Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/NfxOkyabvxkDjJyXjcgpTv_relY.roa
File:                     NfxOkyabvxkDjJyXjcgpTv_relY.roa (raw, json)
Hash identifier:          gFCHNUeKHs4QF0iUA6YO68TkrbI25pBG+SYBY+DhWPg=
Subject key identifier:   35:FC:4E:93:26:9B:BF:19:03:8C:9C:97:8D:C8:29:4E:FF:EB:7A:56
Certificate issuer:       /CN=0eca6e06c6824bd1b811183e0e17fa19496d261c
Certificate serial:       019423D73327DF87FDE90DDC6FE27811CDE3
Authority key identifier: 0E:CA:6E:06:C6:82:4B:D1:B8:11:18:3E:0E:17:FA:19:49:6D:26:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DspuBsaCS9G4ERg-Dhf6GUltJhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/NfxOkyabvxkDjJyXjcgpTv_relY.roa
Signing time:             Wed 01 Jan 2025 21:48:13 +0000
ROA not before:           Wed 01 Jan 2025 21:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        91.213.148.0/24 maxlen: 24
                          185.65.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/DspuBsaCS9G4ERg-Dhf6GUltJhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/DspuBsaCS9G4ERg-Dhf6GUltJhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DspuBsaCS9G4ERg-Dhf6GUltJhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 15:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:33:27:df:87:fd:e9:0d:dc:6f:e2:78:11:cd:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0eca6e06c6824bd1b811183e0e17fa19496d261c
        Validity
            Not Before: Jan  1 21:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35fc4e93269bbf19038c9c978dc8294effeb7a56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:3c:ba:fc:5e:fd:97:2a:da:36:e3:37:a8:00:
                    f6:ec:c5:ec:0f:10:fb:de:ff:7d:71:30:c0:e6:30:
                    94:5b:9f:bc:de:6e:4a:9e:8e:f2:13:10:35:9e:db:
                    ba:9a:d7:41:12:d5:9a:9f:c1:37:eb:4c:16:14:d1:
                    18:bf:f3:e5:1f:cb:08:90:55:58:3e:12:0e:43:1e:
                    a6:60:65:f5:13:a1:35:01:3b:f5:ab:9c:13:57:b4:
                    a9:e3:4d:88:b7:c2:85:9b:ad:9a:2d:1e:4b:1c:88:
                    31:06:f9:83:db:64:c3:82:a5:09:c3:d0:1c:6e:6c:
                    4b:f5:05:32:19:fa:6f:58:02:7a:3e:93:9f:ee:38:
                    87:1e:3d:da:0e:17:0f:34:d2:b7:1d:c2:28:20:af:
                    94:65:7c:25:9a:83:b5:fd:7b:c0:39:0f:b5:24:04:
                    e6:03:e2:06:f5:e5:e6:02:6f:5d:85:9e:4f:af:2a:
                    3e:69:eb:37:32:92:27:5a:42:de:32:91:b1:e7:d5:
                    e0:73:8d:34:a1:0d:a0:d8:0e:46:3c:a9:11:07:02:
                    ae:86:22:c4:2d:50:56:9b:e9:1c:c5:f3:72:a8:c3:
                    a8:22:71:2e:e9:5e:5b:b5:0d:a3:4b:3c:40:14:b3:
                    81:ee:11:ea:4b:33:26:52:22:a3:c4:3f:66:46:9b:
                    dd:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:FC:4E:93:26:9B:BF:19:03:8C:9C:97:8D:C8:29:4E:FF:EB:7A:56
            X509v3 Authority Key Identifier:
