Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/f2e150-3e9e-4f18-a53d-72ac79d7bb09/1/f0dwYiFEnOu3_JgUSzuAzEREF1g.roa
File:                     f0dwYiFEnOu3_JgUSzuAzEREF1g.roa (raw, json)
Hash identifier:          finZQb06qlnebE/7uJEc9oVyw8NWrlEdleXzIM/XsmQ=
Subject key identifier:   7F:47:70:62:21:44:9C:EB:B7:FC:98:14:4B:3B:80:CC:44:44:17:58
Certificate issuer:       /CN=3b58eb58b5c61a23d0f2466c5cd73ce9ec965b96
Certificate serial:       019460790507BC7FDA89ED0C515DC7B86DB2
Authority key identifier: 3B:58:EB:58:B5:C6:1A:23:D0:F2:46:6C:5C:D7:3C:E9:EC:96:5B:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O1jrWLXGGiPQ8kZsXNc86eyWW5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/f2e150-3e9e-4f18-a53d-72ac79d7bb09/1/f0dwYiFEnOu3_JgUSzuAzEREF1g.roa
Signing time:             Mon 13 Jan 2025 16:22:11 +0000
ROA not before:           Mon 13 Jan 2025 16:22:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        91.135.156.0/24 maxlen: 24
                          91.135.157.0/24 maxlen: 24
                          178.209.126.0/24 maxlen: 24
                          178.209.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/f2e150-3e9e-4f18-a53d-72ac79d7bb09/1/O1jrWLXGGiPQ8kZsXNc86eyWW5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/f2e150-3e9e-4f18-a53d-72ac79d7bb09/1/O1jrWLXGGiPQ8kZsXNc86eyWW5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O1jrWLXGGiPQ8kZsXNc86eyWW5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:60:79:05:07:bc:7f:da:89:ed:0c:51:5d:c7:b8:6d:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b58eb58b5c61a23d0f2466c5cd73ce9ec965b96
        Validity
            Not Before: Jan 13 16:22:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f47706221449cebb7fc98144b3b80cc44441758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fe:43:05:33:16:2f:9e:4c:d7:71:cd:3a:4f:b1:
                    6a:8f:62:14:80:67:04:e0:21:f8:5b:72:be:de:5d:
                    de:8f:38:62:5f:04:13:d0:c6:7a:af:f9:15:7e:c2:
                    ef:78:e7:f1:ef:cc:07:e8:4f:07:35:b8:51:16:87:
                    5b:1c:92:82:13:34:52:a3:4f:e7:aa:84:22:79:45:
                    46:d5:6a:74:3c:c5:5f:c0:34:10:b7:01:4d:b8:b5:
                    ba:f8:fe:aa:4c:6d:cc:72:e3:f2:9e:4e:ab:0b:4f:
                    47:0d:14:40:05:62:d0:d3:ac:09:b1:87:b7:fb:18:
                    f3:41:f3:01:12:49:aa:98:bd:f5:b5:63:5f:94:4f:
                    93:07:1d:f9:48:3d:ab:f3:ed:c2:ef:84:74:89:88:
                    0a:07:99:0f:be:f0:ec:11:76:39:7e:39:6a:44:e9:
                    d8:fb:00:78:48:c4:a5:25:00:17:81:d4:e0:46:87:
                    c0:2f:45:ae:7d:d1:77:1c:4c:21:5e:59:70:8b:1a:
                    e7:83:e3:e0:ed:d5:c2:7d:b9:71:7e:63:99:b0:59:
                    b8:dc:7e:5f:b9:67:ac:e4:a5:3f:76:97:14:0f:70:
                    44:06:29:1f:c5:5a:cc:16:58:cf:0d:be:bc:08:03:
                    30:e6:e0:1c:bd:52:41:78:08:46:14:e3:a5:dd:40:
                    9a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:47:70:62:21:44:9C:EB:B7:FC:98:14:4B:3B:80:CC:44:44:17:58
            X509v3 Authority Key Identifier:
