Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/452ba7-3c15-4bba-ad33-2571f7a2d25f/1/ig1FgJHLmhVp1HtQnDRiBOwALfo.roa
File:                     ig1FgJHLmhVp1HtQnDRiBOwALfo.roa (raw, json)
Hash identifier:          IlHHwWSfIB2n4wpeo6hZD+s1jPc54zsXsSO0r9HX6WY=
Subject key identifier:   8A:0D:45:80:91:CB:9A:15:69:D4:7B:50:9C:34:62:04:EC:00:2D:FA
Certificate issuer:       /CN=7df8282089e28766512133d4236af415a37bd3d2
Certificate serial:       019422FB7A23907A71895059A5AB3F3C8FD7
Authority key identifier: 7D:F8:28:20:89:E2:87:66:51:21:33:D4:23:6A:F4:15:A3:7B:D3:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ffgoIInih2ZRITPUI2r0FaN709I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/452ba7-3c15-4bba-ad33-2571f7a2d25f/1/ig1FgJHLmhVp1HtQnDRiBOwALfo.roa
Signing time:             Wed 01 Jan 2025 17:48:13 +0000
ROA not before:           Wed 01 Jan 2025 17:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49370
IP address blocks:        91.212.223.0/24 maxlen: 24
                          194.1.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/452ba7-3c15-4bba-ad33-2571f7a2d25f/1/ffgoIInih2ZRITPUI2r0FaN709I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/452ba7-3c15-4bba-ad33-2571f7a2d25f/1/ffgoIInih2ZRITPUI2r0FaN709I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ffgoIInih2ZRITPUI2r0FaN709I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 11:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:7a:23:90:7a:71:89:50:59:a5:ab:3f:3c:8f:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7df8282089e28766512133d4236af415a37bd3d2
        Validity
            Not Before: Jan  1 17:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a0d458091cb9a1569d47b509c346204ec002dfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:cc:46:fd:d9:5e:4b:12:2b:13:8e:09:d7:14:
                    03:88:05:04:27:1b:f2:ff:26:3c:4b:19:6b:9f:f8:
                    53:2f:7d:b7:69:a6:a9:46:b4:b7:e9:94:e8:9f:44:
                    9c:c2:04:24:ca:13:98:c1:91:58:65:28:5f:da:08:
                    c0:b4:d4:66:34:af:a4:72:97:36:5c:7d:a1:f1:c9:
                    3f:f9:18:c6:d9:83:37:db:79:14:35:f1:99:53:e8:
                    33:9b:8a:20:7d:23:34:df:a6:ef:02:54:d7:dd:d9:
                    cf:32:b0:46:5c:f5:ba:b3:69:3e:86:8b:13:80:15:
                    6a:2e:14:eb:37:dc:27:8f:ef:72:72:e7:34:ce:de:
                    30:d5:8d:a7:4e:ee:54:8f:5d:29:70:bc:79:b4:79:
                    22:e4:a3:bb:65:3f:ce:35:16:d1:a6:d5:e2:37:bd:
                    55:89:90:2d:8a:77:80:cf:b0:31:2e:9f:ef:29:0a:
                    06:64:db:08:eb:37:1f:50:6b:2e:14:cf:bf:4a:8b:
                    c8:d8:b9:ba:65:59:ad:7c:fd:00:a6:d0:67:1b:17:
                    f7:a8:e1:46:66:bd:c1:4c:97:b3:40:48:32:34:f7:
                    e9:f1:b6:c6:3a:bf:9f:0c:46:39:5a:eb:1f:8a:b0:
                    82:90:23:d5:30:b2:43:31:15:b4:c3:11:3c:39:d2:
                    bb:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:0D:45:80:91:CB:9A:15:69:D4:7B:50:9C:34:62:04:EC:00:2D:FA
            X509v3 Authority Key Identifier:
