Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/hzr42e2R_h-LWwgBpSQZacNEqsc.roa
File:                     hzr42e2R_h-LWwgBpSQZacNEqsc.roa (raw, json)
Hash identifier:          9mXipkAV76pHGL76kppNcnsru8YUceXMwinc9f3N1VQ=
Subject key identifier:   87:3A:F8:D9:ED:91:FE:1F:8B:5B:08:01:A5:24:19:69:C3:44:AA:C7
Certificate issuer:       /CN=3613022dedc1f8f013aa6e390fa23bd22f1fe392
Certificate serial:       0194258E406D72CDFFD37D5E920C0051ADD6
Authority key identifier: 36:13:02:2D:ED:C1:F8:F0:13:AA:6E:39:0F:A2:3B:D2:2F:1F:E3:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NhMCLe3B-PATqm45D6I70i8f45I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/hzr42e2R_h-LWwgBpSQZacNEqsc.roa
Signing time:             Thu 02 Jan 2025 05:47:47 +0000
ROA not before:           Thu 02 Jan 2025 05:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201089
IP address blocks:        91.220.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/NhMCLe3B-PATqm45D6I70i8f45I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/NhMCLe3B-PATqm45D6I70i8f45I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NhMCLe3B-PATqm45D6I70i8f45I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:40:6d:72:cd:ff:d3:7d:5e:92:0c:00:51:ad:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3613022dedc1f8f013aa6e390fa23bd22f1fe392
        Validity
            Not Before: Jan  2 05:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=873af8d9ed91fe1f8b5b0801a5241969c344aac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:93:1d:af:b0:13:91:39:a9:57:ef:9b:95:7c:
                    0e:b0:fd:74:45:e9:30:9a:8c:57:bb:51:6b:5d:5d:
                    01:55:f3:61:8e:ce:63:90:f3:91:70:46:95:ff:25:
                    d0:7a:83:18:9f:fc:f8:32:2a:87:57:ad:6d:21:ab:
                    dc:fb:92:72:0b:60:ff:8d:97:8c:11:fc:7e:56:c6:
                    db:76:73:a0:31:bd:48:6d:d5:2f:94:77:84:ae:9c:
                    f9:7b:bd:95:63:aa:02:45:ed:60:c3:ed:43:34:ab:
                    18:d1:14:27:65:b8:58:74:45:18:c7:52:d2:a5:e5:
                    87:64:c8:e6:c6:7d:e8:cc:e2:92:92:46:bf:0d:17:
                    5b:87:a6:09:e5:73:a0:79:87:f7:53:83:9a:5d:aa:
                    e4:f6:d0:4f:18:73:70:08:3b:61:98:60:0d:2c:ba:
                    83:cc:dc:30:3e:f1:8b:b4:9c:0d:2d:91:ec:ee:0f:
                    79:eb:1c:de:4a:b9:a9:4e:31:b1:80:20:1a:ee:42:
                    21:97:9f:49:64:56:5d:f6:4b:2a:97:ab:db:1a:42:
                    25:01:18:ba:21:f7:19:26:50:f8:41:1b:e1:05:f9:
                    5b:8a:f9:33:cb:2c:9e:c8:f4:a3:84:79:46:5c:72:
                    17:9e:a0:88:d4:fb:e1:70:04:80:25:0b:af:f2:48:
                    0a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:3A:F8:D9:ED:91:FE:1F:8B:5B:08:01:A5:24:19:69:C3:44:AA:C7
            X509v3 Authority Key Identifier:
                keyid:36:13:02:2D:ED:C1:F8:F0:13:AA:6E:39:0F:A2:3B:D2:2F:1F:E3:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NhMCLe3B-PATqm45D6I70i8f45I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/hzr42e2R_h-LWwgBpSQZacNEqsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/1e7f96-e936-42c8-ac62-40669ad19fb9/1/NhMCLe3B-PATqm45D6I70i8f45I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:dd:64:0c:1e:a9:a3:a5:90:5b:a9:19:32:f2:3a:c2:20:b8:
         d2:4c:ed:d3:37:75:02:79:03:12:20:22:d0:90:cc:00:cf:07:
         2a:f8:80:f1:d9:96:44:3e:f0:a9:29:a0:56:ee:4e:e5:eb:d3:
         7d:12:1b:3e:93:d9:a2:0e:92:22:f5:36:b8:a9:ad:1c:d5:9d:
         01:aa:8a:14:32:20:50:15:0b:a9:f8:f9:a4:99:e1:79:12:ba:
         85:40:14:93:2b:fb:aa:f5:f1:1b:3b:54:9a:2c:d1:fe:03:68:
         6d:18:35:c4:fd:31:0a:94:1e:0b:bf:b8:62:11:09:52:e8:73:
         6b:e1:fc:6d:92:cb:a6:ab:2e:70:d9:1c:3a:3f:4e:7c:d1:42:
         c9:e9:8f:27:9a:52:8b:1b:cf:69:0f:ae:d6:4b:a8:1d:4e:12:
         da:43:d9:61:95:78:06:12:1c:e7:7a:7e:98:92:a5:f0:d7:10:
         ad:a0:89:da:06:3f:23:b2:31:7a:6e:0f:ae:7a:e6:a9:c1:a3:
         73:40:66:82:8b:56:79:cd:b0:1b:45:0d:96:6a:e0:56:d8:1f:
         10:a6:16:c1:13:67:b3:99:6a:de:d4:68:a8:13:3e:d4:fd:8a:
         ab:45:cc:fd:4f:fd:df:69:f6:24:9d:6d:aa:cf:bb:29:b6:09:
         b4:5a:94:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljkBtcs3/031ekgwAUa3WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2MTMwMjJkZWRjMWY4ZjAxM2FhNmUzOTBmYTIzYmQyMmYx
ZmUzOTIwHhcNMjUwMTAyMDU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzNhZjhkOWVkOTFmZTFmOGI1YjA4MDFhNTI0MTk2OWMzNDRhYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5Mdr7ATkTmpV++blXwOsP10Rekw
moxXu1FrXV0BVfNhjs5jkPORcEaV/yXQeoMYn/z4MiqHV61tIavc+5JyC2D/jZeM
Efx+VsbbdnOgMb1IbdUvlHeErpz5e72VY6oCRe1gw+1DNKsY0RQnZbhYdEUYx1LS
peWHZMjmxn3ozOKSkka/DRdbh6YJ5XOgeYf3U4OaXark9tBPGHNwCDthmGANLLqD
zNwwPvGLtJwNLZHs7g956xzeSrmpTjGxgCAa7kIhl59JZFZd9ksql6vbGkIlARi6
IfcZJlD4QRvhBflbivkzyyyeyPSjhHlGXHIXnqCI1PvhcASAJQuv8kgKHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIc6+Nntkf4fi1sIAaUkGWnDRKrHMB8GA1UdIwQY
MBaAFDYTAi3twfjwE6puOQ+iO9IvH+OSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmhNQ0xlM0ItUEFUcW00NUQ2STcwaThmNDVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC8xZTdmOTYtZTkzNi00MmM4LWFjNjIt
NDA2NjlhZDE5ZmI5LzEvaHpyNDJlMlJfaC1MV3dnQnBTUVphY05FcXNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC8xZTdmOTYtZTkzNi00MmM4LWFjNjItNDA2NjlhZDE5ZmI5
LzEvTmhNQ0xlM0ItUEFUcW00NUQ2STcwaThmNDVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wpMA0G
CSqGSIb3DQEBCwUAA4IBAQBk3WQMHqmjpZBbqRky8jrCILjSTO3TN3UCeQMSICLQ
kMwAzwcq+IDx2ZZEPvCpKaBW7k7l69N9Ehs+k9miDpIi9Ta4qa0c1Z0BqooUMiBQ
FQup+PmkmeF5ErqFQBSTK/uq9fEbO1SaLNH+A2htGDXE/TEKlB4Lv7hiEQlS6HNr
4fxtksumqy5w2Rw6P0580ULJ6Y8nmlKLG89pD67WS6gdThLaQ9lhlXgGEhznen6Y
kqXw1xCtoInaBj8jsjF6bg+ueuapwaNzQGaCi1Z5zbAbRQ2WauBW2B8QphbBE2ez
mWre1GioEz7U/YqrRcz9T/3fafYknW2qz7sptgm0WpRR
-----END CERTIFICATE-----