Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/68c008-69d3-436f-ad33-2dbe785422f8/1/r2xenfWR41SW-pcJkK2n6k9oW9c.roa
File:                     r2xenfWR41SW-pcJkK2n6k9oW9c.roa (raw, json)
Hash identifier:          9h5yss6Wot3H0ZXysamwxUCIRFlANswYmfwPee5G6HI=
Subject key identifier:   AF:6C:5E:9D:F5:91:E3:54:96:FA:97:09:90:AD:A7:EA:4F:68:5B:D7
Certificate issuer:       /CN=769a0ed13591d4b84ca79a8eb577226076651a14
Certificate serial:       01941F8C598DFC2386BBEFDBC573F5A0E0BC
Authority key identifier: 76:9A:0E:D1:35:91:D4:B8:4C:A7:9A:8E:B5:77:22:60:76:65:1A:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dpoO0TWR1LhMp5qOtXciYHZlGhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/68c008-69d3-436f-ad33-2dbe785422f8/1/r2xenfWR41SW-pcJkK2n6k9oW9c.roa
Signing time:             Wed 01 Jan 2025 01:47:59 +0000
ROA not before:           Wed 01 Jan 2025 01:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56743
IP address blocks:        91.223.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/68c008-69d3-436f-ad33-2dbe785422f8/1/dpoO0TWR1LhMp5qOtXciYHZlGhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/68c008-69d3-436f-ad33-2dbe785422f8/1/dpoO0TWR1LhMp5qOtXciYHZlGhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dpoO0TWR1LhMp5qOtXciYHZlGhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 18:56:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:59:8d:fc:23:86:bb:ef:db:c5:73:f5:a0:e0:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=769a0ed13591d4b84ca79a8eb577226076651a14
        Validity
            Not Before: Jan  1 01:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af6c5e9df591e35496fa970990ada7ea4f685bd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:66:1c:7e:42:1a:0d:93:d0:b1:a5:1a:2e:52:
                    ef:a1:b6:d4:e9:c2:9f:63:60:47:28:c0:f8:58:bf:
                    6d:3e:bc:72:89:f1:dc:31:86:8b:e6:3f:97:84:4c:
                    ef:22:e7:46:0d:91:36:e5:e2:ae:cc:63:b4:4d:cb:
                    c4:b5:b1:0b:1f:89:55:23:1b:b9:be:a1:43:66:1a:
                    0f:53:d8:6e:d3:c9:e2:0e:9f:b0:6a:37:10:ea:be:
                    bd:db:e3:98:bf:0d:10:fc:b6:84:f7:e9:2f:39:be:
                    55:10:fd:25:f9:09:9c:37:57:d4:cd:e3:9a:7d:bb:
                    81:8d:89:94:99:0e:14:10:c9:e2:d2:b5:92:07:62:
                    57:dc:5c:38:93:e0:7f:11:87:41:d6:fe:6f:99:2c:
                    c4:72:92:a0:19:8b:47:8f:79:4f:a5:85:d7:b8:16:
                    a8:2e:2e:34:d3:8f:e8:3c:de:06:75:b8:c8:80:ee:
                    df:a9:b8:ec:2f:09:68:9f:5e:27:ee:d1:4d:02:89:
                    b7:af:54:e2:3a:f2:9f:6a:6a:fa:b9:2a:c9:53:d5:
                    97:77:ed:34:24:3e:b0:41:d6:f1:e4:6f:45:4b:5b:
                    2b:a7:06:24:52:d6:eb:5a:1e:bb:c6:d1:3e:43:95:
                    33:b3:41:56:a2:12:3f:2d:de:24:92:89:4d:b4:9d:
                    23:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:6C:5E:9D:F5:91:E3:54:96:FA:97:09:90:AD:A7:EA:4F:68:5B:D7
            X509v3 Authority Key Identifier:
                keyid:76:9A:0E:D1:35:91:D4:B8:4C:A7:9A:8E:B5:77:22:60:76:65:1A:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dpoO0TWR1LhMp5qOtXciYHZlGhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/68c008-69d3-436f-ad33-2dbe785422f8/1/r2xenfWR41SW-pcJkK2n6k9oW9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/68c008-69d3-436f-ad33-2dbe785422f8/1/dpoO0TWR1LhMp5qOtXciYHZlGhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:a6:3c:5b:63:71:d2:ed:ec:54:1e:f1:52:14:49:f6:74:42:
         37:73:03:1c:bd:d7:0f:93:59:f0:a6:f8:da:9e:4d:90:fe:5a:
         d6:bf:8d:a1:76:78:cd:13:47:b6:dc:bd:af:d9:1b:76:09:50:
         49:7c:27:59:25:99:5f:2d:09:c7:ae:54:9e:cb:2a:25:01:fa:
         61:d8:19:2e:c1:42:e9:0c:eb:9a:c3:03:db:1e:7b:e2:fd:a5:
         61:73:fe:26:9b:02:ca:31:18:be:a2:b3:ca:84:13:ce:f1:96:
         fb:3a:ca:d8:aa:5f:f7:4e:a7:ea:f3:60:bb:51:20:9b:45:a0:
         42:49:ed:0f:01:2c:24:4c:f4:44:95:33:b8:6a:ba:70:b6:c1:
         e7:c0:25:00:d2:87:6a:56:78:d8:b0:45:e8:d8:44:9c:b2:60:
         19:53:52:2c:a9:5f:d1:59:ca:ce:4e:55:d0:61:f2:33:5c:fe:
         08:c6:b8:86:3b:32:d3:4c:c7:01:9d:a3:95:49:10:2c:17:a4:
         50:02:cd:56:f1:d1:82:ee:51:19:8a:c8:66:84:01:5d:59:10:
         92:95:a3:8f:0f:dc:0c:c8:84:51:7a:9c:4e:7e:8a:ed:6b:b7:
         44:03:a1:43:d7:de:1c:68:89:18:66:19:8d:1c:23:ca:41:ba:
         7d:13:cc:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjFmN/COGu+/bxXP1oOC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2OWEwZWQxMzU5MWQ0Yjg0Y2E3OWE4ZWI1NzcyMjYwNzY2
NTFhMTQwHhcNMjUwMTAxMDE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjZjNWU5ZGY1OTFlMzU0OTZmYTk3MDk5MGFkYTdlYTRmNjg1YmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymYcfkIaDZPQsaUaLlLvobbU6cKf
Y2BHKMD4WL9tPrxyifHcMYaL5j+XhEzvIudGDZE25eKuzGO0TcvEtbELH4lVIxu5
vqFDZhoPU9hu08niDp+wajcQ6r692+OYvw0Q/LaE9+kvOb5VEP0l+QmcN1fUzeOa
fbuBjYmUmQ4UEMni0rWSB2JX3Fw4k+B/EYdB1v5vmSzEcpKgGYtHj3lPpYXXuBao
Li4004/oPN4GdbjIgO7fqbjsLwlon14n7tFNAom3r1TiOvKfamr6uSrJU9WXd+00
JD6wQdbx5G9FS1srpwYkUtbrWh67xtE+Q5Uzs0FWohI/Ld4kkolNtJ0j6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9sXp31keNUlvqXCZCtp+pPaFvXMB8GA1UdIwQY
MBaAFHaaDtE1kdS4TKeajrV3ImB2ZRoUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHBvTzBUV1IxTGhNcDVxT3RYY2lZSFpsR2hRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni82OGMwMDgtNjlkMy00MzZmLWFkMzMt
MmRiZTc4NTQyMmY4LzEvcjJ4ZW5mV1I0MVNXLXBjSmtLMm42azlvVzljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni82OGMwMDgtNjlkMy00MzZmLWFkMzMtMmRiZTc4NTQyMmY4
LzEvZHBvTzBUV1IxTGhNcDVxT3RYY2lZSFpsR2hRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+zMA0G
CSqGSIb3DQEBCwUAA4IBAQAQpjxbY3HS7exUHvFSFEn2dEI3cwMcvdcPk1nwpvja
nk2Q/lrWv42hdnjNE0e23L2v2Rt2CVBJfCdZJZlfLQnHrlSeyyolAfph2BkuwULp
DOuawwPbHnvi/aVhc/4mmwLKMRi+orPKhBPO8Zb7OsrYql/3Tqfq82C7USCbRaBC
Se0PASwkTPRElTO4arpwtsHnwCUA0odqVnjYsEXo2EScsmAZU1IsqV/RWcrOTlXQ
YfIzXP4IxriGOzLTTMcBnaOVSRAsF6RQAs1W8dGC7lEZishmhAFdWRCSlaOPD9wM
yIRRepxOforta7dEA6FD194caIkYZhmNHCPKQbp9E8x0
-----END CERTIFICATE-----