Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/2-07O751wdyGKAW0YILhDfu5qkw.roa
File:                     2-07O751wdyGKAW0YILhDfu5qkw.roa (raw, json)
Hash identifier:          fB1EFjaCWmBPZRv7eqtWNxstJCPemsgGxR6JMfmq3lk=
Subject key identifier:   DB:ED:3B:3B:BE:75:C1:DC:86:28:05:B4:60:82:E1:0D:FB:B9:AA:4C
Certificate issuer:       /CN=bd175e878d33b47d806f2cf3e04628220935123d
Certificate serial:       01942369073C01F025B51D7702D16A168069
Authority key identifier: BD:17:5E:87:8D:33:B4:7D:80:6F:2C:F3:E0:46:28:22:09:35:12:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/2-07O751wdyGKAW0YILhDfu5qkw.roa
Signing time:             Wed 01 Jan 2025 19:47:53 +0000
ROA not before:           Wed 01 Jan 2025 19:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44496
IP address blocks:        91.199.8.0/24 maxlen: 32
                          2001:67c:2f84::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:07:3c:01:f0:25:b5:1d:77:02:d1:6a:16:80:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd175e878d33b47d806f2cf3e04628220935123d
        Validity
            Not Before: Jan  1 19:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbed3b3bbe75c1dc862805b46082e10dfbb9aa4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:77:ba:f2:8a:03:21:6f:55:d9:cb:dd:37:6a:
                    71:4a:d1:f4:b6:b2:38:b1:ce:4d:ab:ed:2a:31:db:
                    f8:2a:42:f5:8f:7a:2a:06:1a:42:02:c0:c0:8e:8a:
                    44:f7:66:54:56:49:63:07:e8:fd:47:58:0f:76:ae:
                    02:6b:87:9b:1f:86:c1:03:60:91:71:98:83:42:51:
                    42:9a:2b:c5:ea:63:d1:d2:d1:76:16:14:86:8c:f7:
                    55:d0:90:e8:cd:f9:9f:85:b3:b1:7c:b5:fa:89:d3:
                    d1:f7:6f:6e:09:f4:1b:2c:08:ac:f5:34:56:3f:fe:
                    13:4d:82:6f:e1:b8:e3:d1:7d:e9:03:fd:aa:b1:55:
                    78:51:6d:5c:27:0e:d4:7f:4a:42:8c:d4:e1:1c:c6:
                    15:26:4a:02:bc:54:ae:e1:52:8a:29:ff:92:a8:97:
                    17:8d:2f:80:59:0a:88:fb:a5:1d:ae:e0:cd:a0:4c:
                    ae:69:36:0c:98:8e:57:b9:01:72:ac:96:ec:ec:d9:
                    ae:0e:36:6b:11:8c:1c:e7:66:70:d9:40:b6:86:33:
                    70:e9:a9:35:34:92:04:35:30:13:21:65:1e:bd:df:
                    87:78:c3:f2:68:2a:fc:d8:11:0f:9f:3e:1f:a2:e2:
                    c1:47:1b:bc:c3:6c:d4:65:ba:f7:e4:98:9f:68:c5:
                    7f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:ED:3B:3B:BE:75:C1:DC:86:28:05:B4:60:82:E1:0D:FB:B9:AA:4C
            X509v3 Authority Key Identifier:
                keyid:BD:17:5E:87:8D:33:B4:7D:80:6F:2C:F3:E0:46:28:22:09:35:12:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vRdeh40ztH2Abyzz4EYoIgk1Ej0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/2-07O751wdyGKAW0YILhDfu5qkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/dda98e-8646-4d07-80ac-a35eaf005af5/1/vRdeh40ztH2Abyzz4EYoIgk1Ej0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.8.0/24
