Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/fGaPq4YA6maqB6noR_KA3CoM-Rc.roa
File:                     fGaPq4YA6maqB6noR_KA3CoM-Rc.roa (raw, json)
Hash identifier:          INJZ5oK620NZUOOr9nOKGmnHUYB9fAHODj6emd7n2KE=
Subject key identifier:   7C:66:8F:AB:86:00:EA:66:AA:07:A9:E8:47:F2:80:DC:2A:0C:F9:17
Certificate issuer:       /CN=762c60af4d73725845ceaf0b7b585e7757066965
Certificate serial:       019424B3B0C36A0DCFC40FAE49DC8358986E
Authority key identifier: 76:2C:60:AF:4D:73:72:58:45:CE:AF:0B:7B:58:5E:77:57:06:69:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dixgr01zclhFzq8Le1hed1cGaWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/fGaPq4YA6maqB6noR_KA3CoM-Rc.roa
Signing time:             Thu 02 Jan 2025 01:49:03 +0000
ROA not before:           Thu 02 Jan 2025 01:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203134
IP address blocks:        91.240.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/dixgr01zclhFzq8Le1hed1cGaWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/dixgr01zclhFzq8Le1hed1cGaWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dixgr01zclhFzq8Le1hed1cGaWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 07:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:b0:c3:6a:0d:cf:c4:0f:ae:49:dc:83:58:98:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=762c60af4d73725845ceaf0b7b585e7757066965
        Validity
            Not Before: Jan  2 01:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c668fab8600ea66aa07a9e847f280dc2a0cf917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0e:b3:f1:86:4c:c3:e3:91:0e:32:56:0f:f3:
                    e7:39:9e:cb:fc:47:02:00:1f:7d:b5:92:4d:ca:be:
                    d9:5d:c2:aa:ff:33:5c:b8:c0:f5:ad:5b:05:30:31:
                    1f:35:5d:b9:db:bb:e6:9a:c2:d3:13:12:fd:42:2d:
                    86:af:71:cb:5a:60:27:6f:ec:04:22:d4:90:e4:ca:
                    45:3e:d5:62:a5:01:e7:d9:07:fb:10:36:e9:ff:c6:
                    c6:82:e5:d4:55:2e:0f:0a:ce:41:2e:f3:aa:de:96:
                    0e:7a:24:16:2b:1a:56:38:ea:94:49:aa:ee:55:9d:
                    5f:cf:05:7c:fb:98:60:1e:0a:15:63:64:23:c9:78:
                    60:d7:c5:5a:84:76:3b:29:76:ce:a3:d5:c1:d3:31:
                    f8:7f:70:eb:a2:70:5e:07:3a:e8:ce:93:10:c8:2f:
                    bf:b1:0e:ed:1b:05:58:0e:03:17:fa:8c:d2:15:3d:
                    a2:4a:e5:10:75:98:9f:de:9e:cd:62:d4:d4:7e:16:
                    b2:7b:da:cc:51:8c:98:a8:93:75:9e:11:9e:93:28:
                    8d:97:53:67:74:77:ae:5a:8f:65:15:3c:e0:03:c2:
                    5e:b5:a6:75:c7:3e:41:b5:e8:1e:72:04:69:35:e6:
                    a6:6c:b5:4d:f8:e3:76:18:12:64:be:f1:4b:e3:e4:
                    f9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:66:8F:AB:86:00:EA:66:AA:07:A9:E8:47:F2:80:DC:2A:0C:F9:17
            X509v3 Authority Key Identifier:
