Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/6cf769-9b58-4847-8f1f-edc54072ae89/1/5wpBu9lqq6Eh5bxmApWBHSmv8rU.roa
File:                     5wpBu9lqq6Eh5bxmApWBHSmv8rU.roa (raw, json)
Hash identifier:          OWwgDNZvQnVhoKGxoJou3ziQhvyReIZ9m1NH7rz0BqA=
Subject key identifier:   E7:0A:41:BB:D9:6A:AB:A1:21:E5:BC:66:02:95:81:1D:29:AF:F2:B5
Certificate issuer:       /CN=acc32858ccda9586c6d9671e310d51c28268c459
Certificate serial:       01942521CFC8664422E199DD5E86662E4F91
Authority key identifier: AC:C3:28:58:CC:DA:95:86:C6:D9:67:1E:31:0D:51:C2:82:68:C4:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rMMoWMzalYbG2WceMQ1RwoJoxFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/6cf769-9b58-4847-8f1f-edc54072ae89/1/5wpBu9lqq6Eh5bxmApWBHSmv8rU.roa
Signing time:             Thu 02 Jan 2025 03:49:20 +0000
ROA not before:           Thu 02 Jan 2025 03:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        91.229.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/6cf769-9b58-4847-8f1f-edc54072ae89/1/rMMoWMzalYbG2WceMQ1RwoJoxFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/6cf769-9b58-4847-8f1f-edc54072ae89/1/rMMoWMzalYbG2WceMQ1RwoJoxFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rMMoWMzalYbG2WceMQ1RwoJoxFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 06:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:cf:c8:66:44:22:e1:99:dd:5e:86:66:2e:4f:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acc32858ccda9586c6d9671e310d51c28268c459
        Validity
            Not Before: Jan  2 03:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e70a41bbd96aaba121e5bc660295811d29aff2b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:74:ee:bf:7b:66:44:4c:d3:30:f4:19:d3:bb:
                    36:f4:df:09:57:f1:26:16:b3:f8:cd:28:02:a9:73:
                    f3:95:db:90:bf:d8:5f:a6:8a:5e:3e:96:81:27:54:
                    b3:54:8b:70:fd:62:07:ac:80:93:da:18:37:89:91:
                    59:14:91:50:d0:2f:65:cd:58:23:2a:69:7a:a8:c0:
                    7d:51:d9:eb:30:af:df:53:54:f7:d3:5f:a7:86:3a:
                    cf:f4:ba:e1:4e:e9:ef:f3:63:66:f4:f7:67:6c:29:
                    37:c6:35:17:c7:fd:06:8a:13:f1:39:37:09:3f:3d:
                    4c:d2:a4:85:3e:96:a9:54:2e:ee:d6:6e:c6:ea:34:
                    b8:9a:57:09:0e:a7:f2:c3:79:26:92:23:32:bb:51:
                    cd:35:28:5d:86:ea:95:98:c9:6b:e2:0a:b5:64:6a:
                    e4:92:c1:a9:0b:d5:aa:32:41:84:95:f7:28:45:72:
                    94:76:38:d3:2a:f5:b2:29:2f:56:59:31:66:e8:d0:
                    fa:f1:3f:ab:79:c2:81:47:6a:e7:09:d5:6a:bf:e0:
                    9a:b1:bb:90:04:69:49:2b:1f:ce:5c:30:30:ee:1c:
                    1b:a0:fc:67:05:17:be:77:09:a8:89:22:55:28:ba:
                    5b:84:b6:a8:1f:98:89:6c:4d:6a:e4:24:e7:33:d8:
                    26:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:0A:41:BB:D9:6A:AB:A1:21:E5:BC:66:02:95:81:1D:29:AF:F2:B5
            X509v3 Authority Key Identifier:
