Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/263352-8088-4f5b-a620-aeb5cd8de15d/1/xok2gimWwzURof_w9dO-DRDDn3Y.roa
File:                     xok2gimWwzURof_w9dO-DRDDn3Y.roa (raw, json)
Hash identifier:          onwOc+d+Y67hjnLHKYPr/lttMavIYzZkOgnV1cJxF50=
Subject key identifier:   C6:89:36:82:29:96:C3:35:11:A1:FF:F0:F5:D3:BE:0D:10:C3:9F:76
Certificate issuer:       /CN=c11d08186433903069b5d6bb652f98428f53c808
Certificate serial:       0194AF1E4EA91DC948EA13CAB4BAC9B74794
Authority key identifier: C1:1D:08:18:64:33:90:30:69:B5:D6:BB:65:2F:98:42:8F:53:C8:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wR0IGGQzkDBptda7ZS-YQo9TyAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/263352-8088-4f5b-a620-aeb5cd8de15d/1/xok2gimWwzURof_w9dO-DRDDn3Y.roa
Signing time:             Tue 28 Jan 2025 22:53:06 +0000
ROA not before:           Tue 28 Jan 2025 22:53:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48694
IP address blocks:        91.193.40.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/263352-8088-4f5b-a620-aeb5cd8de15d/1/wR0IGGQzkDBptda7ZS-YQo9TyAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/263352-8088-4f5b-a620-aeb5cd8de15d/1/wR0IGGQzkDBptda7ZS-YQo9TyAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wR0IGGQzkDBptda7ZS-YQo9TyAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:af:1e:4e:a9:1d:c9:48:ea:13:ca:b4:ba:c9:b7:47:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c11d08186433903069b5d6bb652f98428f53c808
        Validity
            Not Before: Jan 28 22:53:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c68936822996c33511a1fff0f5d3be0d10c39f76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:5c:a8:f0:4e:87:d1:7e:01:39:94:a7:c2:f5:
                    16:59:69:88:f0:78:59:91:c8:b3:0e:9b:32:af:c6:
                    cb:2d:5b:44:c4:67:32:70:af:a3:92:b4:4f:cf:82:
                    d1:19:94:9f:14:39:91:53:42:01:40:f6:b8:ee:be:
                    22:5a:5e:42:e9:03:f7:ee:49:c9:e2:62:09:47:3b:
                    d3:dc:e8:5b:4f:2b:bd:bc:e9:d3:49:57:6d:2c:d8:
                    b7:c0:1e:e8:fb:03:ba:5f:e1:fc:01:0e:21:59:58:
                    dc:09:5d:7f:31:62:af:5c:2f:68:c7:e5:c2:c7:9b:
                    f5:a0:d5:eb:55:20:08:60:ee:3d:9c:d7:d7:e5:3d:
                    a1:2c:1d:d6:05:67:2c:7f:b5:1d:db:b4:ff:8a:31:
                    a0:2d:97:f3:e2:40:78:e7:7b:b4:e7:b1:9b:ac:b3:
                    ae:76:ad:41:6a:ef:9f:c8:3c:dd:de:7d:6e:5c:3a:
                    ea:6c:ec:61:6d:ad:0c:b9:6a:ef:ab:f9:dc:7f:16:
                    08:4f:89:f6:0c:91:e8:57:d0:23:43:29:9d:84:7b:
                    96:f9:e6:16:55:93:e3:6e:bf:75:7e:31:86:cc:d8:
                    29:01:44:2e:b9:fb:b2:6d:45:b1:b8:14:bb:f4:1e:
                    50:58:2f:69:93:9c:6b:f0:64:00:15:ec:2b:ea:01:
                    88:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:89:36:82:29:96:C3:35:11:A1:FF:F0:F5:D3:BE:0D:10:C3:9F:76
            X509v3 Authority Key Identifier:
                keyid:C1:1D:08:18:64:33:90:30:69:B5:D6:BB:65:2F:98:42:8F:53:C8:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wR0IGGQzkDBptda7ZS-YQo9TyAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/263352-8088-4f5b-a620-aeb5cd8de15d/1/xok2gimWwzURof_w9dO-DRDDn3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/263352-8088-4f5b-a620-aeb5cd8de15d/1/wR0IGGQzkDBptda7ZS-YQo9TyAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         35:dd:90:2a:39:93:4a:e6:f7:d5:fd:f8:9d:1e:73:49:dc:2c:
         fc:8f:47:78:7a:72:2a:ab:4e:26:64:ea:bc:9d:2c:57:aa:2e:
         d7:a5:7b:a6:52:ef:fc:ff:7d:e8:0f:ec:b9:f0:2c:07:ee:f4:
         84:23:1c:dd:ba:7e:20:ee:90:c4:72:9c:0a:98:00:1e:9b:31:
         1a:46:8a:37:7b:40:64:4b:5a:20:c4:d2:dd:dd:71:72:30:2a:
         37:ab:fc:b1:f3:00:7f:8e:69:06:8d:ca:d8:79:74:76:bd:d5:
         cc:a8:03:01:dd:03:85:0f:ad:91:ad:c6:48:a4:30:85:a3:c6:
         00:f1:38:22:c6:76:48:ea:5e:35:9a:cb:be:7e:e4:c2:a4:4b:
         53:b9:7c:27:a3:76:53:ad:0b:e1:23:3e:3e:26:e1:ae:d2:24:
         70:44:c4:54:c4:1c:bf:9d:95:02:d3:65:f2:9a:58:d2:23:c7:
         6d:d2:3f:fd:d2:7d:6d:1b:72:4b:98:24:9d:8a:02:a6:75:59:
         08:f2:84:b1:4b:e2:f7:f7:99:11:ee:32:98:4c:61:ea:25:f4:
         06:4d:3a:71:92:d9:ca:36:ec:df:3b:61:da:6f:7b:a7:75:ed:
         37:ac:1d:b0:23:cf:5c:75:5f:ae:ee:ec:a9:d4:5c:31:07:b7:
         2f:ec:fd:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSvHk6pHclI6hPKtLrJt0eUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMWQwODE4NjQzMzkwMzA2OWI1ZDZiYjY1MmY5ODQyOGY1
M2M4MDgwHhcNMjUwMTI4MjI1MzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjg5MzY4MjI5OTZjMzM1MTFhMWZmZjBmNWQzYmUwZDEwYzM5Zjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFyo8E6H0X4BOZSnwvUWWWmI8HhZ
kcizDpsyr8bLLVtExGcycK+jkrRPz4LRGZSfFDmRU0IBQPa47r4iWl5C6QP37knJ
4mIJRzvT3OhbTyu9vOnTSVdtLNi3wB7o+wO6X+H8AQ4hWVjcCV1/MWKvXC9ox+XC
x5v1oNXrVSAIYO49nNfX5T2hLB3WBWcsf7Ud27T/ijGgLZfz4kB453u057GbrLOu
dq1Bau+fyDzd3n1uXDrqbOxhba0MuWrvq/ncfxYIT4n2DJHoV9AjQymdhHuW+eYW
VZPjbr91fjGGzNgpAUQuufuybUWxuBS79B5QWC9pk5xr8GQAFewr6gGIGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMaJNoIplsM1EaH/8PXTvg0Qw592MB8GA1UdIwQY
MBaAFMEdCBhkM5AwabXWu2UvmEKPU8gIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1IwSUdHUXprREJwdGRhN1pTLVlRbzlUeUFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS8yNjMzNTItODA4OC00ZjViLWE2MjAt
YWViNWNkOGRlMTVkLzEveG9rMmdpbVd3elVSb2ZfdzlkTy1EUkREbjNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS8yNjMzNTItODA4OC00ZjViLWE2MjAtYWViNWNkOGRlMTVk
LzEvd1IwSUdHUXprREJwdGRhN1pTLVlRbzlUeUFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8EoMA0G
CSqGSIb3DQEBCwUAA4IBAQA13ZAqOZNK5vfV/fidHnNJ3Cz8j0d4enIqq04mZOq8
nSxXqi7XpXumUu/8/33oD+y58CwH7vSEIxzdun4g7pDEcpwKmAAemzEaRoo3e0Bk
S1ogxNLd3XFyMCo3q/yx8wB/jmkGjcrYeXR2vdXMqAMB3QOFD62RrcZIpDCFo8YA
8TgixnZI6l41msu+fuTCpEtTuXwno3ZTrQvhIz4+JuGu0iRwRMRUxBy/nZUC02Xy
mljSI8dt0j/90n1tG3JLmCSdigKmdVkI8oSxS+L395kR7jKYTGHqJfQGTTpxktnK
NuzfO2Hab3unde03rB2wI89cdV+u7uyp1FwxB7cv7P14
-----END CERTIFICATE-----