Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/b66bf7-131b-43b8-b5c8-ed5e0ac115eb/1/XwCCzqbTFIbNt4tDIiPwvE7s53o.roa
File:                     XwCCzqbTFIbNt4tDIiPwvE7s53o.roa (raw, json)
Hash identifier:          tvLAuw3pgR4MhRPh7vqk9g2rkTx+zeY+ExS4WrgC8y4=
Subject key identifier:   5F:00:82:CE:A6:D3:14:86:CD:B7:8B:43:22:23:F0:BC:4E:EC:E7:7A
Certificate issuer:       /CN=f35dbde8fbcdbf4285e87be490ed6fcdb46a05fb
Certificate serial:       0194266BD633EA3430ADF338610371233E0F
Authority key identifier: F3:5D:BD:E8:FB:CD:BF:42:85:E8:7B:E4:90:ED:6F:CD:B4:6A:05:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/81296PvNv0KF6HvkkO1vzbRqBfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/b66bf7-131b-43b8-b5c8-ed5e0ac115eb/1/XwCCzqbTFIbNt4tDIiPwvE7s53o.roa
Signing time:             Thu 02 Jan 2025 09:49:48 +0000
ROA not before:           Thu 02 Jan 2025 09:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57752
IP address blocks:        91.236.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/b66bf7-131b-43b8-b5c8-ed5e0ac115eb/1/81296PvNv0KF6HvkkO1vzbRqBfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/b66bf7-131b-43b8-b5c8-ed5e0ac115eb/1/81296PvNv0KF6HvkkO1vzbRqBfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/81296PvNv0KF6HvkkO1vzbRqBfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d6:33:ea:34:30:ad:f3:38:61:03:71:23:3e:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f35dbde8fbcdbf4285e87be490ed6fcdb46a05fb
        Validity
            Not Before: Jan  2 09:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5f0082cea6d31486cdb78b432223f0bc4eece77a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:dc:44:8d:bb:be:1d:8c:3d:e8:d2:65:20:37:
                    da:7d:bb:d9:7e:b2:04:00:e3:b8:3a:88:1e:e4:a2:
                    01:62:60:e6:44:2f:4a:f7:4c:fe:42:fc:b6:d8:e5:
                    eb:70:b2:ab:98:d6:1c:81:c8:d0:88:1d:82:6f:c7:
                    c1:ce:5b:17:4a:25:30:ac:5e:16:db:12:13:cc:97:
                    56:ba:7d:6e:b3:72:a7:cd:9a:e2:b3:9c:fb:67:4f:
                    a7:fc:12:09:dc:54:42:ba:f3:d7:d3:2f:83:75:44:
                    04:c4:f3:8d:09:43:a1:63:6a:e6:2c:93:e6:a9:02:
                    e1:21:5b:78:a4:dc:32:13:d0:5f:e9:7a:aa:32:40:
                    33:d1:03:79:db:75:d8:4e:f6:73:1f:e9:87:20:8d:
                    0f:ca:16:f1:83:b7:70:6f:a1:91:12:f3:35:f3:bf:
                    76:cf:a8:b2:1b:e2:1a:b9:5a:56:63:ee:38:6d:d6:
                    2c:4d:0d:12:09:d7:6d:5e:a3:35:bf:b8:d1:ab:e8:
                    8e:a3:3b:ec:6e:2a:f1:12:a9:f3:00:58:c9:62:4d:
                    97:13:f7:5f:18:3f:08:c9:e9:0e:4b:4b:53:ce:ed:
                    66:f1:c0:b5:64:11:3a:b4:36:fc:99:fe:82:8e:e4:
                    51:ad:99:32:be:e8:c8:79:a3:90:6f:4c:d1:4f:01:
                    1e:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:00:82:CE:A6:D3:14:86:CD:B7:8B:43:22:23:F0:BC:4E:EC:E7:7A
            X509v3 Authority Key Identifier:
                keyid:F3:5D:BD:E8:FB:CD:BF:42:85:E8:7B:E4:90:ED:6F:CD:B4:6A:05:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/81296PvNv0KF6HvkkO1vzbRqBfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b66bf7-131b-43b8-b5c8-ed5e0ac115eb/1/XwCCzqbTFIbNt4tDIiPwvE7s53o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/b66bf7-131b-43b8-b5c8-ed5e0ac115eb/1/81296PvNv0KF6HvkkO1vzbRqBfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:81:c4:12:d8:54:b4:5a:c5:e3:26:39:01:2c:7b:63:55:ac:
         f5:9b:be:0a:0a:0c:3b:9b:98:eb:04:0b:9c:46:15:45:ac:ad:
         df:c2:5c:fd:14:40:ac:ae:a4:2f:43:24:9d:ac:72:13:fe:ec:
         0e:0d:0f:29:e8:c2:48:bb:c5:a7:2e:7d:80:1a:5e:4f:95:2c:
         34:85:e4:66:02:44:e5:d2:38:1b:f9:e2:b0:37:5f:cc:72:d5:
         92:0e:38:be:91:d4:3b:9d:38:77:c3:2c:d5:28:ae:94:84:ff:
         44:69:ee:e9:3c:f6:0e:7a:96:c8:50:ea:07:60:1a:f0:7d:41:
         fa:7a:f4:73:91:fd:e6:ea:ba:68:92:37:0a:2d:a0:92:11:db:
         36:8e:bc:d4:d8:39:81:49:4c:1b:c9:7b:c4:57:09:ad:67:ba:
         2d:dc:18:a2:60:da:1f:ea:0a:bc:49:27:d6:c3:90:6d:84:53:
         53:d2:4f:e9:0b:f2:5f:32:63:86:30:bf:d8:20:3a:eb:cb:78:
         4d:cf:a5:b8:7c:7c:d2:f0:f5:cc:67:24:34:62:d5:f1:ad:b3:
         1d:f1:4d:67:94:c5:71:84:51:8b:2d:50:b2:81:20:23:b3:97:
         d0:61:16:1f:b5:bb:d8:89:16:3d:6a:5f:c9:5c:2d:04:7c:07:
         83:2a:f9:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9Yz6jQwrfM4YQNxIz4PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNWRiZGU4ZmJjZGJmNDI4NWU4N2JlNDkwZWQ2ZmNkYjQ2
YTA1ZmIwHhcNMjUwMTAyMDk0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjAwODJjZWE2ZDMxNDg2Y2RiNzhiNDMyMjIzZjBiYzRlZWNlNzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttxEjbu+HYw96NJlIDfafbvZfrIE
AOO4Ooge5KIBYmDmRC9K90z+Qvy22OXrcLKrmNYcgcjQiB2Cb8fBzlsXSiUwrF4W
2xITzJdWun1us3KnzZris5z7Z0+n/BIJ3FRCuvPX0y+DdUQExPONCUOhY2rmLJPm
qQLhIVt4pNwyE9Bf6XqqMkAz0QN523XYTvZzH+mHII0Pyhbxg7dwb6GREvM18792
z6iyG+IauVpWY+44bdYsTQ0SCddtXqM1v7jRq+iOozvsbirxEqnzAFjJYk2XE/df
GD8IyekOS0tTzu1m8cC1ZBE6tDb8mf6CjuRRrZkyvujIeaOQb0zRTwEe7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8Ags6m0xSGzbeLQyIj8LxO7Od6MB8GA1UdIwQY
MBaAFPNdvej7zb9Cheh75JDtb820agX7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODEyOTZQdk52MEtGNkh2a2tPMXZ6YlJxQmZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iNjZiZjctMTMxYi00M2I4LWI1Yzgt
ZWQ1ZTBhYzExNWViLzEvWHdDQ3pxYlRGSWJOdDR0RElpUHd2RTdzNTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iNjZiZjctMTMxYi00M2I4LWI1YzgtZWQ1ZTBhYzExNWVi
LzEvODEyOTZQdk52MEtGNkh2a2tPMXZ6YlJxQmZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+yhMA0G
CSqGSIb3DQEBCwUAA4IBAQAJgcQS2FS0WsXjJjkBLHtjVaz1m74KCgw7m5jrBAuc
RhVFrK3fwlz9FECsrqQvQySdrHIT/uwODQ8p6MJIu8WnLn2AGl5PlSw0heRmAkTl
0jgb+eKwN1/MctWSDji+kdQ7nTh3wyzVKK6UhP9Eae7pPPYOepbIUOoHYBrwfUH6
evRzkf3m6rpokjcKLaCSEds2jrzU2DmBSUwbyXvEVwmtZ7ot3BiiYNof6gq8SSfW
w5BthFNT0k/pC/JfMmOGML/YIDrry3hNz6W4fHzS8PXMZyQ0YtXxrbMd8U1nlMVx
hFGLLVCygSAjs5fQYRYftbvYiRY9al/JXC0EfAeDKvkv
-----END CERTIFICATE-----