Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/eedb39-0385-4a98-8963-d348edea837b/1/57xao0M2AdqrH2enoUGayVFXdGY.roa
File:                     57xao0M2AdqrH2enoUGayVFXdGY.roa (raw, json)
Hash identifier:          aul3XKpu3FPCVY/zVFWyx2xUMjYZdpyFV6zqK4hIpg4=
Subject key identifier:   E7:BC:5A:A3:43:36:01:DA:AB:1F:67:A7:A1:41:9A:C9:51:57:74:66
Certificate issuer:       /CN=ed764edfdb1b821d5d25ac8b7a080a6a906fa6b0
Certificate serial:       019421B2370852660EBFC4A4759B862E94A1
Authority key identifier: ED:76:4E:DF:DB:1B:82:1D:5D:25:AC:8B:7A:08:0A:6A:90:6F:A6:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7XZO39sbgh1dJayLeggKapBvprA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/eedb39-0385-4a98-8963-d348edea837b/1/57xao0M2AdqrH2enoUGayVFXdGY.roa
Signing time:             Wed 01 Jan 2025 11:48:35 +0000
ROA not before:           Wed 01 Jan 2025 11:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47884
IP address blocks:        91.206.244.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/eedb39-0385-4a98-8963-d348edea837b/1/7XZO39sbgh1dJayLeggKapBvprA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/eedb39-0385-4a98-8963-d348edea837b/1/7XZO39sbgh1dJayLeggKapBvprA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7XZO39sbgh1dJayLeggKapBvprA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:37:08:52:66:0e:bf:c4:a4:75:9b:86:2e:94:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed764edfdb1b821d5d25ac8b7a080a6a906fa6b0
        Validity
            Not Before: Jan  1 11:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7bc5aa3433601daab1f67a7a1419ac951577466
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:5e:7b:7a:89:63:ee:ed:22:57:af:2b:6f:2a:
                    9f:6c:ec:2a:56:1f:70:e3:f4:d1:83:af:c6:7b:26:
                    3b:9d:f7:e9:2e:06:81:ae:24:14:30:f3:36:54:e9:
                    a5:05:76:cf:62:bb:c2:10:97:0e:ec:8a:9f:1a:35:
                    fe:e6:a1:67:be:ad:63:a4:0a:a1:40:c4:3b:2e:05:
                    f9:3f:33:57:27:64:0f:3e:d5:50:2e:fd:37:a9:c5:
                    f7:6f:4b:e6:5d:f0:24:b7:9c:ae:ce:b5:10:fa:91:
                    3e:a8:9d:d9:c5:14:20:31:7d:87:8e:49:0d:73:41:
                    49:86:fb:0c:0a:0c:00:5d:c5:f0:91:53:2f:f4:20:
                    f8:27:ea:ef:60:d9:57:b5:42:c2:aa:1f:f0:cd:67:
                    6f:bd:bd:83:a4:b0:95:0f:34:37:9f:d1:7d:bd:d9:
                    13:41:e1:e0:3a:f1:4f:37:c7:b8:1f:21:b5:85:a6:
                    63:0f:14:73:db:c4:9f:d3:a9:09:de:c9:7d:64:88:
                    44:d1:dc:b4:3a:05:df:28:83:e1:31:80:94:8c:21:
                    b2:12:26:9b:52:b3:3c:7c:78:bb:72:a2:d6:7a:98:
                    2c:50:cb:14:95:2a:91:e7:4c:6b:8d:11:2b:30:f8:
                    38:4e:b0:8b:41:82:d5:c5:6b:38:eb:52:c1:37:b4:
                    fa:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:BC:5A:A3:43:36:01:DA:AB:1F:67:A7:A1:41:9A:C9:51:57:74:66
            X509v3 Authority Key Identifier:
                keyid:ED:76:4E:DF:DB:1B:82:1D:5D:25:AC:8B:7A:08:0A:6A:90:6F:A6:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7XZO39sbgh1dJayLeggKapBvprA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/eedb39-0385-4a98-8963-d348edea837b/1/57xao0M2AdqrH2enoUGayVFXdGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/eedb39-0385-4a98-8963-d348edea837b/1/7XZO39sbgh1dJayLeggKapBvprA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         01:7c:20:49:1e:db:4b:35:24:b6:05:90:91:e9:96:ed:1a:dc:
         97:a0:00:c3:bb:0b:b1:1d:2a:cc:74:06:ee:5d:b0:d9:52:ae:
         48:8c:1b:a9:d3:01:24:d6:4f:8e:30:fa:d7:1e:8e:48:fc:be:
         78:0d:a5:1e:24:71:42:37:a2:38:aa:a9:21:32:0c:70:41:23:
         34:83:c9:e6:e9:40:97:95:59:67:57:22:41:14:fa:3e:e2:30:
         8a:84:61:cd:3e:a1:61:67:28:e5:33:f3:18:de:17:46:bf:63:
         78:e9:ea:dd:73:05:22:10:43:92:4f:18:b7:97:2e:55:5d:34:
         3a:bb:47:9d:e6:14:8d:31:f2:18:5a:5b:65:96:95:78:61:99:
         14:90:be:64:3f:2b:92:80:cf:1d:28:1b:c3:64:b2:5e:09:ac:
         f3:59:c8:7e:d9:0a:dd:3a:96:e2:b0:58:0f:86:d5:26:ee:5d:
         11:f2:75:de:84:02:72:68:07:51:df:c4:7e:58:30:d7:d6:4d:
         18:2f:be:b8:d3:74:b4:ef:29:3e:1f:d2:44:6a:9b:62:48:4c:
         8b:6e:ef:95:f5:de:b8:0c:b0:d6:1a:ad:29:bf:ce:0a:52:91:
         61:49:d5:7f:eb:32:e9:dc:0c:a2:bb:c3:4e:07:fb:d5:d0:c0:
         95:eb:be:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjcIUmYOv8SkdZuGLpShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNzY0ZWRmZGIxYjgyMWQ1ZDI1YWM4YjdhMDgwYTZhOTA2
ZmE2YjAwHhcNMjUwMTAxMTE0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlN2JjNWFhMzQzMzYwMWRhYWIxZjY3YTdhMTQxOWFjOTUxNTc3NDY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxl57eolj7u0iV68rbyqfbOwqVh9w
4/TRg6/GeyY7nffpLgaBriQUMPM2VOmlBXbPYrvCEJcO7IqfGjX+5qFnvq1jpAqh
QMQ7LgX5PzNXJ2QPPtVQLv03qcX3b0vmXfAkt5yuzrUQ+pE+qJ3ZxRQgMX2HjkkN
c0FJhvsMCgwAXcXwkVMv9CD4J+rvYNlXtULCqh/wzWdvvb2DpLCVDzQ3n9F9vdkT
QeHgOvFPN8e4HyG1haZjDxRz28Sf06kJ3sl9ZIhE0dy0OgXfKIPhMYCUjCGyEiab
UrM8fHi7cqLWepgsUMsUlSqR50xrjRErMPg4TrCLQYLVxWs461LBN7T6lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOe8WqNDNgHaqx9np6FBmslRV3RmMB8GA1UdIwQY
MBaAFO12Tt/bG4IdXSWsi3oICmqQb6awMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1haTzM5c2JnaDFkSmF5TGVnZ0thcEJ2cHJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9lZWRiMzktMDM4NS00YTk4LTg5NjMt
ZDM0OGVkZWE4MzdiLzEvNTd4YW8wTTJBZHFySDJlbm9VR2F5VkZYZEdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9lZWRiMzktMDM4NS00YTk4LTg5NjMtZDM0OGVkZWE4Mzdi
LzEvN1haTzM5c2JnaDFkSmF5TGVnZ0thcEJ2cHJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW870MA0G
CSqGSIb3DQEBCwUAA4IBAQABfCBJHttLNSS2BZCR6ZbtGtyXoADDuwuxHSrMdAbu
XbDZUq5IjBup0wEk1k+OMPrXHo5I/L54DaUeJHFCN6I4qqkhMgxwQSM0g8nm6UCX
lVlnVyJBFPo+4jCKhGHNPqFhZyjlM/MY3hdGv2N46erdcwUiEEOSTxi3ly5VXTQ6
u0ed5hSNMfIYWltllpV4YZkUkL5kPyuSgM8dKBvDZLJeCazzWch+2QrdOpbisFgP
htUm7l0R8nXehAJyaAdR38R+WDDX1k0YL76403S07yk+H9JEaptiSEyLbu+V9d64
DLDWGq0pv84KUpFhSdV/6zLp3Ayiu8NOB/vV0MCV6757
-----END CERTIFICATE-----