Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/43eb05-affe-4274-913b-3320271fb3ac/1/KHmBEFAHu1D8g7BNr6DM90HcrdE.roa
File:                     KHmBEFAHu1D8g7BNr6DM90HcrdE.roa (raw, json)
Hash identifier:          cHCWZbVIixRYPkJFTsJoo7AK/4mwhNH2E0rmOh1q4HI=
Subject key identifier:   28:79:81:10:50:07:BB:50:FC:83:B0:4D:AF:A0:CC:F7:41:DC:AD:D1
Certificate issuer:       /CN=a3d3907f811cb83f16b816785e380bc24c8ac193
Certificate serial:       0194228DA41FA9D3F44C55C0EC6E40472DE3
Authority key identifier: A3:D3:90:7F:81:1C:B8:3F:16:B8:16:78:5E:38:0B:C2:4C:8A:C1:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o9OQf4EcuD8WuBZ4XjgLwkyKwZM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/43eb05-affe-4274-913b-3320271fb3ac/1/KHmBEFAHu1D8g7BNr6DM90HcrdE.roa
Signing time:             Wed 01 Jan 2025 15:48:15 +0000
ROA not before:           Wed 01 Jan 2025 15:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49523
IP address blocks:        91.213.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/43eb05-affe-4274-913b-3320271fb3ac/1/o9OQf4EcuD8WuBZ4XjgLwkyKwZM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/43eb05-affe-4274-913b-3320271fb3ac/1/o9OQf4EcuD8WuBZ4XjgLwkyKwZM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o9OQf4EcuD8WuBZ4XjgLwkyKwZM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a4:1f:a9:d3:f4:4c:55:c0:ec:6e:40:47:2d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3d3907f811cb83f16b816785e380bc24c8ac193
        Validity
            Not Before: Jan  1 15:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=287981105007bb50fc83b04dafa0ccf741dcadd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:5e:80:e5:b5:36:be:60:ae:db:f1:b4:fb:da:
                    a6:43:56:8b:6e:50:91:48:bf:c7:c3:5a:3d:c5:57:
                    19:a6:65:92:20:5f:36:4b:71:71:7b:c5:17:bd:0f:
                    c7:8d:05:00:86:c4:7a:63:d7:98:d1:5b:9f:f3:91:
                    74:cb:d5:42:4f:ca:26:c4:20:62:34:39:a6:c4:0e:
                    66:84:fb:5b:bb:21:c0:3a:7b:d5:49:1e:7a:f2:c1:
                    53:b2:a8:75:91:90:84:f8:cb:ca:5f:8b:fb:72:04:
                    94:0e:ec:a2:7d:8d:52:56:bf:de:26:b4:54:0f:9d:
                    46:b3:90:27:4f:ef:60:c2:62:2f:7f:d9:6c:46:50:
                    bd:9c:5f:64:f7:9c:30:80:c3:27:6b:79:b4:50:b4:
                    d7:58:29:ab:ef:7b:4e:fd:17:f6:4c:05:f1:e3:ff:
                    43:db:f5:48:f6:a9:d4:86:ac:bc:80:bd:9d:31:1a:
                    9e:5c:a6:d9:22:ae:12:08:f8:16:ac:8a:a0:56:4f:
                    d2:b8:bc:04:b7:fc:01:aa:68:95:05:8e:e2:20:8c:
                    de:bf:b4:9d:60:8b:a0:b1:86:d4:ca:f0:15:bf:53:
                    18:51:b2:32:df:5d:25:fc:e7:14:ce:3a:2b:45:b5:
                    b5:bd:26:e2:3a:5e:bb:5c:64:85:0b:af:e9:37:04:
                    64:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:79:81:10:50:07:BB:50:FC:83:B0:4D:AF:A0:CC:F7:41:DC:AD:D1
            X509v3 Authority Key Identifier:
