Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/A41bCmeGcRe18SujefEGCOd0pEc.roa
File:                     A41bCmeGcRe18SujefEGCOd0pEc.roa (raw, json)
Hash identifier:          NjleSysihCL9A6oaK71bgTpnAO+ec2pn28x66pipbdA=
Subject key identifier:   03:8D:5B:0A:67:86:71:17:B5:F1:2B:A3:79:F1:06:08:E7:74:A4:47
Certificate issuer:       /CN=8b1db644ea0e2749dd6ed022aecd12194bcb96f2
Certificate serial:       01941FFA2884E2BB7EDE552B1F5DA2D4E7FD
Authority key identifier: 8B:1D:B6:44:EA:0E:27:49:DD:6E:D0:22:AE:CD:12:19:4B:CB:96:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ix22ROoOJ0ndbtAirs0SGUvLlvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/A41bCmeGcRe18SujefEGCOd0pEc.roa
Signing time:             Wed 01 Jan 2025 03:47:55 +0000
ROA not before:           Wed 01 Jan 2025 03:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47545
IP address blocks:        91.208.22.0/24 maxlen: 24
                          2001:67c:2114::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/ix22ROoOJ0ndbtAirs0SGUvLlvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/ix22ROoOJ0ndbtAirs0SGUvLlvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ix22ROoOJ0ndbtAirs0SGUvLlvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:28:84:e2:bb:7e:de:55:2b:1f:5d:a2:d4:e7:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b1db644ea0e2749dd6ed022aecd12194bcb96f2
        Validity
            Not Before: Jan  1 03:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=038d5b0a67867117b5f12ba379f10608e774a447
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:59:53:e7:10:82:4c:56:75:cd:ef:29:24:cc:
                    60:bb:fd:33:ac:ec:e0:04:33:a1:bd:29:a2:97:6b:
                    5f:ac:eb:7d:f7:31:04:90:55:31:46:ae:83:98:1a:
                    2d:30:d0:6e:55:91:f4:92:f3:23:1e:88:8e:a5:19:
                    91:da:ce:83:92:ac:f3:4e:71:33:fa:e4:b4:48:c7:
                    b5:7f:45:ff:d7:01:d3:af:f7:fe:54:b4:ed:67:91:
                    b1:c1:09:e6:cb:a6:e1:85:ef:ac:04:b9:a2:8d:fb:
                    62:32:55:1c:50:b6:b6:f6:da:cf:e2:2d:ba:04:0a:
                    9f:ea:6c:c8:8c:62:48:34:cd:e3:37:17:95:18:4f:
                    ea:09:a8:d2:fd:36:52:3b:d1:f6:2a:ee:a0:47:3c:
                    f2:2e:78:6b:6c:4b:e9:c7:de:6d:e1:ac:af:48:d0:
                    1c:4c:2a:65:c2:a3:59:ae:09:2a:e3:d7:d7:cc:27:
                    49:11:b2:c0:56:a3:bb:7b:5a:08:8b:a3:2b:50:5d:
                    58:19:4e:47:0e:c0:14:ae:25:0a:fe:a0:87:45:7d:
                    a2:04:e4:68:69:10:ce:2c:b0:c3:05:3f:e5:48:26:
                    46:4a:b3:00:f0:47:14:0d:a7:c9:b2:7b:54:3c:59:
                    46:07:f2:29:e2:ef:79:d7:c2:26:cc:55:15:0c:eb:
                    b5:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:8D:5B:0A:67:86:71:17:B5:F1:2B:A3:79:F1:06:08:E7:74:A4:47
            X509v3 Authority Key Identifier:
                keyid:8B:1D:B6:44:EA:0E:27:49:DD:6E:D0:22:AE:CD:12:19:4B:CB:96:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ix22ROoOJ0ndbtAirs0SGUvLlvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/A41bCmeGcRe18SujefEGCOd0pEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/dc9c6a-550a-4ee1-b4fc-543776f7c92e/1/ix22ROoOJ0ndbtAirs0SGUvLlvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.22.0/24
                IPv6:
                  2001:67c:2114::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:09:42:8a:6d:34:e6:8c:a4:41:02:bb:3f:0e:c1:e8:9f:d5:
         ee:64:50:0b:2d:bd:99:a2:13:c5:e4:c9:dc:1b:ac:ef:fa:cc:
         f8:b4:2e:a2:8a:ca:37:ce:93:de:72:6a:96:af:2c:98:40:26:
         7b:f3:0d:63:b8:bc:ae:60:08:96:4d:96:20:d5:69:a1:90:75:
         25:ee:c5:21:54:ef:47:98:8e:e3:74:83:ad:22:30:47:27:3d:
         ad:f3:43:c7:c2:f6:fa:11:b5:1c:89:09:4a:97:d4:89:16:55:
         c3:f6:d7:ae:01:6b:55:91:2f:03:91:dd:ab:2a:92:e2:39:ac:
         bd:62:d8:1e:94:07:0c:d2:27:59:b4:4b:64:54:7c:8e:22:95:
         30:ff:8f:8a:d0:26:00:12:ac:d0:05:5e:cf:0a:3c:0b:37:7f:
         fc:08:32:f9:a7:0d:69:71:ce:2e:81:a1:97:64:f0:f3:23:d0:
         b4:df:a1:6c:fe:8c:30:41:48:69:3b:3d:6d:cc:8c:99:d4:d3:
         06:50:af:29:e7:6f:11:22:e0:67:aa:6b:d9:b7:d2:8c:ec:f1:
         11:ad:e0:cd:fa:77:c5:45:45:02:10:a9:19:a8:a4:22:7b:3d:
         26:29:07:df:5a:15:fe:87:ab:98:5f:02:02:e7:3d:7d:19:e9:
         13:cf:28:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQf+iiE4rt+3lUrH12i1Of9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMWRiNjQ0ZWEwZTI3NDlkZDZlZDAyMmFlY2QxMjE5NGJj
Yjk2ZjIwHhcNMjUwMTAxMDM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzhkNWIwYTY3ODY3MTE3YjVmMTJiYTM3OWYxMDYwOGU3NzRhNDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1VlT5xCCTFZ1ze8pJMxgu/0zrOzg
BDOhvSmil2tfrOt99zEEkFUxRq6DmBotMNBuVZH0kvMjHoiOpRmR2s6DkqzzTnEz
+uS0SMe1f0X/1wHTr/f+VLTtZ5GxwQnmy6bhhe+sBLmijftiMlUcULa29trP4i26
BAqf6mzIjGJINM3jNxeVGE/qCajS/TZSO9H2Ku6gRzzyLnhrbEvpx95t4ayvSNAc
TCplwqNZrgkq49fXzCdJEbLAVqO7e1oIi6MrUF1YGU5HDsAUriUK/qCHRX2iBORo
aRDOLLDDBT/lSCZGSrMA8EcUDafJsntUPFlGB/Ip4u9518ImzFUVDOu1/wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAONWwpnhnEXtfEro3nxBgjndKRHMB8GA1UdIwQY
MBaAFIsdtkTqDidJ3W7QIq7NEhlLy5byMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXgyMlJPb09KMG5kYnRBaXJzMFNHVXZMbHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9kYzljNmEtNTUwYS00ZWUxLWI0ZmMt
NTQzNzc2ZjdjOTJlLzEvQTQxYkNtZUdjUmUxOFN1amVmRUdDT2QwcEVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9kYzljNmEtNTUwYS00ZWUxLWI0ZmMtNTQzNzc2ZjdjOTJl
LzEvaXgyMlJPb09KMG5kYnRBaXJzMFNHVXZMbHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9AWMA8E
AgACMAkDBwAgAQZ8IRQwDQYJKoZIhvcNAQELBQADggEBAJMJQoptNOaMpEECuz8O
weif1e5kUAstvZmiE8XkydwbrO/6zPi0LqKKyjfOk95yapavLJhAJnvzDWO4vK5g
CJZNliDVaaGQdSXuxSFU70eYjuN0g60iMEcnPa3zQ8fC9voRtRyJCUqX1IkWVcP2
164Ba1WRLwOR3asqkuI5rL1i2B6UBwzSJ1m0S2RUfI4ilTD/j4rQJgASrNAFXs8K
PAs3f/wIMvmnDWlxzi6BoZdk8PMj0LTfoWz+jDBBSGk7PW3MjJnU0wZQrynnbxEi
4Geqa9m30ozs8RGt4M36d8VFRQIQqRmopCJ7PSYpB99aFf6Hq5hfAgLnPX0Z6RPP
KJE=
-----END CERTIFICATE-----