Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/Tonts4kP6Udz3-COJ0rpSpZMwoY.roa
File:                     Tonts4kP6Udz3-COJ0rpSpZMwoY.roa (raw, json)
Hash identifier:          1JB1btxTDJRO9s+lBZ2dImX9Ez8AqVDwUydfTozvsGI=
Subject key identifier:   4E:89:ED:B3:89:0F:E9:47:73:DF:E0:8E:27:4A:E9:4A:96:4C:C2:86
Certificate issuer:       /CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
Certificate serial:       0194266C40BA5201379F5FA0F839591CFBEC
Authority key identifier: 55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/Tonts4kP6Udz3-COJ0rpSpZMwoY.roa
Signing time:             Thu 02 Jan 2025 09:50:16 +0000
ROA not before:           Thu 02 Jan 2025 09:50:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48687
IP address blocks:        91.221.136.0/23 maxlen: 23
                          91.240.190.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:40:ba:52:01:37:9f:5f:a0:f8:39:59:1c:fb:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=556a5fa0dcfb34433f9b860d95e2c442547c5f9c
        Validity
            Not Before: Jan  2 09:50:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e89edb3890fe94773dfe08e274ae94a964cc286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f0:01:e9:c5:dd:93:e9:ab:f2:ac:1e:f3:b1:
                    db:f8:57:37:04:56:db:f4:c7:0f:fd:57:2d:73:e0:
                    83:0d:08:00:ee:f0:e7:2d:bf:c2:9f:60:e3:5a:64:
                    91:f8:0f:6d:e1:1f:5d:c2:b1:67:5a:ea:ae:ae:8b:
                    42:a6:59:d0:e2:fa:93:9a:54:80:d1:8c:76:6b:9e:
                    36:93:53:f2:81:b1:a4:b6:d3:8e:8e:41:ad:29:69:
                    64:18:92:9c:b7:d2:18:a3:a6:fa:31:dc:2a:7c:f1:
                    e2:98:02:97:01:6d:73:d8:54:d3:fb:87:73:7a:5a:
                    94:ca:59:96:7e:e5:65:45:82:4f:7b:32:f3:81:dc:
                    cc:1f:bb:b4:76:91:08:96:9f:fc:85:89:40:3a:11:
                    14:3c:7b:9c:1f:dd:78:68:5c:98:5a:a9:fb:9c:1d:
                    8f:23:10:ed:40:91:2a:34:9e:2a:5e:35:bc:93:43:
                    dc:f6:5a:91:ae:d0:8d:b4:52:22:c2:d1:b8:bd:bd:
                    f5:80:13:84:9a:c8:36:eb:b8:17:d7:47:e1:e3:bf:
                    ec:0d:c7:85:50:a2:b1:b7:94:9d:55:78:68:fc:60:
                    df:27:51:22:8a:09:3c:38:31:1b:e3:67:76:9b:9f:
                    35:1b:19:01:4e:e0:b8:f3:b8:e7:e3:c2:d4:65:94:
                    25:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:89:ED:B3:89:0F:E9:47:73:DF:E0:8E:27:4A:E9:4A:96:4C:C2:86
            X509v3 Authority Key Identifier:
                keyid:55:6A:5F:A0:DC:FB:34:43:3F:9B:86:0D:95:E2:C4:42:54:7C:5F:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VWpfoNz7NEM_m4YNleLEQlR8X5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/Tonts4kP6Udz3-COJ0rpSpZMwoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/e23d30-76e3-4491-8d75-2fda4c273a48/1/VWpfoNz7NEM_m4YNleLEQlR8X5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.136.0/23
