Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/1-DmKYgnKcK0PXEAQVbF_OKc3-qY.roa
File:                     1-DmKYgnKcK0PXEAQVbF_OKc3-qY.roa (raw, json)
Hash identifier:          A2ZK2n/AK9OAPtM9+Qchv9vt+I10xrYcK4O013Ux+Cs=
Subject key identifier:   F8:39:8A:62:09:CA:70:AD:0F:5C:40:10:55:B1:7F:38:A7:37:FA:A6
Certificate issuer:       /CN=5b797fcd8433b1f489f891194862fc36bfbef66b
Certificate serial:       01966D45277F377B7BAE5316D2E16691304F
Authority key identifier: 5B:79:7F:CD:84:33:B1:F4:89:F8:91:19:48:62:FC:36:BF:BE:F6:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/1-DmKYgnKcK0PXEAQVbF_OKc3-qY.roa
Signing time:             Fri 25 Apr 2025 14:06:10 +0000
ROA not before:           Fri 25 Apr 2025 14:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215994
IP address blocks:        91.230.188.0/24 maxlen: 24
                          2a14:ba80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 02:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6d:45:27:7f:37:7b:7b:ae:53:16:d2:e1:66:91:30:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b797fcd8433b1f489f891194862fc36bfbef66b
        Validity
            Not Before: Apr 25 14:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8398a6209ca70ad0f5c401055b17f38a737faa6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:60:f5:43:2f:69:64:2c:a5:ce:b3:fa:e7:89:
                    d8:e0:99:e0:96:37:41:99:3b:05:77:a3:ff:d5:d9:
                    35:18:cb:77:0b:1f:7e:3d:db:b8:06:47:e5:7e:a7:
                    25:fa:a0:29:69:b3:c4:ae:ee:15:80:3f:bc:3c:01:
                    d0:24:2e:c9:73:ee:bd:d4:74:24:8f:20:aa:26:80:
                    bc:4f:5a:b0:5d:08:f4:d0:98:68:96:96:90:06:d8:
                    77:85:11:a5:da:6e:07:fb:be:60:d4:21:df:ef:04:
                    f9:7b:b1:ec:d5:95:f4:04:2e:2a:06:f5:9e:3d:73:
                    dc:87:ff:70:6a:0d:8e:fe:5e:ff:16:03:ef:8c:53:
                    b2:9c:c5:9a:9c:aa:75:c1:d4:66:75:c3:be:78:aa:
                    6e:c5:81:56:76:ce:60:4c:d7:f7:bd:d9:11:dd:f4:
                    08:05:bf:20:12:e1:ac:0f:a0:62:87:6a:f6:73:72:
                    b4:c4:81:52:90:23:5d:65:75:7b:6c:1d:9c:b7:a6:
                    d7:75:f1:a0:a2:1c:67:5c:f6:91:5f:bf:b2:cf:25:
                    5b:d1:3b:0a:a6:23:fc:f6:ff:98:5f:cb:d9:cc:0c:
                    41:45:75:0a:ab:44:c2:b1:dc:b0:cc:57:76:7e:5f:
                    22:d1:13:49:b7:5b:6c:ed:61:55:d5:be:ad:7b:8b:
                    52:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:39:8A:62:09:CA:70:AD:0F:5C:40:10:55:B1:7F:38:A7:37:FA:A6
            X509v3 Authority Key Identifier:
                keyid:5B:79:7F:CD:84:33:B1:F4:89:F8:91:19:48:62:FC:36:BF:BE:F6:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/1-DmKYgnKcK0PXEAQVbF_OKc3-qY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.188.0/24
