Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/fc9f2b-7f2f-4238-aa19-98cba8ff2ca3/1/5-CR-odXjfFXX-cbD_KrA88AnGY.roa
File:                     5-CR-odXjfFXX-cbD_KrA88AnGY.roa (raw, json)
Hash identifier:          ZyBB8eo1lTEFydHVFlAnAjM+USjp+b5TDsaNXh5nnS4=
Subject key identifier:   E7:E0:91:FA:87:57:8D:F1:57:5F:E7:1B:0F:F2:AB:03:CF:00:9C:66
Certificate issuer:       /CN=207799027329f22682764573af2115da95a9f6bf
Certificate serial:       019424B2A7A82A6D86565145CAA537FF4EE1
Authority key identifier: 20:77:99:02:73:29:F2:26:82:76:45:73:AF:21:15:DA:95:A9:F6:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IHeZAnMp8iaCdkVzryEV2pWp9r8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/fc9f2b-7f2f-4238-aa19-98cba8ff2ca3/1/5-CR-odXjfFXX-cbD_KrA88AnGY.roa
Signing time:             Thu 02 Jan 2025 01:47:55 +0000
ROA not before:           Thu 02 Jan 2025 01:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210945
IP address blocks:        91.222.186.0/24 maxlen: 24
                          2001:67c:808::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/fc9f2b-7f2f-4238-aa19-98cba8ff2ca3/1/IHeZAnMp8iaCdkVzryEV2pWp9r8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/fc9f2b-7f2f-4238-aa19-98cba8ff2ca3/1/IHeZAnMp8iaCdkVzryEV2pWp9r8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IHeZAnMp8iaCdkVzryEV2pWp9r8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:a7:a8:2a:6d:86:56:51:45:ca:a5:37:ff:4e:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=207799027329f22682764573af2115da95a9f6bf
        Validity
            Not Before: Jan  2 01:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7e091fa87578df1575fe71b0ff2ab03cf009c66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ab:d9:5a:7b:98:cb:90:61:b4:e6:47:c6:b8:
                    c0:ac:dd:2f:1f:c6:15:ec:12:ef:f7:d0:2d:47:b0:
                    e9:2d:52:b5:b9:d9:1b:7c:16:17:4f:1b:1d:91:7e:
                    6c:2f:95:7b:64:e7:fd:49:a1:50:95:22:66:dd:a6:
                    91:bd:db:5e:a1:36:3d:44:9f:f9:25:b2:72:d4:84:
                    14:eb:eb:49:72:72:cc:3f:05:ce:57:e3:f5:77:61:
                    d0:07:d7:ba:66:7b:3f:dc:fa:9a:a5:73:1e:63:da:
                    5b:4d:d5:46:89:ea:20:d7:a6:12:d9:40:48:e0:f3:
                    3b:3b:ee:81:7d:49:a7:ed:e5:8e:de:e5:38:7c:99:
                    df:50:94:d0:a6:16:de:cd:9a:00:c7:fa:24:97:6f:
                    d4:6c:59:32:ef:28:09:6e:e4:be:a9:19:9a:cc:33:
                    71:1c:f1:0e:84:be:4e:1f:49:cb:3a:58:90:69:b0:
                    64:2b:19:f9:51:bb:c1:5d:2e:7c:25:e9:2e:c4:fa:
                    d5:e8:86:22:9f:dd:af:8d:b2:f0:9b:88:f6:e1:69:
                    d8:f2:94:91:61:f1:5c:63:bb:f3:3f:6b:89:49:a4:
                    a4:ca:1a:b4:eb:28:67:31:6b:b8:5b:ff:ad:95:f3:
                    0e:66:71:97:9f:6d:f9:56:d8:81:13:f4:ac:31:ea:
                    9b:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:E0:91:FA:87:57:8D:F1:57:5F:E7:1B:0F:F2:AB:03:CF:00:9C:66
            X509v3 Authority Key Identifier:
