Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/xJ066uLw5CBis8gyryLoKkqRKLI.roa
File:                     xJ066uLw5CBis8gyryLoKkqRKLI.roa (raw, json)
Hash identifier:          WiY+5aheCWzt8o2WuBVa4kjZbzzagp24qPWKgNtl8EM=
Subject key identifier:   C4:9D:3A:EA:E2:F0:E4:20:62:B3:C8:32:AF:22:E8:2A:4A:91:28:B2
Certificate issuer:       /CN=cc1e7c46b81ddab2744270c5bad986af86df4f60
Certificate serial:       0194258F5FE97F8CDCC1285065C5A6AB7396
Authority key identifier: CC:1E:7C:46:B8:1D:DA:B2:74:42:70:C5:BA:D9:86:AF:86:DF:4F:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zB58Rrgd2rJ0QnDFutmGr4bfT2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/xJ066uLw5CBis8gyryLoKkqRKLI.roa
Signing time:             Thu 02 Jan 2025 05:49:00 +0000
ROA not before:           Thu 02 Jan 2025 05:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        91.193.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/zB58Rrgd2rJ0QnDFutmGr4bfT2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/zB58Rrgd2rJ0QnDFutmGr4bfT2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zB58Rrgd2rJ0QnDFutmGr4bfT2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:5f:e9:7f:8c:dc:c1:28:50:65:c5:a6:ab:73:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc1e7c46b81ddab2744270c5bad986af86df4f60
        Validity
            Not Before: Jan  2 05:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c49d3aeae2f0e42062b3c832af22e82a4a9128b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:6c:f1:2f:30:4d:cf:48:3b:38:9c:96:2a:59:
                    1d:2f:ea:43:d8:ac:77:cd:c0:f1:4d:8b:d9:e1:56:
                    32:65:50:94:72:31:7e:9c:85:52:2c:64:9d:28:57:
                    ca:b5:16:51:0b:40:5e:46:6d:46:f0:ca:e5:87:4f:
                    98:f8:cf:9d:18:47:3f:2d:fd:17:d6:51:b6:e6:d8:
                    69:78:28:75:2e:e0:c0:34:70:8b:2f:28:b6:2e:ea:
                    bf:2a:d9:cc:3f:25:8a:38:c2:e6:f8:91:16:23:f1:
                    9d:f9:67:bd:46:ac:1d:38:16:88:78:7c:89:6f:f0:
                    d0:1e:73:1e:f7:39:9f:af:d7:81:7e:c4:c0:5d:f2:
                    f0:cc:8a:9f:89:03:54:aa:d8:4b:31:55:92:3e:e5:
                    fb:67:41:0c:37:29:5a:af:71:8f:7b:47:f8:93:cd:
                    c6:25:97:5b:35:03:da:0b:83:8a:15:74:ed:6c:e8:
                    31:08:97:bf:f6:ae:59:50:46:bf:04:03:04:1f:d5:
                    7f:fb:9a:d9:c4:1f:2e:e5:63:cd:fa:cb:5c:8f:d8:
                    b3:20:ea:c9:d9:f3:7c:b1:b5:57:d4:5f:38:81:4e:
                    2d:31:1f:77:6c:55:e4:b1:04:30:ac:af:fc:8e:2a:
                    b2:61:71:87:77:37:ec:5a:b9:11:42:05:0b:ea:0d:
                    c8:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:9D:3A:EA:E2:F0:E4:20:62:B3:C8:32:AF:22:E8:2A:4A:91:28:B2
            X509v3 Authority Key Identifier:
                keyid:CC:1E:7C:46:B8:1D:DA:B2:74:42:70:C5:BA:D9:86:AF:86:DF:4F:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zB58Rrgd2rJ0QnDFutmGr4bfT2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/xJ066uLw5CBis8gyryLoKkqRKLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/dd3f15-bbac-49d4-9435-399b7a3b20cf/1/zB58Rrgd2rJ0QnDFutmGr4bfT2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:e0:fe:7d:f4:87:9b:20:99:b9:2a:f6:af:ce:3f:19:05:d7:
         e2:a5:27:4a:22:50:18:5f:24:2e:d4:d9:80:b1:b3:b6:ea:9c:
         17:0f:34:9a:25:3d:27:8c:a4:23:2b:c4:00:e8:41:3e:31:3f:
         66:b7:0f:34:c6:eb:bf:b5:bc:17:28:83:19:b5:26:12:ad:c6:
         a1:44:a5:a6:4d:2c:30:6c:52:e9:99:c1:c7:4f:42:ca:0c:09:
         f9:49:27:db:e3:b9:29:46:65:ea:2c:12:1d:9c:62:19:01:c5:
         9c:29:6d:22:48:1f:80:37:97:75:4e:4a:a6:0f:ad:3d:a4:f6:
         1e:a2:90:2c:1e:b7:ea:a9:e1:85:2f:30:ca:f4:2c:f0:a6:d9:
         a3:0c:d1:97:05:11:fc:d6:f4:08:6b:5c:98:b5:cb:11:bb:a2:
         35:c4:c5:41:d4:8f:61:2a:2f:41:5d:ed:7f:4d:b9:3b:1f:eb:
         1b:22:54:12:60:0c:6b:cf:4d:12:e8:61:3b:f1:3d:f5:47:b3:
         0f:74:41:2c:6b:96:1c:70:be:31:ee:8c:bc:fe:32:f8:eb:83:
         bb:0e:8d:97:4f:b4:57:b4:f7:ef:20:7e:6b:2a:cd:af:b7:90:
         11:16:a3:b9:63:12:24:d2:49:d9:ed:d8:cd:f9:d7:3e:02:ca:
         68:76:e6:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj1/pf4zcwShQZcWmq3OWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMWU3YzQ2YjgxZGRhYjI3NDQyNzBjNWJhZDk4NmFmODZk
ZjRmNjAwHhcNMjUwMTAyMDU0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDlkM2FlYWUyZjBlNDIwNjJiM2M4MzJhZjIyZTgyYTRhOTEyOGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmzxLzBNz0g7OJyWKlkdL+pD2Kx3
zcDxTYvZ4VYyZVCUcjF+nIVSLGSdKFfKtRZRC0BeRm1G8Mrlh0+Y+M+dGEc/Lf0X
1lG25thpeCh1LuDANHCLLyi2Luq/KtnMPyWKOMLm+JEWI/Gd+We9RqwdOBaIeHyJ
b/DQHnMe9zmfr9eBfsTAXfLwzIqfiQNUqthLMVWSPuX7Z0EMNylar3GPe0f4k83G
JZdbNQPaC4OKFXTtbOgxCJe/9q5ZUEa/BAMEH9V/+5rZxB8u5WPN+stcj9izIOrJ
2fN8sbVX1F84gU4tMR93bFXksQQwrK/8jiqyYXGHdzfsWrkRQgUL6g3IKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSdOuri8OQgYrPIMq8i6CpKkSiyMB8GA1UdIwQY
MBaAFMwefEa4HdqydEJwxbrZhq+G309gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekI1OFJyZ2QyckowUW5ERnV0bUdyNGJmVDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9kZDNmMTUtYmJhYy00OWQ0LTk0MzUt
Mzk5YjdhM2IyMGNmLzEveEowNjZ1THc1Q0JpczhneXJ5TG9La3FSS0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9kZDNmMTUtYmJhYy00OWQ0LTk0MzUtMzk5YjdhM2IyMGNm
LzEvekI1OFJyZ2QyckowUW5ERnV0bUdyNGJmVDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8EqMA0G
CSqGSIb3DQEBCwUAA4IBAQB04P599IebIJm5Kvavzj8ZBdfipSdKIlAYXyQu1NmA
sbO26pwXDzSaJT0njKQjK8QA6EE+MT9mtw80xuu/tbwXKIMZtSYSrcahRKWmTSww
bFLpmcHHT0LKDAn5SSfb47kpRmXqLBIdnGIZAcWcKW0iSB+AN5d1TkqmD609pPYe
opAsHrfqqeGFLzDK9CzwptmjDNGXBRH81vQIa1yYtcsRu6I1xMVB1I9hKi9BXe1/
Tbk7H+sbIlQSYAxrz00S6GE78T31R7MPdEEsa5YccL4x7oy8/jL464O7Do2XT7RX
tPfvIH5rKs2vt5ARFqO5YxIk0knZ7djN+dc+AspoduZj
-----END CERTIFICATE-----