Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/O0zn8FlsZtfpPdEnqXoXxmVpgl8.roa
File:                     O0zn8FlsZtfpPdEnqXoXxmVpgl8.roa (raw, json)
Hash identifier:          KyGWwEJdCipct259hyA9F4mxLo276WcHsUgpLEqtT38=
Subject key identifier:   3B:4C:E7:F0:59:6C:66:D7:E9:3D:D1:27:A9:7A:17:C6:65:69:82:5F
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       019424B3CB8E58B839F43134A254F84A686E
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/O0zn8FlsZtfpPdEnqXoXxmVpgl8.roa
Signing time:             Thu 02 Jan 2025 01:49:10 +0000
ROA not before:           Thu 02 Jan 2025 01:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204267
IP address blocks:        91.205.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Mar 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:cb:8e:58:b8:39:f4:31:34:a2:54:f8:4a:68:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  2 01:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b4ce7f0596c66d7e93dd127a97a17c66569825f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f5:a0:37:6f:e7:e5:5b:3e:dc:d5:85:c1:56:
                    56:5b:07:10:cb:a3:b5:fd:05:89:2a:45:0a:20:26:
                    9d:ae:ab:52:35:71:f0:f6:7e:26:42:69:a4:fc:07:
                    fc:3f:db:8c:d3:46:89:b7:49:f5:4b:6b:5e:87:ae:
                    8b:2c:56:37:f2:74:ee:16:17:50:f7:8f:46:ac:8c:
                    84:dd:1f:61:9a:33:9f:68:97:54:ad:a8:b4:91:c1:
                    4a:6c:71:e6:de:57:a4:7a:ae:83:d1:93:4e:9e:3f:
                    ff:05:4f:71:26:89:c4:bd:db:7a:b6:e8:00:15:24:
                    dd:f8:c1:a0:98:31:ee:9e:bd:5d:76:0e:5d:76:ee:
                    18:72:f1:10:e3:9c:62:35:89:a5:df:18:1b:48:6b:
                    2f:f8:ff:54:0c:3d:be:69:bf:8b:f2:a5:a2:86:1a:
                    95:c2:5c:2b:fc:50:8a:9a:bc:06:9e:db:37:dd:f9:
                    b8:97:bd:b1:41:0d:16:40:75:18:f0:a2:b9:17:60:
                    54:dd:aa:c7:95:93:cd:d4:3d:61:a5:d1:aa:3b:7b:
                    03:b6:7e:9d:8e:ac:2b:7b:b3:ff:d3:c3:86:5b:a5:
                    c1:ae:f1:0b:b6:81:67:e6:b8:c4:b2:f0:c0:b2:6f:
                    77:b2:ec:f3:13:b3:a4:40:b8:7e:3d:fb:ea:d2:f5:
                    eb:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:4C:E7:F0:59:6C:66:D7:E9:3D:D1:27:A9:7A:17:C6:65:69:82:5F
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/O0zn8FlsZtfpPdEnqXoXxmVpgl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:a9:d7:9d:89:58:e3:e2:ce:9a:60:7a:7f:32:fa:0d:42:c9:
         6c:75:95:78:f9:11:e7:4a:fb:db:bf:3a:7d:a0:7b:51:65:df:
         17:ae:dc:82:91:99:dc:f0:08:94:dd:14:25:d5:3e:22:6c:08:
         4d:9b:b5:3e:f7:cb:ef:e0:fa:fc:3c:c7:d2:7a:ea:fa:11:ae:
         54:b9:f8:17:bd:07:19:e2:43:32:b4:2c:c8:65:ff:8d:84:d7:
         15:da:dd:95:e8:b7:2b:be:76:97:2a:b1:aa:cf:84:ae:27:76:
         9b:0d:06:9e:8a:d6:9c:c3:21:ba:cb:21:4c:07:b6:de:1f:b1:
         52:eb:38:33:9b:12:d6:e1:7d:ad:48:84:b9:94:3d:fb:54:ce:
         6c:ae:c1:e7:95:a9:fc:3f:c9:3d:eb:55:00:8a:cf:33:d1:fa:
         68:57:1f:49:26:30:ec:73:3e:f8:1b:26:c5:d7:18:aa:56:13:
         65:24:56:16:18:83:89:cf:6b:11:09:e2:eb:9c:70:f1:00:05:
         49:fd:bd:5c:be:9e:e3:49:45:af:99:0a:75:41:90:b9:32:07:
         3c:2f:b4:7f:bf:e5:f9:fd:03:a7:4f:77:36:4f:21:d3:f6:73:
         59:39:03:8f:98:b1:4d:98:c2:11:ca:21:b5:f8:57:db:3f:e5:
         85:b9:ef:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks8uOWLg59DE0olT4SmhuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjUwMTAyMDE0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjRjZTdmMDU5NmM2NmQ3ZTkzZGQxMjdhOTdhMTdjNjY1Njk4MjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvWgN2/n5Vs+3NWFwVZWWwcQy6O1
/QWJKkUKICadrqtSNXHw9n4mQmmk/Af8P9uM00aJt0n1S2teh66LLFY38nTuFhdQ
949GrIyE3R9hmjOfaJdUrai0kcFKbHHm3lekeq6D0ZNOnj//BU9xJonEvdt6tugA
FSTd+MGgmDHunr1ddg5ddu4YcvEQ45xiNYml3xgbSGsv+P9UDD2+ab+L8qWihhqV
wlwr/FCKmrwGnts33fm4l72xQQ0WQHUY8KK5F2BU3arHlZPN1D1hpdGqO3sDtn6d
jqwre7P/08OGW6XBrvELtoFn5rjEsvDAsm93suzzE7OkQLh+Pfvq0vXrPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtM5/BZbGbX6T3RJ6l6F8ZlaYJfMB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvTzB6bjhGbHNadGZwUGRFbnFYb1h4bVZwZ2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW83GMA0G
CSqGSIb3DQEBCwUAA4IBAQAHqdediVjj4s6aYHp/MvoNQslsdZV4+RHnSvvbvzp9
oHtRZd8XrtyCkZnc8AiU3RQl1T4ibAhNm7U+98vv4Pr8PMfSeur6Ea5UufgXvQcZ
4kMytCzIZf+NhNcV2t2V6LcrvnaXKrGqz4SuJ3abDQaeitacwyG6yyFMB7beH7FS
6zgzmxLW4X2tSIS5lD37VM5srsHnlan8P8k961UAis8z0fpoVx9JJjDscz74GybF
1xiqVhNlJFYWGIOJz2sRCeLrnHDxAAVJ/b1cvp7jSUWvmQp1QZC5Mgc8L7R/v+X5
/QOnT3c2TyHT9nNZOQOPmLFNmMIRyiG1+FfbP+WFue+0
-----END CERTIFICATE-----