Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/Xn4-KL-8Bh82Qe59kVWTId-xaSI.roa
File:                     Xn4-KL-8Bh82Qe59kVWTId-xaSI.roa (raw, json)
Hash identifier:          1/y3ci5YILrRiLZoHOXKAtyVkEFrCH3iPpKqyxJyCYI=
Subject key identifier:   5E:7E:3E:28:BF:BC:06:1F:36:41:EE:7D:91:55:93:21:DF:B1:69:22
Certificate issuer:       /CN=3b5fc69b7c6ee869930ce0b8391ee5d84c53494a
Certificate serial:       0194274884D823C2D4542803CBDF01C35D52
Authority key identifier: 3B:5F:C6:9B:7C:6E:E8:69:93:0C:E0:B8:39:1E:E5:D8:4C:53:49:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/Xn4-KL-8Bh82Qe59kVWTId-xaSI.roa
Signing time:             Thu 02 Jan 2025 13:50:51 +0000
ROA not before:           Thu 02 Jan 2025 13:50:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        91.211.196.0/22 maxlen: 24
                          193.109.152.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 21:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:84:d8:23:c2:d4:54:28:03:cb:df:01:c3:5d:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b5fc69b7c6ee869930ce0b8391ee5d84c53494a
        Validity
            Not Before: Jan  2 13:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e7e3e28bfbc061f3641ee7d91559321dfb16922
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:59:8e:fd:0b:0c:e8:56:9d:6b:42:21:61:39:
                    ea:97:10:47:ed:96:fa:9d:ca:06:27:86:d6:1d:34:
                    62:25:2d:b9:09:8f:14:c2:ed:ce:76:ea:55:c9:6f:
                    86:d6:7a:8e:d6:c2:d7:8f:5c:95:9e:95:96:7e:3d:
                    b4:ae:f6:63:8a:a6:1e:2f:41:c3:94:3d:fb:13:28:
                    de:73:a4:05:3e:07:74:52:ee:c2:d4:91:81:08:b8:
                    a0:f4:7e:8f:49:2e:16:9e:81:7c:11:d6:50:49:d1:
                    c0:7d:29:09:57:4a:bc:27:f7:aa:11:7a:88:0a:ae:
                    c0:2f:e3:6b:79:7c:7d:b7:16:7a:85:52:06:b0:a5:
                    50:e8:f3:5d:06:7d:1a:c3:a8:13:39:b8:1e:c5:cc:
                    8b:fc:0e:d8:b8:cf:15:36:ea:50:65:04:f5:e7:d1:
                    d4:f6:c5:11:e7:04:04:06:03:c7:80:c8:0f:42:26:
                    6d:4c:fe:8f:20:3d:bb:d1:94:b7:2d:fa:41:4a:5d:
                    27:cf:b6:61:10:1a:7b:78:c2:59:ae:84:6c:e7:9b:
                    8f:d9:92:9a:c4:06:6b:13:fd:ec:ff:a0:d9:8f:b1:
                    fd:67:a5:53:62:7d:af:0c:41:b8:7d:f5:2b:63:f0:
                    c6:ba:47:05:bd:f7:0d:13:38:63:d1:b4:88:b9:14:
                    79:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:7E:3E:28:BF:BC:06:1F:36:41:EE:7D:91:55:93:21:DF:B1:69:22
            X509v3 Authority Key Identifier:
                keyid:3B:5F:C6:9B:7C:6E:E8:69:93:0C:E0:B8:39:1E:E5:D8:4C:53:49:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/Xn4-KL-8Bh82Qe59kVWTId-xaSI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/7c1727-9eaf-49c9-aafc-f99453a95a99/1/O1_Gm3xu6GmTDOC4OR7l2ExTSUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.196.0/22
