Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/sU9Gf8xtIizGCx3n2mNvIY0L-S4.roa
File:                     sU9Gf8xtIizGCx3n2mNvIY0L-S4.roa (raw, json)
Hash identifier:          9lLK6NJxBVPn0bXzjcavrpReTIaQOByvwj845Zkopcs=
Subject key identifier:   B1:4F:46:7F:CC:6D:22:2C:C6:0B:1D:E7:DA:63:6F:21:8D:0B:F9:2E
Certificate issuer:       /CN=a32b618b508ec1365372c2aa675f3601293cc624
Certificate serial:       019425FD9A0350E25CF8463A092EFDE65345
Authority key identifier: A3:2B:61:8B:50:8E:C1:36:53:72:C2:AA:67:5F:36:01:29:3C:C6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oythi1COwTZTcsKqZ182ASk8xiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/sU9Gf8xtIizGCx3n2mNvIY0L-S4.roa
Signing time:             Thu 02 Jan 2025 07:49:24 +0000
ROA not before:           Thu 02 Jan 2025 07:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28753
IP address blocks:        91.195.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/oythi1COwTZTcsKqZ182ASk8xiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/oythi1COwTZTcsKqZ182ASk8xiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oythi1COwTZTcsKqZ182ASk8xiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:9a:03:50:e2:5c:f8:46:3a:09:2e:fd:e6:53:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a32b618b508ec1365372c2aa675f3601293cc624
        Validity
            Not Before: Jan  2 07:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b14f467fcc6d222cc60b1de7da636f218d0bf92e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:36:ab:7d:4b:51:88:8b:3d:ea:e3:b2:3b:ab:
                    9e:24:4b:7c:3a:73:3a:c2:ea:be:f6:17:1a:2c:9c:
                    71:80:ca:0d:3b:19:d0:22:e8:02:fe:d2:cc:f3:ad:
                    d2:47:fe:ed:6c:5f:33:c1:5c:b8:be:9f:f8:31:55:
                    f8:2f:a7:69:0b:c1:54:b5:10:d6:13:4a:31:2e:6a:
                    58:0e:f5:b4:e7:9c:19:b2:e7:16:fd:aa:91:97:84:
                    ad:8e:ef:0d:cb:67:67:67:6f:02:70:a8:99:73:8b:
                    42:2b:67:63:1a:09:ec:27:5a:c0:8f:af:a8:3f:36:
                    92:56:78:2a:9f:22:66:e9:43:6e:23:0d:cd:5b:42:
                    6e:16:b1:62:5d:56:74:5d:4f:2e:be:ea:10:84:27:
                    38:ce:ba:b4:f3:74:af:e7:b3:88:5c:bb:47:de:bf:
                    13:e3:8a:0c:1f:06:f3:a9:c9:2c:1d:f5:17:c9:ac:
                    e4:0b:19:2d:c4:e5:13:f8:73:ff:aa:92:66:61:37:
                    dc:79:8b:6d:82:15:74:99:a7:36:be:7b:9e:d1:6b:
                    9e:54:cb:67:e1:48:17:63:87:82:a3:02:fb:36:41:
                    2b:1f:c8:f7:99:1f:02:42:a0:9a:7d:21:da:41:4e:
                    d2:f9:0d:70:73:ab:5e:91:db:2a:d6:a3:48:70:d8:
                    88:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:4F:46:7F:CC:6D:22:2C:C6:0B:1D:E7:DA:63:6F:21:8D:0B:F9:2E
            X509v3 Authority Key Identifier:
