Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/ljrsKkBLXJvYvcdZuX8JWasQFe4.roa
File:                     ljrsKkBLXJvYvcdZuX8JWasQFe4.roa (raw, json)
Hash identifier:          vBmx7C2e8PSmXtfZdupHaynZdSjLgLaFpSb8R62FCP0=
Subject key identifier:   96:3A:EC:2A:40:4B:5C:9B:D8:BD:C7:59:B9:7F:09:59:AB:10:15:EE
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       019424B27750EE32E42A35386A58FB0CE3BC
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/ljrsKkBLXJvYvcdZuX8JWasQFe4.roa
Signing time:             Thu 02 Jan 2025 01:47:43 +0000
ROA not before:           Thu 02 Jan 2025 01:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212862
IP address blocks:        91.205.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 18:56:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:77:50:ee:32:e4:2a:35:38:6a:58:fb:0c:e3:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  2 01:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=963aec2a404b5c9bd8bdc759b97f0959ab1015ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f0:20:22:08:b6:59:13:f0:ad:c7:43:1e:8e:
                    90:08:9b:0d:d8:27:bc:0e:90:42:72:4e:e6:01:45:
                    05:97:da:02:f2:a5:1e:4f:a7:af:6f:4a:a7:2a:04:
                    54:0e:29:24:47:68:83:e6:93:84:70:f0:55:1c:09:
                    71:fa:20:71:14:19:dc:28:9f:f0:bd:ea:d3:2a:01:
                    ec:2d:7c:63:f0:15:70:f9:56:08:e8:93:0b:e3:05:
                    1f:6e:f1:fe:34:33:81:e2:a9:bd:b8:ff:84:56:5b:
                    86:25:36:80:43:9a:2c:c9:29:a8:cc:5a:fc:46:6c:
                    19:12:d1:b5:93:a0:2a:ac:2c:04:40:f7:e7:e6:cb:
                    c9:9c:cb:31:68:ee:87:f2:b3:0e:c5:91:c7:30:14:
                    dc:ac:12:b9:4c:6d:8e:02:f4:30:20:af:0d:8a:8c:
                    05:92:d1:3f:d3:01:f8:ab:db:c1:85:fe:ee:b5:8c:
                    6b:55:46:b8:73:58:ae:e0:b2:aa:c2:6b:80:8e:21:
                    df:f8:17:80:0b:fc:d4:06:44:ad:72:f7:a8:01:9d:
                    0f:9a:1b:d5:2b:ec:7a:b7:28:7d:85:59:61:4b:e8:
                    89:53:7d:a6:66:f4:8e:92:8e:af:ff:09:f7:eb:f8:
                    dd:43:84:d4:31:fe:6f:61:67:74:a1:3c:5c:6e:11:
                    c9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:3A:EC:2A:40:4B:5C:9B:D8:BD:C7:59:B9:7F:09:59:AB:10:15:EE
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/ljrsKkBLXJvYvcdZuX8JWasQFe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:1d:75:4e:1f:a6:c4:41:f1:e5:36:21:3c:5b:74:1d:91:02:
         43:24:70:7b:93:50:a2:22:aa:32:75:34:a2:02:91:44:e3:35:
         17:de:be:85:8f:98:9d:f0:d7:ff:9a:d8:ed:9f:c6:86:24:3c:
         17:4f:8d:7f:a9:53:a3:33:91:f8:72:b9:a5:b6:ff:2b:f5:71:
         d2:7d:02:1f:a8:34:e9:fd:11:91:a3:ce:44:cc:b0:14:9b:34:
         f4:4d:06:26:86:cb:c7:c6:70:73:43:d6:7d:ff:aa:ba:28:1a:
         59:6c:4b:24:ea:9c:30:6b:a5:67:f0:3b:2c:49:3f:5e:a6:1d:
         15:e2:ea:5b:71:41:c7:35:f3:bb:68:15:04:35:22:69:f1:88:
         7f:e4:5e:de:5b:56:6e:3a:6c:33:2e:94:c5:53:af:a8:29:e1:
         c1:79:41:64:7f:85:c2:14:83:78:f1:7a:0c:98:33:7e:62:18:
         0f:09:d7:e3:a5:30:2c:d3:ca:bd:bf:e2:f3:01:ba:94:85:44:
         a1:ac:f8:ed:a9:9e:20:ab:34:db:fd:af:ba:7d:6e:45:87:a5:
         2c:fa:46:c5:18:fe:5e:46:0e:84:64:bf:ea:a7:70:7f:18:98:
         eb:fa:21:66:76:d3:00:ad:b0:5e:d3:58:91:19:ab:1e:5d:9e:
         8d:04:e0:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksndQ7jLkKjU4alj7DOO8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwMTAyMDE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjNhZWMyYTQwNGI1YzliZDhiZGM3NTliOTdmMDk1OWFiMTAxNWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/AgIgi2WRPwrcdDHo6QCJsN2Ce8
DpBCck7mAUUFl9oC8qUeT6evb0qnKgRUDikkR2iD5pOEcPBVHAlx+iBxFBncKJ/w
verTKgHsLXxj8BVw+VYI6JML4wUfbvH+NDOB4qm9uP+EVluGJTaAQ5osySmozFr8
RmwZEtG1k6AqrCwEQPfn5svJnMsxaO6H8rMOxZHHMBTcrBK5TG2OAvQwIK8NiowF
ktE/0wH4q9vBhf7utYxrVUa4c1iu4LKqwmuAjiHf+BeAC/zUBkStcveoAZ0PmhvV
K+x6tyh9hVlhS+iJU32mZvSOko6v/wn36/jdQ4TUMf5vYWd0oTxcbhHJJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJY67CpAS1yb2L3HWbl/CVmrEBXuMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvbGpyc0trQkxYSnZZdmNkWnVYOEpXYXNRRmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW83cMA0G
CSqGSIb3DQEBCwUAA4IBAQBMHXVOH6bEQfHlNiE8W3QdkQJDJHB7k1CiIqoydTSi
ApFE4zUX3r6Fj5id8Nf/mtjtn8aGJDwXT41/qVOjM5H4crmltv8r9XHSfQIfqDTp
/RGRo85EzLAUmzT0TQYmhsvHxnBzQ9Z9/6q6KBpZbEsk6pwwa6Vn8DssST9eph0V
4upbcUHHNfO7aBUENSJp8Yh/5F7eW1ZuOmwzLpTFU6+oKeHBeUFkf4XCFIN48XoM
mDN+YhgPCdfjpTAs08q9v+LzAbqUhUShrPjtqZ4gqzTb/a+6fW5Fh6Us+kbFGP5e
Rg6EZL/qp3B/GJjr+iFmdtMArbBe01iRGaseXZ6NBOCL
-----END CERTIFICATE-----