Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/Ht13e1Za2l8nzI4EirfQHIpz86I.roa
File:                     Ht13e1Za2l8nzI4EirfQHIpz86I.roa (raw, json)
Hash identifier:          Bla/NLVxkqOMOLwHSw1S4if6WTX8Mptt860NK9sdUrI=
Subject key identifier:   1E:DD:77:7B:56:5A:DA:5F:27:CC:8E:04:8A:B7:D0:1C:8A:73:F3:A2
Certificate issuer:       /CN=bfd76a7458b19d165f32f0ec33d71569e5f4fef9
Certificate serial:       01941F8C6F23B1027274B260AE25E0C852F7
Authority key identifier: BF:D7:6A:74:58:B1:9D:16:5F:32:F0:EC:33:D7:15:69:E5:F4:FE:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v9dqdFixnRZfMvDsM9cVaeX0_vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/Ht13e1Za2l8nzI4EirfQHIpz86I.roa
Signing time:             Wed 01 Jan 2025 01:48:04 +0000
ROA not before:           Wed 01 Jan 2025 01:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216156
IP address blocks:        91.227.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/v9dqdFixnRZfMvDsM9cVaeX0_vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/v9dqdFixnRZfMvDsM9cVaeX0_vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v9dqdFixnRZfMvDsM9cVaeX0_vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:6f:23:b1:02:72:74:b2:60:ae:25:e0:c8:52:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfd76a7458b19d165f32f0ec33d71569e5f4fef9
        Validity
            Not Before: Jan  1 01:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1edd777b565ada5f27cc8e048ab7d01c8a73f3a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f5:51:46:3c:dc:db:91:fa:b7:fe:ff:78:d7:
                    28:2d:0b:ea:96:f5:fd:03:ce:7c:b5:dc:f4:26:a3:
                    44:68:92:43:64:a8:d1:ec:09:27:52:c3:01:a6:5e:
                    ab:92:12:bd:d8:b6:3d:93:c5:96:6a:11:01:b9:7d:
                    bd:ae:ef:4e:27:5a:d8:ef:19:18:5e:5e:2f:22:72:
                    0f:49:4b:47:c1:49:73:c5:ad:db:f1:cf:a2:11:30:
                    34:3f:35:52:0c:4b:3c:02:d7:a0:aa:f5:19:87:24:
                    45:d4:6b:f1:8a:1d:39:22:cc:a7:30:58:a4:64:85:
                    b1:68:12:23:29:fc:b2:89:e3:8a:8f:d8:5c:70:20:
                    b8:bb:25:3b:19:9b:17:cc:ac:65:d9:15:7a:7e:e9:
                    49:60:8d:73:fb:a6:e6:1e:37:c8:79:6d:6f:44:2d:
                    41:4d:a4:66:1d:d5:94:7f:b7:95:ab:20:fd:62:46:
                    ea:9d:a4:19:b1:fe:ef:88:c5:c0:ee:35:27:b6:42:
                    bc:9d:3e:80:02:e9:cc:71:31:09:9f:8c:d7:5f:30:
                    1d:15:2b:a3:5e:ab:a4:47:c0:3d:09:25:9f:4c:44:
                    94:a7:27:2a:cb:fe:2f:07:44:9a:39:ca:21:17:ae:
                    2a:26:e9:05:90:3e:e3:ff:d1:b6:7e:84:fe:9e:dc:
                    f2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:DD:77:7B:56:5A:DA:5F:27:CC:8E:04:8A:B7:D0:1C:8A:73:F3:A2
            X509v3 Authority Key Identifier:
                keyid:BF:D7:6A:74:58:B1:9D:16:5F:32:F0:EC:33:D7:15:69:E5:F4:FE:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v9dqdFixnRZfMvDsM9cVaeX0_vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/Ht13e1Za2l8nzI4EirfQHIpz86I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b5c810-9109-4729-b41d-b491f5b39ef2/1/v9dqdFixnRZfMvDsM9cVaeX0_vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:27:25:83:f6:0d:5d:91:6c:7e:fe:2d:08:cc:92:0e:b2:c9:
         e1:ed:f2:9f:09:b9:79:42:0e:c8:c8:d2:a7:21:8d:e9:dd:00:
         13:8c:ca:4a:49:d4:aa:9a:67:1a:06:4a:83:1f:5b:3d:12:f1:
         f7:7f:b6:af:03:fa:27:1d:dc:bd:66:90:34:4e:32:90:c9:35:
         1e:12:bd:09:c8:20:15:4d:53:a4:cb:af:dd:a0:9e:d9:68:b0:
         01:39:c0:ad:0a:98:fc:10:09:c3:dd:a4:8b:b3:74:db:87:ee:
         57:23:73:8e:1a:94:2f:f6:5a:e8:d0:0e:09:b7:8b:53:4e:69:
         7f:a3:77:ed:fe:ac:40:9b:38:81:b6:2b:49:88:14:c4:ef:7a:
         91:82:ae:c9:bf:94:4d:6e:01:de:29:57:40:ce:d7:7f:ca:61:
         d9:60:0e:5d:c3:ad:be:18:38:60:27:f5:ea:57:6b:b5:2a:78:
         92:2b:13:50:3f:b4:5d:72:bb:ae:59:a1:21:7d:dc:21:5c:10:
         ba:1f:79:4a:1c:21:c5:c1:f3:f9:b2:1d:ac:5c:d7:10:97:be:
         57:5a:b3:be:ed:a1:0e:04:cc:2c:fe:c0:50:cc:57:1e:d3:a9:
         4b:c9:88:f8:8a:dd:59:c4:2c:fa:e9:7c:bb:ac:4c:39:29:02:
         d5:db:08:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjG8jsQJydLJgriXgyFL3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmZDc2YTc0NThiMTlkMTY1ZjMyZjBlYzMzZDcxNTY5ZTVm
NGZlZjkwHhcNMjUwMTAxMDE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWRkNzc3YjU2NWFkYTVmMjdjYzhlMDQ4YWI3ZDAxYzhhNzNmM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvVRRjzc25H6t/7/eNcoLQvqlvX9
A858tdz0JqNEaJJDZKjR7AknUsMBpl6rkhK92LY9k8WWahEBuX29ru9OJ1rY7xkY
Xl4vInIPSUtHwUlzxa3b8c+iETA0PzVSDEs8AtegqvUZhyRF1Gvxih05IsynMFik
ZIWxaBIjKfyyieOKj9hccCC4uyU7GZsXzKxl2RV6fulJYI1z+6bmHjfIeW1vRC1B
TaRmHdWUf7eVqyD9YkbqnaQZsf7viMXA7jUntkK8nT6AAunMcTEJn4zXXzAdFSuj
XqukR8A9CSWfTESUpycqy/4vB0SaOcohF64qJukFkD7j/9G2foT+ntzyLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB7dd3tWWtpfJ8yOBIq30ByKc/OiMB8GA1UdIwQY
MBaAFL/XanRYsZ0WXzLw7DPXFWnl9P75MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjlkcWRGaXhuUlpmTXZEc005Y1ZhZVgwX3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iNWM4MTAtOTEwOS00NzI5LWI0MWQt
YjQ5MWY1YjM5ZWYyLzEvSHQxM2UxWmEybDhuekk0RWlyZlFISXB6ODZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iNWM4MTAtOTEwOS00NzI5LWI0MWQtYjQ5MWY1YjM5ZWYy
LzEvdjlkcWRGaXhuUlpmTXZEc005Y1ZhZVgwX3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+O6MA0G
CSqGSIb3DQEBCwUAA4IBAQBnJyWD9g1dkWx+/i0IzJIOssnh7fKfCbl5Qg7IyNKn
IY3p3QATjMpKSdSqmmcaBkqDH1s9EvH3f7avA/onHdy9ZpA0TjKQyTUeEr0JyCAV
TVOky6/doJ7ZaLABOcCtCpj8EAnD3aSLs3Tbh+5XI3OOGpQv9lro0A4Jt4tTTml/
o3ft/qxAmziBtitJiBTE73qRgq7Jv5RNbgHeKVdAztd/ymHZYA5dw62+GDhgJ/Xq
V2u1KniSKxNQP7RdcruuWaEhfdwhXBC6H3lKHCHFwfP5sh2sXNcQl75XWrO+7aEO
BMws/sBQzFce06lLyYj4it1ZxCz66Xy7rEw5KQLV2whl
-----END CERTIFICATE-----