                keyid:A3:2B:61:8B:50:8E:C1:36:53:72:C2:AA:67:5F:36:01:29:3C:C6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oythi1COwTZTcsKqZ182ASk8xiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/sU9Gf8xtIizGCx3n2mNvIY0L-S4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/oythi1COwTZTcsKqZ182ASk8xiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:45:7a:88:6f:58:13:6b:79:dd:bf:2c:3a:4f:ea:a2:aa:f0:
         29:95:41:78:7d:36:64:aa:87:62:85:12:1b:52:73:eb:65:c6:
         b0:33:eb:61:44:ec:5f:2c:1e:41:b2:66:74:3d:28:ba:da:66:
         06:88:b9:78:6a:4d:b2:2c:ca:c4:9b:c0:78:11:74:26:ad:cf:
         d8:76:f9:6b:ab:e1:66:e9:ce:86:05:00:fe:df:ab:71:87:db:
         f2:8f:b9:24:32:a2:24:25:95:4b:c5:89:23:2e:70:be:a3:5a:
         dd:3d:18:ae:d3:db:2e:8c:7e:a5:bf:50:72:c0:dd:fe:59:be:
         39:32:0b:85:57:58:fa:31:a8:45:3b:d8:ca:ce:f8:02:7e:13:
         83:98:58:1f:02:65:f0:34:d8:56:98:34:8f:a9:4e:03:2c:28:
         b9:be:dd:9d:4e:9e:50:b9:9d:c1:a9:e6:ce:d9:60:ed:2d:9f:
         bf:a5:b6:a1:31:ee:d1:bf:d6:38:dc:3c:9c:32:81:1e:e7:5d:
         fa:f4:68:99:63:8a:4c:17:8d:94:81:be:7a:06:03:17:4e:be:
         a7:61:dc:40:2c:46:6f:30:1f:0e:d9:5a:71:d8:56:86:8f:c5:
         d5:6d:16:2c:62:78:f9:4d:6f:e5:34:d5:0b:84:c9:d2:32:79:
         87:38:9f:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/ZoDUOJc+EY6CS795lNFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMmI2MThiNTA4ZWMxMzY1MzcyYzJhYTY3NWYzNjAxMjkz
Y2M2MjQwHhcNMjUwMTAyMDc0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTRmNDY3ZmNjNmQyMjJjYzYwYjFkZTdkYTYzNmYyMThkMGJmOTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzarfUtRiIs96uOyO6ueJEt8OnM6
wuq+9hcaLJxxgMoNOxnQIugC/tLM863SR/7tbF8zwVy4vp/4MVX4L6dpC8FUtRDW
E0oxLmpYDvW055wZsucW/aqRl4Stju8Ny2dnZ28CcKiZc4tCK2djGgnsJ1rAj6+o
PzaSVngqnyJm6UNuIw3NW0JuFrFiXVZ0XU8uvuoQhCc4zrq083Sv57OIXLtH3r8T
44oMHwbzqcksHfUXyazkCxktxOUT+HP/qpJmYTfceYttghV0mac2vnue0WueVMtn
4UgXY4eCowL7NkErH8j3mR8CQqCafSHaQU7S+Q1wc6tekdsq1qNIcNiInwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFPRn/MbSIsxgsd59pjbyGNC/kuMB8GA1UdIwQY
MBaAFKMrYYtQjsE2U3LCqmdfNgEpPMYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3l0aGkxQ093VFpUY3NLcVoxODJBU2s4eGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jZmVkMGQtMGZiMC00NTk4LWIzNjUt
NjUwOTZkYmNhYzMwLzEvc1U5R2Y4eHRJaXpHQ3gzbjJtTnZJWTBMLVM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jZmVkMGQtMGZiMC00NTk4LWIzNjUtNjUwOTZkYmNhYzMw
LzEvb3l0aGkxQ093VFpUY3NLcVoxODJBU2s4eGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8MlMA0G
CSqGSIb3DQEBCwUAA4IBAQCERXqIb1gTa3ndvyw6T+qiqvAplUF4fTZkqodihRIb
UnPrZcawM+thROxfLB5BsmZ0PSi62mYGiLl4ak2yLMrEm8B4EXQmrc/Ydvlrq+Fm
6c6GBQD+36txh9vyj7kkMqIkJZVLxYkjLnC+o1rdPRiu09sujH6lv1BywN3+Wb45
MguFV1j6MahFO9jKzvgCfhODmFgfAmXwNNhWmDSPqU4DLCi5vt2dTp5QuZ3BqebO
2WDtLZ+/pbahMe7Rv9Y43DycMoEe51369GiZY4pMF42Ugb56BgMXTr6nYdxALEZv
MB8O2Vpx2FaGj8XVbRYsYnj5TW/lNNULhMnSMnmHOJ8d
-----END CERTIFICATE-----