Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/PEEbtcraLxJZAPZLAW5H_KDLDwQ.roa
File:                     PEEbtcraLxJZAPZLAW5H_KDLDwQ.roa (raw, json)
Hash identifier:          wU0HPJ884+fnbW1G1BaCynti9gWD3Sn+0YrIsJUp3ns=
Subject key identifier:   3C:41:1B:B5:CA:DA:2F:12:59:00:F6:4B:01:6E:47:FC:A0:CB:0F:04
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       01942445170BCF9438A5193CC968427D7498
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/PEEbtcraLxJZAPZLAW5H_KDLDwQ.roa
Signing time:             Wed 01 Jan 2025 23:48:15 +0000
ROA not before:           Wed 01 Jan 2025 23:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42830
IP address blocks:        91.236.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 17:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:17:0b:cf:94:38:a5:19:3c:c9:68:42:7d:74:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jan  1 23:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c411bb5cada2f125900f64b016e47fca0cb0f04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:9d:4b:cb:a0:b3:6f:0a:3f:cc:48:f8:a3:42:
                    89:ad:6a:e1:24:c1:a4:a8:8f:5b:ff:c7:1e:33:34:
                    09:48:e4:66:2b:48:1c:fc:14:ac:3e:a0:7f:7c:7d:
                    d1:92:22:19:4e:b1:f6:a2:e0:fb:02:7d:7a:67:ca:
                    ca:8e:86:56:f2:84:07:01:4a:3b:2a:3d:6c:84:b4:
                    00:5f:37:13:53:13:6d:3d:3e:69:b1:fe:dc:f5:af:
                    a1:72:a2:c6:48:de:a6:43:78:36:43:1c:0b:d3:a0:
                    97:02:ef:a9:a2:5d:04:64:9a:ea:11:a0:9c:c4:40:
                    5f:b1:a7:e3:17:2d:f1:90:92:27:d2:d0:c5:45:47:
                    1c:71:de:94:b4:02:99:73:c8:d9:9e:09:3d:7e:49:
                    4c:bc:dd:38:4b:43:2b:e6:e0:35:83:1c:76:e4:d9:
                    da:58:e8:dc:73:b8:50:1b:86:e7:bb:cf:a3:5c:75:
                    b4:8b:83:eb:71:9a:77:06:1e:30:09:11:1a:2d:ca:
                    9a:63:b3:f7:31:4b:74:79:87:91:d7:35:4e:c4:43:
                    ca:31:4b:88:ad:66:c0:0a:03:b2:0e:85:49:87:0b:
                    a0:71:95:72:18:25:ee:e9:a4:f0:bc:5a:9a:96:b0:
                    93:34:26:a6:ea:24:bc:52:6e:c9:8c:a8:fd:0a:64:
                    b1:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:41:1B:B5:CA:DA:2F:12:59:00:F6:4B:01:6E:47:FC:A0:CB:0F:04
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/PEEbtcraLxJZAPZLAW5H_KDLDwQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:8c:b9:30:69:77:9c:b5:1e:5d:3c:ed:1e:f5:e6:95:b6:ba:
         eb:00:61:3d:ac:7a:b7:bb:4f:40:0c:ca:a0:8c:17:37:01:45:
         3b:79:04:01:19:e2:fc:04:a4:18:29:c9:f9:a7:58:99:6e:6f:
         36:12:28:f6:a4:1b:c8:f6:53:b7:6e:e2:e4:fb:0b:65:4b:4b:
         73:79:5c:ef:54:14:9f:4e:ed:75:5b:d8:17:fb:d4:41:e8:b5:
         f4:b7:aa:45:2a:e1:ae:49:88:9c:11:9f:ef:c2:0f:30:2f:dc:
         54:77:74:9a:23:6a:39:82:f5:97:60:1c:33:c0:d8:f0:58:01:
         6a:09:7e:b5:cc:5d:02:15:c6:ee:91:9f:be:c4:8b:9a:bb:47:
         38:09:e5:3b:82:8a:8b:d2:de:ed:12:de:b2:ea:8e:70:c3:46:
         79:6d:9a:28:94:49:ca:1b:9e:ea:b4:40:81:1c:51:06:4c:d1:
         d7:43:c2:35:2d:04:77:99:6b:30:f3:6c:15:41:72:2a:8b:2d:
         09:32:f2:88:30:5c:ed:a3:d9:37:50:9b:db:3d:2c:d7:50:5f:
         0c:bc:76:1c:9f:c4:89:5d:2c:7a:53:ce:fe:52:96:7b:cb:74:
         33:b2:44:4b:40:d2:9e:cd:38:d7:ab:cc:63:36:b0:11:80:93:
         ca:52:a2:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRcLz5Q4pRk8yWhCfXSYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjUwMTAxMjM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzQxMWJiNWNhZGEyZjEyNTkwMGY2NGIwMTZlNDdmY2EwY2IwZjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZ1Ly6Czbwo/zEj4o0KJrWrhJMGk
qI9b/8ceMzQJSORmK0gc/BSsPqB/fH3RkiIZTrH2ouD7An16Z8rKjoZW8oQHAUo7
Kj1shLQAXzcTUxNtPT5psf7c9a+hcqLGSN6mQ3g2QxwL06CXAu+pol0EZJrqEaCc
xEBfsafjFy3xkJIn0tDFRUcccd6UtAKZc8jZngk9fklMvN04S0Mr5uA1gxx25Nna
WOjcc7hQG4bnu8+jXHW0i4PrcZp3Bh4wCREaLcqaY7P3MUt0eYeR1zVOxEPKMUuI
rWbACgOyDoVJhwugcZVyGCXu6aTwvFqalrCTNCam6iS8Um7JjKj9CmSxiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDxBG7XK2i8SWQD2SwFuR/ygyw8EMB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvUEVFYnRjcmFMeEpaQVBaTEFXNUhfS0RMRHdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+yBMA0G
CSqGSIb3DQEBCwUAA4IBAQB2jLkwaXectR5dPO0e9eaVtrrrAGE9rHq3u09ADMqg
jBc3AUU7eQQBGeL8BKQYKcn5p1iZbm82Eij2pBvI9lO3buLk+wtlS0tzeVzvVBSf
Tu11W9gX+9RB6LX0t6pFKuGuSYicEZ/vwg8wL9xUd3SaI2o5gvWXYBwzwNjwWAFq
CX61zF0CFcbukZ++xIuau0c4CeU7goqL0t7tEt6y6o5ww0Z5bZoolEnKG57qtECB
HFEGTNHXQ8I1LQR3mWsw82wVQXIqiy0JMvKIMFzto9k3UJvbPSzXUF8MvHYcn8SJ
XSx6U87+UpZ7y3QzskRLQNKezTjXq8xjNrARgJPKUqLu
-----END CERTIFICATE-----