Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/ac273a-9c8b-4ef7-a400-c3761a75d047/1/1-PjUZT902dDkd6VPDrdDPHXwUZw.roa
File:                     1-PjUZT902dDkd6VPDrdDPHXwUZw.roa (raw, json)
Hash identifier:          MHJPB3k7tQCL3suOF/2f4yZcUJ+jnvq9tJxwFWeEEbc=
Subject key identifier:   F8:F8:D4:65:3F:74:D9:D0:E4:77:A5:4F:0E:B7:43:3C:75:F0:51:9C
Certificate issuer:       /CN=917c33c75961318d8ee3cb13464a90d00ab8bd2d
Certificate serial:       019424455FAC859D9FF15921092D5C380D66
Authority key identifier: 91:7C:33:C7:59:61:31:8D:8E:E3:CB:13:46:4A:90:D0:0A:B8:BD:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kXwzx1lhMY2O48sTRkqQ0Aq4vS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/ac273a-9c8b-4ef7-a400-c3761a75d047/1/1-PjUZT902dDkd6VPDrdDPHXwUZw.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56962
IP address blocks:        91.242.235.0/24 maxlen: 24
                          212.24.121.0/24 maxlen: 24
                          2a11:2740::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/ac273a-9c8b-4ef7-a400-c3761a75d047/1/kXwzx1lhMY2O48sTRkqQ0Aq4vS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/ac273a-9c8b-4ef7-a400-c3761a75d047/1/kXwzx1lhMY2O48sTRkqQ0Aq4vS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kXwzx1lhMY2O48sTRkqQ0Aq4vS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5f:ac:85:9d:9f:f1:59:21:09:2d:5c:38:0d:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=917c33c75961318d8ee3cb13464a90d00ab8bd2d
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8f8d4653f74d9d0e477a54f0eb7433c75f0519c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1c:03:b7:dd:22:2c:10:00:1d:98:2c:90:6d:
                    64:11:ff:a6:62:be:71:fa:c8:cc:7f:d5:98:ea:e4:
                    ec:f8:cf:50:ec:4c:6b:8a:68:bd:03:6a:50:bf:b1:
                    84:d9:dd:da:ec:59:b8:62:81:50:a8:c1:82:40:94:
                    d6:10:8d:8c:d3:f3:75:aa:93:31:dc:95:30:ec:2e:
                    45:17:e6:ea:93:d7:2f:63:e0:ca:73:c4:9e:c7:36:
                    25:61:8d:6f:2e:72:f9:b5:e7:d1:ea:2d:0b:d2:13:
                    83:b4:4d:5a:7f:e2:64:52:e9:e3:aa:43:de:8e:45:
                    a9:34:0c:28:ee:44:23:b6:4b:1a:27:24:5b:be:a9:
                    72:b4:42:53:90:90:05:dd:81:57:1c:4c:12:2a:5b:
                    d1:80:16:65:e7:ce:03:44:db:ab:0d:cb:a0:f8:d7:
                    cb:33:dc:5b:95:8d:cc:2a:61:bb:bb:bf:6f:e3:61:
                    25:af:8d:0e:67:9f:6c:40:97:88:3b:5b:21:6e:d0:
                    cc:3e:d6:a6:cf:08:06:e6:97:c0:fa:a0:43:a7:6c:
                    79:da:87:5f:5a:82:69:f7:ea:07:ab:a3:ae:9d:23:
                    1d:cf:88:95:bf:4a:ef:c3:9c:00:ed:11:75:41:e5:
                    07:7b:60:d9:5c:4e:62:72:63:01:d6:17:58:0e:0d:
                    f6:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:F8:D4:65:3F:74:D9:D0:E4:77:A5:4F:0E:B7:43:3C:75:F0:51:9C
            X509v3 Authority Key Identifier:
                keyid:91:7C:33:C7:59:61:31:8D:8E:E3:CB:13:46:4A:90:D0:0A:B8:BD:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kXwzx1lhMY2O48sTRkqQ0Aq4vS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/ac273a-9c8b-4ef7-a400-c3761a75d047/1/1-PjUZT902dDkd6VPDrdDPHXwUZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/ac273a-9c8b-4ef7-a400-c3761a75d047/1/kXwzx1lhMY2O48sTRkqQ0Aq4vS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.235.0/24
                  212.24.121.0/24
                IPv6:
                  2a11:2740::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:7d:20:47:76:6f:f2:27:09:a0:57:04:ec:d8:21:2b:cc:bf:
         6c:80:3a:a6:2f:83:25:3a:a3:f3:a0:65:f3:a8:b4:ac:a6:4e:
         81:6a:7a:02:2a:1a:9c:62:7f:5d:41:c7:3a:a4:7e:08:ef:91:
         80:84:76:2b:96:08:a4:d4:ff:61:7b:ac:05:e8:74:18:ba:b6:
         91:51:b8:89:0a:52:b0:1e:62:c2:17:7f:7d:1f:23:10:04:1e:
         8f:f7:24:9e:c2:19:f7:b8:89:fd:92:c6:2f:c2:21:ca:63:78:
         46:36:1c:7b:7c:cb:6b:87:f6:66:c7:69:0d:e6:9f:3e:2a:2d:
         58:94:15:bb:01:a0:fb:ec:14:80:4c:65:0b:84:a1:10:52:54:
         e1:c8:54:e3:d8:47:2b:96:59:13:45:98:d4:68:cc:69:4b:2d:
         3a:b2:d0:3f:0d:6b:22:d6:7a:9e:46:95:a4:56:ea:f8:e8:71:
         89:6f:0d:ef:f8:e8:a3:c2:67:95:56:d0:99:a5:60:a6:01:3b:
         7e:81:d5:c3:d8:4f:bf:8d:34:3f:6f:bd:65:27:e4:a7:e4:75:
         51:5b:ae:ad:e3:0d:6a:51:62:07:02:a3:c2:03:20:0a:8d:aa:
         34:3c:de:79:ef:20:83:44:02:bb:ac:f5:ba:96:f8:76:29:74:
         45:cc:2b:e4
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQkRV+shZ2f8VkhCS1cOA1mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxN2MzM2M3NTk2MTMxOGQ4ZWUzY2IxMzQ2NGE5MGQwMGFi
OGJkMmQwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGY4ZDQ2NTNmNzRkOWQwZTQ3N2E1NGYwZWI3NDMzYzc1ZjA1MTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RwDt90iLBAAHZgskG1kEf+mYr5x
+sjMf9WY6uTs+M9Q7Exrimi9A2pQv7GE2d3a7Fm4YoFQqMGCQJTWEI2M0/N1qpMx
3JUw7C5FF+bqk9cvY+DKc8SexzYlYY1vLnL5tefR6i0L0hODtE1af+JkUunjqkPe
jkWpNAwo7kQjtksaJyRbvqlytEJTkJAF3YFXHEwSKlvRgBZl584DRNurDcug+NfL
M9xblY3MKmG7u79v42Elr40OZ59sQJeIO1shbtDMPtamzwgG5pfA+qBDp2x52odf
WoJp9+oHq6OunSMdz4iVv0rvw5wA7RF1QeUHe2DZXE5icmMB1hdYDg32bQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPj41GU/dNnQ5HelTw63Qzx18FGcMB8GA1UdIwQY
MBaAFJF8M8dZYTGNjuPLE0ZKkNAKuL0tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1h3engxbGhNWTJPNDhzVFJrcVEwQXE0dlMwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi9hYzI3M2EtOWM4Yi00ZWY3LWE0MDAt
YzM3NjFhNzVkMDQ3LzEvMS1QalVaVDkwMmREa2Q2VlBEcmREUEhYd1Vady5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODIvYWMyNzNhLTljOGItNGVmNy1hNDAwLWMzNzYxYTc1ZDA0
Ny8xL2tYd3p4MWxoTVkyTzQ4c1RSa3FRMEFxNHZTMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAFvy6wME
ANQYeTANBAIAAjAHAwUDKhEnQDANBgkqhkiG9w0BAQsFAAOCAQEAi30gR3Zv8icJ
oFcE7NghK8y/bIA6pi+DJTqj86Bl86i0rKZOgWp6AioanGJ/XUHHOqR+CO+RgIR2
K5YIpNT/YXusBeh0GLq2kVG4iQpSsB5iwhd/fR8jEAQej/cknsIZ97iJ/ZLGL8Ih
ymN4RjYce3zLa4f2ZsdpDeafPiotWJQVuwGg++wUgExlC4ShEFJU4chU49hHK5ZZ
E0WY1GjMaUstOrLQPw1rItZ6nkaVpFbq+OhxiW8N7/joo8JnlVbQmaVgpgE7foHV
w9hPv400P2+9ZSfkp+R1UVuureMNalFiBwKjwgMgCo2qNDzeee8gg0QCu6z1upb4
dil0Rcwr5A==
-----END CERTIFICATE-----