Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/PxyIfomodD9RHY4nPMUQ_8FG_F0.roa
File:                     PxyIfomodD9RHY4nPMUQ_8FG_F0.roa (raw, json)
Hash identifier:          GQBwkJMiYlMRNPb5m5PsI1lq6MhgUy7JaZpjCwR+Ch8=
Subject key identifier:   3F:1C:88:7E:89:A8:74:3F:51:1D:8E:27:3C:C5:10:FF:C1:46:FC:5D
Certificate issuer:       /CN=6951d4551d26a51c0f92b77c2d378fb34758b877
Certificate serial:       0194252180D3BF92C3022EA838610C752556
Authority key identifier: 69:51:D4:55:1D:26:A5:1C:0F:92:B7:7C:2D:37:8F:B3:47:58:B8:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aVHUVR0mpRwPkrd8LTePs0dYuHc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/PxyIfomodD9RHY4nPMUQ_8FG_F0.roa
Signing time:             Thu 02 Jan 2025 03:49:00 +0000
ROA not before:           Thu 02 Jan 2025 03:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196658
IP address blocks:        91.213.102.0/24 maxlen: 24
                          146.0.88.0/21 maxlen: 21
                          185.195.88.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/aVHUVR0mpRwPkrd8LTePs0dYuHc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/aVHUVR0mpRwPkrd8LTePs0dYuHc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aVHUVR0mpRwPkrd8LTePs0dYuHc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:80:d3:bf:92:c3:02:2e:a8:38:61:0c:75:25:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6951d4551d26a51c0f92b77c2d378fb34758b877
        Validity
            Not Before: Jan  2 03:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f1c887e89a8743f511d8e273cc510ffc146fc5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3c:78:5d:70:28:d2:bf:02:7c:fd:dc:c1:5f:
                    8f:ab:e2:af:46:06:69:49:86:1a:71:4f:fe:b1:66:
                    e0:09:9c:ed:f3:f3:98:83:17:2c:be:44:4a:cf:54:
                    ef:06:4a:7c:9b:08:38:a5:b8:47:c3:89:c3:f3:f0:
                    e1:aa:75:76:b6:1f:50:27:dc:40:da:3e:6d:dc:66:
                    0e:c2:97:66:40:e2:18:fc:cc:fa:bd:28:fa:75:37:
                    7d:d5:3b:cf:35:3e:cc:d6:7d:7a:76:d9:a3:3a:ab:
                    cb:9b:09:ff:04:ac:9a:eb:bf:7d:90:ea:e6:50:cd:
                    11:c2:2d:f0:50:ca:31:c8:ad:fc:5a:9e:c9:89:62:
                    71:1d:72:1f:83:bc:fb:83:9a:82:7f:43:82:aa:c8:
                    e7:3f:4e:a9:f2:ee:24:64:e4:43:f3:49:c3:c6:5d:
                    d6:48:74:da:36:86:16:f9:b0:72:7f:77:0a:5d:a3:
                    77:d8:1f:77:48:99:a0:49:53:c4:3a:71:9a:6e:85:
                    b1:0c:c1:2a:68:0e:01:43:f9:47:9e:6b:68:fe:72:
                    b6:d9:d8:56:8f:72:ea:12:2a:ea:f2:ad:1d:cc:05:
                    0b:48:a3:36:11:20:62:4a:1e:02:62:49:7b:6f:57:
                    69:81:18:c0:7d:20:b7:70:24:8b:a3:2e:c4:2b:68:
                    73:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:1C:88:7E:89:A8:74:3F:51:1D:8E:27:3C:C5:10:FF:C1:46:FC:5D
            X509v3 Authority Key Identifier:
                keyid:69:51:D4:55:1D:26:A5:1C:0F:92:B7:7C:2D:37:8F:B3:47:58:B8:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aVHUVR0mpRwPkrd8LTePs0dYuHc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/PxyIfomodD9RHY4nPMUQ_8FG_F0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/02610f-6913-4049-97f0-a2eda946ed29/1/aVHUVR0mpRwPkrd8LTePs0dYuHc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.102.0/24
                  146.0.88.0/21
                  185.195.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:2f:04:12:fc:ab:6d:16:8a:3a:d6:0e:0a:64:9b:60:a8:91:
         11:b2:19:51:6f:ae:ae:4c:76:8e:ec:18:98:4a:dd:00:16:f6:
         70:d9:72:64:2a:c9:fe:7f:6c:cf:4c:dd:f4:3f:1f:8b:73:40:
         df:3b:b0:02:ad:e5:21:60:63:24:58:c4:75:8a:2f:a0:ff:f2:
         f2:7d:2d:ff:1b:87:a9:ad:e5:17:28:6e:8a:85:61:60:c9:20:
         03:fc:de:6a:26:00:0b:66:9a:fd:f3:0c:12:c2:df:e3:76:17:
         2a:72:6d:2f:e9:08:1c:80:4f:0e:99:bd:1f:d8:f2:ac:5e:8b:
         29:db:a8:d9:6f:a2:48:5b:c8:28:c2:8b:63:a6:7c:7b:fe:7d:
         27:cf:7e:54:ca:42:6a:d3:d8:8e:55:b6:72:3f:a9:03:73:ec:
         3d:a0:e8:9f:c3:9d:d0:f1:15:1b:7e:e3:0d:39:91:51:e0:6b:
         b5:87:72:38:84:0b:cf:7a:b0:2f:b8:29:ca:7b:3d:84:c3:78:
         d7:3d:14:84:2d:5a:11:fb:92:51:21:bf:21:a4:3d:67:e5:e7:
         4e:d4:cd:56:a5:70:cb:3c:85:60:f0:5a:79:fc:00:43:72:86:
         77:6f:e3:7b:a8:5a:ce:be:16:32:31:22:e1:71:1c:ff:39:47:
         7a:38:cf:7c
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIYDTv5LDAi6oOGEMdSVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5NTFkNDU1MWQyNmE1MWMwZjkyYjc3YzJkMzc4ZmIzNDc1
OGI4NzcwHhcNMjUwMTAyMDM0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjFjODg3ZTg5YTg3NDNmNTExZDhlMjczY2M1MTBmZmMxNDZmYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTx4XXAo0r8CfP3cwV+Pq+KvRgZp
SYYacU/+sWbgCZzt8/OYgxcsvkRKz1TvBkp8mwg4pbhHw4nD8/DhqnV2th9QJ9xA
2j5t3GYOwpdmQOIY/Mz6vSj6dTd91TvPNT7M1n16dtmjOqvLmwn/BKya6799kOrm
UM0Rwi3wUMoxyK38Wp7JiWJxHXIfg7z7g5qCf0OCqsjnP06p8u4kZORD80nDxl3W
SHTaNoYW+bByf3cKXaN32B93SJmgSVPEOnGaboWxDMEqaA4BQ/lHnmto/nK22dhW
j3LqEirq8q0dzAULSKM2ESBiSh4CYkl7b1dpgRjAfSC3cCSLoy7EK2hzowIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD8ciH6JqHQ/UR2OJzzFEP/BRvxdMB8GA1UdIwQY
MBaAFGlR1FUdJqUcD5K3fC03j7NHWLh3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVZIVVZSMG1wUndQa3JkOExUZVBzMGRZdUhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wMjYxMGYtNjkxMy00MDQ5LTk3ZjAt
YTJlZGE5NDZlZDI5LzEvUHh5SWZvbW9kRDlSSFk0blBNVVFfOEZHX0YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wMjYxMGYtNjkxMy00MDQ5LTk3ZjAtYTJlZGE5NDZlZDI5
LzEvYVZIVVZSMG1wUndQa3JkOExUZVBzMGRZdUhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9VmAwQD
kgBYAwQCucNYMA0GCSqGSIb3DQEBCwUAA4IBAQClLwQS/KttFoo61g4KZJtgqJER
shlRb66uTHaO7BiYSt0AFvZw2XJkKsn+f2zPTN30Px+Lc0DfO7ACreUhYGMkWMR1
ii+g//LyfS3/G4epreUXKG6KhWFgySAD/N5qJgALZpr98wwSwt/jdhcqcm0v6Qgc
gE8Omb0f2PKsXosp26jZb6JIW8gowotjpnx7/n0nz35UykJq09iOVbZyP6kDc+w9
oOifw53Q8RUbfuMNOZFR4Gu1h3I4hAvPerAvuCnKez2Ew3jXPRSELVoR+5JRIb8h
pD1n5edO1M1WpXDLPIVg8Fp5/ABDcoZ3b+N7qFrOvhYyMSLhcRz/OUd6OM98
-----END CERTIFICATE-----