Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/xj0Zl5jyKNtmExsm8HUfZTBh1W4.roa
File:                     xj0Zl5jyKNtmExsm8HUfZTBh1W4.roa (raw, json)
Hash identifier:          qJ7mmoo0SJOyk9TkckQkyKsoiQJfN7oKl35vQICMSm0=
Subject key identifier:   C6:3D:19:97:98:F2:28:DB:66:13:1B:26:F0:75:1F:65:30:61:D5:6E
Certificate issuer:       /CN=626aa89132d2a684d8d2a1a3f7e40f2234636f38
Certificate serial:       019423D7584E3C6E85E526010AF47B7D969F
Authority key identifier: 62:6A:A8:91:32:D2:A6:84:D8:D2:A1:A3:F7:E4:0F:22:34:63:6F:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YmqokTLSpoTY0qGj9-QPIjRjbzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/xj0Zl5jyKNtmExsm8HUfZTBh1W4.roa
Signing time:             Wed 01 Jan 2025 21:48:22 +0000
ROA not before:           Wed 01 Jan 2025 21:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51793
IP address blocks:        91.221.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/YmqokTLSpoTY0qGj9-QPIjRjbzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/YmqokTLSpoTY0qGj9-QPIjRjbzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YmqokTLSpoTY0qGj9-QPIjRjbzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:58:4e:3c:6e:85:e5:26:01:0a:f4:7b:7d:96:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=626aa89132d2a684d8d2a1a3f7e40f2234636f38
        Validity
            Not Before: Jan  1 21:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c63d199798f228db66131b26f0751f653061d56e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a4:f6:83:94:55:e8:40:67:e0:b3:56:85:68:
                    7e:6d:fc:bb:ff:95:94:a8:0c:6b:11:70:45:d3:83:
                    21:51:a0:06:dd:83:cd:e6:83:d7:6a:80:29:80:11:
                    1e:f4:81:c5:ba:92:73:d3:b2:97:94:60:70:13:57:
                    35:6a:1b:4c:6b:29:29:54:c7:37:7f:c9:57:67:91:
                    34:3e:72:0c:74:ca:84:ba:01:86:dc:96:cd:ec:0d:
                    73:cd:64:1f:5f:5b:1b:4a:b3:9e:e7:6c:34:5c:07:
                    bd:3d:c5:dd:44:f9:1b:f2:69:a4:7a:f9:e4:88:cc:
                    f4:a3:8b:bb:4a:54:db:a9:38:3c:b5:08:36:75:81:
                    e1:5c:c0:d0:09:5f:9e:19:9f:07:90:56:b3:44:ca:
                    db:50:da:1d:b8:b3:75:1d:ff:6a:7b:4b:0d:f3:f8:
                    61:88:6d:04:74:5f:09:bd:c7:4b:21:14:4f:3c:25:
                    a8:12:1f:46:77:91:9d:b2:8e:67:7e:c4:c5:d0:76:
                    35:9e:55:34:4d:0f:2a:c6:67:db:74:37:b5:fb:e3:
                    99:77:50:9d:81:de:f0:8c:80:6f:64:d9:32:62:8b:
                    8c:95:4b:fa:2b:ff:85:f6:c8:b2:f5:da:6e:a7:e2:
                    91:5f:04:a6:f8:89:9b:7f:fa:ae:46:c3:09:02:1b:
                    6a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3D:19:97:98:F2:28:DB:66:13:1B:26:F0:75:1F:65:30:61:D5:6E
            X509v3 Authority Key Identifier:
