Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/x1DE4qx0CR5c2525hd-5smWGcRM.roa
File:                     x1DE4qx0CR5c2525hd-5smWGcRM.roa (raw, json)
Hash identifier:          Fhtawp/Ekh1+x0zATTzQ8Bt7QJV+RdsBlOsUIhlfeNE=
Subject key identifier:   C7:50:C4:E2:AC:74:09:1E:5C:DB:9D:B9:85:DF:B9:B2:65:86:71:13
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       01942747E2301CE6D2150DF287F0C8F5A67B
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/x1DE4qx0CR5c2525hd-5smWGcRM.roa
Signing time:             Thu 02 Jan 2025 13:50:09 +0000
ROA not before:           Thu 02 Jan 2025 13:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21337
IP address blocks:        213.91.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:e2:30:1c:e6:d2:15:0d:f2:87:f0:c8:f5:a6:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  2 13:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c750c4e2ac74091e5cdb9db985dfb9b265867113
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:03:9d:4b:2c:3a:4a:97:da:5b:9a:81:f8:08:
                    cf:8f:c6:aa:16:53:fa:5a:e7:dd:ae:19:bf:c5:a1:
                    95:5f:bf:15:8b:05:d0:5a:bb:36:ce:2d:b8:69:59:
                    f1:aa:2d:d5:ac:00:e2:cb:16:5a:48:1b:5a:3e:cb:
                    02:bc:09:08:7c:db:f8:53:b1:29:73:5e:d0:5e:07:
                    2f:cc:90:42:f1:ec:f4:fa:df:15:e9:e1:28:4b:33:
                    73:bc:92:e3:81:cd:70:77:5a:f2:54:9f:40:95:25:
                    10:48:bf:63:8f:43:99:3a:53:e6:13:0a:88:c5:e8:
                    e1:fb:9d:46:5c:a0:64:86:8e:f7:e4:55:b8:8e:61:
                    8f:97:a1:fa:68:74:b5:79:66:9c:dc:d7:c8:07:e5:
                    b0:f7:ab:67:7d:d2:c3:2a:98:31:c2:a4:48:b0:5d:
                    ee:1d:31:01:95:55:7f:1f:64:91:f2:98:b2:4f:12:
                    e1:f4:a1:b9:fc:e6:28:cc:ad:69:68:05:3d:f4:34:
                    23:38:aa:59:68:f2:8a:a1:1c:62:73:97:c1:b6:c1:
                    c9:42:37:ad:ba:ff:a6:06:2b:f5:4a:a9:69:9e:b0:
                    9b:c0:d6:22:b2:d6:36:c1:d6:e1:ab:39:fc:58:fd:
                    d8:cc:3a:13:da:3e:57:f3:61:c7:60:66:af:c3:27:
                    58:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:50:C4:E2:AC:74:09:1E:5C:DB:9D:B9:85:DF:B9:B2:65:86:71:13
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/x1DE4qx0CR5c2525hd-5smWGcRM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.91.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:c6:7e:cd:18:e7:6d:bb:b1:d0:d2:4d:38:76:2c:98:fd:ec:
         98:fd:7e:5b:4d:d6:c2:b9:35:06:ed:79:06:5e:47:48:2e:e5:
         02:c4:50:6a:16:17:ec:80:11:e8:93:96:87:93:b7:d3:39:71:
         67:77:3c:72:d2:be:87:e5:66:9e:9a:7f:58:0a:00:1d:31:a6:
         8d:e9:79:8e:08:23:ee:8a:d9:9f:09:0d:20:6e:55:11:46:fb:
         f8:d5:96:14:8e:bf:e5:65:38:ea:c4:75:1b:3b:24:a9:55:dc:
         f4:bd:41:c3:36:01:94:dd:b2:48:f4:4c:8e:f9:ca:41:bb:d0:
         df:a1:20:02:8f:f5:25:dc:7c:4c:0a:2d:2a:ef:d6:22:6d:33:
         a6:c0:1c:d7:14:58:b2:ae:fe:5f:5e:cd:e6:3b:96:5c:27:6c:
         c3:86:a9:f9:e7:43:6c:5c:64:ba:99:0c:63:a8:63:96:d3:e2:
         4b:f8:f6:4e:1a:5d:29:e2:0d:fb:fa:71:b1:69:76:25:dc:6f:
         b2:64:4e:12:75:b3:57:92:40:19:86:f3:6b:49:22:21:c7:c1:
         6f:03:a5:c4:c1:ef:78:20:c9:bb:26:63:af:5d:a3:27:0c:76:
         ec:c1:82:a9:6f:49:ec:46:bc:03:d6:2a:1a:9a:1e:9d:8d:2a:
         b8:ef:b7:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+IwHObSFQ3yh/DI9aZ7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjUwMTAyMTM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzUwYzRlMmFjNzQwOTFlNWNkYjlkYjk4NWRmYjliMjY1ODY3MTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8QOdSyw6SpfaW5qB+AjPj8aqFlP6
Wufdrhm/xaGVX78ViwXQWrs2zi24aVnxqi3VrADiyxZaSBtaPssCvAkIfNv4U7Ep
c17QXgcvzJBC8ez0+t8V6eEoSzNzvJLjgc1wd1ryVJ9AlSUQSL9jj0OZOlPmEwqI
xejh+51GXKBkho735FW4jmGPl6H6aHS1eWac3NfIB+Ww96tnfdLDKpgxwqRIsF3u
HTEBlVV/H2SR8piyTxLh9KG5/OYozK1paAU99DQjOKpZaPKKoRxic5fBtsHJQjet
uv+mBiv1SqlpnrCbwNYistY2wdbhqzn8WP3YzDoT2j5X82HHYGavwydYcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdQxOKsdAkeXNuduYXfubJlhnETMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEveDFERTRxeDBDUjVjMjUyNWhkLTVzbVdHY1JNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1VvEMA0G
CSqGSIb3DQEBCwUAA4IBAQAaxn7NGOdtu7HQ0k04diyY/eyY/X5bTdbCuTUG7XkG
XkdILuUCxFBqFhfsgBHok5aHk7fTOXFndzxy0r6H5Waemn9YCgAdMaaN6XmOCCPu
itmfCQ0gblURRvv41ZYUjr/lZTjqxHUbOySpVdz0vUHDNgGU3bJI9EyO+cpBu9Df
oSACj/Ul3HxMCi0q79YibTOmwBzXFFiyrv5fXs3mO5ZcJ2zDhqn550NsXGS6mQxj
qGOW0+JL+PZOGl0p4g37+nGxaXYl3G+yZE4SdbNXkkAZhvNrSSIhx8FvA6XEwe94
IMm7JmOvXaMnDHbswYKpb0nsRrwD1ioamh6djSq477dM
-----END CERTIFICATE-----