Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/657197-c628-48b1-956d-effe955a5d64/1/X1Gl7pI0OMRR6ajfA3cvno5vstw.roa
File:                     X1Gl7pI0OMRR6ajfA3cvno5vstw.roa (raw, json)
Hash identifier:          zVVJwLgXELHLdhQ+YSrbw1EHdsK7mWsiuWthVrRspkM=
Subject key identifier:   5F:51:A5:EE:92:34:38:C4:51:E9:A8:DF:03:77:2F:9E:8E:6F:B2:DC
Certificate issuer:       /CN=c1e8b88f1e30573a0e20e479d5ba00b4e91827b6
Certificate serial:       01942521F49D5389DBFE4F7624C54009530B
Authority key identifier: C1:E8:B8:8F:1E:30:57:3A:0E:20:E4:79:D5:BA:00:B4:E9:18:27:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wei4jx4wVzoOIOR51boAtOkYJ7Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/657197-c628-48b1-956d-effe955a5d64/1/X1Gl7pI0OMRR6ajfA3cvno5vstw.roa
Signing time:             Thu 02 Jan 2025 03:49:29 +0000
ROA not before:           Thu 02 Jan 2025 03:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31317
IP address blocks:        91.198.136.0/24 maxlen: 24
                          185.170.244.0/22 maxlen: 32
                          2a0a:b900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/657197-c628-48b1-956d-effe955a5d64/1/wei4jx4wVzoOIOR51boAtOkYJ7Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/657197-c628-48b1-956d-effe955a5d64/1/wei4jx4wVzoOIOR51boAtOkYJ7Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wei4jx4wVzoOIOR51boAtOkYJ7Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f4:9d:53:89:db:fe:4f:76:24:c5:40:09:53:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1e8b88f1e30573a0e20e479d5ba00b4e91827b6
        Validity
            Not Before: Jan  2 03:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f51a5ee923438c451e9a8df03772f9e8e6fb2dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:d9:81:0f:01:af:c2:64:0f:c1:72:47:8c:24:
                    85:e8:c4:7a:2d:d7:a1:07:c1:00:39:42:e2:0b:1e:
                    61:cd:47:a9:e5:c8:37:00:19:90:e6:90:ad:a2:91:
                    5b:99:8e:ae:35:8a:f4:3b:e9:eb:c4:e7:76:9a:f9:
                    1e:39:cc:b0:ad:02:72:bc:3b:ee:0e:a2:1f:c0:22:
                    9d:ce:ed:6f:42:b7:93:62:c9:b2:94:ab:0f:13:dc:
                    14:a3:ac:d0:32:63:79:cb:39:38:81:26:2b:35:ce:
                    ca:09:88:b6:6d:11:2f:f8:5e:15:c7:f7:17:0b:e2:
                    8d:95:92:05:bf:57:a5:eb:3c:6e:85:f6:f7:29:1a:
                    0b:f5:6d:81:28:49:69:4e:4d:09:df:43:38:87:01:
                    0f:de:97:3d:88:6b:0a:ef:8c:65:f2:5f:2a:bc:5a:
                    1d:41:3b:b3:13:27:0a:22:b0:e1:14:33:9f:27:51:
                    a0:2b:e0:47:ee:71:1a:1c:92:9b:f2:e4:0a:29:c3:
                    b1:53:2d:a7:0b:da:fe:dc:27:c5:0b:38:b6:8f:14:
                    df:6a:d9:f6:b4:c4:e4:0f:df:78:8d:51:7d:83:01:
                    d9:70:4c:21:7d:8d:09:bc:f7:dd:11:3c:db:9e:ab:
                    19:e6:eb:1c:24:3d:3f:d8:e1:af:33:81:42:b7:8d:
                    bd:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:51:A5:EE:92:34:38:C4:51:E9:A8:DF:03:77:2F:9E:8E:6F:B2:DC
            X509v3 Authority Key Identifier:
                keyid:C1:E8:B8:8F:1E:30:57:3A:0E:20:E4:79:D5:BA:00:B4:E9:18:27:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wei4jx4wVzoOIOR51boAtOkYJ7Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/657197-c628-48b1-956d-effe955a5d64/1/X1Gl7pI0OMRR6ajfA3cvno5vstw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/657197-c628-48b1-956d-effe955a5d64/1/wei4jx4wVzoOIOR51boAtOkYJ7Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.136.0/24
                  185.170.244.0/22
                IPv6:
                  2a0a:b900::/29

    Signature Algorithm: sha256WithRSAEncryption
         a2:51:0d:9b:14:6e:4d:f7:0f:88:7d:a3:91:26:0a:83:0d:98:
         e1:aa:3c:c0:5d:ba:ab:95:79:84:30:9d:f9:4f:ee:bd:8d:2a:
         20:04:80:9b:13:c5:61:9c:d0:23:dd:a7:7b:01:e0:9f:ef:6f:
         bb:c9:84:f1:35:93:47:09:be:25:97:0d:d4:7d:69:3b:49:4b:
         4d:8b:ac:08:74:a0:cf:14:0d:5f:f9:4b:c2:4d:0e:ce:e4:3e:
         70:4c:eb:ba:86:9a:73:c5:37:6f:9a:ab:49:50:bd:f1:83:a8:
         16:64:6b:1b:94:9f:9e:d1:d4:c4:46:bb:f1:d9:38:12:e1:79:
         2d:17:46:a4:1b:6a:0e:89:cf:27:d7:d5:e0:c6:74:5d:e0:9a:
         52:51:aa:dc:de:e6:f1:f2:a7:9e:f1:b3:47:a3:6e:2a:4b:07:
         09:f1:34:43:df:24:69:76:16:3e:c3:39:b8:3f:65:3a:5b:8e:
         7b:92:e7:6a:8f:1e:fd:06:5d:d2:06:84:42:d3:0f:00:44:3c:
         0a:a0:94:8f:96:ac:26:62:20:57:6b:06:fc:7b:ae:91:56:f8:
         e8:26:ea:34:ac:13:68:08:f8:b0:dd:bb:95:0b:a5:cf:77:fd:
         58:5a:cb:d1:9b:30:26:de:51:4b:f0:d0:1e:f2:c1:c2:0e:45:
         ee:ed:c0:21
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQlIfSdU4nb/k92JMVACVMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZThiODhmMWUzMDU3M2EwZTIwZTQ3OWQ1YmEwMGI0ZTkx
ODI3YjYwHhcNMjUwMTAyMDM0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjUxYTVlZTkyMzQzOGM0NTFlOWE4ZGYwMzc3MmY5ZThlNmZiMmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNmBDwGvwmQPwXJHjCSF6MR6Ldeh
B8EAOULiCx5hzUep5cg3ABmQ5pCtopFbmY6uNYr0O+nrxOd2mvkeOcywrQJyvDvu
DqIfwCKdzu1vQreTYsmylKsPE9wUo6zQMmN5yzk4gSYrNc7KCYi2bREv+F4Vx/cX
C+KNlZIFv1el6zxuhfb3KRoL9W2BKElpTk0J30M4hwEP3pc9iGsK74xl8l8qvFod
QTuzEycKIrDhFDOfJ1GgK+BH7nEaHJKb8uQKKcOxUy2nC9r+3CfFCzi2jxTfatn2
tMTkD994jVF9gwHZcEwhfY0JvPfdETzbnqsZ5uscJD0/2OGvM4FCt429HQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFF9Rpe6SNDjEUemo3wN3L56Ob7LcMB8GA1UdIwQY
MBaAFMHouI8eMFc6DiDkedW6ALTpGCe2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VpNGp4NHdWem9PSU9SNTFib0F0T2tZSjdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC82NTcxOTctYzYyOC00OGIxLTk1NmQt
ZWZmZTk1NWE1ZDY0LzEvWDFHbDdwSTBPTVJSNmFqZkEzY3ZubzV2c3R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC82NTcxOTctYzYyOC00OGIxLTk1NmQtZWZmZTk1NWE1ZDY0
LzEvd2VpNGp4NHdWem9PSU9SNTFib0F0T2tZSjdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW8aIAwQC
uar0MA0EAgACMAcDBQMqCrkAMA0GCSqGSIb3DQEBCwUAA4IBAQCiUQ2bFG5N9w+I
faORJgqDDZjhqjzAXbqrlXmEMJ35T+69jSogBICbE8VhnNAj3ad7AeCf72+7yYTx
NZNHCb4llw3UfWk7SUtNi6wIdKDPFA1f+UvCTQ7O5D5wTOu6hppzxTdvmqtJUL3x
g6gWZGsblJ+e0dTERrvx2TgS4XktF0akG2oOic8n19XgxnRd4JpSUarc3ubx8qee
8bNHo24qSwcJ8TRD3yRpdhY+wzm4P2U6W457kudqjx79Bl3SBoRC0w8ARDwKoJSP
lqwmYiBXawb8e66RVvjoJuo0rBNoCPiw3buVC6XPd/1YWsvRmzAm3lFL8NAe8sHC
DkXu7cAh
-----END CERTIFICATE-----