Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/a7e9b9-6bac-4538-a9e6-fa8806a024c4/1/91oUMgCP74fspZxBBljzGiQPBlI.roa
File:                     91oUMgCP74fspZxBBljzGiQPBlI.roa (raw, json)
Hash identifier:          Ys2eA6I4wLf+Ld2RnHYB/UxEHZh1MaBORWqhbF+NkdI=
Subject key identifier:   F7:5A:14:32:00:8F:EF:87:EC:A5:9C:41:06:58:F3:1A:24:0F:06:52
Certificate issuer:       /CN=9a4336da1eb7216e20ec04a7f031eb4a1b631bb3
Certificate serial:       01942747EE177E82D80E261DDC17ED70E40F
Authority key identifier: 9A:43:36:DA:1E:B7:21:6E:20:EC:04:A7:F0:31:EB:4A:1B:63:1B:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mkM22h63IW4g7ASn8DHrShtjG7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/a7e9b9-6bac-4538-a9e6-fa8806a024c4/1/91oUMgCP74fspZxBBljzGiQPBlI.roa
Signing time:             Thu 02 Jan 2025 13:50:12 +0000
ROA not before:           Thu 02 Jan 2025 13:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41026
IP address blocks:        195.140.152.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/a7e9b9-6bac-4538-a9e6-fa8806a024c4/1/mkM22h63IW4g7ASn8DHrShtjG7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/a7e9b9-6bac-4538-a9e6-fa8806a024c4/1/mkM22h63IW4g7ASn8DHrShtjG7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mkM22h63IW4g7ASn8DHrShtjG7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:ee:17:7e:82:d8:0e:26:1d:dc:17:ed:70:e4:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a4336da1eb7216e20ec04a7f031eb4a1b631bb3
        Validity
            Not Before: Jan  2 13:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f75a1432008fef87eca59c410658f31a240f0652
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:8c:21:b0:e3:f2:4a:86:4e:57:1e:1c:13:1d:
                    36:8d:6f:88:8b:9e:c8:54:58:08:b8:6c:7b:58:56:
                    82:54:8b:e7:d1:ce:5c:c8:64:06:96:c3:29:80:1c:
                    35:5d:80:10:7b:3b:b0:53:0d:be:be:12:9d:8a:cc:
                    08:9a:41:b1:1e:7b:1f:02:df:20:a0:9b:12:28:24:
                    b6:a9:ad:cd:0c:b1:1a:11:aa:57:26:f3:05:47:85:
                    e2:0a:ac:c2:1a:8a:44:dc:43:ea:c4:f9:1d:04:90:
                    32:ba:ad:25:3c:63:ce:a5:8f:1f:11:57:8f:f5:cf:
                    5e:10:52:6f:ea:e9:5d:e8:82:22:ef:b7:69:de:ce:
                    01:8d:e8:22:53:61:62:e4:fe:c3:98:42:aa:b4:ea:
                    b8:80:d6:09:e4:53:91:87:85:4e:b8:7c:e5:75:cc:
                    8a:0e:ab:ea:ef:e2:09:7b:23:36:f4:ba:07:33:75:
                    74:cc:14:6d:ac:81:cf:6e:07:23:90:93:09:a5:bc:
                    8c:e4:f8:23:bc:be:f3:3a:c4:b4:f6:72:7b:1e:6e:
                    16:0c:e2:06:ab:49:fa:94:4f:70:f2:0e:6e:7e:0f:
                    9d:2d:74:e7:ba:95:a3:43:73:95:23:83:63:49:c6:
                    a2:51:ac:90:79:53:ba:55:fe:f9:04:72:08:a4:fe:
                    bb:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:5A:14:32:00:8F:EF:87:EC:A5:9C:41:06:58:F3:1A:24:0F:06:52
            X509v3 Authority Key Identifier:
                keyid:9A:43:36:DA:1E:B7:21:6E:20:EC:04:A7:F0:31:EB:4A:1B:63:1B:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mkM22h63IW4g7ASn8DHrShtjG7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a7e9b9-6bac-4538-a9e6-fa8806a024c4/1/91oUMgCP74fspZxBBljzGiQPBlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/a7e9b9-6bac-4538-a9e6-fa8806a024c4/1/mkM22h63IW4g7ASn8DHrShtjG7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.140.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         46:c8:d9:56:5d:c6:b0:13:9f:e0:32:d1:8a:61:51:8e:b0:68:
         1d:aa:28:db:2d:45:c0:fe:71:f4:e3:38:eb:dd:22:35:2f:45:
         d3:3e:28:50:dc:7a:4c:06:2d:4c:f7:28:a5:fc:7e:5e:d2:53:
         34:0b:93:9d:f9:0b:f4:04:94:3d:cc:a4:2c:c6:22:f5:ff:03:
         6b:2f:66:a4:9c:a5:22:eb:5d:fd:77:ba:e6:f8:dd:99:7c:b9:
         80:c1:ce:8c:d1:01:5b:5d:06:6d:b1:54:cb:90:c4:31:27:94:
         f4:d1:5e:cd:3a:86:26:16:24:1b:b3:0e:97:20:7d:90:16:4d:
         27:40:36:d1:27:2e:fa:4d:83:9e:60:af:e7:1a:f0:00:fe:a5:
         22:17:6c:df:09:6d:f8:79:7b:64:c1:6f:11:c0:7f:9e:d0:06:
         c8:c3:69:4b:96:1a:56:c1:88:20:1a:ef:d4:4c:89:8b:14:f7:
         ee:bd:7b:69:5a:df:4a:3a:98:18:89:67:fc:6d:d9:4d:b6:4c:
         4d:44:2e:67:d1:e7:45:fd:7f:b0:3c:75:92:ee:62:e8:b3:fd:
         a5:57:16:f8:6b:d1:ac:fe:45:f9:74:a0:b1:eb:c5:66:f0:7e:
         7f:70:e4:2b:a6:72:49:cd:eb:0a:1e:68:b1:2c:cf:c3:f0:44:
         2d:f3:63:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR+4XfoLYDiYd3BftcOQPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNDMzNmRhMWViNzIxNmUyMGVjMDRhN2YwMzFlYjRhMWI2
MzFiYjMwHhcNMjUwMTAyMTM1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzVhMTQzMjAwOGZlZjg3ZWNhNTljNDEwNjU4ZjMxYTI0MGYwNjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIwhsOPySoZOVx4cEx02jW+Ii57I
VFgIuGx7WFaCVIvn0c5cyGQGlsMpgBw1XYAQezuwUw2+vhKdiswImkGxHnsfAt8g
oJsSKCS2qa3NDLEaEapXJvMFR4XiCqzCGopE3EPqxPkdBJAyuq0lPGPOpY8fEVeP
9c9eEFJv6uld6IIi77dp3s4BjegiU2Fi5P7DmEKqtOq4gNYJ5FORh4VOuHzldcyK
Dqvq7+IJeyM29LoHM3V0zBRtrIHPbgcjkJMJpbyM5PgjvL7zOsS09nJ7Hm4WDOIG
q0n6lE9w8g5ufg+dLXTnupWjQ3OVI4NjScaiUayQeVO6Vf75BHIIpP67mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdaFDIAj++H7KWcQQZY8xokDwZSMB8GA1UdIwQY
MBaAFJpDNtoetyFuIOwEp/Ax60obYxuzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWtNMjJoNjNJVzRnN0FTbjhESHJTaHRqRzdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9hN2U5YjktNmJhYy00NTM4LWE5ZTYt
ZmE4ODA2YTAyNGM0LzEvOTFvVU1nQ1A3NGZzcFp4QkJsanpHaVFQQmxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9hN2U5YjktNmJhYy00NTM4LWE5ZTYtZmE4ODA2YTAyNGM0
LzEvbWtNMjJoNjNJVzRnN0FTbjhESHJTaHRqRzdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4yYMA0G
CSqGSIb3DQEBCwUAA4IBAQBGyNlWXcawE5/gMtGKYVGOsGgdqijbLUXA/nH04zjr
3SI1L0XTPihQ3HpMBi1M9yil/H5e0lM0C5Od+Qv0BJQ9zKQsxiL1/wNrL2aknKUi
6139d7rm+N2ZfLmAwc6M0QFbXQZtsVTLkMQxJ5T00V7NOoYmFiQbsw6XIH2QFk0n
QDbRJy76TYOeYK/nGvAA/qUiF2zfCW34eXtkwW8RwH+e0AbIw2lLlhpWwYggGu/U
TImLFPfuvXtpWt9KOpgYiWf8bdlNtkxNRC5n0edF/X+wPHWS7mLos/2lVxb4a9Gs
/kX5dKCx68Vm8H5/cOQrpnJJzesKHmixLM/D8EQt82NY
-----END CERTIFICATE-----