                keyid:7D:F8:28:20:89:E2:87:66:51:21:33:D4:23:6A:F4:15:A3:7B:D3:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffgoIInih2ZRITPUI2r0FaN709I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/452ba7-3c15-4bba-ad33-2571f7a2d25f/1/ig1FgJHLmhVp1HtQnDRiBOwALfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/452ba7-3c15-4bba-ad33-2571f7a2d25f/1/ffgoIInih2ZRITPUI2r0FaN709I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.223.0/24
                  194.1.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:fe:e3:fb:0c:e8:85:25:48:0f:7e:06:e6:3e:c9:c4:27:79:
         e2:b2:fb:c1:77:63:7b:64:33:ae:b7:27:1a:e6:7a:5d:b3:eb:
         b3:05:da:9e:f4:95:aa:ac:e2:f0:8e:6e:65:ee:7d:81:20:d3:
         96:bd:43:d4:6d:c8:e9:7a:27:07:55:68:78:39:37:7e:35:a7:
         ef:97:2c:0c:39:54:7a:40:d3:62:2b:69:53:b5:6d:a1:71:37:
         b8:ec:82:98:92:77:ad:33:25:32:5e:9d:a6:cd:09:16:b7:d9:
         95:9f:80:68:5a:31:60:73:81:5e:c1:7f:b0:82:d1:5d:91:58:
         e1:e7:52:3e:96:05:04:92:46:5b:b2:f6:f6:ed:d7:e4:07:0f:
         f0:20:17:57:1d:e2:ab:c6:11:ea:85:1e:bc:46:0d:64:62:a6:
         b2:b4:0f:56:8f:13:37:64:17:be:08:1a:40:0a:c6:28:5c:13:
         4b:1d:f0:05:3a:8d:28:2f:29:e0:42:31:36:3d:04:73:0e:9e:
         7a:da:0d:a2:36:b8:08:91:32:a3:b1:46:a4:27:10:2c:2f:ba:
         93:d2:0d:dd:aa:de:e7:45:5e:64:ac:38:a8:90:96:69:6d:b1:
         3c:67:da:06:fc:03:e5:f1:8c:b3:f0:3c:b7:42:5b:c3:e5:f0:
         8a:4e:33:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+3ojkHpxiVBZpas/PI/XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjgyODIwODllMjg3NjY1MTIxMzNkNDIzNmFmNDE1YTM3
YmQzZDIwHhcNMjUwMTAxMTc0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTBkNDU4MDkxY2I5YTE1NjlkNDdiNTA5YzM0NjIwNGVjMDAyZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcxG/dleSxIrE44J1xQDiAUEJxvy
/yY8Sxlrn/hTL323aaapRrS36ZTon0ScwgQkyhOYwZFYZShf2gjAtNRmNK+kcpc2
XH2h8ck/+RjG2YM323kUNfGZU+gzm4ogfSM036bvAlTX3dnPMrBGXPW6s2k+hosT
gBVqLhTrN9wnj+9ycuc0zt4w1Y2nTu5Uj10pcLx5tHki5KO7ZT/ONRbRptXiN71V
iZAtineAz7AxLp/vKQoGZNsI6zcfUGsuFM+/SovI2Lm6ZVmtfP0AptBnGxf3qOFG
Zr3BTJezQEgyNPfp8bbGOr+fDEY5WusfirCCkCPVMLJDMRW0wxE8OdK7NQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIoNRYCRy5oVadR7UJw0YgTsAC36MB8GA1UdIwQY
MBaAFH34KCCJ4odmUSEz1CNq9BWje9PSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZnb0lJbmloMlpSSVRQVUkycjBGYU43MDlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi80NTJiYTctM2MxNS00YmJhLWFkMzMt
MjU3MWY3YTJkMjVmLzEvaWcxRmdKSExtaFZwMUh0UW5EUmlCT3dBTGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi80NTJiYTctM2MxNS00YmJhLWFkMzMtMjU3MWY3YTJkMjVm
LzEvZmZnb0lJbmloMlpSSVRQVUkycjBGYU43MDlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9TfAwQA
wgHEMA0GCSqGSIb3DQEBCwUAA4IBAQCs/uP7DOiFJUgPfgbmPsnEJ3nisvvBd2N7
ZDOutyca5npds+uzBdqe9JWqrOLwjm5l7n2BINOWvUPUbcjpeicHVWh4OTd+Nafv
lywMOVR6QNNiK2lTtW2hcTe47IKYknetMyUyXp2mzQkWt9mVn4BoWjFgc4FewX+w
gtFdkVjh51I+lgUEkkZbsvb27dfkBw/wIBdXHeKrxhHqhR68Rg1kYqaytA9WjxM3
ZBe+CBpACsYoXBNLHfAFOo0oLyngQjE2PQRzDp562g2iNrgIkTKjsUakJxAsL7qT
0g3dqt7nRV5krDiokJZpbbE8Z9oG/APl8Yyz8Dy3QlvD5fCKTjPr
-----END CERTIFICATE-----