Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/o0oMTAuKIGHPPUAOzZr4Sk6LJKE.roa
File:                     o0oMTAuKIGHPPUAOzZr4Sk6LJKE.roa (raw, json)
Hash identifier:          ZRg0HV5OEgSBlVNEZwtUfyiQ+K7sHVEJu9FVy+59lsM=
Subject key identifier:   A3:4A:0C:4C:0B:8A:20:61:CF:3D:40:0E:CD:9A:F8:4A:4E:8B:24:A1
Certificate issuer:       /CN=a1dc0630e96096de4822d1f51ef80c6fff54191b
Certificate serial:       01944823E2E88F8BB6BCB01453C3939B6CF4
Authority key identifier: A1:DC:06:30:E9:60:96:DE:48:22:D1:F5:1E:F8:0C:6F:FF:54:19:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odwGMOlglt5IItH1HvgMb_9UGRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/o0oMTAuKIGHPPUAOzZr4Sk6LJKE.roa
Signing time:             Wed 08 Jan 2025 22:58:18 +0000
ROA not before:           Wed 08 Jan 2025 22:58:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213993
IP address blocks:        91.227.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/odwGMOlglt5IItH1HvgMb_9UGRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/odwGMOlglt5IItH1HvgMb_9UGRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odwGMOlglt5IItH1HvgMb_9UGRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:48:23:e2:e8:8f:8b:b6:bc:b0:14:53:c3:93:9b:6c:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1dc0630e96096de4822d1f51ef80c6fff54191b
        Validity
            Not Before: Jan  8 22:58:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a34a0c4c0b8a2061cf3d400ecd9af84a4e8b24a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:db:58:88:d6:ca:85:44:fa:da:8d:b4:6f:ef:
                    3b:16:be:ce:1e:72:bb:46:94:f6:b1:3c:30:28:fc:
                    b9:17:4d:e4:85:44:7d:59:28:03:2b:56:13:2a:ed:
                    95:b2:55:f7:17:ab:d0:da:47:3c:72:43:67:25:68:
                    64:0f:65:27:d4:e5:ac:ec:06:ef:78:34:7e:67:b9:
                    ae:d1:04:cf:84:e1:43:dc:5a:ae:59:fe:6d:4a:a3:
                    fa:9a:71:54:39:1a:84:3b:04:d4:82:8b:e4:59:e4:
                    05:2a:60:c5:b1:55:7b:6e:32:19:a6:71:f6:1f:e1:
                    32:9e:fc:54:a2:3c:ac:fb:57:06:14:49:9e:c0:09:
                    a6:85:a6:9c:48:8f:82:fc:b7:80:64:fc:9d:a4:14:
                    ed:61:5a:dc:f5:10:78:4b:e4:6f:22:fb:fe:5a:8e:
                    1e:68:ea:1f:a9:b0:df:b1:40:c0:8c:36:fb:96:5b:
                    bd:20:e4:79:96:9e:66:fb:86:13:18:71:b5:60:89:
                    97:f9:8f:85:bf:fa:8a:cb:9f:12:2b:6c:3a:e3:3c:
                    a9:9b:a2:7b:d6:31:01:ad:e3:de:78:94:99:9a:ab:
                    4a:08:4f:dc:33:e4:5c:2a:2c:4c:1e:dc:d5:ec:83:
                    ce:85:62:f3:bd:e2:46:2d:f8:1d:d9:7a:56:23:b5:
                    6d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:4A:0C:4C:0B:8A:20:61:CF:3D:40:0E:CD:9A:F8:4A:4E:8B:24:A1
            X509v3 Authority Key Identifier:
                keyid:A1:DC:06:30:E9:60:96:DE:48:22:D1:F5:1E:F8:0C:6F:FF:54:19:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odwGMOlglt5IItH1HvgMb_9UGRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/o0oMTAuKIGHPPUAOzZr4Sk6LJKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/odwGMOlglt5IItH1HvgMb_9UGRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:79:be:7f:92:0e:80:da:bd:60:f4:a8:44:70:bf:8c:fc:98:
         c0:5d:72:dd:89:9f:a9:b3:0a:0f:e9:50:66:f3:2a:8f:2f:31:
         ec:21:6b:1e:6e:4d:bd:dc:dd:03:5e:7d:25:4a:b1:54:e6:24:
         8a:68:e4:28:1c:d8:17:af:f8:93:10:e4:f9:87:0d:43:9a:90:
         1a:31:bf:20:0d:f3:c1:58:cc:d1:61:bf:3d:32:5a:dd:d9:f6:
         15:4c:5e:06:9b:dd:c0:b5:f2:56:b7:74:7f:bd:d0:bc:46:ab:
         22:fa:30:58:49:32:3c:ff:30:e7:25:3c:9c:8e:28:4f:f5:aa:
         ed:b0:d1:83:df:0f:58:47:56:b3:c1:e7:7c:1c:0b:be:db:95:
         c7:5b:08:20:ff:17:ed:c8:78:7e:90:3f:77:9b:74:69:bc:f8:
         3d:47:93:cf:4b:1a:8b:ff:8c:97:7b:ac:dc:64:b4:c3:9f:01:
         1d:d3:bf:22:5e:52:34:a7:bd:21:1b:d7:dd:76:2b:d3:e3:05:
         a3:05:aa:75:4b:46:ab:db:27:82:96:de:c5:2a:c1:58:80:26:
         b3:d0:07:55:b0:19:02:65:b5:76:1b:a6:f6:b8:df:0b:b4:05:
         a9:da:68:67:10:cd:64:8a:99:71:a6:28:f3:e3:99:1d:7c:93:
         6a:86:89:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRII+Loj4u2vLAUU8OTm2z0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZGMwNjMwZTk2MDk2ZGU0ODIyZDFmNTFlZjgwYzZmZmY1
NDE5MWIwHhcNMjUwMTA4MjI1ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzRhMGM0YzBiOGEyMDYxY2YzZDQwMGVjZDlhZjg0YTRlOGIyNGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdtYiNbKhUT62o20b+87Fr7OHnK7
RpT2sTwwKPy5F03khUR9WSgDK1YTKu2VslX3F6vQ2kc8ckNnJWhkD2Un1OWs7Abv
eDR+Z7mu0QTPhOFD3FquWf5tSqP6mnFUORqEOwTUgovkWeQFKmDFsVV7bjIZpnH2
H+EynvxUojys+1cGFEmewAmmhaacSI+C/LeAZPydpBTtYVrc9RB4S+RvIvv+Wo4e
aOofqbDfsUDAjDb7llu9IOR5lp5m+4YTGHG1YImX+Y+Fv/qKy58SK2w64zypm6J7
1jEBrePeeJSZmqtKCE/cM+RcKixMHtzV7IPOhWLzveJGLfgd2XpWI7VtjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNKDEwLiiBhzz1ADs2a+EpOiyShMB8GA1UdIwQY
MBaAFKHcBjDpYJbeSCLR9R74DG//VBkbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2R3R01PbGdsdDVJSXRIMUh2Z01iXzlVR1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zZjkxNTgtNmE5MC00ZTU3LWEyOGYt
M2UwNmEwMTgyNjE0LzEvbzBvTVRBdUtJR0hQUFVBT3pacjRTazZMSktFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zZjkxNTgtNmE5MC00ZTU3LWEyOGYtM2UwNmEwMTgyNjE0
LzEvb2R3R01PbGdsdDVJSXRIMUh2Z01iXzlVR1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+M+MA0G
CSqGSIb3DQEBCwUAA4IBAQAIeb5/kg6A2r1g9KhEcL+M/JjAXXLdiZ+pswoP6VBm
8yqPLzHsIWsebk293N0DXn0lSrFU5iSKaOQoHNgXr/iTEOT5hw1DmpAaMb8gDfPB
WMzRYb89Mlrd2fYVTF4Gm93AtfJWt3R/vdC8Rqsi+jBYSTI8/zDnJTycjihP9art
sNGD3w9YR1azwed8HAu+25XHWwgg/xftyHh+kD93m3RpvPg9R5PPSxqL/4yXe6zc
ZLTDnwEd078iXlI0p70hG9fddivT4wWjBap1S0ar2yeClt7FKsFYgCaz0AdVsBkC
ZbV2G6b2uN8LtAWp2mhnEM1kiplxpijz45kdfJNqhonh
-----END CERTIFICATE-----