Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/3kGa7kLBm042LbbqykHtZB7ufPc.roa
File:                     3kGa7kLBm042LbbqykHtZB7ufPc.roa (raw, json)
Hash identifier:          w1pGOLasw4Pb62ELUrEIQqwR4u8hfryDi61TGvccVyw=
Subject key identifier:   DE:41:9A:EE:42:C1:9B:4E:36:2D:B6:EA:CA:41:ED:64:1E:EE:7C:F7
Certificate issuer:       /CN=0661f20fb8a7e635d7bcc94c00bed7179b7608f6
Certificate serial:       019421B2368E9264987334855E1C60D4DD3D
Authority key identifier: 06:61:F2:0F:B8:A7:E6:35:D7:BC:C9:4C:00:BE:D7:17:9B:76:08:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BmHyD7in5jXXvMlMAL7XF5t2CPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/3kGa7kLBm042LbbqykHtZB7ufPc.roa
Signing time:             Wed 01 Jan 2025 11:48:34 +0000
ROA not before:           Wed 01 Jan 2025 11:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57129
IP address blocks:        91.209.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/BmHyD7in5jXXvMlMAL7XF5t2CPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/BmHyD7in5jXXvMlMAL7XF5t2CPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BmHyD7in5jXXvMlMAL7XF5t2CPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:36:8e:92:64:98:73:34:85:5e:1c:60:d4:dd:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0661f20fb8a7e635d7bcc94c00bed7179b7608f6
        Validity
            Not Before: Jan  1 11:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de419aee42c19b4e362db6eaca41ed641eee7cf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:32:27:cd:b0:6f:73:22:be:44:be:72:c4:23:
                    26:92:d1:d8:15:f5:c0:71:17:d5:04:84:cd:54:6c:
                    9a:e5:eb:a4:db:ba:0f:2d:47:50:1a:e4:e3:cc:06:
                    d0:e8:16:3f:09:09:c0:4b:4e:ab:48:8f:68:97:8f:
                    d3:9c:ca:53:82:e4:d5:b1:3c:99:78:19:08:f2:0d:
                    b8:e1:99:36:6b:d8:19:e0:73:c8:eb:6a:37:fa:ef:
                    25:be:7e:6c:90:f9:f4:6e:a9:ae:28:ff:1d:55:4c:
                    72:8f:38:28:b8:7b:c7:5a:8a:64:24:db:8f:52:b2:
                    8e:de:1d:bc:a4:d9:f9:56:9a:d6:10:f4:2d:c1:8d:
                    03:f9:5a:cc:d7:2a:0a:9f:18:01:84:d9:db:3f:cb:
                    f9:d9:e3:d6:11:f2:ab:09:d0:6d:21:2e:25:8f:77:
                    d2:46:fb:0c:12:28:77:cd:7a:7a:2c:e8:e3:0f:6a:
                    43:86:31:85:c7:ff:8f:1f:89:3c:5a:cc:69:43:17:
                    2b:e7:cf:be:22:38:17:61:30:4e:78:03:11:bb:d6:
                    e3:3f:dc:71:7d:2e:bd:b1:ff:77:5c:c8:83:d3:e1:
                    bf:49:a9:f1:5e:12:4c:eb:71:e8:d0:29:0d:f6:a8:
                    a0:08:56:b8:d1:b4:74:ec:81:e9:e6:33:81:84:d3:
                    a0:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:41:9A:EE:42:C1:9B:4E:36:2D:B6:EA:CA:41:ED:64:1E:EE:7C:F7
            X509v3 Authority Key Identifier:
                keyid:06:61:F2:0F:B8:A7:E6:35:D7:BC:C9:4C:00:BE:D7:17:9B:76:08:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BmHyD7in5jXXvMlMAL7XF5t2CPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/3kGa7kLBm042LbbqykHtZB7ufPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/BmHyD7in5jXXvMlMAL7XF5t2CPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:f5:7d:be:a9:c4:1f:77:04:e2:1b:aa:f7:06:2c:c3:98:9e:
         32:d2:6b:5e:fd:c5:3a:9f:b2:e0:75:dd:89:ba:85:e9:32:64:
         b9:c3:ef:73:23:fb:cc:81:74:c6:61:e2:bd:df:0b:42:26:47:
         da:ce:4c:45:2f:c1:6c:a2:ec:ee:f0:4b:21:e1:83:75:88:85:
         b3:13:c8:3d:7c:82:8b:7a:14:5f:d0:70:d2:f6:f2:98:55:e1:
         66:91:e6:43:7e:94:5b:7b:7d:de:cb:cc:5e:d3:01:a5:fc:67:
         b2:cd:dc:93:82:63:b7:54:80:9f:77:e9:3b:79:a0:0c:39:13:
         18:57:7c:0d:e6:06:69:f8:b5:6d:9b:9f:f8:72:1a:0d:b7:51:
         d4:e9:93:69:ba:84:e3:05:3a:3e:34:24:82:8e:1e:82:76:b3:
         ec:ce:cf:ae:52:41:04:55:da:92:32:ac:73:0d:67:cc:2f:ed:
         2b:5a:a7:e2:58:d2:0a:93:6e:00:6d:35:bb:3f:ec:81:00:63:
         f9:5f:ee:62:7c:1e:6d:54:b6:94:ac:cb:53:d7:a4:da:6b:d4:
         f0:52:16:8b:5b:a1:fc:9d:c2:ac:99:1e:d5:56:0e:92:4f:8f:
         0a:9c:36:da:68:94:93:67:e3:c2:a8:1f:ce:ad:c9:da:c6:32:
         0c:56:e7:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjaOkmSYczSFXhxg1N09MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NjFmMjBmYjhhN2U2MzVkN2JjYzk0YzAwYmVkNzE3OWI3
NjA4ZjYwHhcNMjUwMTAxMTE0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTQxOWFlZTQyYzE5YjRlMzYyZGI2ZWFjYTQxZWQ2NDFlZWU3Y2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTInzbBvcyK+RL5yxCMmktHYFfXA
cRfVBITNVGya5euk27oPLUdQGuTjzAbQ6BY/CQnAS06rSI9ol4/TnMpTguTVsTyZ
eBkI8g244Zk2a9gZ4HPI62o3+u8lvn5skPn0bqmuKP8dVUxyjzgouHvHWopkJNuP
UrKO3h28pNn5VprWEPQtwY0D+VrM1yoKnxgBhNnbP8v52ePWEfKrCdBtIS4lj3fS
RvsMEih3zXp6LOjjD2pDhjGFx/+PH4k8WsxpQxcr58++IjgXYTBOeAMRu9bjP9xx
fS69sf93XMiD0+G/SanxXhJM63Ho0CkN9qigCFa40bR07IHp5jOBhNOg/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5Bmu5CwZtONi226spB7WQe7nz3MB8GA1UdIwQY
MBaAFAZh8g+4p+Y117zJTAC+1xebdgj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm1IeUQ3aW41alhYdk1sTUFMN1hGNXQyQ1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmQ0OWItYmM2Zi00Y2U0LTkzMzMt
YWQ4ZWRmZTVmMGY3LzEvM2tHYTdrTEJtMDQyTGJicXlrSHRaQjd1ZlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmQ0OWItYmM2Zi00Y2U0LTkzMzMtYWQ4ZWRmZTVmMGY3
LzEvQm1IeUQ3aW41alhYdk1sTUFMN1hGNXQyQ1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GJMA0G
CSqGSIb3DQEBCwUAA4IBAQBV9X2+qcQfdwTiG6r3BizDmJ4y0mte/cU6n7Lgdd2J
uoXpMmS5w+9zI/vMgXTGYeK93wtCJkfazkxFL8Fsouzu8Esh4YN1iIWzE8g9fIKL
ehRf0HDS9vKYVeFmkeZDfpRbe33ey8xe0wGl/GeyzdyTgmO3VICfd+k7eaAMORMY
V3wN5gZp+LVtm5/4choNt1HU6ZNpuoTjBTo+NCSCjh6CdrPszs+uUkEEVdqSMqxz
DWfML+0rWqfiWNIKk24AbTW7P+yBAGP5X+5ifB5tVLaUrMtT16Taa9TwUhaLW6H8
ncKsmR7VVg6ST48KnDbaaJSTZ+PCqB/OrcnaxjIMVudQ
-----END CERTIFICATE-----