Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/ttZNv6l1EeF-xiTWTGqQIM7MdNI.roa
File:                     ttZNv6l1EeF-xiTWTGqQIM7MdNI.roa (raw, json)
Hash identifier:          7CYeRmxgoUhsy4kTyySHz2v5rlglnUVr1BYD9Sp0a6Q=
Subject key identifier:   B6:D6:4D:BF:A9:75:11:E1:7E:C6:24:D6:4C:6A:90:20:CE:CC:74:D2
Certificate issuer:       /CN=1af91dcedfdefdce59bdb05002b1cb6c52f0c5d3
Certificate serial:       0194228DEC423C052D61116C2572847DFE57
Authority key identifier: 1A:F9:1D:CE:DF:DE:FD:CE:59:BD:B0:50:02:B1:CB:6C:52:F0:C5:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/ttZNv6l1EeF-xiTWTGqQIM7MdNI.roa
Signing time:             Wed 01 Jan 2025 15:48:33 +0000
ROA not before:           Wed 01 Jan 2025 15:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34270
IP address blocks:        85.91.224.0/19 maxlen: 19
                          2a01:3f8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:ec:42:3c:05:2d:61:11:6c:25:72:84:7d:fe:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1af91dcedfdefdce59bdb05002b1cb6c52f0c5d3
        Validity
            Not Before: Jan  1 15:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6d64dbfa97511e17ec624d64c6a9020cecc74d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:2d:df:01:15:4a:de:2e:9d:e7:af:e2:23:c3:
                    77:4f:4b:62:e3:eb:fb:3f:e6:e8:4f:0e:fd:7b:1f:
                    0e:16:67:98:b5:cc:29:cd:55:42:9e:5d:df:e7:08:
                    f9:fd:3e:f1:05:3e:d3:48:6f:8f:88:f1:44:3f:cf:
                    5d:17:d1:00:21:01:87:83:97:87:a8:3d:01:be:ea:
                    4f:13:af:92:ef:1d:66:08:36:6a:db:62:da:60:d6:
                    d5:aa:3e:fa:a7:71:0f:cc:c0:42:bb:67:b6:2a:d9:
                    d7:23:a5:8a:44:8e:98:8d:5b:c0:74:c1:91:d9:56:
                    36:8f:37:ba:7e:28:96:ba:62:9a:55:0e:e1:05:6e:
                    32:5b:11:47:58:ab:4c:b7:e3:2b:8d:bf:ed:3a:65:
                    d9:7b:98:60:24:b1:f4:e2:67:74:de:24:de:88:54:
                    77:12:c1:87:81:76:1f:e8:0b:27:b5:d7:64:21:d4:
                    e7:dc:de:22:1b:30:6f:ef:1f:36:8d:3d:30:b4:a8:
                    60:c1:d3:9c:dc:6e:33:03:c6:53:4c:e2:72:94:71:
                    a4:46:85:e3:3f:ef:5c:61:20:58:1a:df:09:f0:49:
                    1c:64:4f:e3:9b:a8:56:33:6a:de:fe:0d:05:1d:16:
                    8e:10:44:ff:9a:48:65:ba:80:6e:52:aa:1a:58:44:
                    7a:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:D6:4D:BF:A9:75:11:E1:7E:C6:24:D6:4C:6A:90:20:CE:CC:74:D2
            X509v3 Authority Key Identifier:
                keyid:1A:F9:1D:CE:DF:DE:FD:CE:59:BD:B0:50:02:B1:CB:6C:52:F0:C5:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/ttZNv6l1EeF-xiTWTGqQIM7MdNI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/d7d04c-3175-43ad-9e3d-10a4e537226e/1/Gvkdzt_e_c5ZvbBQArHLbFLwxdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.91.224.0/19
