Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/65cSXHWpDSoAs2eJo9JLwSMC-hs.roa
File:                     65cSXHWpDSoAs2eJo9JLwSMC-hs.roa (raw, json)
Hash identifier:          gfJRAfiAuRFb+mEdtXP6jttw5570xjHLebwDmVfPlUM=
Subject key identifier:   EB:97:12:5C:75:A9:0D:2A:00:B3:67:89:A3:D2:4B:C1:23:02:FA:1B
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       01942067BE647B4027BFBAEBF7162353BE11
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/65cSXHWpDSoAs2eJo9JLwSMC-hs.roa
Signing time:             Wed 01 Jan 2025 05:47:37 +0000
ROA not before:           Wed 01 Jan 2025 05:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40065
IP address blocks:        91.217.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:be:64:7b:40:27:bf:ba:eb:f7:16:23:53:be:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Jan  1 05:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb97125c75a90d2a00b36789a3d24bc12302fa1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d3:e9:03:5e:ae:6e:b8:51:5c:1b:19:96:f0:
                    b9:5a:e4:94:37:14:51:3c:80:63:eb:ef:ec:96:c5:
                    3a:74:55:77:c7:d2:41:b2:09:21:29:6c:88:1e:7b:
                    61:31:13:31:25:87:fe:f3:40:dd:b3:95:17:3b:9f:
                    8e:60:3c:17:b0:7a:c8:09:dc:04:fb:95:9f:34:5c:
                    70:d2:e2:b3:0c:39:5c:6b:d0:cf:4a:c0:68:bb:d4:
                    a9:e6:ac:46:50:92:2e:a9:b7:97:02:5d:7d:e0:99:
                    85:2a:01:99:54:f6:3f:2e:64:3d:a3:b9:cf:69:2b:
                    6b:b2:55:54:42:73:ce:9b:aa:2f:cb:50:4d:2a:6d:
                    fe:52:b3:ba:7e:89:4e:11:7c:d0:7d:3b:94:ff:73:
                    bb:5f:cc:22:e7:76:e1:57:bf:cc:f0:e9:71:05:67:
                    8d:7e:fa:69:14:2c:34:2f:2e:51:36:2a:bb:8a:82:
                    b6:bc:80:c5:9f:7f:0f:90:d7:f6:f7:60:17:33:40:
                    cb:3a:92:7e:8e:45:e9:cd:32:d8:48:3b:9c:c0:8e:
                    ab:f1:cf:09:8a:88:51:97:a1:51:57:60:4c:71:3b:
                    c2:24:7b:83:88:73:f4:87:42:76:db:c7:f9:af:13:
                    7c:44:be:a5:af:d4:ef:2e:38:96:c3:ea:42:4a:17:
                    b0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:97:12:5C:75:A9:0D:2A:00:B3:67:89:A3:D2:4B:C1:23:02:FA:1B
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/65cSXHWpDSoAs2eJo9JLwSMC-hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:8b:f3:16:b2:6c:b7:95:75:10:3f:cf:5f:b0:af:91:27:06:
         23:21:6b:ed:93:67:6b:0c:b3:c6:11:02:c0:b4:28:5a:3e:a1:
         00:d3:2a:ec:c4:b3:d0:26:0b:59:36:f7:eb:26:c3:41:d2:70:
         ce:89:98:f3:22:e0:8c:d6:2f:9f:e4:4c:6e:37:31:83:fd:58:
         f3:19:4d:99:d8:1e:b6:c4:0e:30:d8:99:a2:6d:2d:90:60:ba:
         37:45:ca:5f:8a:09:27:dd:00:3c:6f:4b:cc:56:c0:67:04:c6:
         d8:e6:8b:19:2e:4b:fe:4b:23:14:fe:7a:c2:07:c8:4c:66:1d:
         c1:3f:d5:1c:4f:2a:9a:3f:1e:69:dd:7f:b5:02:a0:17:34:7d:
         76:76:a6:28:92:8a:df:60:fa:e8:85:db:5f:15:e5:01:b1:1f:
         ab:ab:1e:df:37:67:48:4c:28:d2:4c:06:6a:51:cc:14:30:56:
         c3:b1:30:36:28:03:99:47:01:71:fc:64:e8:8c:1a:cb:77:d5:
         b3:af:be:59:8d:d3:ff:09:02:dd:cd:2c:71:20:40:b1:20:0f:
         c5:65:82:79:9a:0c:c7:97:91:14:c8:7c:c4:eb:91:be:78:0e:
         73:4b:90:3b:d7:81:d6:d3:14:15:de:48:25:44:e5:7d:70:47:
         9d:0e:18:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ75ke0Anv7rr9xYjU74RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjUwMTAxMDU0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjk3MTI1Yzc1YTkwZDJhMDBiMzY3ODlhM2QyNGJjMTIzMDJmYTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNPpA16ubrhRXBsZlvC5WuSUNxRR
PIBj6+/slsU6dFV3x9JBsgkhKWyIHnthMRMxJYf+80Dds5UXO5+OYDwXsHrICdwE
+5WfNFxw0uKzDDlca9DPSsBou9Sp5qxGUJIuqbeXAl194JmFKgGZVPY/LmQ9o7nP
aStrslVUQnPOm6ovy1BNKm3+UrO6folOEXzQfTuU/3O7X8wi53bhV7/M8OlxBWeN
fvppFCw0Ly5RNiq7ioK2vIDFn38PkNf292AXM0DLOpJ+jkXpzTLYSDucwI6r8c8J
iohRl6FRV2BMcTvCJHuDiHP0h0J228f5rxN8RL6lr9TvLjiWw+pCShewrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuXElx1qQ0qALNniaPSS8EjAvobMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvNjVjU1hIV3BEU29BczJlSm85Skx3U01DLWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mLMA0G
CSqGSIb3DQEBCwUAA4IBAQBHi/MWsmy3lXUQP89fsK+RJwYjIWvtk2drDLPGEQLA
tChaPqEA0yrsxLPQJgtZNvfrJsNB0nDOiZjzIuCM1i+f5ExuNzGD/VjzGU2Z2B62
xA4w2JmibS2QYLo3Rcpfigkn3QA8b0vMVsBnBMbY5osZLkv+SyMU/nrCB8hMZh3B
P9UcTyqaPx5p3X+1AqAXNH12dqYokorfYProhdtfFeUBsR+rqx7fN2dITCjSTAZq
UcwUMFbDsTA2KAOZRwFx/GTojBrLd9Wzr75ZjdP/CQLdzSxxIECxIA/FZYJ5mgzH
l5EUyHzE65G+eA5zS5A714HW0xQV3kglROV9cEedDhjf
-----END CERTIFICATE-----