                IPv6:
                  2001:67c:2f84::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:84:d6:e6:36:03:dc:74:44:4a:e4:22:47:41:3c:fc:d2:b6:
         56:24:9f:89:43:19:c2:82:50:16:6e:84:49:97:ad:59:63:6a:
         9b:25:76:26:46:52:20:b9:a4:15:e2:98:35:a6:10:c2:e7:93:
         cd:a8:b9:68:0e:11:69:d1:fe:1a:76:36:54:39:a8:47:0a:f7:
         1c:59:a6:48:a0:e6:d8:22:20:7c:97:c3:cd:bc:90:dc:38:cd:
         49:1d:f3:e1:f2:7e:f7:4d:2c:6e:08:9b:aa:62:85:75:4b:d0:
         a1:35:1d:25:86:c9:84:39:d1:e3:23:bc:cc:86:a2:ab:0a:38:
         2f:8b:7d:b1:14:51:b1:04:5c:18:b4:19:ce:d6:f7:94:6c:d9:
         19:e5:9f:a8:4c:ee:2d:34:fc:70:31:08:7c:41:f9:ca:69:36:
         5b:32:c7:ef:d6:01:51:3b:30:01:ae:8f:89:02:5b:7a:fc:a7:
         da:70:88:04:20:a7:35:4b:e2:ae:55:e1:49:bc:a4:83:f9:70:
         25:4c:a8:f5:d9:27:cc:fb:48:04:bd:3b:13:ff:aa:5d:ad:e6:
         89:43:09:6c:2b:6a:a9:cd:40:6f:de:b8:b5:35:ae:23:f1:bb:
         b1:a9:2e:9e:75:69:ee:c3:83:6a:63:67:44:e1:fa:a4:09:f6:
         b0:97:b9:77
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQjaQc8AfAltR13AtFqFoBpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMTc1ZTg3OGQzM2I0N2Q4MDZmMmNmM2UwNDYyODIyMDkz
NTEyM2QwHhcNMjUwMTAxMTk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmVkM2IzYmJlNzVjMWRjODYyODA1YjQ2MDgyZTEwZGZiYjlhYTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHe68ooDIW9V2cvdN2pxStH0trI4
sc5Nq+0qMdv4KkL1j3oqBhpCAsDAjopE92ZUVkljB+j9R1gPdq4Ca4ebH4bBA2CR
cZiDQlFCmivF6mPR0tF2FhSGjPdV0JDozfmfhbOxfLX6idPR929uCfQbLAis9TRW
P/4TTYJv4bjj0X3pA/2qsVV4UW1cJw7Uf0pCjNThHMYVJkoCvFSu4VKKKf+SqJcX
jS+AWQqI+6UdruDNoEyuaTYMmI5XuQFyrJbs7NmuDjZrEYwc52Zw2UC2hjNw6ak1
NJIENTATIWUevd+HeMPyaCr82BEPnz4fouLBRxu8w2zUZbr35JifaMV/GwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNvtOzu+dcHchigFtGCC4Q37uapMMB8GA1UdIwQY
MBaAFL0XXoeNM7R9gG8s8+BGKCIJNRI9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlJkZWg0MHp0SDJBYnl6ejRFWW9JZ2sxRWowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9kZGE5OGUtODY0Ni00ZDA3LTgwYWMt
YTM1ZWFmMDA1YWY1LzEvMi0wN083NTF3ZHlHS0FXMFlJTGhEZnU1cWt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9kZGE5OGUtODY0Ni00ZDA3LTgwYWMtYTM1ZWFmMDA1YWY1
LzEvdlJkZWg0MHp0SDJBYnl6ejRFWW9JZ2sxRWowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8cIMA8E
AgACMAkDBwAgAQZ8L4QwDQYJKoZIhvcNAQELBQADggEBAKCE1uY2A9x0RErkIkdB
PPzStlYkn4lDGcKCUBZuhEmXrVljapsldiZGUiC5pBXimDWmEMLnk82ouWgOEWnR
/hp2NlQ5qEcK9xxZpkig5tgiIHyXw828kNw4zUkd8+HyfvdNLG4Im6pihXVL0KE1
HSWGyYQ50eMjvMyGoqsKOC+LfbEUUbEEXBi0Gc7W95Rs2Rnln6hM7i00/HAxCHxB
+cppNlsyx+/WAVE7MAGuj4kCW3r8p9pwiAQgpzVL4q5V4Um8pIP5cCVMqPXZJ8z7
SAS9OxP/ql2t5olDCWwraqnNQG/euLU1riPxu7GpLp51ae7Dg2pjZ0Th+qQJ9rCX
uXc=
-----END CERTIFICATE-----