Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/xbFh-XL0EOh1euSo-ddC7jaGUKM.roa
File:                     xbFh-XL0EOh1euSo-ddC7jaGUKM.roa (raw, json)
Hash identifier:          8IT/bBcEgFQE8EaggOanI6nAulFvf6rnXMDUQLI1njI=
Subject key identifier:   C5:B1:61:F9:72:F4:10:E8:75:7A:E4:A8:F9:D7:42:EE:36:86:50:A3
Certificate issuer:       /CN=da296bd0031d6dada6c73073608f3d11e445ce44
Certificate serial:       019423697F2FB48F222BB49E70BE0F5CE999
Authority key identifier: DA:29:6B:D0:03:1D:6D:AD:A6:C7:30:73:60:8F:3D:11:E4:45:CE:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ilr0AMdba2mxzBzYI89EeRFzkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/xbFh-XL0EOh1euSo-ddC7jaGUKM.roa
Signing time:             Wed 01 Jan 2025 19:48:23 +0000
ROA not before:           Wed 01 Jan 2025 19:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57536
IP address blocks:        91.232.190.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/2ilr0AMdba2mxzBzYI89EeRFzkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/2ilr0AMdba2mxzBzYI89EeRFzkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ilr0AMdba2mxzBzYI89EeRFzkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 22:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:7f:2f:b4:8f:22:2b:b4:9e:70:be:0f:5c:e9:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da296bd0031d6dada6c73073608f3d11e445ce44
        Validity
            Not Before: Jan  1 19:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5b161f972f410e8757ae4a8f9d742ee368650a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a7:b2:ba:aa:d2:9e:cd:96:bb:db:c7:ed:23:
                    10:b3:d9:78:a6:a0:e3:4c:59:91:91:41:d1:23:93:
                    76:50:81:9d:d0:3f:d1:bf:df:3e:85:77:ad:ac:c9:
                    1c:f5:1a:a1:f8:2a:f1:b2:6a:69:7c:62:b3:c5:eb:
                    da:fd:d5:0b:78:d3:09:c1:99:c0:52:ea:af:f4:71:
                    e1:33:86:5a:5a:e7:6f:e5:63:29:e5:1a:fe:99:df:
                    8b:c3:bf:b3:18:23:3c:de:b0:f1:ed:0f:6a:3d:79:
                    02:63:d9:32:0f:3c:bb:be:35:d7:19:a2:5f:e4:e6:
                    0a:2b:3b:32:0d:da:a1:26:b2:2d:b3:cd:cf:c7:3d:
                    88:2f:07:b3:ed:aa:22:10:9e:1d:26:09:fc:43:0c:
                    ca:c0:6d:d1:e7:f4:87:28:a9:9a:fe:5f:43:6a:0a:
                    87:29:51:ee:16:cd:1f:49:a5:a8:15:f0:5f:a7:c2:
                    c9:c2:2e:ac:ba:a0:14:7c:88:55:e2:6a:44:f6:ce:
                    79:99:76:d4:2d:96:87:38:9f:14:bd:66:7a:af:cd:
                    ca:3f:bd:71:77:7d:38:d1:20:aa:72:34:e3:9c:8e:
                    c2:35:91:a5:0f:87:6f:72:3b:a9:54:7b:0f:2b:6d:
                    ae:e8:19:68:6a:30:f0:cb:fc:13:72:7d:0a:20:ad:
                    d2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:B1:61:F9:72:F4:10:E8:75:7A:E4:A8:F9:D7:42:EE:36:86:50:A3
            X509v3 Authority Key Identifier:
                keyid:DA:29:6B:D0:03:1D:6D:AD:A6:C7:30:73:60:8F:3D:11:E4:45:CE:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ilr0AMdba2mxzBzYI89EeRFzkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/xbFh-XL0EOh1euSo-ddC7jaGUKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/1aafa0-0278-4dd6-8807-5726c2b5148d/1/2ilr0AMdba2mxzBzYI89EeRFzkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:59:bc:19:ad:70:fd:80:c4:82:fb:20:5b:9a:92:71:61:e8:
         db:2f:f2:d3:82:d2:b9:d0:23:91:34:b2:7c:60:fa:c6:68:85:
         5c:e5:ee:9d:38:cc:d2:39:a5:ed:f7:d0:e8:2a:e2:17:7b:0b:
         c0:62:a4:4a:21:c0:da:6d:7f:e9:bb:f4:9d:e2:c3:c0:30:f8:
         22:6e:a7:4a:87:ef:83:45:85:a0:78:7b:d6:57:16:09:46:6b:
         8c:51:b2:fd:3f:71:d0:c3:fc:3f:ab:8c:af:c9:66:ac:b5:41:
         c5:59:d7:a4:3f:d9:a5:e2:74:91:d8:46:8a:a8:0b:61:38:d1:
         f6:1c:07:60:e1:03:94:4f:32:4e:20:1a:c4:d4:7e:c7:42:24:
         97:68:95:f5:0a:46:75:4d:73:ff:88:99:df:61:71:30:39:d9:
         1c:03:7e:38:2b:d5:6f:1d:54:bd:32:2e:c4:66:34:a6:11:b7:
         37:72:89:5f:6c:8a:aa:85:54:f5:f2:51:97:2b:90:af:22:c5:
         7f:5f:c8:e6:6f:b6:0a:dd:59:01:e4:d5:7d:dc:e0:00:1d:15:
         d8:24:15:74:fd:f4:ff:49:4f:89:9c:27:d8:1f:e3:b6:4f:92:
         95:e9:10:bd:c8:30:74:da:7f:de:0a:68:17:db:46:66:f5:b3:
         db:98:1a:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaX8vtI8iK7SecL4PXOmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMjk2YmQwMDMxZDZkYWRhNmM3MzA3MzYwOGYzZDExZTQ0
NWNlNDQwHhcNMjUwMTAxMTk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWIxNjFmOTcyZjQxMGU4NzU3YWU0YThmOWQ3NDJlZTM2ODY1MGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqeyuqrSns2Wu9vH7SMQs9l4pqDj
TFmRkUHRI5N2UIGd0D/Rv98+hXetrMkc9Rqh+CrxsmppfGKzxeva/dULeNMJwZnA
Uuqv9HHhM4ZaWudv5WMp5Rr+md+Lw7+zGCM83rDx7Q9qPXkCY9kyDzy7vjXXGaJf
5OYKKzsyDdqhJrIts83Pxz2ILwez7aoiEJ4dJgn8QwzKwG3R5/SHKKma/l9DagqH
KVHuFs0fSaWoFfBfp8LJwi6suqAUfIhV4mpE9s55mXbULZaHOJ8UvWZ6r83KP71x
d3040SCqcjTjnI7CNZGlD4dvcjupVHsPK22u6BloajDwy/wTcn0KIK3SeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWxYfly9BDodXrkqPnXQu42hlCjMB8GA1UdIwQY
MBaAFNopa9ADHW2tpscwc2CPPRHkRc5EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmlscjBBTWRiYTJteHpCellJODlFZVJGemtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC8xYWFmYTAtMDI3OC00ZGQ2LTg4MDct
NTcyNmMyYjUxNDhkLzEveGJGaC1YTDBFT2gxZXVTby1kZEM3amFHVUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC8xYWFmYTAtMDI3OC00ZGQ2LTg4MDctNTcyNmMyYjUxNDhk
LzEvMmlscjBBTWRiYTJteHpCellJODlFZVJGemtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+i+MA0G
CSqGSIb3DQEBCwUAA4IBAQAXWbwZrXD9gMSC+yBbmpJxYejbL/LTgtK50CORNLJ8
YPrGaIVc5e6dOMzSOaXt99DoKuIXewvAYqRKIcDabX/pu/Sd4sPAMPgibqdKh++D
RYWgeHvWVxYJRmuMUbL9P3HQw/w/q4yvyWastUHFWdekP9ml4nSR2EaKqAthONH2
HAdg4QOUTzJOIBrE1H7HQiSXaJX1CkZ1TXP/iJnfYXEwOdkcA344K9VvHVS9Mi7E
ZjSmEbc3colfbIqqhVT18lGXK5CvIsV/X8jmb7YK3VkB5NV93OAAHRXYJBV0/fT/
SU+JnCfYH+O2T5KV6RC9yDB02n/eCmgX20Zm9bPbmBoj
-----END CERTIFICATE-----