Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/tYYSCJCFza29RNke_2EcrZu7XHo.roa
File:                     tYYSCJCFza29RNke_2EcrZu7XHo.roa (raw, json)
Hash identifier:          lB4PFBQhaKp43hqTQ3cMQhuQr2bCAaP0ut24A/mZGfI=
Subject key identifier:   B5:86:12:08:90:85:CD:AD:BD:44:D9:1E:FF:61:1C:AD:9B:BB:5C:7A
Certificate issuer:       /CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
Certificate serial:       01942369C250441303C667AD9A9E37C0D7F7
Authority key identifier: 5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/tYYSCJCFza29RNke_2EcrZu7XHo.roa
Signing time:             Wed 01 Jan 2025 19:48:41 +0000
ROA not before:           Wed 01 Jan 2025 19:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33847
IP address blocks:        91.212.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c2:50:44:13:03:c6:67:ad:9a:9e:37:c0:d7:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a4a47d582bb0e9680f89258ab96d05867d352ef
        Validity
            Not Before: Jan  1 19:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b58612089085cdadbd44d91eff611cad9bbb5c7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:81:7b:1b:b3:2b:3c:4d:77:ad:3c:b1:99:35:
                    08:f3:56:34:19:bd:39:a7:88:b5:a7:d5:88:b6:e1:
                    77:23:96:4d:b2:98:9f:3a:a6:ce:af:e4:e1:40:c6:
                    58:09:92:2b:46:cd:81:87:33:28:2c:4c:cb:7b:d2:
                    83:d6:ea:09:93:25:3b:df:0a:4b:41:bc:fd:8c:c4:
                    35:2c:8b:8e:7d:dc:32:62:6c:ac:2a:60:69:8e:ea:
                    c2:36:69:41:59:2b:13:b2:f8:9a:8a:62:10:33:19:
                    73:34:50:b1:a9:30:75:2e:e7:48:40:ad:ee:ce:bc:
                    2b:37:45:fd:7c:15:6a:03:d3:b7:75:4c:a6:be:e8:
                    4f:35:1e:11:e3:da:ea:07:9a:51:da:1f:9a:a1:02:
                    3f:09:60:30:18:48:d9:aa:d4:51:b3:1b:8c:b7:dd:
                    fb:91:cf:ec:df:29:d3:ff:e2:af:1f:5f:7d:f6:9a:
                    99:40:bb:a9:83:08:a0:92:8d:5c:eb:00:f6:3d:a1:
                    a6:8a:fa:35:22:b3:99:0d:06:51:7f:51:44:1f:56:
                    f2:6f:14:70:3a:6d:18:9c:52:ea:7f:e5:44:e8:60:
                    ed:e6:30:bc:9f:17:50:a9:80:51:7c:6b:1d:f8:ab:
                    da:f8:0e:58:cb:e2:ae:ec:74:f9:10:44:d0:9c:f5:
                    1a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:86:12:08:90:85:CD:AD:BD:44:D9:1E:FF:61:1C:AD:9B:BB:5C:7A
            X509v3 Authority Key Identifier:
