Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/38f016-f821-4c3e-b391-e2037352725a/1/DLJprIPgvCAnO7QSJdl3zR0anWU.roa
File:                     DLJprIPgvCAnO7QSJdl3zR0anWU.roa (raw, json)
Hash identifier:          G99IKFXpxSMbCkWEKl23+BBs+CPi7iUKXtQNR3AhKak=
Subject key identifier:   0C:B2:69:AC:83:E0:BC:20:27:3B:B4:12:25:D9:77:CD:1D:1A:9D:65
Certificate issuer:       /CN=2fc515b71f91c6e56a14afb4eefd95061dec49d4
Certificate serial:       019421B245F32A4CB686434EE7A160C0C68E
Authority key identifier: 2F:C5:15:B7:1F:91:C6:E5:6A:14:AF:B4:EE:FD:95:06:1D:EC:49:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L8UVtx-RxuVqFK-07v2VBh3sSdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/38f016-f821-4c3e-b391-e2037352725a/1/DLJprIPgvCAnO7QSJdl3zR0anWU.roa
Signing time:             Wed 01 Jan 2025 11:48:38 +0000
ROA not before:           Wed 01 Jan 2025 11:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197659
IP address blocks:        91.223.228.0/24 maxlen: 24
                          185.188.48.0/22 maxlen: 22
                          2a0b:c080::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/38f016-f821-4c3e-b391-e2037352725a/1/L8UVtx-RxuVqFK-07v2VBh3sSdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/38f016-f821-4c3e-b391-e2037352725a/1/L8UVtx-RxuVqFK-07v2VBh3sSdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L8UVtx-RxuVqFK-07v2VBh3sSdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:45:f3:2a:4c:b6:86:43:4e:e7:a1:60:c0:c6:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fc515b71f91c6e56a14afb4eefd95061dec49d4
        Validity
            Not Before: Jan  1 11:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cb269ac83e0bc20273bb41225d977cd1d1a9d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:03:f1:9d:0f:68:6a:9d:94:61:48:11:4a:db:
                    62:06:b2:73:6a:63:e0:f3:b5:3e:dd:54:6e:c7:ac:
                    14:db:0c:ee:6f:3c:45:5d:2b:d3:93:64:15:e9:0b:
                    4a:f1:08:6d:5c:46:64:89:95:75:1b:ab:af:d5:43:
                    2c:5d:2f:ad:02:4e:2d:09:d3:b4:9e:18:2e:03:b4:
                    bc:fe:49:b3:57:7d:c6:63:5c:81:6e:2b:1b:74:6f:
                    f8:60:56:db:74:a7:26:8d:2d:97:42:e9:e4:93:79:
                    3c:c3:14:03:20:9c:7d:fc:b2:9b:78:d0:84:95:d1:
                    4d:2f:80:5e:cf:70:c3:2a:a8:99:e7:32:b6:41:b0:
                    7b:5f:44:04:c2:ed:31:36:92:d3:0d:c7:e6:3e:17:
                    d0:51:70:ff:ab:cc:a6:5a:35:d8:ec:34:b0:1b:dc:
                    ea:14:5e:a4:b6:52:c0:bf:56:0a:b9:af:1b:83:9e:
                    3a:fa:60:25:11:db:52:39:51:10:5e:23:2b:d2:22:
                    70:b1:95:77:d4:9c:8e:9a:5e:bb:e1:69:bd:c0:d1:
                    2c:5a:88:b4:ed:3b:95:15:ef:17:3c:e5:63:7d:68:
                    7f:b2:bf:fc:73:40:d1:3c:92:14:8f:c9:b3:89:d8:
                    e9:fc:e5:b3:51:cd:24:cf:79:56:74:80:18:83:d3:
                    bf:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:B2:69:AC:83:E0:BC:20:27:3B:B4:12:25:D9:77:CD:1D:1A:9D:65
            X509v3 Authority Key Identifier:
                keyid:2F:C5:15:B7:1F:91:C6:E5:6A:14:AF:B4:EE:FD:95:06:1D:EC:49:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L8UVtx-RxuVqFK-07v2VBh3sSdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/38f016-f821-4c3e-b391-e2037352725a/1/DLJprIPgvCAnO7QSJdl3zR0anWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/38f016-f821-4c3e-b391-e2037352725a/1/L8UVtx-RxuVqFK-07v2VBh3sSdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.228.0/24
                  185.188.48.0/22
                IPv6:
                  2a0b:c080::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:24:cc:8d:68:d4:8f:2e:0a:09:de:7f:0b:86:bf:7c:59:56:
         52:74:be:6c:f2:cd:b4:1a:53:19:0c:c7:dd:cf:49:7d:96:c3:
         e8:6f:fb:5a:f6:92:4d:41:a2:4a:ae:34:a8:ed:d6:40:7e:25:
         0f:6e:9f:1f:71:44:79:36:8a:a1:ef:88:98:c9:db:55:01:a4:
         4e:06:7a:05:10:2e:e1:99:e3:13:15:82:cf:b2:d3:2b:e3:25:
         25:6e:b7:5f:75:29:ee:2f:89:51:bd:85:fa:b0:e2:83:f6:ee:
         a7:3f:5b:cd:a4:d9:7b:00:0c:21:28:99:d0:2b:80:aa:3b:2e:
         b4:9e:fe:d0:d3:92:c2:76:f6:d9:1f:6b:0d:3d:2f:ec:7d:67:
         ae:26:cd:03:fc:0c:44:75:36:19:50:df:f7:9d:3a:22:c0:6a:
         3a:de:82:00:22:20:08:08:64:62:69:28:b8:7e:0e:13:4f:99:
         38:12:fc:10:44:a3:bf:ad:65:2c:a4:0f:df:0e:ae:88:68:b8:
         1b:01:fc:98:56:43:3c:84:d5:6d:2b:a4:46:b2:38:e2:66:3b:
         07:bc:af:57:06:06:e7:e6:9e:ff:e1:d9:e3:3c:9e:5d:f5:e4:
         4e:d6:11:19:c1:3a:c9:ee:bb:49:04:5f:1a:16:0e:c6:12:6b:
         e9:8f:79:9b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhskXzKky2hkNO56FgwMaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYzUxNWI3MWY5MWM2ZTU2YTE0YWZiNGVlZmQ5NTA2MWRl
YzQ5ZDQwHhcNMjUwMTAxMTE0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2IyNjlhYzgzZTBiYzIwMjczYmI0MTIyNWQ5NzdjZDFkMWE5ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQPxnQ9oap2UYUgRSttiBrJzamPg
87U+3VRux6wU2wzubzxFXSvTk2QV6QtK8QhtXEZkiZV1G6uv1UMsXS+tAk4tCdO0
nhguA7S8/kmzV33GY1yBbisbdG/4YFbbdKcmjS2XQunkk3k8wxQDIJx9/LKbeNCE
ldFNL4Bez3DDKqiZ5zK2QbB7X0QEwu0xNpLTDcfmPhfQUXD/q8ymWjXY7DSwG9zq
FF6ktlLAv1YKua8bg546+mAlEdtSOVEQXiMr0iJwsZV31JyOml674Wm9wNEsWoi0
7TuVFe8XPOVjfWh/sr/8c0DRPJIUj8mzidjp/OWzUc0kz3lWdIAYg9O/oQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFAyyaayD4LwgJzu0EiXZd80dGp1lMB8GA1UdIwQY
MBaAFC/FFbcfkcblahSvtO79lQYd7EnUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDhVVnR4LVJ4dVZxRkstMDd2MlZCaDNzU2RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi8zOGYwMTYtZjgyMS00YzNlLWIzOTEt
ZTIwMzczNTI3MjVhLzEvRExKcHJJUGd2Q0FuTzdRU0pkbDN6UjBhbldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi8zOGYwMTYtZjgyMS00YzNlLWIzOTEtZTIwMzczNTI3MjVh
LzEvTDhVVnR4LVJ4dVZxRkstMDd2MlZCaDNzU2RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW9/kAwQC
ubwwMA0EAgACMAcDBQMqC8CAMA0GCSqGSIb3DQEBCwUAA4IBAQCNJMyNaNSPLgoJ
3n8Lhr98WVZSdL5s8s20GlMZDMfdz0l9lsPob/ta9pJNQaJKrjSo7dZAfiUPbp8f
cUR5Noqh74iYydtVAaROBnoFEC7hmeMTFYLPstMr4yUlbrdfdSnuL4lRvYX6sOKD
9u6nP1vNpNl7AAwhKJnQK4CqOy60nv7Q05LCdvbZH2sNPS/sfWeuJs0D/AxEdTYZ
UN/3nToiwGo63oIAIiAICGRiaSi4fg4TT5k4EvwQRKO/rWUspA/fDq6IaLgbAfyY
VkM8hNVtK6RGsjjiZjsHvK9XBgbn5p7/4dnjPJ5d9eRO1hEZwTrJ7rtJBF8aFg7G
Emvpj3mb
-----END CERTIFICATE-----