Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/b8AVOGW_uWiltgqsOrfUVPuVbhk.roa
File:                     b8AVOGW_uWiltgqsOrfUVPuVbhk.roa (raw, json)
Hash identifier:          g14bBKv/Ezpz+JlzQJs8s4kzh2JITmna3X17wkbp61k=
Subject key identifier:   6F:C0:15:38:65:BF:B9:68:A5:B6:0A:AC:3A:B7:D4:54:FB:95:6E:19
Certificate issuer:       /CN=61aa7d6313abdc27c92d0ba549e8683f9a8f150f
Certificate serial:       019425FDD1621E6B0C3C67F6F036F258E76A
Authority key identifier: 61:AA:7D:63:13:AB:DC:27:C9:2D:0B:A5:49:E8:68:3F:9A:8F:15:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yap9YxOr3CfJLQulSehoP5qPFQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/b8AVOGW_uWiltgqsOrfUVPuVbhk.roa
Signing time:             Thu 02 Jan 2025 07:49:38 +0000
ROA not before:           Thu 02 Jan 2025 07:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56827
IP address blocks:        91.227.232.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/Yap9YxOr3CfJLQulSehoP5qPFQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/Yap9YxOr3CfJLQulSehoP5qPFQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yap9YxOr3CfJLQulSehoP5qPFQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d1:62:1e:6b:0c:3c:67:f6:f0:36:f2:58:e7:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61aa7d6313abdc27c92d0ba549e8683f9a8f150f
        Validity
            Not Before: Jan  2 07:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fc0153865bfb968a5b60aac3ab7d454fb956e19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:82:85:81:37:e9:4a:ea:85:f3:c1:38:25:7d:
                    26:21:a4:e7:b6:aa:96:17:88:8f:1c:d1:ec:f1:cb:
                    f2:2e:2e:37:27:74:98:a4:72:e4:c9:76:b2:89:bf:
                    2c:e7:6a:32:b5:eb:2d:13:c0:57:db:86:5c:8f:dd:
                    79:f0:79:ef:27:67:6d:73:f9:45:ad:eb:76:3b:83:
                    06:f6:8e:4b:17:66:52:09:16:4f:f5:3d:88:01:33:
                    a5:51:e0:91:38:cc:aa:45:9b:41:95:19:86:94:28:
                    ad:2d:e6:71:62:d6:1d:c7:7f:8a:9d:44:83:ad:f8:
                    ea:dd:78:0f:cb:ff:df:b2:30:92:20:c9:53:a7:5f:
                    45:24:85:04:d0:cb:02:63:bf:69:7c:95:e1:a0:8a:
                    e7:f6:af:86:76:88:ba:8a:5a:f5:55:07:15:51:98:
                    70:fe:15:a0:47:d7:6f:60:82:e2:6e:c1:6f:69:8c:
                    a8:81:df:90:eb:55:56:fd:c2:e6:0c:f4:45:3d:cf:
                    75:fe:71:2e:aa:4a:99:7a:c3:19:2d:8c:f0:62:44:
                    d6:4f:ed:ce:a0:7c:2b:a0:d2:55:2d:70:2b:49:4a:
                    7e:c3:c3:87:32:5f:4f:c1:84:c9:4a:0d:6e:6a:52:
                    b4:4d:98:e9:73:8f:c1:2f:9f:da:8c:ae:95:d1:0b:
                    8d:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:C0:15:38:65:BF:B9:68:A5:B6:0A:AC:3A:B7:D4:54:FB:95:6E:19
            X509v3 Authority Key Identifier:
