Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/b4AGcn0hWNQHufubVLqGkpQqCJU.roa
File:                     b4AGcn0hWNQHufubVLqGkpQqCJU.roa (raw, json)
Hash identifier:          TffukrxORwRZt6LrZ4vP1Br2diZAMHQpSo83hi5snQM=
Subject key identifier:   6F:80:06:72:7D:21:58:D4:07:B9:FB:9B:54:BA:86:92:94:2A:08:95
Certificate issuer:       /CN=b1c3ec539f23ee031aa396ac5ced42563884b7b3
Certificate serial:       019420D6503963AFC326F9645B40CC43323F
Authority key identifier: B1:C3:EC:53:9F:23:EE:03:1A:A3:96:AC:5C:ED:42:56:38:84:B7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/scPsU58j7gMao5asXO1CVjiEt7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/b4AGcn0hWNQHufubVLqGkpQqCJU.roa
Signing time:             Wed 01 Jan 2025 07:48:23 +0000
ROA not before:           Wed 01 Jan 2025 07:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207366
IP address blocks:        91.220.231.0/24 maxlen: 24
                          2a0a:ed80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/scPsU58j7gMao5asXO1CVjiEt7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/scPsU58j7gMao5asXO1CVjiEt7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/scPsU58j7gMao5asXO1CVjiEt7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 16:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:50:39:63:af:c3:26:f9:64:5b:40:cc:43:32:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1c3ec539f23ee031aa396ac5ced42563884b7b3
        Validity
            Not Before: Jan  1 07:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6f8006727d2158d407b9fb9b54ba8692942a0895
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:dc:6a:f3:27:80:59:fa:5c:17:14:01:d6:76:
                    74:ac:ff:8b:f4:41:df:da:0d:94:d5:ae:57:2f:f3:
                    35:03:e4:4e:7f:65:ad:b7:cc:5b:2c:3f:f1:29:4d:
                    6c:bf:63:1a:30:49:a0:0f:56:72:1f:ca:09:a8:31:
                    6e:fd:a4:74:90:3d:06:e0:b9:5a:b0:ce:04:e5:9f:
                    de:84:07:d8:0f:dd:26:55:f4:2f:77:ed:f3:72:55:
                    6a:2f:60:67:dd:db:fa:fb:17:80:86:bd:aa:93:f5:
                    8b:77:76:a4:c6:e2:e4:36:6f:02:ba:ab:5c:0e:27:
                    16:f1:97:56:d8:d5:56:a5:34:44:42:48:87:be:d0:
                    fd:bb:4d:4d:e0:f4:70:ce:5f:e7:20:3d:01:1e:ae:
                    77:ba:cd:b8:e0:46:4f:d4:6b:88:75:f4:b7:00:63:
                    5e:a6:f7:37:e7:63:ae:54:70:63:ef:cf:d9:72:b2:
                    2f:4a:b8:a2:3b:53:b1:3f:6a:ce:4a:46:5b:7f:55:
                    6c:e2:bd:d1:e1:0b:60:40:58:d3:1a:4b:5b:7d:da:
                    0b:ce:71:48:31:cb:52:ac:36:d1:20:91:5f:3b:f9:
                    ee:d8:08:ae:0c:f1:27:0a:f1:f0:30:06:ee:30:c5:
                    b8:f0:e0:5d:e8:af:d6:a9:ec:c8:c3:f9:c5:2b:1f:
                    f6:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:80:06:72:7D:21:58:D4:07:B9:FB:9B:54:BA:86:92:94:2A:08:95
            X509v3 Authority Key Identifier:
                keyid:B1:C3:EC:53:9F:23:EE:03:1A:A3:96:AC:5C:ED:42:56:38:84:B7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/scPsU58j7gMao5asXO1CVjiEt7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/b4AGcn0hWNQHufubVLqGkpQqCJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/00dcdf-ec9d-4446-905e-556347a5f056/1/scPsU58j7gMao5asXO1CVjiEt7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.231.0/24
                IPv6:
                  2a0a:ed80::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:50:a4:2b:10:a9:1e:1e:ea:21:a6:fc:05:23:2d:17:0a:95:
         e1:13:3d:ef:30:b3:85:44:e8:89:2b:f9:f7:c8:39:aa:55:9e:
         ce:cd:21:26:16:3d:78:a3:7e:07:0e:e9:99:e3:96:66:85:55:
         6c:c2:73:ca:76:06:32:56:8b:c4:a5:fa:7e:d4:3d:56:bd:79:
         d4:39:7a:d9:3f:0b:a4:26:85:67:e8:34:e2:e2:d0:f2:2f:a1:
         d8:74:de:60:97:4e:ed:a9:b1:81:85:ab:0c:ed:d4:0c:4d:90:
         88:0c:78:98:b3:d2:fa:17:a7:c3:37:88:be:a0:85:17:92:88:
         73:ee:d9:b3:5b:1c:42:2b:1d:89:94:33:d8:8f:5a:2d:ef:32:
         37:d3:3d:95:38:ba:28:e1:06:a9:61:7d:39:e1:9b:ec:f6:7e:
         dc:52:e0:99:58:02:a3:6d:e6:7e:71:93:b5:10:d3:65:97:e8:
         9e:53:85:c4:9e:89:0f:6b:af:d4:ad:de:76:c3:b6:73:6d:6e:
         34:58:f5:f3:d6:e6:7d:00:ee:58:f6:52:c8:24:6d:f3:6a:6c:
         a1:e0:b9:c4:0a:19:fe:e6:6c:0b:3b:93:a3:10:5e:a2:39:6c:
         97:56:63:71:b5:19:dd:7d:14:2a:cc:fc:fa:44:f0:73:42:52:
         60:62:2a:a7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1lA5Y6/DJvlkW0DMQzI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYzNlYzUzOWYyM2VlMDMxYWEzOTZhYzVjZWQ0MjU2Mzg4
NGI3YjMwHhcNMjUwMTAxMDc0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjgwMDY3MjdkMjE1OGQ0MDdiOWZiOWI1NGJhODY5Mjk0MmEwODk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNxq8yeAWfpcFxQB1nZ0rP+L9EHf
2g2U1a5XL/M1A+ROf2Wtt8xbLD/xKU1sv2MaMEmgD1ZyH8oJqDFu/aR0kD0G4Lla
sM4E5Z/ehAfYD90mVfQvd+3zclVqL2Bn3dv6+xeAhr2qk/WLd3akxuLkNm8Cuqtc
DicW8ZdW2NVWpTREQkiHvtD9u01N4PRwzl/nID0BHq53us244EZP1GuIdfS3AGNe
pvc352OuVHBj78/ZcrIvSriiO1OxP2rOSkZbf1Vs4r3R4QtgQFjTGktbfdoLznFI
MctSrDbRIJFfO/nu2AiuDPEnCvHwMAbuMMW48OBd6K/WqezIw/nFKx/21QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFG+ABnJ9IVjUB7n7m1S6hpKUKgiVMB8GA1UdIwQY
MBaAFLHD7FOfI+4DGqOWrFztQlY4hLezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2NQc1U1OGo3Z01hbzVhc1hPMUNWamlFdDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8wMGRjZGYtZWM5ZC00NDQ2LTkwNWUt
NTU2MzQ3YTVmMDU2LzEvYjRBR2NuMGhXTlFIdWZ1YlZMcUdrcFFxQ0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8wMGRjZGYtZWM5ZC00NDQ2LTkwNWUtNTU2MzQ3YTVmMDU2
LzEvc2NQc1U1OGo3Z01hbzVhc1hPMUNWamlFdDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9znMA0E
AgACMAcDBQMqCu2AMA0GCSqGSIb3DQEBCwUAA4IBAQAJUKQrEKkeHuohpvwFIy0X
CpXhEz3vMLOFROiJK/n3yDmqVZ7OzSEmFj14o34HDumZ45ZmhVVswnPKdgYyVovE
pfp+1D1WvXnUOXrZPwukJoVn6DTi4tDyL6HYdN5gl07tqbGBhasM7dQMTZCIDHiY
s9L6F6fDN4i+oIUXkohz7tmzWxxCKx2JlDPYj1ot7zI30z2VOLoo4QapYX054Zvs
9n7cUuCZWAKjbeZ+cZO1ENNll+ieU4XEnokPa6/Urd52w7ZzbW40WPXz1uZ9AO5Y
9lLIJG3zamyh4LnEChn+5mwLO5OjEF6iOWyXVmNxtRndfRQqzPz6RPBzQlJgYiqn
-----END CERTIFICATE-----