Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/hhpnOw16P4QOaI6Yj27PCQwfLVA.roa
File:                     hhpnOw16P4QOaI6Yj27PCQwfLVA.roa (raw, json)
Hash identifier:          ig3aG6IluBzRhUfWEo3gM6opkDOech5g/k8SP7esT2A=
Subject key identifier:   86:1A:67:3B:0D:7A:3F:84:0E:68:8E:98:8F:6E:CF:09:0C:1F:2D:50
Certificate issuer:       /CN=5134d1320645644e2eaf3685879d693f72522c76
Certificate serial:       0194214408F0E95A7F01F913676DA008E87F
Authority key identifier: 51:34:D1:32:06:45:64:4E:2E:AF:36:85:87:9D:69:3F:72:52:2C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UTTRMgZFZE4urzaFh51pP3JSLHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/hhpnOw16P4QOaI6Yj27PCQwfLVA.roa
Signing time:             Wed 01 Jan 2025 09:48:14 +0000
ROA not before:           Wed 01 Jan 2025 09:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208098
IP address blocks:        91.194.24.0/23 maxlen: 23
                          91.194.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/UTTRMgZFZE4urzaFh51pP3JSLHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/UTTRMgZFZE4urzaFh51pP3JSLHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UTTRMgZFZE4urzaFh51pP3JSLHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:08:f0:e9:5a:7f:01:f9:13:67:6d:a0:08:e8:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5134d1320645644e2eaf3685879d693f72522c76
        Validity
            Not Before: Jan  1 09:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=861a673b0d7a3f840e688e988f6ecf090c1f2d50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:37:92:b4:22:bf:f9:2f:ce:cb:9a:e1:cd:15:
                    c4:27:2f:71:df:ef:ec:ab:c1:79:e4:ed:02:e5:f6:
                    d0:84:87:70:c1:4f:10:b9:5c:9a:0f:c5:11:bd:ca:
                    23:35:e1:03:60:88:e1:e3:8a:38:6b:2e:a7:e8:d9:
                    ca:4f:dc:b4:2c:69:86:1e:70:00:52:f9:18:a7:92:
                    d0:7d:13:20:df:8d:f0:eb:27:33:43:64:c0:eb:9d:
                    20:f8:f5:60:33:2e:1b:0a:53:af:67:51:5c:b3:2f:
                    96:9b:34:4a:f3:0d:7c:d7:c6:ad:2b:2e:87:cf:05:
                    e6:98:b4:76:48:37:c4:89:f7:e8:62:f5:b4:2c:7f:
                    99:09:ed:1f:78:72:24:cb:1b:df:26:de:32:b3:00:
                    67:84:45:ad:c4:c7:80:8c:5f:aa:ae:fe:35:a4:b3:
                    8b:0f:f8:68:2e:d9:bc:72:9c:1f:97:f2:ff:b3:e2:
                    53:35:e6:21:ed:b7:57:ec:c7:8f:47:29:14:5b:44:
                    82:9e:89:48:14:ed:da:5b:c5:e9:a6:27:00:69:b7:
                    1c:80:cb:7e:0f:0a:8b:2d:6e:a5:cc:1a:f5:79:23:
                    28:4e:b8:87:54:97:bf:e4:53:9e:f4:4d:78:e1:4f:
                    2e:f5:84:78:25:03:54:66:61:53:2a:88:b8:7a:69:
                    fa:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:1A:67:3B:0D:7A:3F:84:0E:68:8E:98:8F:6E:CF:09:0C:1F:2D:50
            X509v3 Authority Key Identifier:
                keyid:51:34:D1:32:06:45:64:4E:2E:AF:36:85:87:9D:69:3F:72:52:2C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UTTRMgZFZE4urzaFh51pP3JSLHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/hhpnOw16P4QOaI6Yj27PCQwfLVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/9fb1d7-8424-4c84-b0cb-2f51ecd1aa0e/1/UTTRMgZFZE4urzaFh51pP3JSLHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.24.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:0f:5d:fd:e8:ca:68:fc:4a:16:ab:ce:cb:15:58:e0:7e:a3:
         5f:01:27:07:22:4c:d9:b3:52:f5:fb:74:13:82:11:2d:71:e3:
         c5:da:26:92:4f:9e:68:6b:82:4f:c6:68:73:af:1b:fa:75:57:
         0f:e3:03:e6:4e:73:9d:89:90:0c:eb:ac:dd:86:f9:ab:ca:7c:
         18:c9:15:b9:76:84:21:c9:1b:75:b1:e8:ed:fc:d3:6c:6b:7e:
         e4:c3:50:06:e3:85:e4:8c:60:9a:fb:28:e9:47:25:21:14:c6:
         94:22:c9:6f:61:d1:b0:c7:b5:b3:e1:20:09:f9:a3:98:25:40:
         00:81:fb:77:58:25:38:87:8e:52:06:65:ce:61:22:29:c8:20:
         24:1c:c5:06:15:2a:f9:88:2d:f6:3b:ff:3f:36:ab:bb:73:1d:
         5c:69:23:ff:91:cc:cd:c7:c2:5b:3f:04:5a:60:e4:0d:d8:78:
         f1:14:86:c9:1e:c9:3f:c7:cf:50:5f:12:13:26:14:12:bd:4e:
         8e:e4:10:c5:c8:88:b9:0c:27:b1:8e:39:85:d8:e3:1d:48:36:
         03:4f:19:b2:1b:c0:76:e5:0c:9a:99:e0:a5:36:3b:f1:df:a6:
         f9:cc:c5:12:59:35:6e:72:52:b4:ca:d0:4b:49:c1:d8:cc:22:
         5c:89:45:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRAjw6Vp/AfkTZ22gCOh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMzRkMTMyMDY0NTY0NGUyZWFmMzY4NTg3OWQ2OTNmNzI1
MjJjNzYwHhcNMjUwMTAxMDk0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjFhNjczYjBkN2EzZjg0MGU2ODhlOTg4ZjZlY2YwOTBjMWYyZDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwzeStCK/+S/Oy5rhzRXEJy9x3+/s
q8F55O0C5fbQhIdwwU8QuVyaD8URvcojNeEDYIjh44o4ay6n6NnKT9y0LGmGHnAA
UvkYp5LQfRMg343w6yczQ2TA650g+PVgMy4bClOvZ1Fcsy+WmzRK8w1818atKy6H
zwXmmLR2SDfEiffoYvW0LH+ZCe0feHIkyxvfJt4yswBnhEWtxMeAjF+qrv41pLOL
D/hoLtm8cpwfl/L/s+JTNeYh7bdX7MePRykUW0SCnolIFO3aW8XppicAabccgMt+
DwqLLW6lzBr1eSMoTriHVJe/5FOe9E144U8u9YR4JQNUZmFTKoi4emn6fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIYaZzsNej+EDmiOmI9uzwkMHy1QMB8GA1UdIwQY
MBaAFFE00TIGRWROLq82hYedaT9yUix2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVRUUk1nWkZaRTR1cnphRmg1MXBQM0pTTEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS85ZmIxZDctODQyNC00Yzg0LWIwY2It
MmY1MWVjZDFhYTBlLzEvaGhwbk93MTZQNFFPYUk2WWoyN1BDUXdmTFZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS85ZmIxZDctODQyNC00Yzg0LWIwY2ItMmY1MWVjZDFhYTBl
LzEvVVRUUk1nWkZaRTR1cnphRmg1MXBQM0pTTEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8IYMA0G
CSqGSIb3DQEBCwUAA4IBAQCZD1396Mpo/EoWq87LFVjgfqNfAScHIkzZs1L1+3QT
ghEtcePF2iaST55oa4JPxmhzrxv6dVcP4wPmTnOdiZAM66zdhvmrynwYyRW5doQh
yRt1sejt/NNsa37kw1AG44XkjGCa+yjpRyUhFMaUIslvYdGwx7Wz4SAJ+aOYJUAA
gft3WCU4h45SBmXOYSIpyCAkHMUGFSr5iC32O/8/Nqu7cx1caSP/kczNx8JbPwRa
YOQN2HjxFIbJHsk/x89QXxITJhQSvU6O5BDFyIi5DCexjjmF2OMdSDYDTxmyG8B2
5QyameClNjvx36b5zMUSWTVuclK0ytBLScHYzCJciUWF
-----END CERTIFICATE-----