                  91.240.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         e6:aa:cb:86:51:50:eb:1b:97:70:a9:1b:09:af:2b:82:95:4d:
         b2:20:ae:f6:1b:a5:55:3b:39:d1:ee:99:01:05:06:e5:a1:6a:
         1c:3b:4b:fe:48:ad:6b:05:9e:91:4a:88:5a:d6:33:44:35:af:
         7a:0d:d3:84:8d:98:fb:50:6b:ba:a6:ee:64:24:cb:2b:96:05:
         56:fd:80:47:32:1a:d5:4e:39:a6:bf:0a:cc:cc:19:f5:fa:97:
         9c:b4:31:80:59:6d:b9:8c:7f:1d:b5:46:eb:5e:4f:17:19:89:
         5c:dd:9f:6f:05:9d:95:28:28:53:bf:8d:a7:7c:f1:54:4d:5f:
         8e:71:b9:6c:86:df:e5:c9:69:64:25:3b:01:48:53:41:6b:98:
         9e:f5:e3:fd:cf:c2:47:9b:49:3e:7a:df:a6:a1:75:a2:d8:80:
         e2:f0:13:08:a1:ab:59:0a:24:ff:66:23:d0:2a:2c:9c:7b:99:
         41:33:67:ea:65:b4:fc:66:5f:b6:21:cf:2a:40:41:ad:fe:a3:
         1f:6c:c4:f4:4d:b0:b3:6f:27:c5:80:d8:ba:e3:7d:ba:7b:eb:
         ab:69:b4:74:ba:c0:2b:8c:98:3f:ef:fe:db:25:ff:d0:5e:aa:
         6f:6a:10:79:e5:ed:15:56:22:a5:4d:21:ce:e6:42:d5:da:0d:
         28:17:55:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQmbEC6UgE3n1+g+DlZHPvsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1NmE1ZmEwZGNmYjM0NDMzZjliODYwZDk1ZTJjNDQyNTQ3
YzVmOWMwHhcNMjUwMTAyMDk1MDE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTg5ZWRiMzg5MGZlOTQ3NzNkZmUwOGUyNzRhZTk0YTk2NGNjMjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4fAB6cXdk+mr8qwe87Hb+Fc3BFbb
9McP/Vctc+CDDQgA7vDnLb/Cn2DjWmSR+A9t4R9dwrFnWuqurotCplnQ4vqTmlSA
0Yx2a542k1PygbGkttOOjkGtKWlkGJKct9IYo6b6MdwqfPHimAKXAW1z2FTT+4dz
elqUylmWfuVlRYJPezLzgdzMH7u0dpEIlp/8hYlAOhEUPHucH914aFyYWqn7nB2P
IxDtQJEqNJ4qXjW8k0Pc9lqRrtCNtFIiwtG4vb31gBOEmsg267gX10fh47/sDceF
UKKxt5SdVXho/GDfJ1Eiigk8ODEb42d2m581GxkBTuC487jn48LUZZQlXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE6J7bOJD+lHc9/gjidK6UqWTMKGMB8GA1UdIwQY
MBaAFFVqX6Dc+zRDP5uGDZXixEJUfF+cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUt
MmZkYTRjMjczYTQ4LzEvVG9udHM0a1A2VWR6My1DT0owcnBTcFpNd29ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9lMjNkMzAtNzZlMy00NDkxLThkNzUtMmZkYTRjMjczYTQ4
LzEvVldwZm9OejdORU1fbTRZTmxlTEVRbFI4WDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW92IAwQB
W/C+MA0GCSqGSIb3DQEBCwUAA4IBAQDmqsuGUVDrG5dwqRsJryuClU2yIK72G6VV
OznR7pkBBQbloWocO0v+SK1rBZ6RSoha1jNENa96DdOEjZj7UGu6pu5kJMsrlgVW
/YBHMhrVTjmmvwrMzBn1+pectDGAWW25jH8dtUbrXk8XGYlc3Z9vBZ2VKChTv42n
fPFUTV+Ocblsht/lyWlkJTsBSFNBa5ie9eP9z8JHm0k+et+moXWi2IDi8BMIoatZ
CiT/ZiPQKiyce5lBM2fqZbT8Zl+2Ic8qQEGt/qMfbMT0TbCzbyfFgNi64326e+ur
abR0usArjJg/7/7bJf/QXqpvahB55e0VViKlTSHO5kLV2g0oF1U+
-----END CERTIFICATE-----