                keyid:A3:D3:90:7F:81:1C:B8:3F:16:B8:16:78:5E:38:0B:C2:4C:8A:C1:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o9OQf4EcuD8WuBZ4XjgLwkyKwZM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/43eb05-affe-4274-913b-3320271fb3ac/1/KHmBEFAHu1D8g7BNr6DM90HcrdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/43eb05-affe-4274-913b-3320271fb3ac/1/o9OQf4EcuD8WuBZ4XjgLwkyKwZM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:a7:80:b2:ef:b8:db:95:1e:b5:e3:2b:e3:f9:c3:38:f6:7f:
         e2:dd:15:c5:d0:92:fd:03:41:13:1c:92:71:1a:5a:a1:29:5f:
         31:ac:77:4b:75:eb:11:01:53:3f:cb:d8:7f:cd:36:8e:8a:2d:
         7a:c6:14:c2:5c:f1:9e:53:4c:86:aa:fb:a9:58:15:79:8b:9f:
         bd:70:0f:c1:06:23:ad:ca:1f:0e:79:25:80:77:e1:55:a8:6b:
         97:bf:20:c5:b7:c9:af:31:a6:7d:2b:2e:4c:22:06:1d:7d:d1:
         9c:30:7a:89:d2:b0:ef:de:95:e0:57:15:ce:05:eb:46:8b:61:
         4d:b2:7d:56:b9:2f:6d:30:a2:c9:c1:3d:25:cd:6b:7d:1d:7d:
         01:9d:0a:b4:b5:0d:73:20:42:5e:67:ed:f2:75:83:bb:94:cc:
         71:18:35:5d:aa:11:0b:3c:ea:1c:d2:38:c5:60:88:8f:88:9a:
         63:0d:d8:32:d0:f0:66:60:28:61:4a:ad:07:52:3d:1f:22:92:
         55:bb:d1:bd:ab:16:4f:eb:f8:b2:49:64:66:94:20:4d:a2:68:
         42:a4:7d:ba:d2:89:03:a4:d1:6e:35:fe:27:c5:22:21:74:c7:
         cd:0a:a9:8d:ac:d4:97:26:bd:ff:7f:b5:ef:18:77:95:cc:3f:
         cc:4c:4b:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijaQfqdP0TFXA7G5ARy3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZDM5MDdmODExY2I4M2YxNmI4MTY3ODVlMzgwYmMyNGM4
YWMxOTMwHhcNMjUwMTAxMTU0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODc5ODExMDUwMDdiYjUwZmM4M2IwNGRhZmEwY2NmNzQxZGNhZGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF6A5bU2vmCu2/G0+9qmQ1aLblCR
SL/Hw1o9xVcZpmWSIF82S3Fxe8UXvQ/HjQUAhsR6Y9eY0Vuf85F0y9VCT8omxCBi
NDmmxA5mhPtbuyHAOnvVSR568sFTsqh1kZCE+MvKX4v7cgSUDuyifY1SVr/eJrRU
D51Gs5AnT+9gwmIvf9lsRlC9nF9k95wwgMMna3m0ULTXWCmr73tO/Rf2TAXx4/9D
2/VI9qnUhqy8gL2dMRqeXKbZIq4SCPgWrIqgVk/SuLwEt/wBqmiVBY7iIIzev7Sd
YIugsYbUyvAVv1MYUbIy310l/OcUzjorRbW1vSbiOl67XGSFC6/pNwRkGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCh5gRBQB7tQ/IOwTa+gzPdB3K3RMB8GA1UdIwQY
MBaAFKPTkH+BHLg/FrgWeF44C8JMisGTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzlPUWY0RWN1RDhXdUJaNFhqZ0x3a3lLd1pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS80M2ViMDUtYWZmZS00Mjc0LTkxM2It
MzMyMDI3MWZiM2FjLzEvS0htQkVGQUh1MUQ4ZzdCTnI2RE05MEhjcmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS80M2ViMDUtYWZmZS00Mjc0LTkxM2ItMzMyMDI3MWZiM2Fj
LzEvbzlPUWY0RWN1RDhXdUJaNFhqZ0x3a3lLd1pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9UWMA0G
CSqGSIb3DQEBCwUAA4IBAQBsp4Cy77jblR614yvj+cM49n/i3RXF0JL9A0ETHJJx
GlqhKV8xrHdLdesRAVM/y9h/zTaOii16xhTCXPGeU0yGqvupWBV5i5+9cA/BBiOt
yh8OeSWAd+FVqGuXvyDFt8mvMaZ9Ky5MIgYdfdGcMHqJ0rDv3pXgVxXOBetGi2FN
sn1WuS9tMKLJwT0lzWt9HX0BnQq0tQ1zIEJeZ+3ydYO7lMxxGDVdqhELPOoc0jjF
YIiPiJpjDdgy0PBmYChhSq0HUj0fIpJVu9G9qxZP6/iySWRmlCBNomhCpH260okD
pNFuNf4nxSIhdMfNCqmNrNSXJr3/f7XvGHeVzD/MTEtg
-----END CERTIFICATE-----