Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/9eedb9-e594-415b-b88a-de381db436ec/1/ABCdWHfeRuB4x9Cfjqm_Nsu7Efc.roa
File:                     ABCdWHfeRuB4x9Cfjqm_Nsu7Efc.roa (raw, json)
Hash identifier:          bp8ugvHYl4CGZn0o8RUyCE5vXn4l+aGFTzhE2reh5sg=
Subject key identifier:   00:10:9D:58:77:DE:46:E0:78:C7:D0:9F:8E:A9:BF:36:CB:BB:11:F7
Certificate issuer:       /CN=d977120937500eb46696428962e510e02c348e6c
Certificate serial:       019422FB87145AFAEFA06D86053889D640AE
Authority key identifier: D9:77:12:09:37:50:0E:B4:66:96:42:89:62:E5:10:E0:2C:34:8E:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2XcSCTdQDrRmlkKJYuUQ4Cw0jmw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/9eedb9-e594-415b-b88a-de381db436ec/1/ABCdWHfeRuB4x9Cfjqm_Nsu7Efc.roa
Signing time:             Wed 01 Jan 2025 17:48:16 +0000
ROA not before:           Wed 01 Jan 2025 17:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47703
IP address blocks:        91.236.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/9eedb9-e594-415b-b88a-de381db436ec/1/2XcSCTdQDrRmlkKJYuUQ4Cw0jmw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/9eedb9-e594-415b-b88a-de381db436ec/1/2XcSCTdQDrRmlkKJYuUQ4Cw0jmw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2XcSCTdQDrRmlkKJYuUQ4Cw0jmw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 08:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:87:14:5a:fa:ef:a0:6d:86:05:38:89:d6:40:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d977120937500eb46696428962e510e02c348e6c
        Validity
            Not Before: Jan  1 17:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00109d5877de46e078c7d09f8ea9bf36cbbb11f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4a:9a:f6:53:02:76:ad:67:a5:96:fb:b8:00:
                    5e:37:b1:94:3c:44:98:af:20:a7:dc:25:77:9d:a6:
                    d4:08:02:da:f4:68:76:58:c6:3d:46:5c:10:29:65:
                    85:cc:5c:50:f7:ed:e1:2e:34:ae:36:eb:18:a4:ca:
                    d3:ce:0c:e9:b4:f1:ac:8c:a8:91:da:6d:5e:1f:0e:
                    bf:92:02:a6:e3:cd:cd:43:41:84:20:b0:ff:b0:7f:
                    7d:fe:31:84:fe:9b:3c:1c:33:ee:fd:fe:d2:7f:37:
                    e9:6c:d1:42:a6:55:48:ec:85:08:4e:2b:b9:84:d0:
                    ab:a6:86:20:69:c7:d3:ee:13:54:e2:71:de:5f:31:
                    bd:73:38:d6:32:15:86:a3:e2:9a:35:14:e9:80:02:
                    37:46:a7:50:ab:08:8e:84:9f:9d:91:db:e6:00:ff:
                    78:43:55:c3:87:aa:bb:73:3a:e0:8e:57:80:48:8c:
                    1c:92:e3:88:39:64:71:c6:da:85:fc:fd:a3:4e:ab:
                    f6:ad:48:d5:f7:65:90:63:f6:31:a3:68:7c:62:ed:
                    e8:12:66:0e:30:97:6b:bb:bb:1e:b1:74:ef:67:0c:
                    50:79:6d:d1:02:0a:56:21:a1:a5:48:eb:8d:d7:64:
                    ed:5e:c1:66:97:02:d2:27:36:b7:1a:07:8c:0a:8b:
                    27:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:10:9D:58:77:DE:46:E0:78:C7:D0:9F:8E:A9:BF:36:CB:BB:11:F7
            X509v3 Authority Key Identifier:
                keyid:D9:77:12:09:37:50:0E:B4:66:96:42:89:62:E5:10:E0:2C:34:8E:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2XcSCTdQDrRmlkKJYuUQ4Cw0jmw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9eedb9-e594-415b-b88a-de381db436ec/1/ABCdWHfeRuB4x9Cfjqm_Nsu7Efc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/9eedb9-e594-415b-b88a-de381db436ec/1/2XcSCTdQDrRmlkKJYuUQ4Cw0jmw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:15:fe:43:31:82:c3:79:23:33:61:1b:37:26:f9:dd:cb:0b:
         d4:de:9e:ef:a3:83:98:5a:5a:f2:eb:d9:e4:f1:27:17:90:b7:
         e8:f7:a5:68:6f:35:98:86:ae:05:d1:bb:6c:74:40:54:d2:f2:
         36:3e:87:57:d8:af:8d:a9:b9:f3:42:93:f5:aa:ee:fb:98:43:
         20:72:83:17:1d:a3:0c:f0:72:c5:9b:3d:fe:06:59:c3:ba:54:
         ce:7b:fa:60:6c:d8:4d:e2:cd:e9:8b:ec:5c:a3:27:0f:40:c5:
         0f:f8:98:f9:26:42:59:f1:b4:ee:cf:93:76:d0:21:b4:17:53:
         80:59:40:aa:39:eb:5b:69:d1:37:90:ee:b9:0f:d2:ef:3b:5b:
         4c:58:4a:a9:be:50:35:71:d9:a3:b8:cb:d1:aa:a4:ea:9e:d7:
         dc:71:40:59:5a:50:0f:7c:64:f5:3b:1b:2c:02:91:e1:0a:f5:
         ce:75:3b:e6:6f:26:d3:87:1d:88:64:8b:8a:99:bb:fb:97:d1:
         88:cb:14:6b:71:62:c8:af:51:ac:ef:c2:8e:38:76:03:8b:db:
         f1:64:af:a1:4b:e0:c1:ee:21:3e:6a:ed:ca:36:2c:74:8b:71:
         9e:17:ff:c1:96:3f:93:b4:80:28:d2:14:e7:6b:2b:3d:50:37:
         fe:15:06:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+4cUWvrvoG2GBTiJ1kCuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5NzcxMjA5Mzc1MDBlYjQ2Njk2NDI4OTYyZTUxMGUwMmMz
NDhlNmMwHhcNMjUwMTAxMTc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDEwOWQ1ODc3ZGU0NmUwNzhjN2QwOWY4ZWE5YmYzNmNiYmIxMWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkqa9lMCdq1npZb7uABeN7GUPESY
ryCn3CV3nabUCALa9Gh2WMY9RlwQKWWFzFxQ9+3hLjSuNusYpMrTzgzptPGsjKiR
2m1eHw6/kgKm483NQ0GEILD/sH99/jGE/ps8HDPu/f7SfzfpbNFCplVI7IUITiu5
hNCrpoYgacfT7hNU4nHeXzG9czjWMhWGo+KaNRTpgAI3RqdQqwiOhJ+dkdvmAP94
Q1XDh6q7czrgjleASIwckuOIOWRxxtqF/P2jTqv2rUjV92WQY/Yxo2h8Yu3oEmYO
MJdru7sesXTvZwxQeW3RAgpWIaGlSOuN12TtXsFmlwLSJza3GgeMCosn8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAAQnVh33kbgeMfQn46pvzbLuxH3MB8GA1UdIwQY
MBaAFNl3Egk3UA60ZpZCiWLlEOAsNI5sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlhjU0NUZFFEclJtbGtLSll1VVE0Q3cwam13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS85ZWVkYjktZTU5NC00MTViLWI4OGEt
ZGUzODFkYjQzNmVjLzEvQUJDZFdIZmVSdUI0eDlDZmpxbV9Oc3U3RWZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS85ZWVkYjktZTU5NC00MTViLWI4OGEtZGUzODFkYjQzNmVj
LzEvMlhjU0NUZFFEclJtbGtLSll1VVE0Q3cwam13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+zkMA0G
CSqGSIb3DQEBCwUAA4IBAQAOFf5DMYLDeSMzYRs3JvndywvU3p7vo4OYWlry69nk
8ScXkLfo96VobzWYhq4F0btsdEBU0vI2PodX2K+NqbnzQpP1qu77mEMgcoMXHaMM
8HLFmz3+BlnDulTOe/pgbNhN4s3pi+xcoycPQMUP+Jj5JkJZ8bTuz5N20CG0F1OA
WUCqOetbadE3kO65D9LvO1tMWEqpvlA1cdmjuMvRqqTqntfccUBZWlAPfGT1Oxss
ApHhCvXOdTvmbybThx2IZIuKmbv7l9GIyxRrcWLIr1Gs78KOOHYDi9vxZK+hS+DB
7iE+au3KNix0i3GeF//Blj+TtIAo0hTnays9UDf+FQbg
-----END CERTIFICATE-----