                keyid:62:6A:A8:91:32:D2:A6:84:D8:D2:A1:A3:F7:E4:0F:22:34:63:6F:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YmqokTLSpoTY0qGj9-QPIjRjbzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/xj0Zl5jyKNtmExsm8HUfZTBh1W4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/4cc0a8-ec44-49dd-a3e2-2926fc5f61b7/1/YmqokTLSpoTY0qGj9-QPIjRjbzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:b9:60:8e:39:90:cf:b5:b2:21:e1:86:e3:83:4d:7c:5a:b0:
         bc:4f:7e:88:4c:54:dd:f7:5a:47:82:55:0a:5d:2b:f2:d5:a4:
         4b:4b:9d:24:7a:d3:ee:94:16:e1:ff:6c:0c:77:49:06:4c:73:
         67:e0:64:05:94:21:81:5f:f9:a0:fa:50:1c:3f:b0:4d:10:41:
         f9:2b:cb:d8:de:8c:9d:ce:f5:39:0c:dd:05:a8:22:1a:3d:91:
         14:14:30:08:63:2e:d6:85:9a:d9:64:2b:25:f7:0c:4b:01:43:
         89:73:db:32:ba:a9:80:e8:c2:59:04:1a:80:bf:98:5e:5a:73:
         c4:34:3d:88:0c:23:58:7a:91:79:aa:1f:e9:f5:25:d5:89:4c:
         86:ce:ee:94:31:e4:02:93:de:3d:6d:dc:b3:02:25:db:fc:49:
         7d:eb:a5:04:18:6b:fe:94:be:85:22:70:33:d5:52:3e:59:44:
         10:30:c5:b6:05:43:c8:e7:e4:c8:94:87:a6:6c:8e:8e:71:30:
         b2:74:d0:2f:53:69:eb:af:0c:11:84:0d:b9:19:3a:f8:41:01:
         6a:ad:79:b5:6d:10:4a:df:52:9d:82:c6:6c:d4:1a:e6:59:98:
         db:e3:d7:92:46:d5:2c:ea:4f:84:23:31:e2:43:ba:34:d5:cc:
         07:f1:e9:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj11hOPG6F5SYBCvR7fZafMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyNmFhODkxMzJkMmE2ODRkOGQyYTFhM2Y3ZTQwZjIyMzQ2
MzZmMzgwHhcNMjUwMTAxMjE0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNkMTk5Nzk4ZjIyOGRiNjYxMzFiMjZmMDc1MWY2NTMwNjFkNTZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6T2g5RV6EBn4LNWhWh+bfy7/5WU
qAxrEXBF04MhUaAG3YPN5oPXaoApgBEe9IHFupJz07KXlGBwE1c1ahtMaykpVMc3
f8lXZ5E0PnIMdMqEugGG3JbN7A1zzWQfX1sbSrOe52w0XAe9PcXdRPkb8mmkevnk
iMz0o4u7SlTbqTg8tQg2dYHhXMDQCV+eGZ8HkFazRMrbUNoduLN1Hf9qe0sN8/hh
iG0EdF8JvcdLIRRPPCWoEh9Gd5Gdso5nfsTF0HY1nlU0TQ8qxmfbdDe1++OZd1Cd
gd7wjIBvZNkyYouMlUv6K/+F9siy9dpup+KRXwSm+Imbf/quRsMJAhtqewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMY9GZeY8ijbZhMbJvB1H2UwYdVuMB8GA1UdIwQY
MBaAFGJqqJEy0qaE2NKho/fkDyI0Y284MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW1xb2tUTFNwb1RZMHFHajktUVBJalJqYnpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC80Y2MwYTgtZWM0NC00OWRkLWEzZTIt
MjkyNmZjNWY2MWI3LzEveGowWmw1anlLTnRtRXhzbThIVWZaVEJoMVc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC80Y2MwYTgtZWM0NC00OWRkLWEzZTItMjkyNmZjNWY2MWI3
LzEvWW1xb2tUTFNwb1RZMHFHajktUVBJalJqYnpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW91OMA0G
CSqGSIb3DQEBCwUAA4IBAQBVuWCOOZDPtbIh4Ybjg018WrC8T36ITFTd91pHglUK
XSvy1aRLS50ketPulBbh/2wMd0kGTHNn4GQFlCGBX/mg+lAcP7BNEEH5K8vY3oyd
zvU5DN0FqCIaPZEUFDAIYy7WhZrZZCsl9wxLAUOJc9syuqmA6MJZBBqAv5heWnPE
ND2IDCNYepF5qh/p9SXViUyGzu6UMeQCk949bdyzAiXb/El966UEGGv+lL6FInAz
1VI+WUQQMMW2BUPI5+TIlIembI6OcTCydNAvU2nrrwwRhA25GTr4QQFqrXm1bRBK
31KdgsZs1BrmWZjb49eSRtUs6k+EIzHiQ7o01cwH8elD
-----END CERTIFICATE-----