                IPv6:
                  2a01:3f8::/32

    Signature Algorithm: sha256WithRSAEncryption
         88:52:a2:90:46:34:e7:29:a5:3e:35:b4:0c:c7:51:d2:29:1b:
         d0:5e:fb:86:8e:1c:81:d6:a3:01:47:4b:ce:81:0e:eb:8d:c8:
         c8:4e:ca:59:c8:f6:77:37:8d:e1:29:59:64:b5:de:ec:c9:8b:
         2a:f7:2c:29:e6:93:bc:7a:19:54:4b:33:5a:7b:00:71:09:45:
         06:55:9f:a3:d6:52:f8:88:70:b3:b5:c9:3e:f9:2f:b8:c7:a8:
         3f:0e:93:b2:0c:c4:eb:73:8c:32:5b:d7:6b:26:d5:2c:cb:e7:
         1a:fd:2c:df:5b:ca:2c:fc:66:41:b1:ee:ad:8a:df:9c:b6:94:
         58:e3:7e:e9:42:1a:c9:c4:3b:93:49:97:0f:14:f4:c9:96:32:
         09:8c:6b:bf:76:4f:19:00:95:75:24:af:c9:32:82:7f:23:2f:
         5a:33:f2:e8:e3:8a:82:74:8e:c7:a4:0e:bc:69:18:e3:fd:4b:
         88:27:1f:cf:98:54:63:de:53:27:7d:49:8e:1c:80:03:a3:d5:
         72:82:64:50:e0:fb:06:03:c6:d5:99:1c:0a:ac:65:36:bd:09:
         3c:dd:84:5e:3a:22:ba:f5:88:3e:1d:f2:3d:6d:1a:1a:6c:69:
         a6:ff:94:5e:97:16:64:5e:c9:d4:e4:f8:ea:a6:c8:30:2d:b6:
         fc:17:72:6d
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijexCPAUtYRFsJXKEff5XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZjkxZGNlZGZkZWZkY2U1OWJkYjA1MDAyYjFjYjZjNTJm
MGM1ZDMwHhcNMjUwMTAxMTU0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmQ2NGRiZmE5NzUxMWUxN2VjNjI0ZDY0YzZhOTAyMGNlY2M3NGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxy3fARVK3i6d56/iI8N3T0ti4+v7
P+boTw79ex8OFmeYtcwpzVVCnl3f5wj5/T7xBT7TSG+PiPFEP89dF9EAIQGHg5eH
qD0BvupPE6+S7x1mCDZq22LaYNbVqj76p3EPzMBCu2e2KtnXI6WKRI6YjVvAdMGR
2VY2jze6fiiWumKaVQ7hBW4yWxFHWKtMt+Mrjb/tOmXZe5hgJLH04md03iTeiFR3
EsGHgXYf6AsntddkIdTn3N4iGzBv7x82jT0wtKhgwdOc3G4zA8ZTTOJylHGkRoXj
P+9cYSBYGt8J8EkcZE/jm6hWM2re/g0FHRaOEET/mkhluoBuUqoaWER6SwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLbWTb+pdRHhfsYk1kxqkCDOzHTSMB8GA1UdIwQY
MBaAFBr5Hc7f3v3OWb2wUAKxy2xS8MXTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3ZrZHp0X2VfYzVadmJCUUFySExiRkx3eGRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9kN2QwNGMtMzE3NS00M2FkLTllM2Qt
MTBhNGU1MzcyMjZlLzEvdHRaTnY2bDFFZUYteGlUV1RHcVFJTTdNZE5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9kN2QwNGMtMzE3NS00M2FkLTllM2QtMTBhNGU1MzcyMjZl
LzEvR3ZrZHp0X2VfYzVadmJCUUFySExiRkx3eGRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFVVvgMA0E
AgACMAcDBQAqAQP4MA0GCSqGSIb3DQEBCwUAA4IBAQCIUqKQRjTnKaU+NbQMx1HS
KRvQXvuGjhyB1qMBR0vOgQ7rjcjITspZyPZ3N43hKVlktd7syYsq9ywp5pO8ehlU
SzNaewBxCUUGVZ+j1lL4iHCztck++S+4x6g/DpOyDMTrc4wyW9drJtUsy+ca/Szf
W8os/GZBse6tit+ctpRY437pQhrJxDuTSZcPFPTJljIJjGu/dk8ZAJV1JK/JMoJ/
Iy9aM/Lo44qCdI7HpA68aRjj/UuIJx/PmFRj3lMnfUmOHIADo9VygmRQ4PsGA8bV
mRwKrGU2vQk83YReOiK69Yg+HfI9bRoabGmm/5RelxZkXsnU5PjqpsgwLbb8F3Jt
-----END CERTIFICATE-----