Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/48AsG-LjGtdTKSRHyXXwuNMjcms.roa
File:                     48AsG-LjGtdTKSRHyXXwuNMjcms.roa (raw, json)
Hash identifier:          Jom94X0Y2GD2G7Zghq086XBn+Rajbf0i7he27dJdYgU=
Subject key identifier:   E3:C0:2C:1B:E2:E3:1A:D7:53:29:24:47:C9:75:F0:B8:D3:23:72:6B
Certificate issuer:       /CN=97c60d4d458cec3b8d618a01300642b588c3173b
Certificate serial:       0194214443F3D02CB594D036110C030C9784
Authority key identifier: 97:C6:0D:4D:45:8C:EC:3B:8D:61:8A:01:30:06:42:B5:88:C3:17:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l8YNTUWM7DuNYYoBMAZCtYjDFzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/48AsG-LjGtdTKSRHyXXwuNMjcms.roa
Signing time:             Wed 01 Jan 2025 09:48:29 +0000
ROA not before:           Wed 01 Jan 2025 09:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58272
IP address blocks:        91.199.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/l8YNTUWM7DuNYYoBMAZCtYjDFzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/l8YNTUWM7DuNYYoBMAZCtYjDFzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l8YNTUWM7DuNYYoBMAZCtYjDFzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:43:f3:d0:2c:b5:94:d0:36:11:0c:03:0c:97:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97c60d4d458cec3b8d618a01300642b588c3173b
        Validity
            Not Before: Jan  1 09:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3c02c1be2e31ad753292447c975f0b8d323726b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d4:5c:9c:18:bc:dc:be:f5:11:f1:42:f3:52:
                    4b:84:dd:ac:01:13:85:9d:2a:4f:34:ed:e4:bb:1e:
                    a3:da:42:a8:1e:13:78:66:12:68:73:43:e3:cc:6c:
                    f5:fc:25:b7:da:14:ad:b0:a9:3d:c2:9f:92:2b:18:
                    bf:4e:6b:84:63:49:3c:e3:de:56:5d:75:5f:4c:a2:
                    1d:e3:af:69:d4:bd:bc:e9:86:cf:21:99:6a:a9:d3:
                    77:4b:0f:1d:96:dc:19:6c:5e:ec:38:ec:93:1b:c6:
                    1c:c5:50:28:de:28:8f:31:c7:bd:0f:dd:df:cf:f4:
                    f4:57:1a:e9:7a:51:0b:59:cc:a0:54:ab:61:5e:28:
                    f9:77:4e:67:67:87:94:a3:9a:f2:50:78:b6:b1:70:
                    4f:57:37:61:9e:4f:e5:02:24:e9:95:9b:e4:5e:6c:
                    6c:50:64:ec:79:e8:9b:06:8e:6f:70:07:61:c7:3a:
                    b2:e6:7e:11:e8:df:0b:6f:69:66:1c:ed:8c:54:47:
                    c3:e6:93:50:c8:2d:60:c9:3e:08:18:c2:99:7c:fc:
                    4e:f6:f0:28:d3:54:97:02:c7:06:d4:ff:54:db:ad:
                    5e:96:9b:2b:b8:d6:38:9a:17:74:7a:64:f3:bf:8a:
                    4a:17:d3:de:62:e7:2a:47:90:16:9a:52:7d:a1:45:
                    28:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:C0:2C:1B:E2:E3:1A:D7:53:29:24:47:C9:75:F0:B8:D3:23:72:6B
            X509v3 Authority Key Identifier:
                keyid:97:C6:0D:4D:45:8C:EC:3B:8D:61:8A:01:30:06:42:B5:88:C3:17:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l8YNTUWM7DuNYYoBMAZCtYjDFzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/48AsG-LjGtdTKSRHyXXwuNMjcms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/eb4b17-aa6b-4fc2-a03f-7c036178126c/1/l8YNTUWM7DuNYYoBMAZCtYjDFzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:22:90:36:cd:14:68:55:07:c7:ff:f5:16:14:a2:5c:06:fc:
         fd:05:4a:4b:31:1e:67:3b:5a:b4:a8:a7:6d:d7:7e:25:59:13:
         c1:36:1a:98:5b:14:53:0f:9b:2c:e6:f5:21:95:25:47:12:86:
         d0:85:76:d1:a5:da:8e:e0:c8:5b:6f:1d:36:3d:c5:5b:13:62:
         83:6d:a7:4d:0d:02:78:f7:ae:21:ed:9a:23:b7:bd:2f:19:b0:
         bd:fc:ff:fb:10:c2:8a:fa:82:f4:20:71:58:a0:0f:0a:ed:3a:
         93:bb:aa:b5:0d:db:4f:aa:c5:f1:fd:26:97:ac:38:11:42:3b:
         34:41:4d:ca:d7:ac:d6:95:bb:af:0c:d3:79:de:af:ac:2d:0d:
         02:b6:12:23:06:63:2e:b7:aa:05:fc:82:97:df:00:e1:ee:c3:
         34:79:00:43:eb:78:8f:7c:92:9a:ad:3c:35:65:a3:bf:72:55:
         41:82:df:8f:7c:8d:51:85:b0:0b:36:68:8f:e8:d6:ab:1b:be:
         b2:c0:ab:8a:a4:14:e9:61:8f:0f:ec:34:f9:5a:3b:dd:cf:b1:
         f5:54:29:8b:6c:73:d8:1b:14:a6:7c:14:b8:6c:51:d5:bc:a3:
         b0:34:c7:0a:31:98:a7:4b:43:09:ad:0c:5b:b0:9a:e1:a1:70:
         bd:c5:e7:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhREPz0Cy1lNA2EQwDDJeEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3YzYwZDRkNDU4Y2VjM2I4ZDYxOGEwMTMwMDY0MmI1ODhj
MzE3M2IwHhcNMjUwMTAxMDk0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2MwMmMxYmUyZTMxYWQ3NTMyOTI0NDdjOTc1ZjBiOGQzMjM3MjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9RcnBi83L71EfFC81JLhN2sAROF
nSpPNO3kux6j2kKoHhN4ZhJoc0PjzGz1/CW32hStsKk9wp+SKxi/TmuEY0k8495W
XXVfTKId469p1L286YbPIZlqqdN3Sw8dltwZbF7sOOyTG8YcxVAo3iiPMce9D93f
z/T0VxrpelELWcygVKthXij5d05nZ4eUo5ryUHi2sXBPVzdhnk/lAiTplZvkXmxs
UGTseeibBo5vcAdhxzqy5n4R6N8Lb2lmHO2MVEfD5pNQyC1gyT4IGMKZfPxO9vAo
01SXAscG1P9U261elpsruNY4mhd0emTzv4pKF9PeYucqR5AWmlJ9oUUo9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPALBvi4xrXUykkR8l18LjTI3JrMB8GA1UdIwQY
MBaAFJfGDU1FjOw7jWGKATAGQrWIwxc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDhZTlRVV003RHVOWVlvQk1BWkN0WWpERnpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9lYjRiMTctYWE2Yi00ZmMyLWEwM2Yt
N2MwMzYxNzgxMjZjLzEvNDhBc0ctTGpHdGRUS1NSSHlYWHd1Tk1qY21zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9lYjRiMTctYWE2Yi00ZmMyLWEwM2YtN2MwMzYxNzgxMjZj
LzEvbDhZTlRVV003RHVOWVlvQk1BWkN0WWpERnpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8erMA0G
CSqGSIb3DQEBCwUAA4IBAQCBIpA2zRRoVQfH//UWFKJcBvz9BUpLMR5nO1q0qKdt
134lWRPBNhqYWxRTD5ss5vUhlSVHEobQhXbRpdqO4Mhbbx02PcVbE2KDbadNDQJ4
964h7Zojt70vGbC9/P/7EMKK+oL0IHFYoA8K7TqTu6q1DdtPqsXx/SaXrDgRQjs0
QU3K16zWlbuvDNN53q+sLQ0CthIjBmMut6oF/IKX3wDh7sM0eQBD63iPfJKarTw1
ZaO/clVBgt+PfI1RhbALNmiP6NarG76ywKuKpBTpYY8P7DT5Wjvdz7H1VCmLbHPY
GxSmfBS4bFHVvKOwNMcKMZinS0MJrQxbsJrhoXC9xecR
-----END CERTIFICATE-----