Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/lO8z4PUnAAW_FQZ30LG2G_SaC34.roa
File:                     lO8z4PUnAAW_FQZ30LG2G_SaC34.roa (raw, json)
Hash identifier:          TP4CK9avYURoeZBLUriM0sZhHgj7m8xB680P8/Q/778=
Subject key identifier:   94:EF:33:E0:F5:27:00:05:BF:15:06:77:D0:B1:B6:1B:F4:9A:0B:7E
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019428260CF32157771050CF79990D55B119
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/lO8z4PUnAAW_FQZ30LG2G_SaC34.roa
Signing time:             Thu 02 Jan 2025 17:52:49 +0000
ROA not before:           Thu 02 Jan 2025 17:52:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43310
IP address blocks:        91.225.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:0c:f3:21:57:77:10:50:cf:79:99:0d:55:b1:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Jan  2 17:52:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94ef33e0f5270005bf150677d0b1b61bf49a0b7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:43:b7:fc:af:12:26:7d:a4:45:5e:f2:61:32:
                    b7:bd:c4:35:be:78:04:6a:7d:22:c5:0d:0f:19:cd:
                    43:99:2b:32:7a:3c:a0:60:2d:be:e6:eb:bf:04:0e:
                    e7:ca:c0:df:9c:6d:72:c8:6a:65:4c:f8:89:27:2d:
                    5a:59:3b:e5:b4:d4:89:3f:5c:00:15:10:81:5c:9f:
                    6d:ba:38:d2:6a:f4:79:c0:70:1b:a1:a6:d3:1f:b0:
                    bf:5a:7f:14:9c:83:b7:08:db:bb:f0:59:18:ba:5e:
                    cd:a3:23:e3:e0:06:6a:9b:5c:5c:9b:1f:89:aa:ca:
                    f1:c7:38:69:d2:28:99:81:e8:6a:ae:c5:e9:4b:1b:
                    ba:17:71:99:50:37:9e:de:59:ca:18:9b:fe:d0:65:
                    64:25:a7:f7:6a:5e:54:37:53:31:6b:43:6d:1c:2a:
                    a0:eb:c4:76:75:8a:4d:af:45:aa:cb:6e:94:38:44:
                    f6:e8:e5:80:b0:f8:ff:0e:a8:1c:4c:ab:43:b9:a1:
                    d8:9f:c8:9b:2d:dd:b2:05:14:23:54:84:aa:70:a3:
                    98:6e:7e:93:9d:05:38:c2:fa:32:07:7a:8b:e8:36:
                    8c:53:f1:c0:93:61:58:d6:57:a8:98:41:17:14:be:
                    dd:af:b5:a6:5e:ca:2f:d0:d1:b1:86:88:bc:fa:26:
                    b8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:EF:33:E0:F5:27:00:05:BF:15:06:77:D0:B1:B6:1B:F4:9A:0B:7E
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/lO8z4PUnAAW_FQZ30LG2G_SaC34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:2b:1a:87:d4:e3:6f:90:54:7b:b9:bc:5c:55:3f:92:f7:e5:
         23:e5:8c:09:d5:23:20:bd:df:fc:36:4a:e1:ac:f8:69:f4:96:
         4f:45:3f:75:b8:83:1f:10:8b:80:19:9f:00:80:e6:b5:7e:59:
         eb:43:33:a8:dc:09:d0:fd:14:7e:27:cc:a5:84:84:e4:0c:2c:
         c1:ed:a5:11:21:b0:aa:9c:0e:31:13:df:6a:9d:6d:7d:d4:af:
         1b:08:6a:00:8b:50:61:98:a4:2f:cc:8a:e9:d5:dd:a6:67:5c:
         a4:eb:d0:01:b3:9c:a2:13:12:56:2e:31:75:43:79:ad:31:be:
         9d:c1:2c:fc:50:05:18:49:93:bf:3c:27:39:1b:32:bf:38:38:
         71:53:4f:8f:96:ec:5d:c2:97:ba:71:9a:cd:71:a0:4d:c5:d7:
         6a:e4:67:6b:fc:65:02:a3:6e:73:67:5d:d8:d2:ee:ef:72:86:
         c8:8f:c8:98:9b:44:53:dd:86:ac:13:53:da:e9:f2:b0:ae:8c:
         2c:ec:dd:0a:b4:1b:b9:87:48:3c:3d:cd:69:8b:54:a4:5a:ac:
         97:a8:59:37:fe:40:26:1a:4c:dc:cd:44:73:57:d2:01:49:7b:
         0c:f0:e2:9f:0f:a2:09:31:84:df:6d:b1:70:c7:59:16:a4:84:
         78:9b:ef:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJgzzIVd3EFDPeZkNVbEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjUwMTAyMTc1MjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGVmMzNlMGY1MjcwMDA1YmYxNTA2NzdkMGIxYjYxYmY0OWEwYjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0O3/K8SJn2kRV7yYTK3vcQ1vngE
an0ixQ0PGc1DmSsyejygYC2+5uu/BA7nysDfnG1yyGplTPiJJy1aWTvltNSJP1wA
FRCBXJ9tujjSavR5wHAboabTH7C/Wn8UnIO3CNu78FkYul7NoyPj4AZqm1xcmx+J
qsrxxzhp0iiZgehqrsXpSxu6F3GZUDee3lnKGJv+0GVkJaf3al5UN1Mxa0NtHCqg
68R2dYpNr0Wqy26UOET26OWAsPj/DqgcTKtDuaHYn8ibLd2yBRQjVISqcKOYbn6T
nQU4wvoyB3qL6DaMU/HAk2FY1leomEEXFL7dr7WmXsov0NGxhoi8+ia4rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTvM+D1JwAFvxUGd9Cxthv0mgt+MB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvbE84ejRQVW5BQVdfRlFaMzBMRzJHX1NhQzM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+HgMA0G
CSqGSIb3DQEBCwUAA4IBAQBiKxqH1ONvkFR7ubxcVT+S9+Uj5YwJ1SMgvd/8Nkrh
rPhp9JZPRT91uIMfEIuAGZ8AgOa1flnrQzOo3AnQ/RR+J8ylhITkDCzB7aURIbCq
nA4xE99qnW191K8bCGoAi1BhmKQvzIrp1d2mZ1yk69ABs5yiExJWLjF1Q3mtMb6d
wSz8UAUYSZO/PCc5GzK/ODhxU0+Pluxdwpe6cZrNcaBNxddq5Gdr/GUCo25zZ13Y
0u7vcobIj8iYm0RT3YasE1Pa6fKwrows7N0KtBu5h0g8Pc1pi1SkWqyXqFk3/kAm
GkzczURzV9IBSXsM8OKfD6IJMYTfbbFwx1kWpIR4m+/i
-----END CERTIFICATE-----