Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/31b8c4-dee7-4eee-a0e0-984e82d4b806/1/0iMFk8Lfng7XvalPLjNNFDCKCXk.roa
File:                     0iMFk8Lfng7XvalPLjNNFDCKCXk.roa (raw, json)
Hash identifier:          RGgyt63YX02pCUWXH4nSFvIeyVgvG587fQXMrvVwyd0=
Subject key identifier:   D2:23:05:93:C2:DF:9E:0E:D7:BD:A9:4F:2E:33:4D:14:30:8A:09:79
Certificate issuer:       /CN=c04f7fc883c9d5e0231a585b0ae139e786543bb6
Certificate serial:       019421B1F70A3609D317105008E428C5CC69
Authority key identifier: C0:4F:7F:C8:83:C9:D5:E0:23:1A:58:5B:0A:E1:39:E7:86:54:3B:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wE9_yIPJ1eAjGlhbCuE554ZUO7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/31b8c4-dee7-4eee-a0e0-984e82d4b806/1/0iMFk8Lfng7XvalPLjNNFDCKCXk.roa
Signing time:             Wed 01 Jan 2025 11:48:18 +0000
ROA not before:           Wed 01 Jan 2025 11:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47788
IP address blocks:        91.208.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/31b8c4-dee7-4eee-a0e0-984e82d4b806/1/wE9_yIPJ1eAjGlhbCuE554ZUO7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/31b8c4-dee7-4eee-a0e0-984e82d4b806/1/wE9_yIPJ1eAjGlhbCuE554ZUO7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wE9_yIPJ1eAjGlhbCuE554ZUO7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f7:0a:36:09:d3:17:10:50:08:e4:28:c5:cc:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c04f7fc883c9d5e0231a585b0ae139e786543bb6
        Validity
            Not Before: Jan  1 11:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2230593c2df9e0ed7bda94f2e334d14308a0979
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0f:ce:84:a8:fd:19:27:32:58:be:15:14:04:
                    e9:f8:6b:4c:83:86:64:00:ae:d1:14:13:3f:07:0c:
                    93:51:31:9c:6c:8b:cb:93:ca:70:c5:82:3e:17:dd:
                    8a:6f:12:ee:49:d7:b2:9d:ce:8a:12:97:c3:9e:aa:
                    07:18:b7:c6:ce:98:f7:5e:b0:c0:39:92:a4:1f:0d:
                    71:72:e5:41:3f:26:9e:19:9c:85:3c:12:a0:9a:fc:
                    2f:4e:e3:45:43:8e:72:7f:17:a2:14:69:ea:79:ce:
                    6c:63:53:33:76:b8:88:23:81:a8:c8:fe:ff:46:b5:
                    f5:38:53:a6:b2:49:6e:36:e7:bc:db:9f:10:5c:74:
                    e0:2c:1b:af:31:d4:4a:4b:89:03:fe:7f:41:77:67:
                    79:83:ab:69:77:3d:95:70:87:0c:21:4e:e5:25:17:
                    9b:92:83:1e:13:79:3a:e5:a3:a4:59:23:32:50:ea:
                    28:55:6c:97:b4:8e:32:d3:58:88:c5:17:90:11:cd:
                    8e:96:f5:70:8b:e3:d6:6e:2b:54:6c:6b:aa:97:0a:
                    a6:77:e5:df:ef:77:0e:0b:54:79:00:89:4c:90:af:
                    a7:bc:bc:99:18:a0:ec:e8:54:bc:05:ed:fe:5f:3f:
                    e1:29:c6:ef:5b:49:ff:46:67:55:88:b8:e1:0c:24:
                    33:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:23:05:93:C2:DF:9E:0E:D7:BD:A9:4F:2E:33:4D:14:30:8A:09:79
            X509v3 Authority Key Identifier:
                keyid:C0:4F:7F:C8:83:C9:D5:E0:23:1A:58:5B:0A:E1:39:E7:86:54:3B:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wE9_yIPJ1eAjGlhbCuE554ZUO7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/31b8c4-dee7-4eee-a0e0-984e82d4b806/1/0iMFk8Lfng7XvalPLjNNFDCKCXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/31b8c4-dee7-4eee-a0e0-984e82d4b806/1/wE9_yIPJ1eAjGlhbCuE554ZUO7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:0d:94:3b:b3:dd:ee:73:65:c1:5c:eb:2e:2c:5c:ec:2b:e3:
         fb:a3:bc:96:a7:c7:28:a8:6f:b1:dd:e2:33:2c:34:6e:6b:18:
         a4:80:fe:90:ba:08:68:dd:2e:9c:4b:80:15:21:d7:9b:55:b4:
         5d:06:0e:91:2a:73:d5:2b:e2:ac:f3:d1:23:db:85:0c:ce:25:
         14:84:45:22:1a:f5:18:88:11:15:4e:3a:1c:94:71:67:d5:9f:
         69:49:d4:e5:31:73:6a:fb:2b:9b:0a:a9:b6:ff:04:a3:22:ac:
         62:17:b2:71:8b:cb:41:94:81:90:80:1c:a0:28:f8:b1:c9:95:
         57:6d:ec:ae:ac:48:ef:c5:b6:50:80:02:22:d1:d2:c5:c8:19:
         56:67:fc:ed:62:3c:ad:16:7c:7d:1b:8d:d3:b2:10:b8:d0:dc:
         85:db:b9:c8:23:67:d1:81:37:b1:12:43:34:1c:c3:ec:80:4d:
         e1:47:89:eb:90:16:d4:6a:56:b3:4a:76:9d:5c:c8:e3:02:cc:
         59:d9:a0:eb:eb:51:fa:55:d3:fc:77:cc:c0:de:de:9b:e8:fd:
         f4:d7:fb:09:f9:fe:88:5d:86:bc:b6:3d:56:5a:2c:86:0d:da:
         b8:c3:e0:f4:b5:db:8d:f7:d6:93:78:4e:c4:aa:b1:82:8f:9e:
         2a:82:7a:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsfcKNgnTFxBQCOQoxcxpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwNGY3ZmM4ODNjOWQ1ZTAyMzFhNTg1YjBhZTEzOWU3ODY1
NDNiYjYwHhcNMjUwMTAxMTE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjIzMDU5M2MyZGY5ZTBlZDdiZGE5NGYyZTMzNGQxNDMwOGEwOTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxw/OhKj9GScyWL4VFATp+GtMg4Zk
AK7RFBM/BwyTUTGcbIvLk8pwxYI+F92KbxLuSdeync6KEpfDnqoHGLfGzpj3XrDA
OZKkHw1xcuVBPyaeGZyFPBKgmvwvTuNFQ45yfxeiFGnqec5sY1MzdriII4GoyP7/
RrX1OFOmskluNue8258QXHTgLBuvMdRKS4kD/n9Bd2d5g6tpdz2VcIcMIU7lJReb
koMeE3k65aOkWSMyUOooVWyXtI4y01iIxReQEc2OlvVwi+PWbitUbGuqlwqmd+Xf
73cOC1R5AIlMkK+nvLyZGKDs6FS8Be3+Xz/hKcbvW0n/RmdViLjhDCQzpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNIjBZPC354O172pTy4zTRQwigl5MB8GA1UdIwQY
MBaAFMBPf8iDydXgIxpYWwrhOeeGVDu2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0U5X3lJUEoxZUFqR2xoYkN1RTU1NFpVTzdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8zMWI4YzQtZGVlNy00ZWVlLWEwZTAt
OTg0ZTgyZDRiODA2LzEvMGlNRms4TGZuZzdYdmFsUExqTk5GRENLQ1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8zMWI4YzQtZGVlNy00ZWVlLWEwZTAtOTg0ZTgyZDRiODA2
LzEvd0U5X3lJUEoxZUFqR2xoYkN1RTU1NFpVTzdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9CZMA0G
CSqGSIb3DQEBCwUAA4IBAQBFDZQ7s93uc2XBXOsuLFzsK+P7o7yWp8coqG+x3eIz
LDRuaxikgP6Qugho3S6cS4AVIdebVbRdBg6RKnPVK+Ks89Ej24UMziUUhEUiGvUY
iBEVTjoclHFn1Z9pSdTlMXNq+yubCqm2/wSjIqxiF7Jxi8tBlIGQgBygKPixyZVX
beyurEjvxbZQgAIi0dLFyBlWZ/ztYjytFnx9G43TshC40NyF27nII2fRgTexEkM0
HMPsgE3hR4nrkBbUalazSnadXMjjAsxZ2aDr61H6VdP8d8zA3t6b6P301/sJ+f6I
XYa8tj1WWiyGDdq4w+D0tduN99aTeE7EqrGCj54qgnqF
-----END CERTIFICATE-----