                keyid:20:77:99:02:73:29:F2:26:82:76:45:73:AF:21:15:DA:95:A9:F6:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IHeZAnMp8iaCdkVzryEV2pWp9r8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/fc9f2b-7f2f-4238-aa19-98cba8ff2ca3/1/5-CR-odXjfFXX-cbD_KrA88AnGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/fc9f2b-7f2f-4238-aa19-98cba8ff2ca3/1/IHeZAnMp8iaCdkVzryEV2pWp9r8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.186.0/24
                IPv6:
                  2001:67c:808::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:d5:0a:7e:d7:8c:32:a4:da:8d:25:7d:4d:bd:e5:97:17:14:
         a6:09:c5:ab:51:48:0f:19:b4:ad:3a:5a:8a:90:bf:f6:0f:e7:
         ac:b3:06:23:d0:f3:45:3a:0a:ff:ea:ed:f0:70:f5:3d:30:f7:
         c9:f7:ff:77:c9:02:1c:df:1e:31:bd:73:16:08:ee:c9:70:da:
         f3:f2:c1:c9:17:32:21:8f:44:25:04:ac:ac:89:0b:5e:75:9e:
         00:94:b4:7c:a4:3a:88:5a:58:9e:31:b9:e3:a7:4d:e3:08:0a:
         b3:72:c5:a6:47:cf:1e:3c:11:57:51:7d:12:2b:12:8b:99:02:
         33:97:cd:68:b3:79:a8:88:6a:77:d9:c7:05:72:d0:ce:4b:86:
         00:ef:b2:95:2b:71:21:b8:e0:fe:bb:73:14:02:77:95:69:f1:
         10:29:34:db:92:f2:2a:8e:b0:9d:99:12:2e:c5:03:04:2d:e6:
         0d:0b:cc:85:fe:67:47:6c:ef:e7:a9:fa:90:8f:98:1e:66:13:
         c9:f0:16:72:8b:e9:59:20:f2:21:79:eb:2f:2b:36:38:55:f2:
         3d:8a:63:fa:15:21:54:87:a3:06:54:a6:a5:61:d6:03:e1:55:
         6b:66:98:dc:35:1e:c5:81:bc:dd:1d:25:1b:77:53:a5:ad:be:
         a1:7f:27:23
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQksqeoKm2GVlFFyqU3/07hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNzc5OTAyNzMyOWYyMjY4Mjc2NDU3M2FmMjExNWRhOTVh
OWY2YmYwHhcNMjUwMTAyMDE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2UwOTFmYTg3NTc4ZGYxNTc1ZmU3MWIwZmYyYWIwM2NmMDA5YzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6vZWnuYy5BhtOZHxrjArN0vH8YV
7BLv99AtR7DpLVK1udkbfBYXTxsdkX5sL5V7ZOf9SaFQlSJm3aaRvdteoTY9RJ/5
JbJy1IQU6+tJcnLMPwXOV+P1d2HQB9e6Zns/3PqapXMeY9pbTdVGieog16YS2UBI
4PM7O+6BfUmn7eWO3uU4fJnfUJTQphbezZoAx/okl2/UbFky7ygJbuS+qRmazDNx
HPEOhL5OH0nLOliQabBkKxn5UbvBXS58JekuxPrV6IYin92vjbLwm4j24WnY8pSR
YfFcY7vzP2uJSaSkyhq06yhnMWu4W/+tlfMOZnGXn235VtiBE/SsMeqbgwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOfgkfqHV43xV1/nGw/yqwPPAJxmMB8GA1UdIwQY
MBaAFCB3mQJzKfImgnZFc68hFdqVqfa/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUhlWkFuTXA4aWFDZGtWenJ5RVYycFdwOXI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9mYzlmMmItN2YyZi00MjM4LWFhMTkt
OThjYmE4ZmYyY2EzLzEvNS1DUi1vZFhqZkZYWC1jYkRfS3JBODhBbkdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9mYzlmMmItN2YyZi00MjM4LWFhMTktOThjYmE4ZmYyY2Ez
LzEvSUhlWkFuTXA4aWFDZGtWenJ5RVYycFdwOXI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW966MA8E
AgACMAkDBwAgAQZ8CAgwDQYJKoZIhvcNAQELBQADggEBAFbVCn7XjDKk2o0lfU29
5ZcXFKYJxatRSA8ZtK06WoqQv/YP56yzBiPQ80U6Cv/q7fBw9T0w98n3/3fJAhzf
HjG9cxYI7slw2vPywckXMiGPRCUErKyJC151ngCUtHykOohaWJ4xueOnTeMICrNy
xaZHzx48EVdRfRIrEouZAjOXzWizeaiIanfZxwVy0M5LhgDvspUrcSG44P67cxQC
d5Vp8RApNNuS8iqOsJ2ZEi7FAwQt5g0LzIX+Z0ds7+ep+pCPmB5mE8nwFnKL6Vkg
8iF56y8rNjhV8j2KY/oVIVSHowZUpqVh1gPhVWtmmNw1HsWBvN0dJRt3U6WtvqF/
JyM=
-----END CERTIFICATE-----