Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/prCxRzdOKVY3koTOxcE1wLy92wY.roa
File:                     prCxRzdOKVY3koTOxcE1wLy92wY.roa (raw, json)
Hash identifier:          /SPXT+MGYRPaGYNF9H/7HrgrHhVyCw6xaZxVFgwwJJ8=
Subject key identifier:   A6:B0:B1:47:37:4E:29:56:37:92:84:CE:C5:C1:35:C0:BC:BD:DB:06
Certificate issuer:       /CN=51bdf0d4de40057f5cc3fd1e70bfc11f5351738d
Certificate serial:       019425FD7595CBDCC05816F483494D12A239
Authority key identifier: 51:BD:F0:D4:DE:40:05:7F:5C:C3:FD:1E:70:BF:C1:1F:53:51:73:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ub3w1N5ABX9cw_0ecL_BH1NRc40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/prCxRzdOKVY3koTOxcE1wLy92wY.roa
Signing time:             Thu 02 Jan 2025 07:49:15 +0000
ROA not before:           Thu 02 Jan 2025 07:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48634
IP address blocks:        91.211.156.0/22 maxlen: 22
                          91.211.156.0/24 maxlen: 24
                          91.211.157.0/24 maxlen: 24
                          91.211.158.0/24 maxlen: 24
                          91.211.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/Ub3w1N5ABX9cw_0ecL_BH1NRc40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/Ub3w1N5ABX9cw_0ecL_BH1NRc40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ub3w1N5ABX9cw_0ecL_BH1NRc40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:75:95:cb:dc:c0:58:16:f4:83:49:4d:12:a2:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51bdf0d4de40057f5cc3fd1e70bfc11f5351738d
        Validity
            Not Before: Jan  2 07:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6b0b147374e2956379284cec5c135c0bcbddb06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:63:75:cf:2e:ed:74:d8:49:be:91:f3:55:fe:
                    c5:bf:59:dc:a6:fb:fa:0d:52:30:66:bd:62:c5:97:
                    08:cd:b3:ef:3c:f1:9c:b1:d2:1b:40:3e:16:13:0d:
                    09:a9:73:67:b8:f2:48:2d:76:ef:26:68:62:cd:6a:
                    66:46:9b:c6:ed:d6:63:a9:e4:a0:59:23:2d:e7:ed:
                    3a:78:ba:94:67:ed:2c:9f:24:bb:e4:1d:44:d5:44:
                    41:2d:10:70:10:69:09:24:0d:82:35:2f:45:37:f3:
                    1b:1a:0d:03:cd:23:37:a3:7c:cd:32:2c:87:dd:5a:
                    75:db:49:c2:bc:58:9b:21:be:ff:95:d7:00:2e:ef:
                    5b:ff:93:42:45:1a:71:28:c5:79:63:bd:7a:4a:f4:
                    85:8f:95:6e:3b:27:c0:9b:43:07:d5:ba:c6:61:56:
                    2e:7d:a3:f3:5a:ec:50:b7:b2:be:a2:9b:17:fe:4a:
                    ed:c3:27:34:64:52:1f:dc:8a:0e:a2:59:49:f7:7e:
                    08:c8:6c:bd:a7:bd:e7:b4:da:52:58:5d:ec:4f:df:
                    c7:b0:71:76:45:c3:9a:3e:a0:49:5f:ef:ef:f8:5e:
                    30:88:3b:86:b5:29:8a:b0:65:ad:a9:df:0a:95:7f:
                    d6:41:69:b2:bc:cc:62:86:60:4c:19:a8:e3:aa:e4:
                    71:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B0:B1:47:37:4E:29:56:37:92:84:CE:C5:C1:35:C0:BC:BD:DB:06
            X509v3 Authority Key Identifier:
                keyid:51:BD:F0:D4:DE:40:05:7F:5C:C3:FD:1E:70:BF:C1:1F:53:51:73:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ub3w1N5ABX9cw_0ecL_BH1NRc40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/prCxRzdOKVY3koTOxcE1wLy92wY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/edae6a-6a5d-4e89-8986-e88d884c20ef/1/Ub3w1N5ABX9cw_0ecL_BH1NRc40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1f:2a:f6:57:83:e8:45:05:1b:23:f9:22:d5:f5:de:91:7f:f7:
         fe:71:89:55:f4:b1:db:a7:42:67:55:8a:5a:cf:74:9e:12:53:
         55:c9:b6:cf:ca:a0:04:88:28:95:74:86:e8:8d:95:8b:63:fe:
         dc:c1:18:94:89:bb:68:bc:44:af:94:2c:77:d6:3f:c2:ea:c6:
         2d:08:fc:ae:e7:4a:c5:03:b5:46:23:94:72:ce:2c:ff:55:f7:
         62:fc:aa:c1:60:8c:d7:f6:b7:60:83:d5:87:00:4a:46:b5:15:
         d6:f4:4d:45:7d:60:12:c1:cc:06:af:d1:2b:bc:4b:56:ef:60:
         ff:37:19:ec:05:e3:e7:3e:90:93:ec:d0:cd:77:8b:4e:63:64:
         01:67:e4:3f:0b:09:00:12:e3:31:2a:57:7b:76:d9:09:9e:cd:
         3f:73:7c:90:1a:51:ed:7d:89:ee:ba:19:9f:bb:b3:24:80:6a:
         04:01:3f:2f:00:22:81:ff:8f:e7:7f:fe:24:95:0f:f6:a4:82:
         5d:5c:ba:81:53:59:75:0e:58:22:fa:f4:11:ef:e5:64:30:9b:
         32:8c:ca:41:73:be:76:40:30:1d:f5:5a:f5:95:f6:9d:70:7b:
         1c:24:43:e9:11:c7:b4:3e:aa:b1:14:d2:89:fb:7f:32:7b:e6:
         0b:ad:c5:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/XWVy9zAWBb0g0lNEqI5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxYmRmMGQ0ZGU0MDA1N2Y1Y2MzZmQxZTcwYmZjMTFmNTM1
MTczOGQwHhcNMjUwMTAyMDc0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmIwYjE0NzM3NGUyOTU2Mzc5Mjg0Y2VjNWMxMzVjMGJjYmRkYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomN1zy7tdNhJvpHzVf7Fv1ncpvv6
DVIwZr1ixZcIzbPvPPGcsdIbQD4WEw0JqXNnuPJILXbvJmhizWpmRpvG7dZjqeSg
WSMt5+06eLqUZ+0snyS75B1E1URBLRBwEGkJJA2CNS9FN/MbGg0DzSM3o3zNMiyH
3Vp120nCvFibIb7/ldcALu9b/5NCRRpxKMV5Y716SvSFj5VuOyfAm0MH1brGYVYu
faPzWuxQt7K+opsX/krtwyc0ZFIf3IoOollJ934IyGy9p73ntNpSWF3sT9/HsHF2
RcOaPqBJX+/v+F4wiDuGtSmKsGWtqd8KlX/WQWmyvMxihmBMGajjquRxHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKawsUc3TilWN5KEzsXBNcC8vdsGMB8GA1UdIwQY
MBaAFFG98NTeQAV/XMP9HnC/wR9TUXONMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWIzdzFONUFCWDljd18wZWNMX0JIMU5SYzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9lZGFlNmEtNmE1ZC00ZTg5LTg5ODYt
ZTg4ZDg4NGMyMGVmLzEvcHJDeFJ6ZE9LVlkza29UT3hjRTF3THk5MndZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9lZGFlNmEtNmE1ZC00ZTg5LTg5ODYtZTg4ZDg4NGMyMGVm
LzEvVWIzdzFONUFCWDljd18wZWNMX0JIMU5SYzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9OcMA0G
CSqGSIb3DQEBCwUAA4IBAQAfKvZXg+hFBRsj+SLV9d6Rf/f+cYlV9LHbp0JnVYpa
z3SeElNVybbPyqAEiCiVdIbojZWLY/7cwRiUibtovESvlCx31j/C6sYtCPyu50rF
A7VGI5Ryziz/Vfdi/KrBYIzX9rdgg9WHAEpGtRXW9E1FfWASwcwGr9ErvEtW72D/
NxnsBePnPpCT7NDNd4tOY2QBZ+Q/CwkAEuMxKld7dtkJns0/c3yQGlHtfYnuuhmf
u7MkgGoEAT8vACKB/4/nf/4klQ/2pIJdXLqBU1l1Dlgi+vQR7+VkMJsyjMpBc752
QDAd9Vr1lfadcHscJEPpEce0PqqxFNKJ+38ye+YLrcXT
-----END CERTIFICATE-----