                keyid:61:AA:7D:63:13:AB:DC:27:C9:2D:0B:A5:49:E8:68:3F:9A:8F:15:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yap9YxOr3CfJLQulSehoP5qPFQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/b8AVOGW_uWiltgqsOrfUVPuVbhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d230cf-853f-43b7-9741-dca8da876fe6/1/Yap9YxOr3CfJLQulSehoP5qPFQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:e0:0a:f8:2a:56:21:a6:b0:16:ff:cb:55:d1:2e:57:44:98:
         db:63:8d:9c:53:80:17:ea:b3:95:97:d5:32:a8:e8:ae:84:31:
         7e:47:75:1a:42:10:95:62:31:4a:c2:b6:13:3d:f6:5a:b3:57:
         5d:da:9e:53:d8:38:0d:56:03:31:24:e9:ac:f1:4c:48:2f:ca:
         03:19:79:6d:9c:8a:06:ca:c2:c3:2c:5e:28:77:12:5a:9c:a0:
         1d:cc:4b:a0:88:2a:97:98:13:85:9d:1b:cd:1a:a2:b6:b3:f8:
         dc:03:03:50:5f:e3:f2:d9:e9:ad:01:1e:cf:e0:16:44:18:0b:
         0a:bd:6f:f8:b7:f9:07:d2:3e:d3:5f:cc:b2:30:0a:67:2e:9c:
         3b:4f:2f:2f:0b:28:8a:49:a5:54:65:37:2e:1e:0e:15:c6:9f:
         02:76:e2:51:78:ee:51:09:84:4f:01:84:14:08:cf:3a:c4:06:
         f8:c8:1b:5f:b6:80:18:1e:7a:3d:ac:11:f1:32:fd:6c:05:c9:
         8c:a1:1a:08:12:bf:b8:9a:a9:3f:d2:61:44:d1:54:ef:de:a7:
         a2:a5:ff:ed:dc:eb:40:19:b3:35:b9:28:ba:8d:4e:3e:1d:4b:
         f6:21:c4:39:19:b7:10:b6:9c:c6:68:f2:db:64:f9:5f:65:b9:
         26:b3:25:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/dFiHmsMPGf28DbyWOdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYWE3ZDYzMTNhYmRjMjdjOTJkMGJhNTQ5ZTg2ODNmOWE4
ZjE1MGYwHhcNMjUwMTAyMDc0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmMwMTUzODY1YmZiOTY4YTViNjBhYWMzYWI3ZDQ1NGZiOTU2ZTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYKFgTfpSuqF88E4JX0mIaTntqqW
F4iPHNHs8cvyLi43J3SYpHLkyXayib8s52oytestE8BX24Zcj9158HnvJ2dtc/lF
ret2O4MG9o5LF2ZSCRZP9T2IATOlUeCROMyqRZtBlRmGlCitLeZxYtYdx3+KnUSD
rfjq3XgPy//fsjCSIMlTp19FJIUE0MsCY79pfJXhoIrn9q+Gdoi6ilr1VQcVUZhw
/hWgR9dvYILibsFvaYyogd+Q61VW/cLmDPRFPc91/nEuqkqZesMZLYzwYkTWT+3O
oHwroNJVLXArSUp+w8OHMl9PwYTJSg1ualK0TZjpc4/BL5/ajK6V0QuN0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/AFThlv7lopbYKrDq31FT7lW4ZMB8GA1UdIwQY
MBaAFGGqfWMTq9wnyS0LpUnoaD+ajxUPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWFwOVl4T3IzQ2ZKTFF1bFNlaG9QNXFQRlE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9kMjMwY2YtODUzZi00M2I3LTk3NDEt
ZGNhOGRhODc2ZmU2LzEvYjhBVk9HV191V2lsdGdxc09yZlVWUHVWYmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9kMjMwY2YtODUzZi00M2I3LTk3NDEtZGNhOGRhODc2ZmU2
LzEvWWFwOVl4T3IzQ2ZKTFF1bFNlaG9QNXFQRlE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+PoMA0G
CSqGSIb3DQEBCwUAA4IBAQBT4Ar4KlYhprAW/8tV0S5XRJjbY42cU4AX6rOVl9Uy
qOiuhDF+R3UaQhCVYjFKwrYTPfZas1dd2p5T2DgNVgMxJOms8UxIL8oDGXltnIoG
ysLDLF4odxJanKAdzEugiCqXmBOFnRvNGqK2s/jcAwNQX+Py2emtAR7P4BZEGAsK
vW/4t/kH0j7TX8yyMApnLpw7Ty8vCyiKSaVUZTcuHg4Vxp8CduJReO5RCYRPAYQU
CM86xAb4yBtftoAYHno9rBHxMv1sBcmMoRoIEr+4mqk/0mFE0VTv3qeipf/t3OtA
GbM1uSi6jU4+HUv2IcQ5GbcQtpzGaPLbZPlfZbkmsyW1
-----END CERTIFICATE-----