Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/xdBt6mgdPLmEK6zvGwvirp2QCKY.roa
File:                     xdBt6mgdPLmEK6zvGwvirp2QCKY.roa (raw, json)
Hash identifier:          nTAIAin8JLzpAvSGVhNOts7eSHkAmQZF1jcZc7SgaKo=
Subject key identifier:   C5:D0:6D:EA:68:1D:3C:B9:84:2B:AC:EF:1B:0B:E2:AE:9D:90:08:A6
Certificate issuer:       /CN=14644dd0a81c63073f2c51bc976e11fa9c615c51
Certificate serial:       01942369EB2F96968668937A21544C5065F1
Authority key identifier: 14:64:4D:D0:A8:1C:63:07:3F:2C:51:BC:97:6E:11:FA:9C:61:5C:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FGRN0KgcYwc_LFG8l24R-pxhXFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/xdBt6mgdPLmEK6zvGwvirp2QCKY.roa
Signing time:             Wed 01 Jan 2025 19:48:51 +0000
ROA not before:           Wed 01 Jan 2025 19:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61283
IP address blocks:        91.233.83.0/24 maxlen: 24
                          2001:67c:1530::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/FGRN0KgcYwc_LFG8l24R-pxhXFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/FGRN0KgcYwc_LFG8l24R-pxhXFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FGRN0KgcYwc_LFG8l24R-pxhXFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:eb:2f:96:96:86:68:93:7a:21:54:4c:50:65:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14644dd0a81c63073f2c51bc976e11fa9c615c51
        Validity
            Not Before: Jan  1 19:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5d06dea681d3cb9842bacef1b0be2ae9d9008a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:71:18:3a:a0:ec:4b:15:08:31:d2:8e:5f:1b:
                    61:91:ed:82:0a:c1:2c:a7:df:38:fe:7d:fe:05:d3:
                    96:3f:eb:22:39:16:71:8b:1d:14:5f:ae:46:28:57:
                    3b:f1:5e:9c:fe:b6:43:9c:ba:54:4a:fc:27:30:67:
                    0a:b1:5f:68:0a:b7:05:73:15:d6:c0:a6:4f:37:81:
                    b0:9b:3d:cc:c7:87:47:da:d8:83:cf:53:64:e0:42:
                    bd:99:a6:de:3c:07:9b:7f:8c:f7:d3:ec:fd:d5:a7:
                    6c:74:e2:e2:e9:1a:a8:71:a9:a5:6e:f6:32:8b:8b:
                    df:ff:58:7b:0f:48:70:ca:99:bc:44:84:97:40:92:
                    20:a6:ae:99:85:f1:da:88:8a:2e:24:7a:b2:d3:80:
                    a4:24:57:65:84:62:de:78:af:61:05:bf:c8:25:ce:
                    30:63:24:62:af:65:9e:47:28:64:d9:dc:fa:e4:2c:
                    52:30:98:7b:34:fc:4e:62:dc:86:6c:08:3c:c0:d3:
                    8a:fe:4d:12:5c:b9:b7:09:d1:07:96:64:90:46:99:
                    ae:c1:dc:68:bd:69:82:07:bd:91:06:f7:da:d1:5a:
                    c0:e6:a8:39:78:90:c4:98:d9:12:fa:18:c8:b8:3f:
                    d3:66:07:cd:1b:ab:d4:68:75:b3:a0:b8:c4:9e:7e:
                    2d:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:D0:6D:EA:68:1D:3C:B9:84:2B:AC:EF:1B:0B:E2:AE:9D:90:08:A6
            X509v3 Authority Key Identifier:
                keyid:14:64:4D:D0:A8:1C:63:07:3F:2C:51:BC:97:6E:11:FA:9C:61:5C:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FGRN0KgcYwc_LFG8l24R-pxhXFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/xdBt6mgdPLmEK6zvGwvirp2QCKY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/db8a11-cadd-459c-b59f-9bf37ec98bb0/1/FGRN0KgcYwc_LFG8l24R-pxhXFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.83.0/24
                IPv6:
                  2001:67c:1530::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:3e:15:9b:d7:1c:bf:22:b9:ac:6e:31:96:ab:8a:3b:a5:b0:
         1e:e6:82:bb:53:ff:36:30:d9:7e:25:ac:62:cd:19:60:54:90:
         3a:da:ff:b3:72:df:35:c6:8e:58:0f:33:e6:14:e9:e0:8e:c0:
         a4:4b:ae:50:38:67:1b:14:e1:57:4a:a7:12:5c:61:13:50:1a:
         b1:a2:19:b8:b3:76:29:64:53:7c:8b:17:49:e3:36:50:3f:aa:
         75:e0:e6:88:1f:9f:9d:48:02:4c:01:af:11:9a:35:75:92:2f:
         02:bc:83:76:85:bd:e7:e0:87:72:1e:04:a2:ac:fc:f8:5c:71:
         9a:6a:fa:53:80:8c:38:b5:15:4d:f7:35:fd:2f:ba:4d:92:21:
         a5:ed:12:ce:53:de:b7:45:79:9d:20:84:62:86:9b:40:ba:dd:
         a5:b2:25:39:d9:03:e8:a5:d7:66:a9:16:6d:07:c5:97:e0:5f:
         4d:4d:fd:95:fd:e9:97:00:34:b4:70:0e:65:79:f8:6e:bb:8b:
         48:a6:d6:18:b5:70:81:b6:b8:8e:2b:72:00:61:fe:a8:c8:82:
         27:07:6e:59:83:4d:17:b1:35:49:9b:14:35:89:2c:60:ec:aa:
         39:75:72:c2:b6:7e:24:88:35:87:d6:16:37:bf:9b:98:61:9f:
         f8:23:3b:91
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQjaesvlpaGaJN6IVRMUGXxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NjQ0ZGQwYTgxYzYzMDczZjJjNTFiYzk3NmUxMWZhOWM2
MTVjNTEwHhcNMjUwMTAxMTk0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWQwNmRlYTY4MWQzY2I5ODQyYmFjZWYxYjBiZTJhZTlkOTAwOGE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHEYOqDsSxUIMdKOXxthke2CCsEs
p984/n3+BdOWP+siORZxix0UX65GKFc78V6c/rZDnLpUSvwnMGcKsV9oCrcFcxXW
wKZPN4Gwmz3Mx4dH2tiDz1Nk4EK9mabePAebf4z30+z91adsdOLi6RqocamlbvYy
i4vf/1h7D0hwypm8RISXQJIgpq6ZhfHaiIouJHqy04CkJFdlhGLeeK9hBb/IJc4w
YyRir2WeRyhk2dz65CxSMJh7NPxOYtyGbAg8wNOK/k0SXLm3CdEHlmSQRpmuwdxo
vWmCB72RBvfa0VrA5qg5eJDEmNkS+hjIuD/TZgfNG6vUaHWzoLjEnn4t6wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMXQbepoHTy5hCus7xsL4q6dkAimMB8GA1UdIwQY
MBaAFBRkTdCoHGMHPyxRvJduEfqcYVxRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkdSTjBLZ2NZd2NfTEZHOGwyNFItcHhoWEZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9kYjhhMTEtY2FkZC00NTljLWI1OWYt
OWJmMzdlYzk4YmIwLzEveGRCdDZtZ2RQTG1FSzZ6dkd3dmlycDJRQ0tZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9kYjhhMTEtY2FkZC00NTljLWI1OWYtOWJmMzdlYzk4YmIw
LzEvRkdSTjBLZ2NZd2NfTEZHOGwyNFItcHhoWEZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+lTMA8E
AgACMAkDBwAgAQZ8FTAwDQYJKoZIhvcNAQELBQADggEBAAE+FZvXHL8iuaxuMZar
ijulsB7mgrtT/zYw2X4lrGLNGWBUkDra/7Ny3zXGjlgPM+YU6eCOwKRLrlA4ZxsU
4VdKpxJcYRNQGrGiGbizdilkU3yLF0njNlA/qnXg5ogfn51IAkwBrxGaNXWSLwK8
g3aFvefgh3IeBKKs/PhccZpq+lOAjDi1FU33Nf0vuk2SIaXtEs5T3rdFeZ0ghGKG
m0C63aWyJTnZA+il12apFm0HxZfgX01N/ZX96ZcANLRwDmV5+G67i0im1hi1cIG2
uI4rcgBh/qjIgicHblmDTRexNUmbFDWJLGDsqjl1csK2fiSINYfWFje/m5hhn/gj
O5E=
-----END CERTIFICATE-----