Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/1-ndEryzCguWCGvVWWmkd8W4KbQ.roa
File:                     1-ndEryzCguWCGvVWWmkd8W4KbQ.roa (raw, json)
Hash identifier:          W7EqtKjOdrRjfIUBcKhssjKWmvswGN88L1U5twVHTxE=
Subject key identifier:   D7:E9:DD:12:BC:B3:0A:0B:96:08:6B:D5:59:69:A4:77:C5:B8:29:B4
Certificate issuer:       /CN=c3c61b51ebc84180f0a6b232e87df9d61c90faab
Certificate serial:       0194266BF832D54D4B7140D4C3159A344049
Authority key identifier: C3:C6:1B:51:EB:C8:41:80:F0:A6:B2:32:E8:7D:F9:D6:1C:90:FA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8YbUevIQYDwprIy6H351hyQ-qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/1-ndEryzCguWCGvVWWmkd8W4KbQ.roa
Signing time:             Thu 02 Jan 2025 09:49:57 +0000
ROA not before:           Thu 02 Jan 2025 09:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44279
IP address blocks:        91.210.130.0/24 maxlen: 24
                          91.210.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/w8YbUevIQYDwprIy6H351hyQ-qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/w8YbUevIQYDwprIy6H351hyQ-qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8YbUevIQYDwprIy6H351hyQ-qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f8:32:d5:4d:4b:71:40:d4:c3:15:9a:34:40:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c61b51ebc84180f0a6b232e87df9d61c90faab
        Validity
            Not Before: Jan  2 09:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7e9dd12bcb30a0b96086bd55969a477c5b829b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a6:fa:2f:14:34:57:4e:8f:12:92:86:57:21:
                    b3:a4:07:0e:00:b7:5e:48:3c:02:72:e7:27:ed:2c:
                    be:c6:9f:eb:64:52:ea:1f:a2:c0:82:15:83:49:34:
                    8c:73:e0:64:f0:e8:e4:4d:3c:94:44:5d:a2:21:ce:
                    07:9f:51:0d:4e:a4:6b:49:b0:10:37:40:f1:65:64:
                    84:2f:01:d8:a7:fa:6c:86:05:12:a8:2c:5b:d0:d2:
                    1a:d5:48:53:55:10:20:ae:62:28:aa:84:e3:40:8e:
                    09:0d:41:a4:d8:15:38:72:bb:6e:80:d1:32:a1:82:
                    80:c0:ff:ca:c2:7d:83:d3:fa:3c:e7:a8:1d:74:4c:
                    83:fc:c3:c5:46:f1:39:e5:6b:65:b0:84:46:da:84:
                    2d:69:18:c9:67:c4:5e:99:3c:38:1f:4d:8f:da:ef:
                    21:1b:63:b2:93:8e:c6:f2:89:e5:9a:47:88:15:02:
                    45:84:cb:1e:13:43:e8:4f:cc:16:34:6b:cd:44:39:
                    d1:8e:d0:b3:db:9c:0e:f4:13:d0:34:c3:2c:9a:85:
                    a7:05:72:da:02:35:ea:42:01:ed:67:a3:40:cd:bb:
                    61:30:6d:1d:7e:cd:7b:23:04:53:db:c2:c3:a2:4b:
                    18:16:53:d5:ad:2c:0c:7e:db:f2:92:9d:23:b0:db:
                    17:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:E9:DD:12:BC:B3:0A:0B:96:08:6B:D5:59:69:A4:77:C5:B8:29:B4
            X509v3 Authority Key Identifier:
                keyid:C3:C6:1B:51:EB:C8:41:80:F0:A6:B2:32:E8:7D:F9:D6:1C:90:FA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8YbUevIQYDwprIy6H351hyQ-qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/1-ndEryzCguWCGvVWWmkd8W4KbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/w8YbUevIQYDwprIy6H351hyQ-qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:55:e2:67:d7:df:19:51:af:0a:e4:6d:34:b3:5e:f9:a7:46:
         c6:c4:16:d9:42:c2:69:74:0c:b1:67:3a:e7:9e:21:e6:78:b7:
         d0:03:1c:dc:cf:ac:e2:c1:02:31:33:68:eb:79:a2:21:73:96:
         9e:03:77:93:77:1f:ce:c5:13:f8:a0:42:f9:ae:e7:fb:a5:65:
         19:3a:52:62:88:55:aa:47:8a:6c:3c:68:c8:eb:4c:15:d8:b5:
         45:f2:64:6d:7d:7c:00:5b:99:f4:2f:23:fd:78:77:4d:20:78:
         81:30:5d:1f:60:5a:8b:72:89:0c:eb:ed:27:38:03:69:e9:7a:
         5d:b6:2e:dc:24:1a:96:6c:9e:5f:61:9f:a0:c9:ea:5f:88:12:
         37:50:86:fb:54:e1:16:08:91:6d:86:91:b4:d5:6b:f2:04:20:
         75:f7:36:f6:94:cf:1d:14:7e:ad:c4:fa:8d:ca:19:68:16:fc:
         fd:70:5f:2d:d9:cf:a6:2f:50:a3:85:6d:78:32:11:bd:6f:7a:
         7c:d0:84:3a:c1:26:78:94:cf:65:c8:a7:41:b6:bf:47:23:e6:
         9a:6a:f4:7c:c2:3a:6e:f1:60:a5:d9:47:c3:8b:cb:03:42:4c:
         e9:fb:25:47:c3:c9:56:e4:25:51:26:af:92:40:fb:61:89:cb:
         3a:8c:8f:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma/gy1U1LcUDUwxWaNEBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzYxYjUxZWJjODQxODBmMGE2YjIzMmU4N2RmOWQ2MWM5
MGZhYWIwHhcNMjUwMTAyMDk0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2U5ZGQxMmJjYjMwYTBiOTYwODZiZDU1OTY5YTQ3N2M1YjgyOWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlab6LxQ0V06PEpKGVyGzpAcOALde
SDwCcucn7Sy+xp/rZFLqH6LAghWDSTSMc+Bk8OjkTTyURF2iIc4Hn1ENTqRrSbAQ
N0DxZWSELwHYp/pshgUSqCxb0NIa1UhTVRAgrmIoqoTjQI4JDUGk2BU4crtugNEy
oYKAwP/Kwn2D0/o856gddEyD/MPFRvE55WtlsIRG2oQtaRjJZ8RemTw4H02P2u8h
G2Oyk47G8onlmkeIFQJFhMseE0PoT8wWNGvNRDnRjtCz25wO9BPQNMMsmoWnBXLa
AjXqQgHtZ6NAzbthMG0dfs17IwRT28LDoksYFlPVrSwMftvykp0jsNsXmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNfp3RK8swoLlghr1VlppHfFuCm0MB8GA1UdIwQY
MBaAFMPGG1HryEGA8KayMuh9+dYckPqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhZYlVldklRWUR3cHJJeTZIMzUxaHlRLXFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS83YWFkYWItOTU5YS00NjYzLWI5MzUt
OGY5ODI3MzQ0NzkwLzEvMS1uZEVyeXpDZ3VXQ0d2VldXbWtkOFc0S2JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS83YWFkYWItOTU5YS00NjYzLWI5MzUtOGY5ODI3MzQ0Nzkw
LzEvdzhZYlVldklRWUR3cHJJeTZIMzUxaHlRLXFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9KCMA0G
CSqGSIb3DQEBCwUAA4IBAQAOVeJn198ZUa8K5G00s175p0bGxBbZQsJpdAyxZzrn
niHmeLfQAxzcz6ziwQIxM2jreaIhc5aeA3eTdx/OxRP4oEL5ruf7pWUZOlJiiFWq
R4psPGjI60wV2LVF8mRtfXwAW5n0LyP9eHdNIHiBMF0fYFqLcokM6+0nOANp6Xpd
ti7cJBqWbJ5fYZ+gyepfiBI3UIb7VOEWCJFthpG01WvyBCB19zb2lM8dFH6txPqN
yhloFvz9cF8t2c+mL1CjhW14MhG9b3p80IQ6wSZ4lM9lyKdBtr9HI+aaavR8wjpu
8WCl2UfDi8sDQkzp+yVHw8lW5CVRJq+SQPthics6jI/W
-----END CERTIFICATE-----