                keyid:AC:C3:28:58:CC:DA:95:86:C6:D9:67:1E:31:0D:51:C2:82:68:C4:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rMMoWMzalYbG2WceMQ1RwoJoxFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/6cf769-9b58-4847-8f1f-edc54072ae89/1/5wpBu9lqq6Eh5bxmApWBHSmv8rU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/6cf769-9b58-4847-8f1f-edc54072ae89/1/rMMoWMzalYbG2WceMQ1RwoJoxFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:71:8e:7c:85:13:32:79:e0:80:64:c0:99:0a:cd:cc:87:60:
         7e:b3:8d:db:1e:33:58:62:f2:6f:b3:6a:d6:12:73:ea:c7:13:
         a1:be:8f:56:ff:57:8e:4b:ae:2f:e0:dd:54:b5:9a:fc:17:d3:
         68:c4:e9:40:69:f2:7f:49:4f:bf:5b:b3:ef:38:f7:46:41:37:
         12:99:c1:7f:ed:b7:ae:c7:2b:8f:fc:68:51:7a:a8:c5:0e:69:
         ed:a0:a1:19:7f:95:a8:56:87:dc:f2:4c:00:91:37:9e:38:c8:
         86:c6:36:e3:0c:cf:3a:a4:c4:24:d2:c3:df:8d:87:6e:37:1d:
         d4:eb:c5:c5:97:77:f4:6d:a1:1e:0a:b0:3b:f0:ad:49:5b:93:
         91:e8:e2:0f:64:4a:df:0d:3b:4b:bf:a9:b1:12:e6:0a:fd:a0:
         c5:44:4c:25:34:95:4e:19:60:3a:fb:fd:50:08:95:49:d3:30:
         9b:29:85:72:83:b9:9e:93:9f:a8:11:6d:06:b1:80:93:dc:fb:
         ca:2e:4c:70:74:3d:26:84:9d:d6:0a:ed:25:8e:91:3e:b3:86:
         2e:29:68:6f:d1:06:92:67:e8:12:ab:54:04:b8:1f:45:99:75:
         4e:97:ea:d8:fb:a8:d4:38:cc:61:3b:a0:9d:6d:cf:92:ef:14:
         19:2e:22:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIc/IZkQi4ZndXoZmLk+RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYzMyODU4Y2NkYTk1ODZjNmQ5NjcxZTMxMGQ1MWMyODI2
OGM0NTkwHhcNMjUwMTAyMDM0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzBhNDFiYmQ5NmFhYmExMjFlNWJjNjYwMjk1ODExZDI5YWZmMmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5HTuv3tmREzTMPQZ07s29N8JV/Em
FrP4zSgCqXPzlduQv9hfpopePpaBJ1SzVItw/WIHrICT2hg3iZFZFJFQ0C9lzVgj
Kml6qMB9UdnrMK/fU1T301+nhjrP9LrhTunv82Nm9PdnbCk3xjUXx/0GihPxOTcJ
Pz1M0qSFPpapVC7u1m7G6jS4mlcJDqfyw3kmkiMyu1HNNShdhuqVmMlr4gq1ZGrk
ksGpC9WqMkGElfcoRXKUdjjTKvWyKS9WWTFm6ND68T+recKBR2rnCdVqv+CasbuQ
BGlJKx/OXDAw7hwboPxnBRe+dwmoiSJVKLpbhLaoH5iJbE1q5CTnM9gmBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOcKQbvZaquhIeW8ZgKVgR0pr/K1MB8GA1UdIwQY
MBaAFKzDKFjM2pWGxtlnHjENUcKCaMRZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck1Nb1dNemFsWWJHMldjZU1RMVJ3b0pveEZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC82Y2Y3NjktOWI1OC00ODQ3LThmMWYt
ZWRjNTQwNzJhZTg5LzEvNXdwQnU5bHFxNkVoNWJ4bUFwV0JIU212OHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC82Y2Y3NjktOWI1OC00ODQ3LThmMWYtZWRjNTQwNzJhZTg5
LzEvck1Nb1dNemFsWWJHMldjZU1RMVJ3b0pveEZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+U6MA0G
CSqGSIb3DQEBCwUAA4IBAQCScY58hRMyeeCAZMCZCs3Mh2B+s43bHjNYYvJvs2rW
EnPqxxOhvo9W/1eOS64v4N1UtZr8F9NoxOlAafJ/SU+/W7PvOPdGQTcSmcF/7beu
xyuP/GhReqjFDmntoKEZf5WoVofc8kwAkTeeOMiGxjbjDM86pMQk0sPfjYduNx3U
68XFl3f0baEeCrA78K1JW5OR6OIPZErfDTtLv6mxEuYK/aDFREwlNJVOGWA6+/1Q
CJVJ0zCbKYVyg7mek5+oEW0GsYCT3PvKLkxwdD0mhJ3WCu0ljpE+s4YuKWhv0QaS
Z+gSq1QEuB9FmXVOl+rY+6jUOMxhO6Cdbc+S7xQZLiI0
-----END CERTIFICATE-----