                keyid:76:2C:60:AF:4D:73:72:58:45:CE:AF:0B:7B:58:5E:77:57:06:69:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dixgr01zclhFzq8Le1hed1cGaWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/fGaPq4YA6maqB6noR_KA3CoM-Rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/e6a02e-0146-44a6-9dfc-d4209fc7f3c9/1/dixgr01zclhFzq8Le1hed1cGaWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:91:ea:5d:3d:5e:e6:72:ac:06:ed:3d:97:71:73:0e:0e:e9:
         6f:87:b1:91:e6:5a:fd:99:26:47:0e:f8:e6:51:33:72:4c:98:
         25:1e:f2:c5:89:aa:f6:ad:f1:53:b5:1d:87:f9:47:ed:b7:10:
         51:bc:d8:2f:81:2b:f8:77:13:e6:b7:18:d7:a1:bc:d6:cc:ee:
         d3:43:95:cb:a6:f2:09:fd:5d:ce:df:bd:1f:5b:9a:d4:83:4a:
         56:fd:29:15:60:43:1d:cc:38:52:56:00:0b:c4:06:0f:e0:20:
         fe:64:17:de:35:c6:a6:5e:7b:d5:2a:2f:67:80:60:7d:72:76:
         6d:2a:a3:65:cf:f2:9e:6a:a4:2f:48:b1:cf:dd:a8:65:72:ce:
         af:76:5f:4b:5f:f6:3b:7f:39:dc:75:60:02:11:7f:1e:db:4b:
         11:b2:cc:85:53:15:33:4c:a2:4d:72:33:10:a1:61:f7:fe:5c:
         ad:8f:88:2b:f9:56:e0:64:f2:94:3d:a0:9f:bf:90:30:a4:0e:
         1a:87:07:ea:a2:8e:22:8a:1a:ab:19:38:b3:80:4a:7c:97:66:
         76:00:9e:9b:ac:6e:a9:20:1b:88:ab:76:dc:1f:fd:9c:a5:68:
         43:95:cb:b0:df:65:3c:c4:6b:ba:66:83:85:31:5b:54:30:e0:
         39:77:3b:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks7DDag3PxA+uSdyDWJhuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2MmM2MGFmNGQ3MzcyNTg0NWNlYWYwYjdiNTg1ZTc3NTcw
NjY5NjUwHhcNMjUwMTAyMDE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzY2OGZhYjg2MDBlYTY2YWEwN2E5ZTg0N2YyODBkYzJhMGNmOTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw6z8YZMw+ORDjJWD/PnOZ7L/EcC
AB99tZJNyr7ZXcKq/zNcuMD1rVsFMDEfNV2527vmmsLTExL9Qi2Gr3HLWmAnb+wE
ItSQ5MpFPtVipQHn2Qf7EDbp/8bGguXUVS4PCs5BLvOq3pYOeiQWKxpWOOqUSaru
VZ1fzwV8+5hgHgoVY2QjyXhg18VahHY7KXbOo9XB0zH4f3DronBeBzrozpMQyC+/
sQ7tGwVYDgMX+ozSFT2iSuUQdZif3p7NYtTUfhaye9rMUYyYqJN1nhGekyiNl1Nn
dHeuWo9lFTzgA8JetaZ1xz5BtegecgRpNeambLVN+ON2GBJkvvFL4+T5gwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxmj6uGAOpmqgep6EfygNwqDPkXMB8GA1UdIwQY
MBaAFHYsYK9Nc3JYRc6vC3tYXndXBmllMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGl4Z3IwMXpjbGhGenE4TGUxaGVkMWNHYVdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9lNmEwMmUtMDE0Ni00NGE2LTlkZmMt
ZDQyMDlmYzdmM2M5LzEvZkdhUHE0WUE2bWFxQjZub1JfS0EzQ29NLVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9lNmEwMmUtMDE0Ni00NGE2LTlkZmMtZDQyMDlmYzdmM2M5
LzEvZGl4Z3IwMXpjbGhGenE4TGUxaGVkMWNHYVdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/BTMA0G
CSqGSIb3DQEBCwUAA4IBAQCskepdPV7mcqwG7T2XcXMODulvh7GR5lr9mSZHDvjm
UTNyTJglHvLFiar2rfFTtR2H+UfttxBRvNgvgSv4dxPmtxjXobzWzO7TQ5XLpvIJ
/V3O370fW5rUg0pW/SkVYEMdzDhSVgALxAYP4CD+ZBfeNcamXnvVKi9ngGB9cnZt
KqNlz/KeaqQvSLHP3ahlcs6vdl9LX/Y7fzncdWACEX8e20sRssyFUxUzTKJNcjMQ
oWH3/lytj4gr+VbgZPKUPaCfv5AwpA4ahwfqoo4iihqrGTizgEp8l2Z2AJ6brG6p
IBuIq3bcH/2cpWhDlcuw32U8xGu6ZoOFMVtUMOA5dztD
-----END CERTIFICATE-----