Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/1LC0dyD00kv8E_n1OjhAkJTE9Mg.roa
File:                     1LC0dyD00kv8E_n1OjhAkJTE9Mg.roa (raw, json)
Hash identifier:          3MFjBxWOk0fq4hLcLajIgBilcjWSlDvQAatSzU2ufc0=
Subject key identifier:   D4:B0:B4:77:20:F4:D2:4B:FC:13:F9:F5:3A:38:40:90:94:C4:F4:C8
Certificate issuer:       /CN=49ba079b7f0216a6f6673c971c2afadd5ae942ea
Certificate serial:       01942143BA7CEDC14764462808DC1155B9D2
Authority key identifier: 49:BA:07:9B:7F:02:16:A6:F6:67:3C:97:1C:2A:FA:DD:5A:E9:42:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SboHm38CFqb2ZzyXHCr63VrpQuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/1LC0dyD00kv8E_n1OjhAkJTE9Mg.roa
Signing time:             Wed 01 Jan 2025 09:47:54 +0000
ROA not before:           Wed 01 Jan 2025 09:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213139
IP address blocks:        91.218.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/SboHm38CFqb2ZzyXHCr63VrpQuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/SboHm38CFqb2ZzyXHCr63VrpQuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SboHm38CFqb2ZzyXHCr63VrpQuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ba:7c:ed:c1:47:64:46:28:08:dc:11:55:b9:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49ba079b7f0216a6f6673c971c2afadd5ae942ea
        Validity
            Not Before: Jan  1 09:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d4b0b47720f4d24bfc13f9f53a38409094c4f4c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:72:08:f5:a4:ac:23:74:05:be:72:17:6c:45:
                    9b:f6:2f:4c:e3:9c:a6:f1:db:47:50:a2:92:34:f4:
                    39:7f:04:b2:fd:68:20:58:58:3c:bc:ef:a7:17:88:
                    47:b9:11:6e:0e:e9:2d:eb:6b:69:6d:0c:c8:df:ae:
                    76:60:f8:e4:d3:09:ed:5a:95:1f:df:2e:a6:b5:e2:
                    a3:7b:71:17:1a:ad:b6:c0:62:45:b1:39:51:e5:57:
                    59:c3:c4:5b:37:cf:88:28:94:1c:7c:88:d0:5d:56:
                    bc:36:80:63:19:c9:0e:4b:07:79:6d:04:fa:68:1d:
                    fe:a1:e7:4f:d5:02:13:7b:9b:28:3a:16:b2:35:15:
                    07:5d:cf:5c:2e:93:41:ce:a5:b4:1e:4d:df:68:e1:
                    a6:88:9b:99:09:b2:1c:3b:92:bd:ed:d5:9c:25:0b:
                    ce:66:5b:fe:72:f1:a4:09:d2:55:bb:27:0e:ac:46:
                    1f:36:17:2e:4b:d1:2b:f0:af:d1:e1:24:f1:50:be:
                    50:cd:ec:ea:29:9a:51:7a:98:15:01:0d:93:28:12:
                    ff:d9:cf:01:19:54:43:03:ae:4a:b9:f9:dd:47:0a:
                    cc:45:34:9c:95:09:02:9b:a8:dc:4c:93:9e:a7:50:
                    d9:05:ab:26:0c:f2:36:54:bc:41:b1:14:07:40:ab:
                    6b:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:B0:B4:77:20:F4:D2:4B:FC:13:F9:F5:3A:38:40:90:94:C4:F4:C8
            X509v3 Authority Key Identifier:
