Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/8ad64a-057f-472a-89b1-5eef024d9a92/1/H0COiaXg1EPyNKPDom-EUSSKISY.roa
File:                     H0COiaXg1EPyNKPDom-EUSSKISY.roa (raw, json)
Hash identifier:          MIq94Fsgw9khyXovQNvHuap+wuDPe/60Pb4JAxZUi4w=
Subject key identifier:   1F:40:8E:89:A5:E0:D4:43:F2:34:A3:C3:A2:6F:84:51:24:8A:21:26
Certificate issuer:       /CN=1a5b7d43bb4c83e7c7d97ce07543a96d74c69fda
Certificate serial:       019427B55DAFE50A48C11B3F18AF201E8710
Authority key identifier: 1A:5B:7D:43:BB:4C:83:E7:C7:D9:7C:E0:75:43:A9:6D:74:C6:9F:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Glt9Q7tMg-fH2XzgdUOpbXTGn9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/8ad64a-057f-472a-89b1-5eef024d9a92/1/H0COiaXg1EPyNKPDom-EUSSKISY.roa
Signing time:             Thu 02 Jan 2025 15:49:44 +0000
ROA not before:           Thu 02 Jan 2025 15:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197479
IP address blocks:        91.222.144.0/22 maxlen: 22
                          91.222.144.0/24 maxlen: 24
                          91.222.145.0/24 maxlen: 24
                          91.222.146.0/24 maxlen: 24
                          91.222.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/8ad64a-057f-472a-89b1-5eef024d9a92/1/Glt9Q7tMg-fH2XzgdUOpbXTGn9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/8ad64a-057f-472a-89b1-5eef024d9a92/1/Glt9Q7tMg-fH2XzgdUOpbXTGn9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Glt9Q7tMg-fH2XzgdUOpbXTGn9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:5d:af:e5:0a:48:c1:1b:3f:18:af:20:1e:87:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a5b7d43bb4c83e7c7d97ce07543a96d74c69fda
        Validity
            Not Before: Jan  2 15:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f408e89a5e0d443f234a3c3a26f8451248a2126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:63:df:b4:15:d8:8a:63:7a:26:88:b8:2d:06:
                    fa:f0:a8:14:6b:16:f2:5f:fe:f1:7d:e4:21:8d:22:
                    eb:7a:82:05:be:b8:df:ac:16:34:11:27:17:f1:8a:
                    7b:8c:70:b4:f1:0e:a8:4e:0b:0f:93:0e:48:ba:04:
                    99:ef:82:7b:aa:4c:12:4c:b8:05:f8:53:98:5e:0c:
                    13:0f:07:ec:95:8a:b1:d1:ea:2a:f8:b6:7b:17:a1:
                    58:11:b3:7d:e6:1f:79:e7:3e:13:bd:06:a2:89:a6:
                    d9:75:64:78:e6:7a:7b:b9:91:7f:a9:26:82:57:1c:
                    f0:54:56:68:fa:d7:ba:c8:f3:cf:b4:5b:9a:62:3a:
                    55:0b:81:26:ad:ec:69:51:47:87:9a:66:c7:ea:6b:
                    76:19:18:a6:77:c7:32:3e:7b:dc:fc:1d:21:ba:b0:
                    98:7f:43:f8:30:f1:20:d8:56:63:36:a9:62:a4:0f:
                    7f:44:a1:36:5e:c3:d5:e0:35:de:53:88:8f:44:60:
                    ce:a5:ac:15:35:fa:1f:ab:2c:b1:4d:aa:1c:40:e9:
                    77:c0:c4:3d:34:eb:ed:45:64:71:5f:d1:5d:e6:fa:
                    b2:4d:86:b1:34:36:a2:f4:20:d8:98:97:68:76:10:
                    d2:2e:02:53:f4:3c:3f:db:8d:80:b8:a2:39:5e:b3:
                    c9:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:40:8E:89:A5:E0:D4:43:F2:34:A3:C3:A2:6F:84:51:24:8A:21:26
