Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/0e4f6c-5128-46f9-b3f3-8b82c20293a1/1/5zhQ3B9hLH2ZPYsiKLmy8Rojvg0.roa
File:                     5zhQ3B9hLH2ZPYsiKLmy8Rojvg0.roa (raw, json)
Hash identifier:          KI1hydbtzIhfdYk8QexN8+EHwEo9bPdSN9gLtHnLO94=
Subject key identifier:   E7:38:50:DC:1F:61:2C:7D:99:3D:8B:22:28:B9:B2:F1:1A:23:BE:0D
Certificate issuer:       /CN=792c5d8c32caa4662316858c65bebe12c861ad67
Certificate serial:       019420D6298C1E11A7CD48178ADC012268CF
Authority key identifier: 79:2C:5D:8C:32:CA:A4:66:23:16:85:8C:65:BE:BE:12:C8:61:AD:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eSxdjDLKpGYjFoWMZb6-EshhrWc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/0e4f6c-5128-46f9-b3f3-8b82c20293a1/1/5zhQ3B9hLH2ZPYsiKLmy8Rojvg0.roa
Signing time:             Wed 01 Jan 2025 07:48:13 +0000
ROA not before:           Wed 01 Jan 2025 07:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49672
IP address blocks:        91.212.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/0e4f6c-5128-46f9-b3f3-8b82c20293a1/1/eSxdjDLKpGYjFoWMZb6-EshhrWc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/0e4f6c-5128-46f9-b3f3-8b82c20293a1/1/eSxdjDLKpGYjFoWMZb6-EshhrWc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eSxdjDLKpGYjFoWMZb6-EshhrWc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:29:8c:1e:11:a7:cd:48:17:8a:dc:01:22:68:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=792c5d8c32caa4662316858c65bebe12c861ad67
        Validity
            Not Before: Jan  1 07:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e73850dc1f612c7d993d8b2228b9b2f11a23be0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:33:9f:3d:64:09:5f:a6:1d:ab:50:6e:46:b8:
                    8b:c4:ef:47:0f:f3:10:bc:52:9e:3f:10:f1:8f:6f:
                    20:70:85:34:6a:b8:fd:13:b1:0c:cf:11:f2:f4:b0:
                    6f:16:ba:33:27:11:73:4b:34:55:bb:0e:81:38:fd:
                    c5:08:49:c2:93:1e:94:ba:7b:a6:f8:d7:b8:61:f7:
                    e0:74:8c:7d:f4:26:1f:53:46:fd:62:3c:cd:6c:a7:
                    ef:1f:1c:30:81:ae:b6:41:f8:81:a1:ae:54:2c:00:
                    c6:df:22:73:0d:6a:74:48:51:fa:2c:02:4f:42:bd:
                    72:60:a5:28:38:df:3e:9e:e8:2a:60:98:b9:04:62:
                    b2:92:de:35:6b:77:da:59:fa:a9:55:26:b0:8e:68:
                    6f:f3:a6:17:55:df:f7:b2:44:31:43:8c:b9:db:ef:
                    0c:64:b7:f9:ed:64:0e:a9:f6:c0:ec:8e:74:33:b3:
                    fe:ad:44:c6:ae:9b:f3:1d:b6:91:f2:ba:b5:ac:ab:
                    ee:31:07:3e:69:c5:e6:d5:59:9f:20:73:57:7a:d7:
                    67:a0:85:79:ef:67:39:52:5b:17:a1:c8:76:cc:d1:
                    c3:34:77:2b:c9:95:2b:be:7a:75:16:2a:e5:aa:9a:
                    ea:60:9e:3d:ce:93:75:17:42:28:62:5c:0c:fd:35:
                    65:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:38:50:DC:1F:61:2C:7D:99:3D:8B:22:28:B9:B2:F1:1A:23:BE:0D
            X509v3 Authority Key Identifier:
                keyid:79:2C:5D:8C:32:CA:A4:66:23:16:85:8C:65:BE:BE:12:C8:61:AD:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eSxdjDLKpGYjFoWMZb6-EshhrWc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0e4f6c-5128-46f9-b3f3-8b82c20293a1/1/5zhQ3B9hLH2ZPYsiKLmy8Rojvg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/0e4f6c-5128-46f9-b3f3-8b82c20293a1/1/eSxdjDLKpGYjFoWMZb6-EshhrWc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:41:cb:14:3e:11:4a:dc:f9:46:06:75:e9:24:01:f2:81:bd:
         9f:53:b6:d3:08:55:4f:a5:0b:bb:89:d4:30:5d:91:11:4a:b9:
         c9:5d:27:83:38:de:37:37:ac:dc:d4:bf:a2:8d:db:73:8e:da:
         dd:cc:35:81:ba:7f:7d:12:35:19:d6:53:60:56:d0:bd:d2:9a:
         cb:e7:49:3c:a7:a6:5e:97:57:2c:35:0e:ce:f4:70:57:bb:ea:
         a8:37:c0:49:6c:bd:91:06:39:a1:de:0a:73:f8:24:c8:67:d6:
         01:3d:2c:58:fd:27:fe:fe:a2:a6:23:ae:56:56:fa:55:63:80:
         05:af:6d:1f:49:a8:ca:dd:8f:04:d5:59:00:33:d0:53:db:19:
         ee:2d:42:69:a4:d3:4d:1d:c6:0e:65:39:c0:07:db:80:cd:c2:
         84:d6:25:b1:7f:5a:aa:e0:85:30:9a:5f:09:ef:6b:69:e9:67:
         b5:3f:98:9f:08:83:1f:ae:f1:fa:ad:03:f2:bc:51:7f:fc:7f:
         65:88:2d:b0:90:be:0b:67:1d:8b:fa:2d:62:59:8e:ad:07:a4:
         e7:98:cb:56:56:99:1f:81:ca:76:12:30:cb:52:35:0a:b9:c9:
         c9:f8:ba:12:86:24:20:e4:18:0e:d4:6d:fc:00:92:26:ef:15:
         d4:8c:b8:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1imMHhGnzUgXitwBImjPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5MmM1ZDhjMzJjYWE0NjYyMzE2ODU4YzY1YmViZTEyYzg2
MWFkNjcwHhcNMjUwMTAxMDc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzM4NTBkYzFmNjEyYzdkOTkzZDhiMjIyOGI5YjJmMTFhMjNiZTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TOfPWQJX6Ydq1BuRriLxO9HD/MQ
vFKePxDxj28gcIU0arj9E7EMzxHy9LBvFrozJxFzSzRVuw6BOP3FCEnCkx6Uunum
+Ne4YffgdIx99CYfU0b9YjzNbKfvHxwwga62QfiBoa5ULADG3yJzDWp0SFH6LAJP
Qr1yYKUoON8+nugqYJi5BGKykt41a3faWfqpVSawjmhv86YXVd/3skQxQ4y52+8M
ZLf57WQOqfbA7I50M7P+rUTGrpvzHbaR8rq1rKvuMQc+acXm1VmfIHNXetdnoIV5
72c5UlsXoch2zNHDNHcryZUrvnp1FirlqprqYJ49zpN1F0IoYlwM/TVldQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOc4UNwfYSx9mT2LIii5svEaI74NMB8GA1UdIwQY
MBaAFHksXYwyyqRmIxaFjGW+vhLIYa1nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVN4ZGpETEtwR1lqRm9XTVpiNi1Fc2hocldjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8wZTRmNmMtNTEyOC00NmY5LWIzZjMt
OGI4MmMyMDI5M2ExLzEvNXpoUTNCOWhMSDJaUFlzaUtMbXk4Um9qdmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8wZTRmNmMtNTEyOC00NmY5LWIzZjMtOGI4MmMyMDI5M2Ex
LzEvZVN4ZGpETEtwR1lqRm9XTVpiNi1Fc2hocldjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9SyMA0G
CSqGSIb3DQEBCwUAA4IBAQCeQcsUPhFK3PlGBnXpJAHygb2fU7bTCFVPpQu7idQw
XZERSrnJXSeDON43N6zc1L+ijdtzjtrdzDWBun99EjUZ1lNgVtC90prL50k8p6Ze
l1csNQ7O9HBXu+qoN8BJbL2RBjmh3gpz+CTIZ9YBPSxY/Sf+/qKmI65WVvpVY4AF
r20fSajK3Y8E1VkAM9BT2xnuLUJppNNNHcYOZTnAB9uAzcKE1iWxf1qq4IUwml8J
72tp6We1P5ifCIMfrvH6rQPyvFF//H9liC2wkL4LZx2L+i1iWY6tB6TnmMtWVpkf
gcp2EjDLUjUKucnJ+LoShiQg5BgO1G38AJIm7xXUjLh/
-----END CERTIFICATE-----