Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/bXcsNUMfdZBR3tv1r8dI-NGTxGI.roa
File:                     bXcsNUMfdZBR3tv1r8dI-NGTxGI.roa (raw, json)
Hash identifier:          nSyMcXVhj3Lt4TUfuUh042NUrc5IpwBc7m8EmxqlbJw=
Subject key identifier:   6D:77:2C:35:43:1F:75:90:51:DE:DB:F5:AF:C7:48:F8:D1:93:C4:62
Certificate issuer:       /CN=23446da7a70bce773ec2bc1655aae30c3c18412c
Certificate serial:       019425FC14E56C39DA24C1CEBC469E021740
Authority key identifier: 23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/bXcsNUMfdZBR3tv1r8dI-NGTxGI.roa
Signing time:             Thu 02 Jan 2025 07:47:44 +0000
ROA not before:           Thu 02 Jan 2025 07:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395954
IP address blocks:        171.22.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:14:e5:6c:39:da:24:c1:ce:bc:46:9e:02:17:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23446da7a70bce773ec2bc1655aae30c3c18412c
        Validity
            Not Before: Jan  2 07:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d772c35431f759051dedbf5afc748f8d193c462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:70:0a:b0:0e:39:4b:9c:68:43:24:68:c8:76:
                    01:38:88:59:83:ca:31:e2:00:50:5d:64:9c:58:53:
                    5e:e3:e2:4f:52:89:5c:7e:6e:ea:89:6f:bf:53:f7:
                    77:cd:7b:ce:4f:96:7c:86:80:94:35:33:b2:d5:a5:
                    15:6a:c5:59:7f:fe:67:0a:7e:72:21:b8:e0:0c:de:
                    33:b6:b7:cf:99:88:b4:23:11:8a:16:ef:14:ef:38:
                    10:90:07:fd:89:8b:05:d1:f4:b8:22:8e:5c:83:5f:
                    5f:7e:7e:cf:d1:31:07:d5:03:47:77:45:b0:32:b8:
                    34:4f:3d:d0:85:30:44:3b:13:07:cf:ed:4c:89:a9:
                    7f:f0:db:9f:21:d5:42:b2:af:25:0c:36:e1:2e:bc:
                    b0:a1:20:aa:bc:0c:92:73:70:96:7d:c6:ae:6e:8b:
                    49:f5:6d:97:13:9a:21:fb:9f:e0:67:6f:30:fb:a3:
                    6d:92:ce:74:d6:80:1b:e0:1b:e7:b7:1b:5b:8f:82:
                    61:98:85:ed:f2:05:83:fb:ee:ca:12:93:99:00:6d:
                    e1:db:d8:ca:e4:7c:77:f3:ab:c6:0f:dc:b6:2e:a8:
                    f5:71:9f:ee:24:d3:0b:30:1b:3b:0a:d4:ca:34:8c:
                    26:00:fe:f7:03:ef:bd:6c:30:b5:04:91:f4:04:0e:
                    18:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:77:2C:35:43:1F:75:90:51:DE:DB:F5:AF:C7:48:F8:D1:93:C4:62
            X509v3 Authority Key Identifier:
                keyid:23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/bXcsNUMfdZBR3tv1r8dI-NGTxGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:94:0e:a7:88:df:95:43:c4:b1:76:99:5c:eb:7a:cc:26:53:
         80:52:05:94:08:b4:29:85:d8:2d:06:39:92:8d:aa:4d:94:11:
         ca:1e:a7:e4:2d:db:13:08:29:9a:a8:e0:8b:46:d0:73:cd:3f:
         5d:31:db:c9:db:d1:ce:df:73:3f:de:24:95:e9:81:3c:a5:53:
         f3:7e:cc:da:38:96:ac:b4:8c:ca:7c:69:f3:cd:b8:da:50:33:
         6d:3e:08:c8:58:b7:10:b2:b5:e0:65:b5:83:1a:5e:a3:7c:cb:
         9c:5a:f8:51:48:8d:bb:90:2a:0b:a6:c1:b4:63:8a:6b:5a:29:
         0f:8d:c5:7f:51:ff:71:6e:69:cd:63:fd:40:9c:dd:52:ed:6d:
         7f:28:a8:4a:90:6d:d4:ad:59:80:3b:a7:22:9f:96:5b:36:d6:
         d7:21:11:e6:61:2e:15:ca:e4:d4:3a:0d:f8:45:82:d0:ad:05:
         3e:0d:9e:2b:4e:08:39:49:62:fb:0b:c3:1e:34:d7:9b:ee:a5:
         4b:92:10:c4:33:04:5a:1b:8f:7e:82:50:c4:8f:ab:c1:e6:c5:
         95:c6:35:e0:0c:44:42:da:67:e6:b9:38:a8:89:b7:4d:81:fb:
         82:0f:f9:d5:01:e8:7b:55:4f:dd:93:9c:15:05:90:0e:29:4d:
         22:b5:1c:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/BTlbDnaJMHOvEaeAhdAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDQ2ZGE3YTcwYmNlNzczZWMyYmMxNjU1YWFlMzBjM2Mx
ODQxMmMwHhcNMjUwMTAyMDc0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDc3MmMzNTQzMWY3NTkwNTFkZWRiZjVhZmM3NDhmOGQxOTNjNDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XAKsA45S5xoQyRoyHYBOIhZg8ox
4gBQXWScWFNe4+JPUolcfm7qiW+/U/d3zXvOT5Z8hoCUNTOy1aUVasVZf/5nCn5y
IbjgDN4ztrfPmYi0IxGKFu8U7zgQkAf9iYsF0fS4Io5cg19ffn7P0TEH1QNHd0Ww
Mrg0Tz3QhTBEOxMHz+1Mial/8NufIdVCsq8lDDbhLrywoSCqvAySc3CWfcaubotJ
9W2XE5oh+5/gZ28w+6Ntks501oAb4Bvntxtbj4JhmIXt8gWD++7KEpOZAG3h29jK
5Hx386vGD9y2Lqj1cZ/uJNMLMBs7CtTKNIwmAP73A++9bDC1BJH0BA4YrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG13LDVDH3WQUd7b9a/HSPjRk8RiMB8GA1UdIwQY
MBaAFCNEbaenC853PsK8FlWq4ww8GEEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQt
MjVjYzlkNmNmYmI5LzEvYlhjc05VTWZkWkJSM3R2MXI4ZEktTkdUeEdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQtMjVjYzlkNmNmYmI5
LzEvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxa/MA0G
CSqGSIb3DQEBCwUAA4IBAQColA6niN+VQ8Sxdplc63rMJlOAUgWUCLQphdgtBjmS
japNlBHKHqfkLdsTCCmaqOCLRtBzzT9dMdvJ29HO33M/3iSV6YE8pVPzfszaOJas
tIzKfGnzzbjaUDNtPgjIWLcQsrXgZbWDGl6jfMucWvhRSI27kCoLpsG0Y4prWikP
jcV/Uf9xbmnNY/1AnN1S7W1/KKhKkG3UrVmAO6cin5ZbNtbXIRHmYS4VyuTUOg34
RYLQrQU+DZ4rTgg5SWL7C8MeNNeb7qVLkhDEMwRaG49+glDEj6vB5sWVxjXgDERC
2mfmuTioibdNgfuCD/nVAeh7VU/dk5wVBZAOKU0itRwD
-----END CERTIFICATE-----