiAQwJBff74JX43w2NHzL73xSl+XB6
dOWVtwfHisoAZeOVgTiVcq2hBs1spwKNAFxvjosXpAZYp1UKKZyEgvvyQHgaqGEt
yKGjmZtZ8ysC+SQxXm8IgmYsfxpgdYtYsiWBgsswJlXJVDaL52+vffJxjtIKdl0F
1bmfB7Tz9oc=
-----END CERTIFICATE-----