Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/oT4_ERJ1NK-RUR-knGGnWo2w3XU.roa
File:                     oT4_ERJ1NK-RUR-knGGnWo2w3XU.roa (raw, json)
Hash identifier:          gXeEbcCW9pl3CKjG36RJur3xaPc6GaReOGS3i/R+/dY=
Subject key identifier:   A1:3E:3F:11:12:75:34:AF:91:51:1F:A4:9C:61:A7:5A:8D:B0:DD:75
Certificate issuer:       /CN=0a77196340d2144b8ca7b0778984bb04bc1cb378
Certificate serial:       019421B23B2198FBF2AFE93571B8A1D67C05
Authority key identifier: 0A:77:19:63:40:D2:14:4B:8C:A7:B0:77:89:84:BB:04:BC:1C:B3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CncZY0DSFEuMp7B3iYS7BLwcs3g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/oT4_ERJ1NK-RUR-knGGnWo2w3XU.roa
Signing time:             Wed 01 Jan 2025 11:48:36 +0000
ROA not before:           Wed 01 Jan 2025 11:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205552
IP address blocks:        185.212.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/CncZY0DSFEuMp7B3iYS7BLwcs3g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/CncZY0DSFEuMp7B3iYS7BLwcs3g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CncZY0DSFEuMp7B3iYS7BLwcs3g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 08:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3b:21:98:fb:f2:af:e9:35:71:b8:a1:d6:7c:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a77196340d2144b8ca7b0778984bb04bc1cb378
        Validity
            Not Before: Jan  1 11:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a13e3f11127534af91511fa49c61a75a8db0dd75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:7d:31:d1:db:d3:55:2b:6a:ed:f9:89:da:fd:
                    32:b5:9a:a4:4d:b9:e9:58:43:8e:26:9f:25:8d:ec:
                    04:39:13:21:bb:c7:b7:9f:87:23:97:1d:d6:9e:b1:
                    07:04:1d:72:6f:eb:50:f1:fc:53:47:59:7d:48:ed:
                    83:af:cf:d5:3a:06:f7:80:95:ed:f7:25:39:e6:02:
                    cd:53:e3:67:05:e8:4e:63:61:b4:39:80:79:2f:c2:
                    17:47:fb:30:0b:a0:c8:74:d3:f8:ee:18:29:7a:bc:
                    9e:99:79:05:da:02:11:78:10:62:be:e5:e2:a3:d3:
                    7f:74:f2:1b:37:ec:77:38:e2:b2:90:44:9f:f0:9b:
                    c7:6a:dc:cc:91:3e:8e:72:c2:d3:86:85:8e:37:91:
                    25:0e:e2:6b:6a:b0:ff:79:cf:78:bb:bf:e3:0b:15:
                    1f:73:40:00:ca:3c:17:08:a7:1f:09:77:d3:3f:ac:
                    64:05:94:e4:09:78:31:ad:16:c5:d3:8f:f2:c7:b5:
                    f3:05:40:ce:3e:6c:17:7b:37:14:77:91:b3:80:0a:
                    6f:46:c5:c8:7a:45:5b:42:d1:a8:11:83:a5:16:90:
                    81:30:65:99:1c:7d:c2:c1:e9:a5:ea:9a:a3:5d:4b:
                    a5:7f:ed:76:bd:11:ef:03:32:2a:bd:a9:bb:8e:78:
                    78:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:3E:3F:11:12:75:34:AF:91:51:1F:A4:9C:61:A7:5A:8D:B0:DD:75
            X509v3 Authority Key Identifier:
                keyid:0A:77:19:63:40:D2:14:4B:8C:A7:B0:77:89:84:BB:04:BC:1C:B3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CncZY0DSFEuMp7B3iYS7BLwcs3g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/oT4_ERJ1NK-RUR-knGGnWo2w3XU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/4989ba-9af3-4e3d-845d-eb977164a7e4/1/CncZY0DSFEuMp7B3iYS7BLwcs3g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:45:28:f2:01:23:77:aa:7e:33:5f:37:de:5d:ea:eb:c9:47:
         9d:df:b9:ee:51:c6:26:e9:cd:da:4a:99:63:4d:e8:b4:61:35:
         2c:94:02:c0:e6:b1:d5:ee:c6:3b:d3:80:e5:66:dc:4a:cd:9a:
         67:a7:ec:98:d1:fd:1f:d7:72:ea:31:a0:cf:46:cd:54:dd:0f:
         f8:c8:ad:db:ae:9b:01:a4:31:dd:f5:5f:55:f1:58:29:56:28:
         32:1b:66:11:ca:25:9b:6b:5f:51:b8:b9:39:8e:33:4a:2f:bb:
         91:24:14:90:d7:bf:44:e9:dd:23:bb:6b:0c:73:3f:e4:d6:23:
         1c:6a:96:4f:8a:13:33:3a:c5:d0:f1:0e:e8:89:00:f3:67:ce:
         d6:06:89:7c:fe:77:c6:ae:49:86:a5:13:a6:80:04:38:03:4b:
         d7:38:81:7f:69:51:bb:5c:b7:da:20:65:1d:d8:d8:b9:93:0d:
         5d:89:d1:96:62:d9:51:e9:5d:0c:96:5d:ab:68:f7:1b:e5:7b:
         7e:91:54:1c:5c:4f:f4:b1:4a:8f:a1:d6:e2:a5:a2:22:1f:3b:
         f7:0d:97:30:e2:76:e8:30:ed:cc:99:e6:4d:05:af:33:1c:c9:
         7a:89:4b:5a:dd:1e:f3:3b:e5:b5:9b:09:7a:00:8a:7a:8a:cf:
         de:97:7a:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjshmPvyr+k1cbih1nwFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzcxOTYzNDBkMjE0NGI4Y2E3YjA3Nzg5ODRiYjA0YmMx
Y2IzNzgwHhcNMjUwMTAxMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTNlM2YxMTEyNzUzNGFmOTE1MTFmYTQ5YzYxYTc1YThkYjBkZDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp30x0dvTVStq7fmJ2v0ytZqkTbnp
WEOOJp8ljewEORMhu8e3n4cjlx3WnrEHBB1yb+tQ8fxTR1l9SO2Dr8/VOgb3gJXt
9yU55gLNU+NnBehOY2G0OYB5L8IXR/swC6DIdNP47hgperyemXkF2gIReBBivuXi
o9N/dPIbN+x3OOKykESf8JvHatzMkT6OcsLThoWON5ElDuJrarD/ec94u7/jCxUf
c0AAyjwXCKcfCXfTP6xkBZTkCXgxrRbF04/yx7XzBUDOPmwXezcUd5GzgApvRsXI
ekVbQtGoEYOlFpCBMGWZHH3Cweml6pqjXUulf+12vRHvAzIqvam7jnh4WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKE+PxESdTSvkVEfpJxhp1qNsN11MB8GA1UdIwQY
MBaAFAp3GWNA0hRLjKewd4mEuwS8HLN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25jWlkwRFNGRXVNcDdCM2lZUzdCTHdjczNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS80OTg5YmEtOWFmMy00ZTNkLTg0NWQt
ZWI5NzcxNjRhN2U0LzEvb1Q0X0VSSjFOSy1SVVIta25HR25XbzJ3M1hVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS80OTg5YmEtOWFmMy00ZTNkLTg0NWQtZWI5NzcxNjRhN2U0
LzEvQ25jWlkwRFNGRXVNcDdCM2lZUzdCTHdjczNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudRbMA0G
CSqGSIb3DQEBCwUAA4IBAQCjRSjyASN3qn4zXzfeXerryUed37nuUcYm6c3aSplj
Tei0YTUslALA5rHV7sY704DlZtxKzZpnp+yY0f0f13LqMaDPRs1U3Q/4yK3brpsB
pDHd9V9V8VgpVigyG2YRyiWba19RuLk5jjNKL7uRJBSQ179E6d0ju2sMcz/k1iMc
apZPihMzOsXQ8Q7oiQDzZ87WBol8/nfGrkmGpROmgAQ4A0vXOIF/aVG7XLfaIGUd
2Ni5kw1didGWYtlR6V0Mll2raPcb5Xt+kVQcXE/0sUqPodbipaIiHzv3DZcw4nbo
MO3MmeZNBa8zHMl6iUta3R7zO+W1mwl6AIp6is/el3rY
-----END CERTIFICATE-----