Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/oL3YqmLZNQTklrYCVBkqoxnVPVE.roa
File:                     oL3YqmLZNQTklrYCVBkqoxnVPVE.roa (raw, json)
Hash identifier:          vNB411x6DGxlKgUop3xuDcnHI37Ap9OjrZ9OIS8r31M=
Subject key identifier:   A0:BD:D8:AA:62:D9:35:04:E4:96:B6:02:54:19:2A:A3:19:D5:3D:51
Certificate issuer:       /CN=d47d8aaa10edcf5d0814039153997bfbf4d35ba9
Certificate serial:       0194467FA9822A75FA18A31BC5759B7CE319
Authority key identifier: D4:7D:8A:AA:10:ED:CF:5D:08:14:03:91:53:99:7B:FB:F4:D3:5B:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1H2KqhDtz10IFAORU5l7-_TTW6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/oL3YqmLZNQTklrYCVBkqoxnVPVE.roa
Signing time:             Wed 08 Jan 2025 15:19:19 +0000
ROA not before:           Wed 08 Jan 2025 15:19:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208972
IP address blocks:        91.229.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/1H2KqhDtz10IFAORU5l7-_TTW6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/1H2KqhDtz10IFAORU5l7-_TTW6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1H2KqhDtz10IFAORU5l7-_TTW6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:46:7f:a9:82:2a:75:fa:18:a3:1b:c5:75:9b:7c:e3:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d47d8aaa10edcf5d0814039153997bfbf4d35ba9
        Validity
            Not Before: Jan  8 15:19:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0bdd8aa62d93504e496b60254192aa319d53d51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:b0:21:b6:ba:93:a1:59:03:85:18:2d:e9:f3:
                    32:21:4b:a3:26:4d:74:3b:18:62:2d:00:c2:fa:c4:
                    b7:42:9b:f1:6f:08:d2:f3:4f:09:ef:07:d5:66:f1:
                    fb:49:19:d2:20:8a:c0:42:95:bb:b3:48:88:38:02:
                    7f:92:8e:ac:89:c0:7a:b5:6e:98:af:b1:5a:03:2e:
                    22:02:f5:94:41:eb:e5:9c:35:2c:9a:e5:53:c0:9d:
                    f2:70:0e:0a:26:43:b2:6b:ff:81:7b:e8:c6:34:35:
                    7a:82:d4:7c:bd:b3:0f:bc:cc:ff:68:09:e4:2e:9e:
                    44:b9:a4:32:bf:8e:14:21:4f:4e:2f:c3:bc:4b:db:
                    fe:0b:7d:af:af:0e:cb:7c:06:fa:34:72:09:6d:60:
                    67:54:f8:1d:db:10:5d:68:c2:44:dd:57:cd:9b:11:
                    f1:75:79:ba:61:e3:96:82:9e:d7:dd:c0:97:a4:07:
                    64:db:86:ff:bf:1b:ee:31:ef:37:58:cf:e2:a8:1e:
                    9b:26:ba:62:a1:58:6b:eb:cd:dc:92:d8:c2:1a:ff:
                    1b:82:29:f1:1a:38:24:60:7a:2f:48:27:15:e1:91:
                    a0:02:f5:84:8e:be:a6:f9:b7:b1:05:60:85:90:ed:
                    37:36:2c:23:5d:1c:d6:0c:55:24:da:de:cc:38:9f:
                    2c:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:BD:D8:AA:62:D9:35:04:E4:96:B6:02:54:19:2A:A3:19:D5:3D:51
            X509v3 Authority Key Identifier:
                keyid:D4:7D:8A:AA:10:ED:CF:5D:08:14:03:91:53:99:7B:FB:F4:D3:5B:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1H2KqhDtz10IFAORU5l7-_TTW6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/oL3YqmLZNQTklrYCVBkqoxnVPVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/6dcc50-025c-4c20-8699-bced579c0b7b/1/1H2KqhDtz10IFAORU5l7-_TTW6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:34:28:9a:b8:b9:1f:55:ae:5a:bf:8c:0c:96:0d:a7:e7:2e:
         65:32:72:63:25:8c:5c:de:b1:a4:08:25:dd:5f:3f:09:7b:05:
         6f:4a:5e:cb:4c:a5:e9:a7:bb:ea:1a:dc:ae:7c:19:11:10:67:
         f3:69:8d:a4:f5:60:4a:65:0f:d8:15:8c:fa:22:64:9b:4e:08:
         35:3a:1e:81:62:4a:69:b0:db:dc:6e:3a:62:6e:a9:48:a2:81:
         68:8a:a6:84:9f:98:84:ff:a3:cd:cd:a8:c5:1f:79:ce:9d:f4:
         16:f7:57:e4:ea:7e:63:82:2b:55:fc:a7:e8:22:97:2a:ce:25:
         5f:61:b8:79:74:53:7c:16:bc:89:a1:64:2c:4c:41:20:79:89:
         58:45:38:aa:ac:2f:47:8d:53:dd:a7:9d:79:ec:92:c3:4b:cb:
         19:d8:7d:32:cc:49:d7:d9:b1:bb:b5:02:1c:f9:eb:74:be:77:
         2d:6f:e4:e7:a6:3a:53:bd:72:1d:aa:09:08:55:b2:7c:0a:e0:
         bb:59:86:99:d2:10:9e:5d:3b:e2:9d:9e:b0:e8:66:0f:b2:00:
         d1:25:a4:34:58:3d:f0:b1:0b:bc:65:91:ce:38:da:9f:33:42:
         d5:34:03:62:c4:0b:55:c0:58:dd:8c:9f:79:b2:f0:32:0d:86:
         dd:04:5c:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRGf6mCKnX6GKMbxXWbfOMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0N2Q4YWFhMTBlZGNmNWQwODE0MDM5MTUzOTk3YmZiZjRk
MzViYTkwHhcNMjUwMTA4MTUxOTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGJkZDhhYTYyZDkzNTA0ZTQ5NmI2MDI1NDE5MmFhMzE5ZDUzZDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArbAhtrqToVkDhRgt6fMyIUujJk10
OxhiLQDC+sS3QpvxbwjS808J7wfVZvH7SRnSIIrAQpW7s0iIOAJ/ko6sicB6tW6Y
r7FaAy4iAvWUQevlnDUsmuVTwJ3ycA4KJkOya/+Be+jGNDV6gtR8vbMPvMz/aAnk
Lp5EuaQyv44UIU9OL8O8S9v+C32vrw7LfAb6NHIJbWBnVPgd2xBdaMJE3VfNmxHx
dXm6YeOWgp7X3cCXpAdk24b/vxvuMe83WM/iqB6bJrpioVhr683cktjCGv8bginx
GjgkYHovSCcV4ZGgAvWEjr6m+bexBWCFkO03NiwjXRzWDFUk2t7MOJ8sCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKC92Kpi2TUE5Ja2AlQZKqMZ1T1RMB8GA1UdIwQY
MBaAFNR9iqoQ7c9dCBQDkVOZe/v001upMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUgyS3FoRHR6MTBJRkFPUlU1bDctX1RUVzZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy82ZGNjNTAtMDI1Yy00YzIwLTg2OTkt
YmNlZDU3OWMwYjdiLzEvb0wzWXFtTFpOUVRrbHJZQ1ZCa3FveG5WUFZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy82ZGNjNTAtMDI1Yy00YzIwLTg2OTktYmNlZDU3OWMwYjdi
LzEvMUgyS3FoRHR6MTBJRkFPUlU1bDctX1RUVzZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+XUMA0G
CSqGSIb3DQEBCwUAA4IBAQDPNCiauLkfVa5av4wMlg2n5y5lMnJjJYxc3rGkCCXd
Xz8JewVvSl7LTKXpp7vqGtyufBkREGfzaY2k9WBKZQ/YFYz6ImSbTgg1Oh6BYkpp
sNvcbjpibqlIooFoiqaEn5iE/6PNzajFH3nOnfQW91fk6n5jgitV/KfoIpcqziVf
Ybh5dFN8FryJoWQsTEEgeYlYRTiqrC9HjVPdp5157JLDS8sZ2H0yzEnX2bG7tQIc
+et0vnctb+TnpjpTvXIdqgkIVbJ8CuC7WYaZ0hCeXTvinZ6w6GYPsgDRJaQ0WD3w
sQu8ZZHOONqfM0LVNANixAtVwFjdjJ95svAyDYbdBFz1
-----END CERTIFICATE-----