                IPv6:
                  2a14:ba80::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:8e:cd:23:86:9f:69:74:ca:84:a8:97:2f:b5:2f:36:d7:f6:
         e8:0e:af:89:ea:24:3e:ad:dd:24:37:dd:0c:5c:28:44:66:33:
         0f:b8:dc:63:fa:09:b7:6e:29:7a:af:30:d2:39:d6:54:78:60:
         81:2b:6d:29:a9:8b:d7:a9:89:e4:2d:fd:b8:5b:ed:2e:f9:de:
         b2:9f:28:8e:b6:aa:63:dc:b7:31:06:78:30:be:cc:d4:e4:19:
         3c:e1:ea:a0:ce:5b:75:9f:6f:57:1b:1a:e4:0d:86:f3:f2:aa:
         a0:9e:6c:79:e1:2e:46:5e:41:6a:da:29:fa:72:37:34:1a:df:
         cb:6a:1a:e3:01:c5:1f:7f:88:5e:8e:8d:f8:bb:5a:ab:ed:b8:
         72:53:cc:c6:32:46:50:68:42:70:3a:0b:aa:62:64:5e:7f:b3:
         67:50:b5:99:30:bd:59:a3:51:f1:b0:79:4a:c5:e5:13:67:fe:
         83:f3:25:94:ec:da:ba:f4:69:57:83:62:18:81:76:1a:f3:37:
         45:0e:ba:60:9b:0f:c6:5b:e1:2d:46:74:dd:74:67:2d:e1:b1:
         7b:14:b5:2b:5a:28:d9:2c:67:b1:d1:3b:5d:85:ee:d1:59:16:
         3f:25:23:10:aa:77:9c:7a:a9:d5:cf:f3:3e:bd:7c:d1:65:73:
         0e:05:54:54
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZZtRSd/N3t7rlMW0uFmkTBPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNzk3ZmNkODQzM2IxZjQ4OWY4OTExOTQ4NjJmYzM2YmZi
ZWY2NmIwHhcNMjUwNDI1MTQwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODM5OGE2MjA5Y2E3MGFkMGY1YzQwMTA1NWIxN2YzOGE3MzdmYWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlGD1Qy9pZCylzrP654nY4JngljdB
mTsFd6P/1dk1GMt3Cx9+Pdu4Bkflfqcl+qApabPEru4VgD+8PAHQJC7Jc+691HQk
jyCqJoC8T1qwXQj00JholpaQBth3hRGl2m4H+75g1CHf7wT5e7Hs1ZX0BC4qBvWe
PXPch/9wag2O/l7/FgPvjFOynMWanKp1wdRmdcO+eKpuxYFWds5gTNf3vdkR3fQI
Bb8gEuGsD6Bih2r2c3K0xIFSkCNdZXV7bB2ct6bXdfGgohxnXPaRX7+yzyVb0TsK
piP89v+YX8vZzAxBRXUKq0TCsdywzFd2fl8i0RNJt1ts7WFV1b6te4tSowIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFPg5imIJynCtD1xAEFWxfzinN/qmMB8GA1UdIwQY
MBaAFFt5f82EM7H0ifiRGUhi/Da/vvZrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzNsX3pZUXpzZlNKLUpFWlNHTDhOci0tOW1zLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC84ZmU0ZGItOGM1Yi00MGY1LTkzNjAt
ZTU5NmU1MjRjYWJlLzEvMS1EbUtZZ25LY0swUFhFQVFWYkZfT0tjMy1xWS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjQvOGZlNGRiLThjNWItNDBmNS05MzYwLWU1OTZlNTI0Y2Fi
ZS8xL1czbF96WVF6c2ZTSi1KRVpTR0w4TnItLTltcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAuBggrBgEFBQcBBwEB/wQfMB0wDAQCAAEwBgMEAFvmvDAN
BAIAAjAHAwUDKhS6gDANBgkqhkiG9w0BAQsFAAOCAQEARI7NI4afaXTKhKiXL7Uv
Ntf26A6vieokPq3dJDfdDFwoRGYzD7jcY/oJt24peq8w0jnWVHhggSttKamL16mJ
5C39uFvtLvnesp8ojraqY9y3MQZ4ML7M1OQZPOHqoM5bdZ9vVxsa5A2G8/KqoJ5s
eeEuRl5Batop+nI3NBrfy2oa4wHFH3+IXo6N+Ltaq+24clPMxjJGUGhCcDoLqmJk
Xn+zZ1C1mTC9WaNR8bB5SsXlE2f+g/MllOzauvRpV4NiGIF2GvM3RQ66YJsPxlvh
LUZ03XRnLeGxexS1K1oo2SxnsdE7XYXu0VkWPyUjEKp3nHqp1c/zPr180WVzDgVU
VA==
-----END CERTIFICATE-----