Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/BlXtwuXJZi1FsUYJseJuuvLHwG0.roa
File:                     BlXtwuXJZi1FsUYJseJuuvLHwG0.roa (raw, json)
Hash identifier:          E+H4MQ+p60pNwEw6UNfCnrSspvLH+GiOyo4ssEl9XXQ=
Subject key identifier:   06:55:ED:C2:E5:C9:66:2D:45:B1:46:09:B1:E2:6E:BA:F2:C7:C0:6D
Certificate issuer:       /CN=656cc25012e3a4c8b1626dd757c7b0510e457341
Certificate serial:       019426D95F52F37A556D3CA5A040E3837DF7
Authority key identifier: 65:6C:C2:50:12:E3:A4:C8:B1:62:6D:D7:57:C7:B0:51:0E:45:73:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/BlXtwuXJZi1FsUYJseJuuvLHwG0.roa
Signing time:             Thu 02 Jan 2025 11:49:27 +0000
ROA not before:           Thu 02 Jan 2025 11:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        91.208.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:5f:52:f3:7a:55:6d:3c:a5:a0:40:e3:83:7d:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656cc25012e3a4c8b1626dd757c7b0510e457341
        Validity
            Not Before: Jan  2 11:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0655edc2e5c9662d45b14609b1e26ebaf2c7c06d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:12:f5:fd:f9:f7:18:ef:2b:4f:06:ec:05:10:
                    ba:10:25:49:97:d0:ee:af:39:69:5f:e9:56:68:81:
                    96:e1:6d:6a:ac:57:d2:52:20:4f:4d:7a:78:17:13:
                    c3:a1:43:3e:3e:61:eb:2e:71:ff:1a:7b:42:6a:0a:
                    e4:8c:58:23:9c:ee:81:24:5c:33:63:c8:9c:f5:a8:
                    ac:f6:d2:94:4b:54:1c:60:2d:4d:de:48:e2:14:28:
                    1b:07:25:b0:e7:9e:7c:d4:35:28:7d:98:fa:c8:fe:
                    05:ea:08:e4:e6:cf:98:87:d7:21:9a:36:cd:79:b4:
                    44:65:1c:0f:71:33:8a:75:58:cb:ca:20:1b:2e:be:
                    06:62:42:c7:ff:69:c7:c1:f2:33:25:3f:f8:19:a1:
                    11:a2:88:d9:f1:c8:1a:d6:38:2b:25:eb:3f:e5:85:
                    d5:e9:4b:14:71:f9:38:9a:2f:e0:25:c2:26:c7:d4:
                    27:c0:d3:e8:b1:6e:5f:00:b2:e2:48:86:d1:dd:84:
                    ba:69:54:bd:3d:b4:18:78:12:82:ea:a9:bd:df:5c:
                    4f:2a:eb:50:44:0d:72:10:13:13:9e:f4:54:dd:9b:
                    34:a6:d2:4e:35:5f:a0:7d:8e:59:06:7c:8c:67:b2:
                    c8:e2:04:ca:93:b6:d5:93:7a:7e:40:0b:53:01:01:
                    51:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:55:ED:C2:E5:C9:66:2D:45:B1:46:09:B1:E2:6E:BA:F2:C7:C0:6D
            X509v3 Authority Key Identifier:
                keyid:65:6C:C2:50:12:E3:A4:C8:B1:62:6D:D7:57:C7:B0:51:0E:45:73:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/BlXtwuXJZi1FsUYJseJuuvLHwG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/6db46d-bc2d-45d7-a279-820325f53ccb/1/ZWzCUBLjpMixYm3XV8ewUQ5Fc0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:e1:62:3b:fe:5d:c8:2f:5e:69:fe:32:b3:ae:14:2b:df:58:
         46:85:11:c2:ce:cd:da:3a:a1:e3:89:78:05:98:a4:e8:2d:fd:
         d4:84:e9:4c:7c:45:c3:ae:c9:ae:4d:a9:bb:78:46:bf:54:ba:
         2b:a2:a4:7a:6d:4f:88:e4:ff:cb:52:03:d6:b7:15:f7:d1:67:
         62:e5:da:53:20:e8:64:17:4a:34:3c:a4:00:bc:3f:ce:dc:bd:
         3f:25:46:10:2c:ba:89:d5:0b:5d:c7:f2:49:78:c0:22:e1:c1:
         6b:e9:0d:5c:af:af:b3:fe:06:de:a1:eb:61:db:19:b0:f6:ed:
         0a:1b:7e:9d:a0:a3:66:47:53:92:5a:ed:bb:c9:4c:a4:e4:42:
         6e:32:ea:7e:0a:bd:bd:2d:96:51:f3:f1:be:1e:ca:c4:93:d8:
         e7:71:67:5b:73:64:a3:bf:0e:34:1e:77:cd:7f:dd:f0:d6:f3:
         21:45:73:ea:80:d4:e0:9c:79:a4:f1:99:57:f7:d8:12:46:ec:
         9a:6d:f6:a6:41:a1:b8:65:27:18:5b:6c:c4:97:a3:84:61:97:
         0e:c7:89:8b:8a:00:b6:6b:fc:27:86:c3:9b:c2:07:48:87:b6:
         8b:27:2a:2b:b4:44:10:e5:a1:0e:d3:fb:0e:89:d7:c9:7f:44:
         7d:48:6b:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2V9S83pVbTyloEDjg333MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NmNjMjUwMTJlM2E0YzhiMTYyNmRkNzU3YzdiMDUxMGU0
NTczNDEwHhcNMjUwMTAyMTE0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjU1ZWRjMmU1Yzk2NjJkNDViMTQ2MDliMWUyNmViYWYyYzdjMDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4xL1/fn3GO8rTwbsBRC6ECVJl9Du
rzlpX+lWaIGW4W1qrFfSUiBPTXp4FxPDoUM+PmHrLnH/GntCagrkjFgjnO6BJFwz
Y8ic9ais9tKUS1QcYC1N3kjiFCgbByWw55581DUofZj6yP4F6gjk5s+Yh9chmjbN
ebREZRwPcTOKdVjLyiAbLr4GYkLH/2nHwfIzJT/4GaERoojZ8cga1jgrJes/5YXV
6UsUcfk4mi/gJcImx9QnwNPosW5fALLiSIbR3YS6aVS9PbQYeBKC6qm931xPKutQ
RA1yEBMTnvRU3Zs0ptJONV+gfY5ZBnyMZ7LI4gTKk7bVk3p+QAtTAQFROQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZV7cLlyWYtRbFGCbHibrryx8BtMB8GA1UdIwQY
MBaAFGVswlAS46TIsWJt11fHsFEORXNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWld6Q1VCTGpwTWl4WW0zWFY4ZXdVUTVGYzBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi82ZGI0NmQtYmMyZC00NWQ3LWEyNzkt
ODIwMzI1ZjUzY2NiLzEvQmxYdHd1WEpaaTFGc1VZSnNlSnV1dkxId0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi82ZGI0NmQtYmMyZC00NWQ3LWEyNzktODIwMzI1ZjUzY2Ni
LzEvWld6Q1VCTGpwTWl4WW0zWFY4ZXdVUTVGYzBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BpMA0G
CSqGSIb3DQEBCwUAA4IBAQCK4WI7/l3IL15p/jKzrhQr31hGhRHCzs3aOqHjiXgF
mKToLf3UhOlMfEXDrsmuTam7eEa/VLoroqR6bU+I5P/LUgPWtxX30Wdi5dpTIOhk
F0o0PKQAvD/O3L0/JUYQLLqJ1Qtdx/JJeMAi4cFr6Q1cr6+z/gbeoeth2xmw9u0K
G36doKNmR1OSWu27yUyk5EJuMup+Cr29LZZR8/G+HsrEk9jncWdbc2Sjvw40HnfN
f93w1vMhRXPqgNTgnHmk8ZlX99gSRuyabfamQaG4ZScYW2zEl6OEYZcOx4mLigC2
a/wnhsObwgdIh7aLJyortEQQ5aEO0/sOidfJf0R9SGuI
-----END CERTIFICATE-----