                keyid:3B:58:EB:58:B5:C6:1A:23:D0:F2:46:6C:5C:D7:3C:E9:EC:96:5B:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O1jrWLXGGiPQ8kZsXNc86eyWW5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f2e150-3e9e-4f18-a53d-72ac79d7bb09/1/f0dwYiFEnOu3_JgUSzuAzEREF1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/f2e150-3e9e-4f18-a53d-72ac79d7bb09/1/O1jrWLXGGiPQ8kZsXNc86eyWW5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.135.156.0/23
                  178.209.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         26:ef:c1:9d:12:63:6c:91:11:00:59:8d:bf:98:5e:46:23:eb:
         75:0b:46:cc:51:a4:88:ce:7c:2a:12:84:4b:ee:9b:fe:6a:02:
         b9:bd:ae:d3:db:98:26:2d:b3:a6:7b:62:6e:34:a0:cb:dd:cd:
         ca:70:7b:4a:f6:f4:6a:5d:88:d3:17:42:cb:11:ec:39:3e:8e:
         4d:94:b1:5d:31:53:04:75:7e:ea:a1:2c:06:4c:74:fc:1a:81:
         03:05:4f:99:69:3b:ec:06:e9:27:38:12:36:72:86:35:98:a5:
         09:36:57:ef:ec:2e:18:a5:8e:66:67:da:e7:71:b3:07:fd:91:
         46:8d:72:cd:61:89:01:d3:96:29:93:63:fa:1d:45:0b:d2:1e:
         e5:f6:46:86:88:a4:6d:1c:90:5d:de:99:39:25:3f:e6:56:de:
         b5:2f:cd:04:23:06:91:8f:13:e6:74:e7:84:2d:cc:8a:71:f7:
         64:f6:63:a4:22:a9:4e:b2:d3:da:32:f2:fc:d3:c6:a4:37:be:
         26:62:b7:13:cd:bd:84:1a:fb:07:b4:d7:04:1a:0b:1a:ed:d6:
         b9:e2:fd:17:a5:11:03:ba:6c:0c:36:9d:e8:46:6e:8f:f6:07:
         48:86:a1:f5:e4:92:33:6c:11:4b:e5:a8:98:87:be:3a:4f:d3:
         20:94:9d:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRgeQUHvH/aie0MUV3HuG2yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNThlYjU4YjVjNjFhMjNkMGYyNDY2YzVjZDczY2U5ZWM5
NjViOTYwHhcNMjUwMTEzMTYyMjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjQ3NzA2MjIxNDQ5Y2ViYjdmYzk4MTQ0YjNiODBjYzQ0NDQxNzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/kMFMxYvnkzXcc06T7Fqj2IUgGcE
4CH4W3K+3l3ejzhiXwQT0MZ6r/kVfsLveOfx78wH6E8HNbhRFodbHJKCEzRSo0/n
qoQieUVG1Wp0PMVfwDQQtwFNuLW6+P6qTG3McuPynk6rC09HDRRABWLQ06wJsYe3
+xjzQfMBEkmqmL31tWNflE+TBx35SD2r8+3C74R0iYgKB5kPvvDsEXY5fjlqROnY
+wB4SMSlJQAXgdTgRofAL0WufdF3HEwhXllwixrng+Pg7dXCfblxfmOZsFm43H5f
uWes5KU/dpcUD3BEBikfxVrMFljPDb68CAMw5uAcvVJBeAhGFOOl3UCaMQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH9HcGIhRJzrt/yYFEs7gMxERBdYMB8GA1UdIwQY
MBaAFDtY61i1xhoj0PJGbFzXPOnslluWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzFqcldMWEdHaVBROGtac1hOYzg2ZXlXVzVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mMmUxNTAtM2U5ZS00ZjE4LWE1M2Qt
NzJhYzc5ZDdiYjA5LzEvZjBkd1lpRkVuT3UzX0pnVVN6dUF6RVJFRjFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mMmUxNTAtM2U5ZS00ZjE4LWE1M2QtNzJhYzc5ZDdiYjA5
LzEvTzFqcldMWEdHaVBROGtac1hOYzg2ZXlXVzVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW4ecAwQB
stF+MA0GCSqGSIb3DQEBCwUAA4IBAQAm78GdEmNskREAWY2/mF5GI+t1C0bMUaSI
znwqEoRL7pv+agK5va7T25gmLbOme2JuNKDL3c3KcHtK9vRqXYjTF0LLEew5Po5N
lLFdMVMEdX7qoSwGTHT8GoEDBU+ZaTvsBuknOBI2coY1mKUJNlfv7C4YpY5mZ9rn
cbMH/ZFGjXLNYYkB05Ypk2P6HUUL0h7l9kaGiKRtHJBd3pk5JT/mVt61L80EIwaR
jxPmdOeELcyKcfdk9mOkIqlOstPaMvL808akN74mYrcTzb2EGvsHtNcEGgsa7da5
4v0XpREDumwMNp3oRm6P9gdIhqH15JIzbBFL5aiYh746T9MglJ21
-----END CERTIFICATE-----