Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/h9d0ktI5MHIktnWrhY2zneTKIew.roa
File:                     h9d0ktI5MHIktnWrhY2zneTKIew.roa (raw, json)
Hash identifier:          9qkOa4Wd+V/Z+xQC2CIhkz1VoRa5qCsYXEwwfKMwhGQ=
Subject key identifier:   87:D7:74:92:D2:39:30:72:24:B6:75:AB:85:8D:B3:9D:E4:CA:21:EC
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0194221FDAD18B4A101687AE72612B981E00
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/h9d0ktI5MHIktnWrhY2zneTKIew.roa
Signing time:             Wed 01 Jan 2025 13:48:20 +0000
ROA not before:           Wed 01 Jan 2025 13:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        91.103.124.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:da:d1:8b:4a:10:16:87:ae:72:61:2b:98:1e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jan  1 13:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87d77492d239307224b675ab858db39de4ca21ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5f:c8:13:43:19:5c:c7:e3:95:e5:85:08:42:
                    dd:92:ec:fb:19:ee:e0:0e:13:5a:30:53:e3:cd:da:
                    50:bc:1c:b2:b9:1a:b6:17:53:4f:2a:ae:ba:50:8e:
                    73:0e:3f:6b:00:bf:65:f5:12:73:01:83:41:c5:e3:
                    16:00:4e:d5:4b:13:93:82:a7:b5:34:0b:65:8c:29:
                    42:2f:cd:e0:ab:bb:13:cf:5e:64:c3:44:3f:1c:9c:
                    5f:1f:a0:95:bb:2d:38:14:9b:c7:aa:bc:fa:28:0c:
                    ad:92:78:a3:92:cd:7d:0c:5f:8d:3b:36:3a:e6:28:
                    7c:9a:06:e3:44:cf:55:81:e0:7e:6d:59:a4:09:b6:
                    c1:78:23:b3:c2:7b:67:22:5d:63:5b:e1:a9:cc:d7:
                    f2:76:e2:a1:43:63:d2:6e:13:89:a6:04:a3:ab:57:
                    37:1f:05:10:77:26:56:00:c8:05:a9:9b:20:c1:4f:
                    7c:05:b1:bb:2f:56:2c:77:ab:03:25:ce:e4:0f:98:
                    f0:36:96:57:88:1c:c1:30:d3:69:cd:c0:bf:86:82:
                    a7:ad:c2:ee:19:7e:d7:99:ed:d3:f7:a7:31:fe:fe:
                    12:67:c3:99:df:6e:43:9b:30:3b:bc:1e:8f:e9:be:
                    80:67:b6:ca:70:47:50:35:8e:08:61:a4:6e:81:27:
                    de:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:D7:74:92:D2:39:30:72:24:B6:75:AB:85:8D:B3:9D:E4:CA:21:EC
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/h9d0ktI5MHIktnWrhY2zneTKIew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:45:1b:d2:a1:22:cb:ac:0d:07:05:65:24:9c:52:50:a5:63:
         97:22:93:03:4f:d1:1b:a1:01:34:1d:39:ef:fd:ce:e4:dc:35:
         14:67:b7:f7:16:b4:14:af:4b:06:cc:32:ee:e5:26:db:50:5a:
         90:f7:8b:19:e4:86:c5:3c:37:f4:7a:cc:0b:27:b4:1d:33:67:
         4f:8c:d0:f6:82:ff:2c:81:d8:ee:80:ca:d3:c3:eb:d7:8f:9e:
         f0:f0:ae:ef:44:b3:ee:09:a1:72:a5:32:e1:ab:67:d5:7d:e9:
         cf:26:94:49:bf:3a:b8:ae:48:41:f4:8b:2b:ce:86:57:13:11:
         de:28:49:01:28:ca:55:fe:e2:e0:e9:85:fe:cd:5c:f6:b9:c5:
         d8:6a:8f:df:40:8d:2c:5d:68:7a:9c:10:9f:52:ab:78:90:2b:
         b8:2a:f2:14:d8:39:ef:d4:2a:0b:30:50:50:ed:2c:bb:77:fc:
         29:29:46:9b:ae:22:73:0f:8d:b1:81:3c:dc:1b:59:fe:82:a1:
         8e:dc:56:af:b0:bf:ed:87:e0:4b:e8:50:80:6c:83:57:1e:10:
         81:7b:83:14:42:2f:d4:9c:42:0e:5c:77:04:80:fc:81:c0:5d:
         7f:13:73:00:9c:01:b7:98:59:97:18:40:3c:ee:2b:e2:e6:ac:
         5a:a7:89:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9rRi0oQFoeucmErmB4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjUwMTAxMTM0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2Q3NzQ5MmQyMzkzMDcyMjRiNjc1YWI4NThkYjM5ZGU0Y2EyMWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl/IE0MZXMfjleWFCELdkuz7Ge7g
DhNaMFPjzdpQvByyuRq2F1NPKq66UI5zDj9rAL9l9RJzAYNBxeMWAE7VSxOTgqe1
NAtljClCL83gq7sTz15kw0Q/HJxfH6CVuy04FJvHqrz6KAytknijks19DF+NOzY6
5ih8mgbjRM9VgeB+bVmkCbbBeCOzwntnIl1jW+GpzNfyduKhQ2PSbhOJpgSjq1c3
HwUQdyZWAMgFqZsgwU98BbG7L1Ysd6sDJc7kD5jwNpZXiBzBMNNpzcC/hoKnrcLu
GX7Xme3T96cx/v4SZ8OZ325DmzA7vB6P6b6AZ7bKcEdQNY4IYaRugSfesQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIfXdJLSOTByJLZ1q4WNs53kyiHsMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvaDlkMGt0STVNSElrdG5XcmhZMnpuZVRLSWV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2d8MA0G
CSqGSIb3DQEBCwUAA4IBAQB8RRvSoSLLrA0HBWUknFJQpWOXIpMDT9EboQE0HTnv
/c7k3DUUZ7f3FrQUr0sGzDLu5SbbUFqQ94sZ5IbFPDf0eswLJ7QdM2dPjND2gv8s
gdjugMrTw+vXj57w8K7vRLPuCaFypTLhq2fVfenPJpRJvzq4rkhB9IsrzoZXExHe
KEkBKMpV/uLg6YX+zVz2ucXYao/fQI0sXWh6nBCfUqt4kCu4KvIU2Dnv1CoLMFBQ
7Sy7d/wpKUabriJzD42xgTzcG1n+gqGO3FavsL/th+BL6FCAbINXHhCBe4MUQi/U
nEIOXHcEgPyBwF1/E3MAnAG3mFmXGEA87ivi5qxap4nJ
-----END CERTIFICATE-----