Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/dz9PyU4ctyXKZ49cHOyHFCLYwcU.roa
File:                     dz9PyU4ctyXKZ49cHOyHFCLYwcU.roa (raw, json)
Hash identifier:          3Y8oozkK4fYw8w+acos4s7WtEJkSyImOIymISL/lshA=
Subject key identifier:   77:3F:4F:C9:4E:1C:B7:25:CA:67:8F:5C:1C:EC:87:14:22:D8:C1:C5
Certificate issuer:       /CN=a65db89e8bb660f21eb5c4af3b9add52d57eb89f
Certificate serial:       01941F8C1374DF0F3BF50A7F2A36DCBBF6BB
Authority key identifier: A6:5D:B8:9E:8B:B6:60:F2:1E:B5:C4:AF:3B:9A:DD:52:D5:7E:B8:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pl24nou2YPIetcSvO5rdUtV-uJ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/dz9PyU4ctyXKZ49cHOyHFCLYwcU.roa
Signing time:             Wed 01 Jan 2025 01:47:41 +0000
ROA not before:           Wed 01 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50819
IP address blocks:        91.234.168.0/23 maxlen: 23
                          194.1.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/pl24nou2YPIetcSvO5rdUtV-uJ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/pl24nou2YPIetcSvO5rdUtV-uJ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pl24nou2YPIetcSvO5rdUtV-uJ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:13:74:df:0f:3b:f5:0a:7f:2a:36:dc:bb:f6:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a65db89e8bb660f21eb5c4af3b9add52d57eb89f
        Validity
            Not Before: Jan  1 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=773f4fc94e1cb725ca678f5c1cec871422d8c1c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6a:9b:0d:a1:0c:1d:23:ed:5f:f3:07:9b:73:
                    13:f3:6f:7f:d5:c1:c2:6d:53:81:92:ea:cb:03:b6:
                    1c:5b:57:81:fe:8a:3d:ea:37:92:07:95:50:38:42:
                    6f:d1:ce:6e:a0:15:b4:d1:71:33:3b:8b:b1:70:65:
                    68:42:0e:f0:00:e4:d6:f6:ba:a8:53:6d:30:ab:18:
                    4d:6a:b5:ec:42:05:50:b9:3b:5c:73:cd:21:48:8a:
                    56:17:dd:e5:78:83:ce:96:d3:5b:32:83:f5:49:c2:
                    dc:30:07:5f:ab:b8:28:73:62:be:1f:0f:fa:fe:6a:
                    4d:8b:7b:ef:a6:d8:21:00:f6:0a:3d:2d:b7:f1:8f:
                    84:99:2a:ba:93:a1:14:4a:d0:1a:44:79:1c:c7:4a:
                    78:59:8c:f4:31:87:9c:d1:de:47:25:be:24:50:99:
                    af:59:61:bf:50:5b:d6:1e:51:5b:04:7d:c8:8e:f7:
                    8c:7d:bc:b1:93:dc:f2:fc:1a:03:d3:e7:e7:fd:95:
                    d8:6b:6b:e7:89:1d:24:80:36:e0:16:4b:1c:3c:7c:
                    e4:3d:c8:0b:1f:32:c5:42:29:b3:ce:57:62:d5:68:
                    3a:e7:3d:33:38:f2:85:d9:de:58:e4:ff:7d:cc:45:
                    c4:eb:84:89:e9:af:f7:41:e6:a5:d4:0d:1d:5c:2a:
                    f1:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:3F:4F:C9:4E:1C:B7:25:CA:67:8F:5C:1C:EC:87:14:22:D8:C1:C5
            X509v3 Authority Key Identifier:
                keyid:A6:5D:B8:9E:8B:B6:60:F2:1E:B5:C4:AF:3B:9A:DD:52:D5:7E:B8:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pl24nou2YPIetcSvO5rdUtV-uJ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/dz9PyU4ctyXKZ49cHOyHFCLYwcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/3b06a3-caf4-4d6c-bb7b-a3578c944040/1/pl24nou2YPIetcSvO5rdUtV-uJ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.168.0/23
                  194.1.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:c8:b6:e5:66:c7:ad:8a:cd:98:1a:c9:47:41:3b:eb:7e:79:
         35:b0:00:09:be:63:23:59:91:4b:86:33:72:af:bc:bb:b3:84:
         bb:2b:07:e6:64:b2:f3:25:cc:cf:7b:f5:1c:8a:88:7a:10:e4:
         56:65:23:f2:b1:4b:73:83:17:25:3f:73:2d:63:4e:25:ad:a7:
         d0:c0:54:0a:03:ee:8e:0d:7e:e5:42:f9:af:8a:8e:52:59:9f:
         be:83:59:a5:b9:e8:51:57:be:0f:a7:a0:a3:a5:b8:60:bc:30:
         fa:9a:0d:37:13:fc:bc:c3:a1:ef:66:4b:b6:e8:b4:c2:8e:41:
         e2:2f:ac:9b:ba:ef:09:cd:aa:4f:5a:61:5a:e6:36:b4:f8:ed:
         da:e5:b1:4f:7f:89:fe:02:cd:16:60:ed:5d:9c:1c:32:8d:02:
         e9:8f:e1:43:24:cb:da:70:74:55:df:4e:8e:4f:a0:17:18:1f:
         ce:af:14:71:86:78:7b:f1:ef:2a:2d:4a:5e:1a:3d:fc:25:cd:
         86:47:06:92:77:47:4e:87:5b:c3:67:ab:22:05:a5:37:aa:e4:
         55:b4:77:88:ec:18:26:4d:6b:fd:ed:fa:ac:5b:78:bf:8a:31:
         0e:45:a9:e0:a7:38:d1:a2:4c:ae:52:e6:b0:74:59:59:7e:a2:
         98:e2:b5:c4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQfjBN03w879Qp/Kjbcu/a7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NWRiODllOGJiNjYwZjIxZWI1YzRhZjNiOWFkZDUyZDU3
ZWI4OWYwHhcNMjUwMTAxMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzNmNGZjOTRlMWNiNzI1Y2E2NzhmNWMxY2VjODcxNDIyZDhjMWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlWqbDaEMHSPtX/MHm3MT829/1cHC
bVOBkurLA7YcW1eB/oo96jeSB5VQOEJv0c5uoBW00XEzO4uxcGVoQg7wAOTW9rqo
U20wqxhNarXsQgVQuTtcc80hSIpWF93leIPOltNbMoP1ScLcMAdfq7goc2K+Hw/6
/mpNi3vvptghAPYKPS238Y+EmSq6k6EUStAaRHkcx0p4WYz0MYec0d5HJb4kUJmv
WWG/UFvWHlFbBH3IjveMfbyxk9zy/BoD0+fn/ZXYa2vniR0kgDbgFkscPHzkPcgL
HzLFQimzzldi1Wg65z0zOPKF2d5Y5P99zEXE64SJ6a/3Qeal1A0dXCrxQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHc/T8lOHLclymePXBzshxQi2MHFMB8GA1UdIwQY
MBaAFKZduJ6LtmDyHrXErzua3VLVfrifMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGwyNG5vdTJZUElldGNTdk81cmRVdFYtdUo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8zYjA2YTMtY2FmNC00ZDZjLWJiN2It
YTM1NzhjOTQ0MDQwLzEvZHo5UHlVNGN0eVhLWjQ5Y0hPeUhGQ0xZd2NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8zYjA2YTMtY2FmNC00ZDZjLWJiN2ItYTM1NzhjOTQ0MDQw
LzEvcGwyNG5vdTJZUElldGNTdk81cmRVdFYtdUo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+qoAwQA
wgGpMA0GCSqGSIb3DQEBCwUAA4IBAQBcyLblZsetis2YGslHQTvrfnk1sAAJvmMj
WZFLhjNyr7y7s4S7KwfmZLLzJczPe/Ucioh6EORWZSPysUtzgxclP3MtY04lrafQ
wFQKA+6ODX7lQvmvio5SWZ++g1mluehRV74Pp6CjpbhgvDD6mg03E/y8w6HvZku2
6LTCjkHiL6ybuu8JzapPWmFa5ja0+O3a5bFPf4n+As0WYO1dnBwyjQLpj+FDJMva
cHRV306OT6AXGB/OrxRxhnh78e8qLUpeGj38Jc2GRwaSd0dOh1vDZ6siBaU3quRV
tHeI7BgmTWv97fqsW3i/ijEORangpzjRokyuUuawdFlZfqKY4rXE
-----END CERTIFICATE-----