                keyid:5A:4A:47:D5:82:BB:0E:96:80:F8:92:58:AB:96:D0:58:67:D3:52:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WkpH1YK7DpaA-JJYq5bQWGfTUu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/tYYSCJCFza29RNke_2EcrZu7XHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/4b7576-2b9c-43af-8817-6b0065508996/1/WkpH1YK7DpaA-JJYq5bQWGfTUu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:e4:5c:eb:e7:33:6c:26:14:37:03:74:1d:56:ec:1f:a5:97:
         3d:45:30:9e:11:24:7c:aa:ca:57:68:8a:33:32:0d:88:1a:92:
         69:5e:75:bb:94:b3:32:b9:56:f6:c3:38:77:c9:58:c0:ca:82:
         1a:4b:7a:56:c2:92:a9:e0:9c:e7:e1:a2:ac:31:da:a1:93:88:
         99:57:45:64:93:af:eb:bd:a5:14:b0:53:da:50:3c:48:f6:6c:
         06:c2:c5:cd:51:ae:5c:b1:0d:cd:04:1c:68:9a:d1:1a:4e:21:
         bb:b0:cf:53:92:5b:75:ea:f5:23:2e:f0:f6:5b:38:49:de:72:
         0b:e3:e3:46:c8:60:58:2e:c0:a0:b5:9f:82:34:89:0f:89:4d:
         3e:c1:b8:c2:b0:9a:f1:cf:44:37:db:35:0e:11:6e:02:64:03:
         ad:1f:92:a2:ed:3e:27:f7:8c:58:d9:f7:91:15:40:06:bf:6a:
         f6:ee:3f:16:17:c1:74:a0:43:86:cd:5e:1a:51:ca:84:36:a3:
         d5:83:ff:8d:06:eb:7f:95:2c:81:29:1f:fd:99:56:0c:b2:ad:
         2b:72:f2:98:49:12:d3:5e:a0:81:bd:5d:1c:45:fe:39:60:84:
         78:84:01:ea:e6:87:bd:48:33:bb:a9:b2:75:72:41:99:84:d4:
         4f:6c:22:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjacJQRBMDxmetmp43wNf3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNGE0N2Q1ODJiYjBlOTY4MGY4OTI1OGFiOTZkMDU4Njdk
MzUyZWYwHhcNMjUwMTAxMTk0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTg2MTIwODkwODVjZGFkYmQ0NGQ5MWVmZjYxMWNhZDliYmI1YzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4F7G7MrPE13rTyxmTUI81Y0Gb05
p4i1p9WItuF3I5ZNspifOqbOr+ThQMZYCZIrRs2BhzMoLEzLe9KD1uoJkyU73wpL
Qbz9jMQ1LIuOfdwyYmysKmBpjurCNmlBWSsTsviaimIQMxlzNFCxqTB1LudIQK3u
zrwrN0X9fBVqA9O3dUymvuhPNR4R49rqB5pR2h+aoQI/CWAwGEjZqtRRsxuMt937
kc/s3ynT/+KvH1999pqZQLupgwigko1c6wD2PaGmivo1IrOZDQZRf1FEH1bybxRw
Om0YnFLqf+VE6GDt5jC8nxdQqYBRfGsd+Kva+A5Yy+Ku7HT5EETQnPUaEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWGEgiQhc2tvUTZHv9hHK2bu1x6MB8GA1UdIwQY
MBaAFFpKR9WCuw6WgPiSWKuW0Fhn01LvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTct
NmIwMDY1NTA4OTk2LzEvdFlZU0NKQ0Z6YTI5Uk5rZV8yRWNyWnU3WEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS80Yjc1NzYtMmI5Yy00M2FmLTg4MTctNmIwMDY1NTA4OTk2
LzEvV2twSDFZSzdEcGFBLUpKWXE1YlFXR2ZUVXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9Q1MA0G
CSqGSIb3DQEBCwUAA4IBAQCq5Fzr5zNsJhQ3A3QdVuwfpZc9RTCeESR8qspXaIoz
Mg2IGpJpXnW7lLMyuVb2wzh3yVjAyoIaS3pWwpKp4Jzn4aKsMdqhk4iZV0Vkk6/r
vaUUsFPaUDxI9mwGwsXNUa5csQ3NBBxomtEaTiG7sM9Tklt16vUjLvD2WzhJ3nIL
4+NGyGBYLsCgtZ+CNIkPiU0+wbjCsJrxz0Q32zUOEW4CZAOtH5Ki7T4n94xY2feR
FUAGv2r27j8WF8F0oEOGzV4aUcqENqPVg/+NBut/lSyBKR/9mVYMsq0rcvKYSRLT
XqCBvV0cRf45YIR4hAHq5oe9SDO7qbJ1ckGZhNRPbCJf
-----END CERTIFICATE-----