                keyid:49:BA:07:9B:7F:02:16:A6:F6:67:3C:97:1C:2A:FA:DD:5A:E9:42:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SboHm38CFqb2ZzyXHCr63VrpQuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/1LC0dyD00kv8E_n1OjhAkJTE9Mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/cb5f21-b9df-40db-b566-3e3cd95a5c2e/1/SboHm38CFqb2ZzyXHCr63VrpQuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:14:2e:65:81:7c:60:31:75:23:e4:f3:14:e2:0b:04:a4:36:
         b0:04:65:ab:38:b5:54:38:ab:7b:bc:50:38:2f:3a:ea:35:c3:
         5f:37:3e:b3:37:86:de:e5:5b:ba:24:f6:97:ea:99:fc:a7:ad:
         60:01:94:03:c1:8c:ce:a7:bd:52:d1:38:e8:35:a6:25:11:a0:
         bc:39:21:61:5c:a0:74:18:d5:64:00:37:28:ce:20:d1:9a:15:
         7f:38:b8:86:a8:3c:93:78:ff:89:50:e0:3e:b9:e2:38:3e:2b:
         05:f6:d0:e8:e3:77:e3:ec:94:bb:92:eb:67:19:c4:d9:74:0a:
         75:93:25:ef:e7:ef:63:e2:31:f5:ed:14:5f:b0:31:41:e8:59:
         08:71:b4:4d:61:84:56:fa:6d:29:fd:01:28:85:4b:68:b1:18:
         dc:10:17:8b:bc:df:c3:b3:01:41:34:7e:95:28:6c:db:50:11:
         41:f4:70:81:ca:88:55:3f:3d:e0:11:6a:6a:cd:cf:39:6f:9f:
         7a:41:29:03:ac:98:08:fc:2c:1a:36:5f:c4:ef:82:21:ce:3e:
         07:5d:af:c9:01:8a:a0:2c:f2:02:59:80:93:47:07:b8:2b:9f:
         9a:c7:6f:f6:6a:5f:80:1f:1b:88:1d:db:36:66:d8:fd:dd:1d:
         29:3c:01:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ7p87cFHZEYoCNwRVbnSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YmEwNzliN2YwMjE2YTZmNjY3M2M5NzFjMmFmYWRkNWFl
OTQyZWEwHhcNMjUwMTAxMDk0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGIwYjQ3NzIwZjRkMjRiZmMxM2Y5ZjUzYTM4NDA5MDk0YzRmNGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnII9aSsI3QFvnIXbEWb9i9M45ym
8dtHUKKSNPQ5fwSy/WggWFg8vO+nF4hHuRFuDukt62tpbQzI3652YPjk0wntWpUf
3y6mteKje3EXGq22wGJFsTlR5VdZw8RbN8+IKJQcfIjQXVa8NoBjGckOSwd5bQT6
aB3+oedP1QITe5soOhayNRUHXc9cLpNBzqW0Hk3faOGmiJuZCbIcO5K97dWcJQvO
Zlv+cvGkCdJVuycOrEYfNhcuS9Er8K/R4STxUL5QzezqKZpRepgVAQ2TKBL/2c8B
GVRDA65KufndRwrMRTSclQkCm6jcTJOep1DZBasmDPI2VLxBsRQHQKtrpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNSwtHcg9NJL/BP59To4QJCUxPTIMB8GA1UdIwQY
MBaAFEm6B5t/Aham9mc8lxwq+t1a6ULqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2JvSG0zOENGcWIyWnp5WEhDcjYzVnJwUXVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9jYjVmMjEtYjlkZi00MGRiLWI1NjYt
M2UzY2Q5NWE1YzJlLzEvMUxDMGR5RDAwa3Y4RV9uMU9qaEFrSlRFOU1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9jYjVmMjEtYjlkZi00MGRiLWI1NjYtM2UzY2Q5NWE1YzJl
LzEvU2JvSG0zOENGcWIyWnp5WEhDcjYzVnJwUXVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9o4MA0G
CSqGSIb3DQEBCwUAA4IBAQAmFC5lgXxgMXUj5PMU4gsEpDawBGWrOLVUOKt7vFA4
LzrqNcNfNz6zN4be5Vu6JPaX6pn8p61gAZQDwYzOp71S0TjoNaYlEaC8OSFhXKB0
GNVkADcoziDRmhV/OLiGqDyTeP+JUOA+ueI4PisF9tDo43fj7JS7kutnGcTZdAp1
kyXv5+9j4jH17RRfsDFB6FkIcbRNYYRW+m0p/QEohUtosRjcEBeLvN/DswFBNH6V
KGzbUBFB9HCByohVPz3gEWpqzc85b596QSkDrJgI/CwaNl/E74Ihzj4HXa/JAYqg
LPICWYCTRwe4K5+ax2/2al+AHxuIHds2Ztj93R0pPAH6
-----END CERTIFICATE-----