Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/8e80af-2d64-4784-8115-c5cefd98f621/1/1-DjrG4WtOf5mfvjc_0ex1qmM7_0.roa
File:                     1-DjrG4WtOf5mfvjc_0ex1qmM7_0.roa (raw, json)
Hash identifier:          hnXFvQKmTthNRY+MRdmK+ICiF4IvzT+rwNQnD35oyyk=
Subject key identifier:   F8:38:EB:1B:85:AD:39:FE:66:7E:F8:DC:FF:47:B1:D6:A9:8C:EF:FD
Certificate issuer:       /CN=46af6ca33534b8530b9f214ec8ea93dd25bd1fcf
Certificate serial:       0194266BF13B9F76D5A30E138592DA528BAE
Authority key identifier: 46:AF:6C:A3:35:34:B8:53:0B:9F:21:4E:C8:EA:93:DD:25:BD:1F:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rq9sozU0uFMLnyFOyOqT3SW9H88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/8e80af-2d64-4784-8115-c5cefd98f621/1/1-DjrG4WtOf5mfvjc_0ex1qmM7_0.roa
Signing time:             Thu 02 Jan 2025 09:49:55 +0000
ROA not before:           Thu 02 Jan 2025 09:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199070
IP address blocks:        91.242.170.0/23 maxlen: 23
                          91.242.170.0/24 maxlen: 24
                          91.242.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/8e80af-2d64-4784-8115-c5cefd98f621/1/Rq9sozU0uFMLnyFOyOqT3SW9H88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/8e80af-2d64-4784-8115-c5cefd98f621/1/Rq9sozU0uFMLnyFOyOqT3SW9H88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rq9sozU0uFMLnyFOyOqT3SW9H88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:f1:3b:9f:76:d5:a3:0e:13:85:92:da:52:8b:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46af6ca33534b8530b9f214ec8ea93dd25bd1fcf
        Validity
            Not Before: Jan  2 09:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f838eb1b85ad39fe667ef8dcff47b1d6a98ceffd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:65:b5:d5:4c:60:82:65:3b:79:4e:e0:01:73:
                    6d:80:46:40:33:12:a6:10:e7:34:6b:71:d2:be:7f:
                    09:e8:2f:10:01:ba:7a:22:b9:e1:30:b3:7c:7e:65:
                    8c:e0:c7:05:38:b3:52:e7:48:b6:b8:2d:c8:0d:1f:
                    d2:54:74:9f:2f:6a:cb:a4:e9:33:44:6d:de:d5:5e:
                    69:1d:9e:c8:3f:eb:45:1a:55:b2:0d:98:6b:be:6c:
                    89:9d:b6:e6:b2:24:d5:19:3b:85:65:14:24:be:4f:
                    d8:c5:49:92:84:bd:1b:ab:b7:cd:b3:07:0c:f4:9b:
                    7b:78:49:5b:40:dd:f2:bd:7c:09:94:8e:8b:bd:6e:
                    07:8d:55:b8:2f:f8:48:0a:bd:3f:a7:ed:12:8c:11:
                    66:9b:ec:ba:38:81:7d:e9:c8:42:3f:ca:8c:32:cd:
                    05:10:16:aa:8f:30:5c:42:ef:14:fe:c6:0d:38:03:
                    e3:81:cb:69:79:8b:ba:99:79:22:1a:45:4d:d4:f7:
                    c7:a0:04:00:22:53:fd:71:52:1a:05:7f:e2:18:4b:
                    24:27:72:a3:a6:c3:66:35:0f:59:ae:8d:ed:40:fa:
                    3f:4e:e2:44:bf:49:83:dd:7f:d4:83:e8:e3:d3:d8:
                    c7:6f:2d:53:f9:51:8b:a5:b6:71:1d:f1:fa:0c:ba:
                    f8:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:38:EB:1B:85:AD:39:FE:66:7E:F8:DC:FF:47:B1:D6:A9:8C:EF:FD
            X509v3 Authority Key Identifier:
                keyid:46:AF:6C:A3:35:34:B8:53:0B:9F:21:4E:C8:EA:93:DD:25:BD:1F:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rq9sozU0uFMLnyFOyOqT3SW9H88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/8e80af-2d64-4784-8115-c5cefd98f621/1/1-DjrG4WtOf5mfvjc_0ex1qmM7_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/8e80af-2d64-4784-8115-c5cefd98f621/1/Rq9sozU0uFMLnyFOyOqT3SW9H88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:61:d0:16:61:67:22:d8:d6:56:8e:d0:d6:e6:a8:77:bf:09:
         02:80:00:66:df:e5:ef:a4:f2:63:8f:3e:1f:4b:03:54:c9:57:
         05:5c:ba:3c:28:c5:e5:d0:db:96:58:44:5e:90:44:c1:bc:08:
         c4:e3:0f:8d:fa:5e:af:37:7e:02:fd:c3:cc:af:bd:b7:be:54:
         d3:75:d1:e1:bc:7b:c5:1b:05:3d:8d:86:a9:b5:16:c2:e5:0a:
         0a:89:a8:5b:a7:ae:a3:3c:b8:db:3a:ca:2a:0b:37:81:cc:93:
         e0:57:e2:0a:d0:a3:87:76:2a:a2:bc:69:52:81:be:bf:d5:98:
         f4:f6:17:dc:0a:ca:be:19:77:c3:9e:8a:e3:ec:6a:f4:89:60:
         6e:49:41:54:68:22:75:e0:e2:71:ad:c9:41:fb:9d:84:3c:29:
         27:a6:74:36:aa:a8:19:db:6b:0b:4e:b7:9b:33:6d:86:75:61:
         98:fa:7a:2f:58:78:93:f8:6f:ef:29:28:0f:7c:1e:9d:23:25:
         26:40:1a:7f:df:f8:10:46:2f:25:76:5c:af:84:c8:21:5a:0b:
         ab:c3:b7:15:fb:88:bc:e6:00:98:0e:20:2f:ba:f9:bc:54:48:
         6e:a9:b9:f5:d6:92:15:66:d5:92:c7:a5:4f:8c:96:2e:d8:c1:
         f5:4a:e2:a9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQma/E7n3bVow4ThZLaUouuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YWY2Y2EzMzUzNGI4NTMwYjlmMjE0ZWM4ZWE5M2RkMjVi
ZDFmY2YwHhcNMjUwMTAyMDk0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODM4ZWIxYjg1YWQzOWZlNjY3ZWY4ZGNmZjQ3YjFkNmE5OGNlZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2W11UxggmU7eU7gAXNtgEZAMxKm
EOc0a3HSvn8J6C8QAbp6IrnhMLN8fmWM4McFOLNS50i2uC3IDR/SVHSfL2rLpOkz
RG3e1V5pHZ7IP+tFGlWyDZhrvmyJnbbmsiTVGTuFZRQkvk/YxUmShL0bq7fNswcM
9Jt7eElbQN3yvXwJlI6LvW4HjVW4L/hICr0/p+0SjBFmm+y6OIF96chCP8qMMs0F
EBaqjzBcQu8U/sYNOAPjgctpeYu6mXkiGkVN1PfHoAQAIlP9cVIaBX/iGEskJ3Kj
psNmNQ9Zro3tQPo/TuJEv0mD3X/Ug+jj09jHby1T+VGLpbZxHfH6DLr4LwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPg46xuFrTn+Zn743P9HsdapjO/9MB8GA1UdIwQY
MBaAFEavbKM1NLhTC58hTsjqk90lvR/PMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnE5c296VTB1Rk1MbnlGT3lPcVQzU1c5SDg4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS84ZTgwYWYtMmQ2NC00Nzg0LTgxMTUt
YzVjZWZkOThmNjIxLzEvMS1EanJHNFd0T2Y1bWZ2amNfMGV4MXFtTTdfMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNmEvOGU4MGFmLTJkNjQtNDc4NC04MTE1LWM1Y2VmZDk4ZjYy
MS8xL1JxOXNvelUwdUZNTG55Rk95T3FUM1NXOUg4OC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAVvyqjAN
BgkqhkiG9w0BAQsFAAOCAQEAnGHQFmFnItjWVo7Q1uaod78JAoAAZt/l76TyY48+
H0sDVMlXBVy6PCjF5dDbllhEXpBEwbwIxOMPjfperzd+Av3DzK+9t75U03XR4bx7
xRsFPY2GqbUWwuUKComoW6euozy42zrKKgs3gcyT4FfiCtCjh3YqorxpUoG+v9WY
9PYX3ArKvhl3w56K4+xq9IlgbklBVGgideDica3JQfudhDwpJ6Z0NqqoGdtrC063
mzNthnVhmPp6L1h4k/hv7ykoD3wenSMlJkAaf9/4EEYvJXZcr4TIIVoLq8O3FfuI
vOYAmA4gL7r5vFRIbqm59daSFWbVkselT4yWLtjB9UriqQ==
-----END CERTIFICATE-----