Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/00a2fc-c872-44f6-9ce4-48438202dbab/1/StpUpn9lX23TO-Oe-4PI79KxNG0.roa
File:                     StpUpn9lX23TO-Oe-4PI79KxNG0.roa (raw, json)
Hash identifier:          Y4gPgVsX/dvV/I4lGCjA++A6e1J5MarmPPrWMNyloHc=
Subject key identifier:   4A:DA:54:A6:7F:65:5F:6D:D3:3B:E3:9E:FB:83:C8:EF:D2:B1:34:6D
Certificate issuer:       /CN=c14ee4ce8d3ceee23e0266fcaf544820ae410788
Certificate serial:       01941FFA6B610E392ED2FF2E810428E64B14
Authority key identifier: C1:4E:E4:CE:8D:3C:EE:E2:3E:02:66:FC:AF:54:48:20:AE:41:07:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wU7kzo087uI-Amb8r1RIIK5BB4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/00a2fc-c872-44f6-9ce4-48438202dbab/1/StpUpn9lX23TO-Oe-4PI79KxNG0.roa
Signing time:             Wed 01 Jan 2025 03:48:12 +0000
ROA not before:           Wed 01 Jan 2025 03:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213713
IP address blocks:        91.199.184.0/23 maxlen: 23
                          2a0f:8f80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/00a2fc-c872-44f6-9ce4-48438202dbab/1/wU7kzo087uI-Amb8r1RIIK5BB4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/00a2fc-c872-44f6-9ce4-48438202dbab/1/wU7kzo087uI-Amb8r1RIIK5BB4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wU7kzo087uI-Amb8r1RIIK5BB4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:6b:61:0e:39:2e:d2:ff:2e:81:04:28:e6:4b:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c14ee4ce8d3ceee23e0266fcaf544820ae410788
        Validity
            Not Before: Jan  1 03:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ada54a67f655f6dd33be39efb83c8efd2b1346d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3f:fd:a5:0f:6b:f6:d0:29:3c:54:a5:61:bc:
                    f5:18:8a:32:dc:a2:3b:1f:4d:15:84:d7:9e:53:a2:
                    ba:79:e2:48:fa:1d:8f:f7:e8:5a:55:84:80:e0:06:
                    47:f9:02:d6:c5:27:52:c5:41:58:fb:3b:3e:92:90:
                    9d:90:20:6a:4e:2f:1e:f0:58:19:0d:45:60:6f:24:
                    2f:7a:9c:ff:cf:1b:40:ea:59:01:f0:06:60:46:04:
                    86:2d:57:5e:52:16:68:bf:43:f7:e7:a4:70:96:2f:
                    2d:b9:86:9d:e0:28:2d:1b:b8:61:d2:43:28:da:91:
                    6f:51:c2:65:66:89:1a:a4:56:8d:ba:15:73:d2:2c:
                    73:e2:d4:e2:77:85:07:cf:a2:e3:96:25:76:30:8a:
                    35:45:f6:23:29:f4:b1:0c:97:3f:56:2a:7b:9b:85:
                    fa:12:98:ab:b8:18:15:07:b0:9c:01:91:89:9d:01:
                    9b:ee:28:e1:ce:7a:ac:bd:29:1a:33:9c:e6:7f:25:
                    e7:fb:51:4c:19:12:82:8d:81:fa:4d:e0:53:4d:c7:
                    98:23:d4:03:a1:a2:21:51:8f:45:8f:1b:46:cb:68:
                    23:26:1d:6e:70:a5:95:03:83:b2:3c:67:ea:c9:46:
                    d6:d8:77:f3:ef:bd:65:28:80:3b:e0:d9:12:be:02:
                    6e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:DA:54:A6:7F:65:5F:6D:D3:3B:E3:9E:FB:83:C8:EF:D2:B1:34:6D
            X509v3 Authority Key Identifier:
                keyid:C1:4E:E4:CE:8D:3C:EE:E2:3E:02:66:FC:AF:54:48:20:AE:41:07:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wU7kzo087uI-Amb8r1RIIK5BB4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/00a2fc-c872-44f6-9ce4-48438202dbab/1/StpUpn9lX23TO-Oe-4PI79KxNG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/00a2fc-c872-44f6-9ce4-48438202dbab/1/wU7kzo087uI-Amb8r1RIIK5BB4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.184.0/23
                IPv6:
                  2a0f:8f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:6d:1b:1e:dc:e7:99:ff:d5:5e:ea:ad:53:8a:98:e9:fd:cd:
         f6:15:f6:40:8f:fa:87:87:48:18:e2:f4:c7:cc:6c:3f:41:8a:
         60:37:d5:be:87:b9:27:4b:11:95:b9:0d:33:85:c2:f6:ae:c1:
         cc:6b:cd:01:17:73:4d:c3:35:3d:8f:cc:8b:bd:e2:8c:90:08:
         d9:65:63:01:96:06:22:fa:fb:eb:08:b5:4b:c8:18:6d:ef:d4:
         60:7c:4f:2e:f5:62:d1:55:d1:39:57:4b:a5:59:8c:51:3a:49:
         b6:92:f3:63:c2:a8:ef:01:55:1f:86:b9:c3:e2:2c:e5:aa:97:
         f9:dd:90:b2:51:fc:69:f6:29:c0:19:06:ea:af:fd:b9:f7:d2:
         af:2f:10:d7:58:b9:9e:54:58:fa:26:83:a8:55:3b:c7:aa:7b:
         a9:fc:e1:8e:36:9c:19:21:bd:9a:c1:c3:ca:20:ad:a5:c4:89:
         40:1d:d0:d6:e0:98:88:23:3c:4b:93:ac:7d:04:f0:51:77:26:
         a7:64:3d:8c:37:ff:69:10:e9:c4:40:1e:a1:21:18:ba:b5:b3:
         d2:56:8e:1b:ce:24:6e:c6:25:4f:9b:a0:23:ee:65:c4:9f:cd:
         5a:3f:db:47:41:82:3b:4a:ef:2d:47:52:c4:ab:9a:a9:09:40:
         39:38:0c:b7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQf+mthDjku0v8ugQQo5ksUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNGVlNGNlOGQzY2VlZTIzZTAyNjZmY2FmNTQ0ODIwYWU0
MTA3ODgwHhcNMjUwMTAxMDM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWRhNTRhNjdmNjU1ZjZkZDMzYmUzOWVmYjgzYzhlZmQyYjEzNDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj/9pQ9r9tApPFSlYbz1GIoy3KI7
H00VhNeeU6K6eeJI+h2P9+haVYSA4AZH+QLWxSdSxUFY+zs+kpCdkCBqTi8e8FgZ
DUVgbyQvepz/zxtA6lkB8AZgRgSGLVdeUhZov0P356Rwli8tuYad4CgtG7hh0kMo
2pFvUcJlZokapFaNuhVz0ixz4tTid4UHz6LjliV2MIo1RfYjKfSxDJc/Vip7m4X6
EpiruBgVB7CcAZGJnQGb7ijhznqsvSkaM5zmfyXn+1FMGRKCjYH6TeBTTceYI9QD
oaIhUY9FjxtGy2gjJh1ucKWVA4OyPGfqyUbW2Hfz771lKIA74NkSvgJutQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEraVKZ/ZV9t0zvjnvuDyO/SsTRtMB8GA1UdIwQY
MBaAFMFO5M6NPO7iPgJm/K9USCCuQQeIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1U3a3pvMDg3dUktQW1iOHIxUklJSzVCQjRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wMGEyZmMtYzg3Mi00NGY2LTljZTQt
NDg0MzgyMDJkYmFiLzEvU3RwVXBuOWxYMjNUTy1PZS00UEk3OUt4TkcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wMGEyZmMtYzg3Mi00NGY2LTljZTQtNDg0MzgyMDJkYmFi
LzEvd1U3a3pvMDg3dUktQW1iOHIxUklJSzVCQjRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW8e4MA0E
AgACMAcDBQMqD4+AMA0GCSqGSIb3DQEBCwUAA4IBAQB+bRse3OeZ/9Ve6q1Tipjp
/c32FfZAj/qHh0gY4vTHzGw/QYpgN9W+h7knSxGVuQ0zhcL2rsHMa80BF3NNwzU9
j8yLveKMkAjZZWMBlgYi+vvrCLVLyBht79RgfE8u9WLRVdE5V0ulWYxROkm2kvNj
wqjvAVUfhrnD4izlqpf53ZCyUfxp9inAGQbqr/2599KvLxDXWLmeVFj6JoOoVTvH
qnup/OGONpwZIb2awcPKIK2lxIlAHdDW4JiIIzxLk6x9BPBRdyanZD2MN/9pEOnE
QB6hIRi6tbPSVo4bziRuxiVPm6Aj7mXEn81aP9tHQYI7Su8tR1LEq5qpCUA5OAy3
-----END CERTIFICATE-----