                keyid:0E:CA:6E:06:C6:82:4B:D1:B8:11:18:3E:0E:17:FA:19:49:6D:26:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DspuBsaCS9G4ERg-Dhf6GUltJhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/NfxOkyabvxkDjJyXjcgpTv_relY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/9137ff-2063-4675-8de7-cfd3ff9fdf7b/1/DspuBsaCS9G4ERg-Dhf6GUltJhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.148.0/24
                  185.65.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:57:a2:64:ce:2e:5e:d0:10:9e:0f:1e:58:86:49:d6:68:e7:
         1f:72:44:92:57:18:09:74:f0:b1:7e:6d:de:23:b4:58:7f:3e:
         52:88:2d:ed:bd:c0:db:d6:44:59:31:1e:74:9d:47:39:b8:12:
         aa:a3:65:af:73:7c:ab:96:ec:81:e0:1c:4b:27:0a:96:b7:d2:
         30:cd:38:80:f0:26:47:76:d2:bb:91:e7:ef:b2:c7:ab:f9:a5:
         3a:c8:c9:cf:74:a8:47:9e:a8:4c:15:b7:3c:60:13:11:25:5e:
         64:42:34:0e:ce:a1:c2:26:df:61:0b:50:49:71:89:ba:45:1c:
         62:cf:22:35:4b:0f:55:a3:8c:10:0e:bb:0c:e1:6b:20:ff:57:
         f3:1c:bd:33:e5:4a:ab:0a:c5:d9:d6:5f:66:77:e6:f0:f1:8b:
         e5:fb:bb:a1:47:38:72:db:ca:1b:28:5d:02:c6:d7:5f:d6:8b:
         57:ab:97:ec:87:05:62:d0:29:64:f9:13:f5:c9:6c:c2:fc:5d:
         c3:c9:86:85:9d:4d:b2:63:c7:ad:8a:69:4e:bc:1a:81:71:54:
         d9:1e:8d:45:ab:f3:b4:c0:3b:c4:ac:12:69:47:01:71:5e:0f:
         ee:e7:45:c7:e9:26:6b:37:3c:c1:21:d4:d1:d5:9e:82:d5:04:
         c7:8d:89:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1zMn34f96Q3cb+J4Ec3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlY2E2ZTA2YzY4MjRiZDFiODExMTgzZTBlMTdmYTE5NDk2
ZDI2MWMwHhcNMjUwMTAxMjE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZjNGU5MzI2OWJiZjE5MDM4YzljOTc4ZGM4Mjk0ZWZmZWI3YTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoDy6/F79lyraNuM3qAD27MXsDxD7
3v99cTDA5jCUW5+83m5Kno7yExA1ntu6mtdBEtWan8E360wWFNEYv/PlH8sIkFVY
PhIOQx6mYGX1E6E1ATv1q5wTV7Sp402It8KFm62aLR5LHIgxBvmD22TDgqUJw9Ac
bmxL9QUyGfpvWAJ6PpOf7jiHHj3aDhcPNNK3HcIoIK+UZXwlmoO1/XvAOQ+1JATm
A+IG9eXmAm9dhZ5Pryo+aes3MpInWkLeMpGx59Xgc400oQ2g2A5GPKkRBwKuhiLE
LVBWm+kcxfNyqMOoInEu6V5btQ2jSzxAFLOB7hHqSzMmUiKjxD9mRpvdbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDX8TpMmm78ZA4ycl43IKU7/63pWMB8GA1UdIwQY
MBaAFA7KbgbGgkvRuBEYPg4X+hlJbSYcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHNwdUJzYUNTOUc0RVJnLURoZjZHVWx0Smh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy85MTM3ZmYtMjA2My00Njc1LThkZTct
Y2ZkM2ZmOWZkZjdiLzEvTmZ4T2t5YWJ2eGtEakp5WGpjZ3BUdl9yZWxZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy85MTM3ZmYtMjA2My00Njc1LThkZTctY2ZkM2ZmOWZkZjdi
LzEvRHNwdUJzYUNTOUc0RVJnLURoZjZHVWx0Smh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9WUAwQA
uUGNMA0GCSqGSIb3DQEBCwUAA4IBAQA7V6Jkzi5e0BCeDx5YhknWaOcfckSSVxgJ
dPCxfm3eI7RYfz5SiC3tvcDb1kRZMR50nUc5uBKqo2Wvc3yrluyB4BxLJwqWt9Iw
zTiA8CZHdtK7kefvsser+aU6yMnPdKhHnqhMFbc8YBMRJV5kQjQOzqHCJt9hC1BJ
cYm6RRxizyI1Sw9Vo4wQDrsM4Wsg/1fzHL0z5UqrCsXZ1l9md+bw8Yvl+7uhRzhy
28obKF0Cxtdf1otXq5fshwVi0Clk+RP1yWzC/F3DyYaFnU2yY8etimlOvBqBcVTZ
Ho1Fq/O0wDvErBJpRwFxXg/u50XH6SZrNzzBIdTR1Z6C1QTHjYlH
-----END CERTIFICATE-----