Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/hDp1-1e9H-OB_XxdhBwbZmZOjwU.roa
File:                     hDp1-1e9H-OB_XxdhBwbZmZOjwU.roa (raw, json)
Hash identifier:          RlVKHFwEDLlyQQzASoSjM9hIAoQIeVOrf1r1UW38OlQ=
Subject key identifier:   84:3A:75:FB:57:BD:1F:E3:81:FD:7C:5D:84:1C:1B:66:66:4E:8F:05
Certificate issuer:       /CN=caece41cbc2c30626ef2a28d1839f2d6c4757f3f
Certificate serial:       019427483D66EE1318CE4C435F3CD81C3B22
Authority key identifier: CA:EC:E4:1C:BC:2C:30:62:6E:F2:A2:8D:18:39:F2:D6:C4:75:7F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yuzkHLwsMGJu8qKNGDny1sR1fz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/hDp1-1e9H-OB_XxdhBwbZmZOjwU.roa
Signing time:             Thu 02 Jan 2025 13:50:33 +0000
ROA not before:           Thu 02 Jan 2025 13:50:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198949
IP address blocks:        91.199.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/yuzkHLwsMGJu8qKNGDny1sR1fz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/yuzkHLwsMGJu8qKNGDny1sR1fz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yuzkHLwsMGJu8qKNGDny1sR1fz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:3d:66:ee:13:18:ce:4c:43:5f:3c:d8:1c:3b:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=caece41cbc2c30626ef2a28d1839f2d6c4757f3f
        Validity
            Not Before: Jan  2 13:50:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=843a75fb57bd1fe381fd7c5d841c1b66664e8f05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:c1:60:70:61:08:f4:02:12:ad:b7:04:ce:86:
                    29:67:17:42:24:98:a5:9e:78:43:32:20:0a:d0:2a:
                    93:02:dc:80:f0:d2:39:d8:4b:d3:fb:b4:e4:5c:0d:
                    e5:74:6c:cf:66:4b:29:03:a7:2a:be:b9:3d:30:01:
                    e8:df:e5:2f:0f:25:8a:4c:da:c1:b8:17:5a:8c:01:
                    c6:bc:6c:9f:f0:46:63:de:7d:3d:e0:ba:fd:b2:4c:
                    9c:c9:2b:ed:71:5f:d5:0b:1a:94:61:88:d1:b8:b9:
                    65:b3:b4:2e:68:d7:e3:45:fe:52:4c:20:47:8c:ae:
                    00:d7:4b:e2:b8:a9:69:2c:f8:67:e9:89:1f:3c:bd:
                    a6:d5:69:f8:44:93:c7:86:16:e3:4a:b5:d1:49:bf:
                    5c:da:fc:5c:96:f3:9a:27:f5:2a:88:19:f0:59:a7:
                    23:8f:43:58:6a:c8:74:fe:40:8e:8d:0d:cc:2b:87:
                    1b:aa:34:42:fc:49:51:c5:c8:94:88:31:b7:e9:d1:
                    ff:16:ae:e9:f7:fb:c5:d6:d8:14:e3:ce:d2:6b:f8:
                    2d:09:f6:6c:0a:e7:46:d0:3c:35:c8:7a:64:4c:66:
                    75:33:84:a0:69:28:9a:05:4a:83:03:9e:e5:56:e3:
                    e1:80:a2:27:25:d8:6b:22:ae:60:5c:72:66:48:c0:
                    da:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:3A:75:FB:57:BD:1F:E3:81:FD:7C:5D:84:1C:1B:66:66:4E:8F:05
            X509v3 Authority Key Identifier:
                keyid:CA:EC:E4:1C:BC:2C:30:62:6E:F2:A2:8D:18:39:F2:D6:C4:75:7F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yuzkHLwsMGJu8qKNGDny1sR1fz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/hDp1-1e9H-OB_XxdhBwbZmZOjwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/630cbe-ce01-464d-82eb-d851e40d57bf/1/yuzkHLwsMGJu8qKNGDny1sR1fz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:c8:68:bb:d9:5a:06:90:e8:de:89:4d:da:f8:48:e3:34:5f:
         9d:57:32:f6:56:42:88:b1:38:c2:0e:6d:1b:e0:02:d3:19:a8:
         8d:93:42:bc:49:71:14:81:1f:d0:00:80:f3:fc:06:3f:61:9a:
         10:ab:79:e3:1f:73:fb:5a:68:40:f4:68:97:aa:09:24:43:37:
         68:d8:2d:42:38:ec:3d:c5:7b:02:8d:41:13:fa:5c:df:03:61:
         35:e2:67:c4:6f:70:eb:ae:71:ed:d9:fc:60:12:b4:1a:ac:ff:
         17:e1:0d:54:90:10:86:78:3d:f6:85:cc:d1:b9:15:d1:e6:2c:
         b3:09:24:de:b2:cb:4c:5d:11:92:17:5f:e8:7d:79:6a:0f:b5:
         de:dc:65:f1:dc:a7:50:b7:19:91:93:79:45:74:1c:1a:7c:1f:
         d5:1f:86:21:44:a7:f1:75:dc:4a:24:59:65:f6:07:74:dd:f8:
         1f:b0:52:60:8d:af:7a:2f:a4:54:68:7c:79:be:9c:ad:f6:80:
         0c:0a:65:5b:55:7e:bd:0f:8b:11:36:25:19:04:51:f7:77:12:
         fa:00:21:d7:e1:ef:51:e5:ba:c7:44:33:36:9a:cf:fb:15:66:
         1f:ca:a7:54:6f:b2:b8:0c:3a:60:b2:c0:3d:1b:e4:88:70:c1:
         65:73:0c:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSD1m7hMYzkxDXzzYHDsiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZWNlNDFjYmMyYzMwNjI2ZWYyYTI4ZDE4MzlmMmQ2YzQ3
NTdmM2YwHhcNMjUwMTAyMTM1MDMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDNhNzVmYjU3YmQxZmUzODFmZDdjNWQ4NDFjMWI2NjY2NGU4ZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MFgcGEI9AISrbcEzoYpZxdCJJil
nnhDMiAK0CqTAtyA8NI52EvT+7TkXA3ldGzPZkspA6cqvrk9MAHo3+UvDyWKTNrB
uBdajAHGvGyf8EZj3n094Lr9skycySvtcV/VCxqUYYjRuLlls7QuaNfjRf5STCBH
jK4A10viuKlpLPhn6YkfPL2m1Wn4RJPHhhbjSrXRSb9c2vxclvOaJ/UqiBnwWacj
j0NYash0/kCOjQ3MK4cbqjRC/ElRxciUiDG36dH/Fq7p9/vF1tgU487Sa/gtCfZs
CudG0Dw1yHpkTGZ1M4SgaSiaBUqDA57lVuPhgKInJdhrIq5gXHJmSMDaLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQ6dftXvR/jgf18XYQcG2ZmTo8FMB8GA1UdIwQY
MBaAFMrs5By8LDBibvKijRg58tbEdX8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXV6a0hMd3NNR0p1OHFLTkdEbnkxc1IxZno4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC82MzBjYmUtY2UwMS00NjRkLTgyZWIt
ZDg1MWU0MGQ1N2JmLzEvaERwMS0xZTlILU9CX1h4ZGhCd2JabVpPandVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC82MzBjYmUtY2UwMS00NjRkLTgyZWItZDg1MWU0MGQ1N2Jm
LzEveXV6a0hMd3NNR0p1OHFLTkdEbnkxc1IxZno4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8etMA0G
CSqGSIb3DQEBCwUAA4IBAQCDyGi72VoGkOjeiU3a+EjjNF+dVzL2VkKIsTjCDm0b
4ALTGaiNk0K8SXEUgR/QAIDz/AY/YZoQq3njH3P7WmhA9GiXqgkkQzdo2C1COOw9
xXsCjUET+lzfA2E14mfEb3DrrnHt2fxgErQarP8X4Q1UkBCGeD32hczRuRXR5iyz
CSTesstMXRGSF1/ofXlqD7Xe3GXx3KdQtxmRk3lFdBwafB/VH4YhRKfxddxKJFll
9gd03fgfsFJgja96L6RUaHx5vpyt9oAMCmVbVX69D4sRNiUZBFH3dxL6ACHX4e9R
5brHRDM2ms/7FWYfyqdUb7K4DDpgssA9G+SIcMFlcwyt
-----END CERTIFICATE-----