                  193.109.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9c:29:2c:9d:9f:2c:4a:7f:2f:8d:36:b0:47:f3:ce:50:2b:3a:
         e3:c9:55:cd:c0:3e:88:f7:ef:3e:d2:f4:a8:47:58:3c:61:0d:
         03:26:71:0d:8b:9f:5f:59:72:6e:50:e8:82:6f:35:24:58:17:
         9c:b5:3c:cd:20:6d:64:13:9b:b2:bc:22:91:16:1d:7d:88:f0:
         d0:53:64:e4:24:45:d1:3e:da:dc:16:42:01:7d:2c:0a:5b:4d:
         59:71:05:9a:b2:af:33:cc:92:b8:3d:2b:83:52:a0:6a:95:1e:
         a5:ca:c6:96:87:2a:55:d0:ce:51:55:bf:3d:cc:36:de:25:22:
         14:ea:49:e2:1d:9d:15:ae:d5:b5:26:22:d2:00:1c:3e:15:8d:
         cd:81:a4:22:12:c9:95:0a:cb:a1:60:c8:f9:44:20:7a:68:e3:
         78:91:7b:9a:b2:d2:0c:46:d3:4f:2f:13:a8:19:e2:0a:38:3e:
         fe:39:c0:0f:3e:49:a9:8c:89:ce:20:75:0a:ee:28:85:20:28:
         b9:54:76:fc:ca:a9:4e:bc:c4:e6:03:16:97:1f:52:2c:c9:fc:
         22:47:c5:6a:97:10:1f:9f:03:0c:16:93:1a:3d:70:1d:fd:1f:
         bb:bc:7b:ed:dd:db:37:93:94:95:b2:9d:bc:2f:03:3d:6e:48:
         a7:da:61:56
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSITYI8LUVCgDy98Bw11SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNWZjNjliN2M2ZWU4Njk5MzBjZTBiODM5MWVlNWQ4NGM1
MzQ5NGEwHhcNMjUwMTAyMTM1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTdlM2UyOGJmYmMwNjFmMzY0MWVlN2Q5MTU1OTMyMWRmYjE2OTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulmO/QsM6Fada0IhYTnqlxBH7Zb6
ncoGJ4bWHTRiJS25CY8Uwu3OdupVyW+G1nqO1sLXj1yVnpWWfj20rvZjiqYeL0HD
lD37Eyjec6QFPgd0Uu7C1JGBCLig9H6PSS4WnoF8EdZQSdHAfSkJV0q8J/eqEXqI
Cq7AL+NreXx9txZ6hVIGsKVQ6PNdBn0aw6gTObgexcyL/A7YuM8VNupQZQT159HU
9sUR5wQEBgPHgMgPQiZtTP6PID270ZS3LfpBSl0nz7ZhEBp7eMJZroRs55uP2ZKa
xAZrE/3s/6DZj7H9Z6VTYn2vDEG4ffUrY/DGukcFvfcNEzhj0bSIuRR5FwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF5+Pii/vAYfNkHufZFVkyHfsWkiMB8GA1UdIwQY
MBaAFDtfxpt8buhpkwzguDke5dhMU0lKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzFfR20zeHU2R21URE9DNE9SN2wyRXhUU1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC83YzE3MjctOWVhZi00OWM5LWFhZmMt
Zjk5NDUzYTk1YTk5LzEvWG40LUtMLThCaDgyUWU1OWtWV1RJZC14YVNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC83YzE3MjctOWVhZi00OWM5LWFhZmMtZjk5NDUzYTk1YTk5
LzEvTzFfR20zeHU2R21URE9DNE9SN2wyRXhUU1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9PEAwQD
wW2YMA0GCSqGSIb3DQEBCwUAA4IBAQCcKSydnyxKfy+NNrBH885QKzrjyVXNwD6I
9+8+0vSoR1g8YQ0DJnENi59fWXJuUOiCbzUkWBectTzNIG1kE5uyvCKRFh19iPDQ
U2TkJEXRPtrcFkIBfSwKW01ZcQWasq8zzJK4PSuDUqBqlR6lysaWhypV0M5RVb89
zDbeJSIU6kniHZ0VrtW1JiLSABw+FY3NgaQiEsmVCsuhYMj5RCB6aON4kXuastIM
RtNPLxOoGeIKOD7+OcAPPkmpjInOIHUK7iiFICi5VHb8yqlOvMTmAxaXH1Isyfwi
R8VqlxAfnwMMFpMaPXAd/R+7vHvt3ds3k5SVsp28LwM9bkin2mFW
-----END CERTIFICATE-----