            X509v3 Authority Key Identifier:
                keyid:1A:5B:7D:43:BB:4C:83:E7:C7:D9:7C:E0:75:43:A9:6D:74:C6:9F:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Glt9Q7tMg-fH2XzgdUOpbXTGn9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/8ad64a-057f-472a-89b1-5eef024d9a92/1/H0COiaXg1EPyNKPDom-EUSSKISY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/8ad64a-057f-472a-89b1-5eef024d9a92/1/Glt9Q7tMg-fH2XzgdUOpbXTGn9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8a:68:21:e3:24:9c:e1:cf:7f:0d:d4:f1:b1:df:de:41:72:20:
         6a:a1:41:b7:74:f5:bf:8f:30:58:ed:0a:17:6d:0b:b5:20:c3:
         05:5a:b1:b0:1b:74:ca:78:1d:f3:e9:06:81:29:00:70:fb:42:
         80:91:d7:50:b8:82:3a:4e:dc:aa:a6:b6:86:09:c1:06:5a:cb:
         a2:74:2c:9d:16:fb:e0:cc:d9:ed:70:4e:2b:28:0f:a2:97:70:
         d0:3a:21:87:5a:25:f4:bf:97:a3:f9:7d:fa:98:26:72:b3:a9:
         b1:89:2a:0e:f3:5b:b3:a6:55:96:70:c5:fd:e9:79:0f:10:4e:
         23:02:a4:37:ab:ef:14:3d:c9:98:9b:2b:b5:7b:4b:fd:1a:2e:
         25:0f:89:63:5d:f1:86:99:f9:e4:f1:25:08:12:c6:a9:02:c0:
         b8:f0:a9:b4:6c:21:59:4b:c7:1a:e9:19:85:d1:41:3f:7e:c8:
         e2:cf:5e:1b:4a:48:b5:9b:0c:f6:92:87:6e:98:36:15:69:75:
         76:62:e2:0c:31:25:0b:b5:02:ea:c8:04:9c:65:8a:b7:7f:6e:
         cc:ea:38:f1:b7:ad:81:d1:a0:01:cb:5a:d5:4a:0d:ed:bd:11:
         4a:db:d2:e2:71:41:42:5f:e2:a9:72:dd:3f:2c:c7:bc:a0:c4:
         90:8f:ec:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntV2v5QpIwRs/GK8gHocQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNWI3ZDQzYmI0YzgzZTdjN2Q5N2NlMDc1NDNhOTZkNzRj
NjlmZGEwHhcNMjUwMTAyMTU0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjQwOGU4OWE1ZTBkNDQzZjIzNGEzYzNhMjZmODQ1MTI0OGEyMTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2PftBXYimN6Joi4LQb68KgUaxby
X/7xfeQhjSLreoIFvrjfrBY0EScX8Yp7jHC08Q6oTgsPkw5IugSZ74J7qkwSTLgF
+FOYXgwTDwfslYqx0eoq+LZ7F6FYEbN95h955z4TvQaiiabZdWR45np7uZF/qSaC
VxzwVFZo+te6yPPPtFuaYjpVC4EmrexpUUeHmmbH6mt2GRimd8cyPnvc/B0hurCY
f0P4MPEg2FZjNqlipA9/RKE2XsPV4DXeU4iPRGDOpawVNfofqyyxTaocQOl3wMQ9
NOvtRWRxX9Fd5vqyTYaxNDai9CDYmJdodhDSLgJT9Dw/242AuKI5XrPJQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB9Ajoml4NRD8jSjw6JvhFEkiiEmMB8GA1UdIwQY
MBaAFBpbfUO7TIPnx9l84HVDqW10xp/aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2x0OVE3dE1nLWZIMlh6Z2RVT3BiWFRHbjlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC84YWQ2NGEtMDU3Zi00NzJhLTg5YjEt
NWVlZjAyNGQ5YTkyLzEvSDBDT2lhWGcxRVB5TktQRG9tLUVVU1NLSVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC84YWQ2NGEtMDU3Zi00NzJhLTg5YjEtNWVlZjAyNGQ5YTky
LzEvR2x0OVE3dE1nLWZIMlh6Z2RVT3BiWFRHbjlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW96QMA0G
CSqGSIb3DQEBCwUAA4IBAQCKaCHjJJzhz38N1PGx395BciBqoUG3dPW/jzBY7QoX
bQu1IMMFWrGwG3TKeB3z6QaBKQBw+0KAkddQuII6TtyqpraGCcEGWsuidCydFvvg
zNntcE4rKA+il3DQOiGHWiX0v5ej+X36mCZys6mxiSoO81uzplWWcMX96XkPEE4j
AqQ3q+8UPcmYmyu1e0v9Gi4lD4ljXfGGmfnk8SUIEsapAsC48Km0bCFZS8ca6RmF
0UE/fsjiz14bSki1mwz2kodumDYVaXV2YuIMMSULtQLqyAScZYq3f27M6jjxt62B
0aABy1rVSg3tvRFK29LicUFCX+Kpct0/LMe8oMSQj+wA
-----END CERTIFICATE-----