Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/a6cffc-be64-4d08-94a6-a15f0e78a5a9/1/NCoehdmUvbF9hjrmMyI6BY_y1Tg.roa
File:                     NCoehdmUvbF9hjrmMyI6BY_y1Tg.roa (raw, json)
Hash identifier:          oKUbCP0RxT560oSwid+jhRboIkVkQAnDdP+HNoQNqUU=
Subject key identifier:   34:2A:1E:85:D9:94:BD:B1:7D:86:3A:E6:33:22:3A:05:8F:F2:D5:38
Certificate issuer:       /CN=233e3828411bafab006e75fd0dd5f5f9ef55ec25
Certificate serial:       019420D62B6B33E9293BE40D390F3A4BFFD0
Authority key identifier: 23:3E:38:28:41:1B:AF:AB:00:6E:75:FD:0D:D5:F5:F9:EF:55:EC:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Iz44KEEbr6sAbnX9DdX1-e9V7CU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/a6cffc-be64-4d08-94a6-a15f0e78a5a9/1/NCoehdmUvbF9hjrmMyI6BY_y1Tg.roa
Signing time:             Wed 01 Jan 2025 07:48:14 +0000
ROA not before:           Wed 01 Jan 2025 07:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59452
IP address blocks:        91.241.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/a6cffc-be64-4d08-94a6-a15f0e78a5a9/1/Iz44KEEbr6sAbnX9DdX1-e9V7CU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/a6cffc-be64-4d08-94a6-a15f0e78a5a9/1/Iz44KEEbr6sAbnX9DdX1-e9V7CU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Iz44KEEbr6sAbnX9DdX1-e9V7CU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:2b:6b:33:e9:29:3b:e4:0d:39:0f:3a:4b:ff:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=233e3828411bafab006e75fd0dd5f5f9ef55ec25
        Validity
            Not Before: Jan  1 07:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=342a1e85d994bdb17d863ae633223a058ff2d538
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:76:a5:08:15:2d:ad:54:68:72:d7:a5:5c:89:
                    9b:e1:9b:99:c7:3b:b9:ce:a5:79:13:35:af:c5:15:
                    77:4e:25:c4:9d:25:52:a2:a5:ae:68:99:cf:56:cc:
                    37:e8:b9:59:ce:67:fe:50:8a:a3:d6:01:7f:bc:e8:
                    2a:fe:49:ef:cc:b6:42:ce:f1:61:c3:68:f5:9d:59:
                    ba:23:cf:a0:6f:a6:48:b4:7d:f7:62:34:10:5f:d9:
                    8d:3f:b2:6a:69:d8:a0:89:d0:b0:b9:40:eb:22:f3:
                    5c:97:03:e3:12:10:19:04:42:58:74:dd:d9:33:32:
                    26:7f:28:62:dd:97:b2:b2:a5:ae:4b:f1:f4:c1:6b:
                    6f:5c:eb:a9:29:25:56:bb:4e:05:ff:d4:0a:c1:ea:
                    f2:c8:da:32:12:c7:f1:87:ae:79:84:56:dc:20:42:
                    a5:7e:94:fd:53:a9:df:2a:4b:7a:04:01:2e:48:09:
                    3e:a2:0d:27:de:08:af:6e:fe:53:4b:e2:ae:e0:bf:
                    96:f9:40:52:57:1f:dc:eb:6d:29:df:c7:59:84:fb:
                    b2:a5:52:49:e2:74:a7:fe:fa:cd:1b:17:d5:c7:27:
                    fc:af:fc:ae:54:26:16:d5:c6:b4:e3:61:28:40:f6:
                    6f:09:f3:10:a9:30:c0:d5:5f:0c:a6:bc:ec:42:79:
                    10:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:2A:1E:85:D9:94:BD:B1:7D:86:3A:E6:33:22:3A:05:8F:F2:D5:38
            X509v3 Authority Key Identifier:
                keyid:23:3E:38:28:41:1B:AF:AB:00:6E:75:FD:0D:D5:F5:F9:EF:55:EC:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Iz44KEEbr6sAbnX9DdX1-e9V7CU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a6cffc-be64-4d08-94a6-a15f0e78a5a9/1/NCoehdmUvbF9hjrmMyI6BY_y1Tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/a6cffc-be64-4d08-94a6-a15f0e78a5a9/1/Iz44KEEbr6sAbnX9DdX1-e9V7CU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:14:e9:5e:12:11:84:0b:25:ae:b3:ba:96:9b:fd:17:9f:92:
         02:3a:c0:61:a5:90:e5:a2:af:a0:f2:66:c6:c0:9a:5a:cd:2a:
         87:e4:a8:98:cd:38:8d:66:af:f3:70:a2:53:3c:17:98:df:46:
         9c:11:79:1f:0e:0f:7a:92:c1:25:01:88:31:c8:f5:03:53:9f:
         27:ed:12:a3:7b:5d:a5:5d:cc:55:55:84:0f:32:a8:e7:db:b2:
         07:7c:b0:ee:26:a8:be:b8:58:da:87:9c:eb:42:26:9a:50:45:
         a0:c8:f9:70:60:60:f1:9f:76:6c:d7:4c:cf:07:08:07:c6:cd:
         80:63:6c:eb:e5:a7:96:99:46:a7:ba:5a:56:50:a1:c2:f2:7a:
         50:19:3b:d2:2d:3d:3d:72:dc:71:99:ce:a3:56:e5:e4:01:b3:
         fc:4f:2b:c0:72:53:aa:46:3a:72:5d:9c:e6:f8:75:31:c1:b5:
         45:01:7b:57:4b:03:c0:f3:20:17:66:52:8f:1d:63:8c:8b:0c:
         e8:3e:84:ee:bb:54:8d:7c:b8:7a:ff:a6:1a:c4:09:f9:78:15:
         bc:f0:f3:1a:d2:2b:e0:92:d7:d2:f1:46:a2:84:48:3f:74:f4:
         21:a3:38:b2:49:9d:4f:4e:32:86:78:c2:6b:7f:46:fb:4a:75:
         85:82:a5:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1itrM+kpO+QNOQ86S//QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzM2UzODI4NDExYmFmYWIwMDZlNzVmZDBkZDVmNWY5ZWY1
NWVjMjUwHhcNMjUwMTAxMDc0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDJhMWU4NWQ5OTRiZGIxN2Q4NjNhZTYzMzIyM2EwNThmZjJkNTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA63alCBUtrVRoctelXImb4ZuZxzu5
zqV5EzWvxRV3TiXEnSVSoqWuaJnPVsw36LlZzmf+UIqj1gF/vOgq/knvzLZCzvFh
w2j1nVm6I8+gb6ZItH33YjQQX9mNP7JqadigidCwuUDrIvNclwPjEhAZBEJYdN3Z
MzImfyhi3ZeysqWuS/H0wWtvXOupKSVWu04F/9QKweryyNoyEsfxh655hFbcIEKl
fpT9U6nfKkt6BAEuSAk+og0n3givbv5TS+Ku4L+W+UBSVx/c620p38dZhPuypVJJ
4nSn/vrNGxfVxyf8r/yuVCYW1ca042EoQPZvCfMQqTDA1V8MprzsQnkQLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDQqHoXZlL2xfYY65jMiOgWP8tU4MB8GA1UdIwQY
MBaAFCM+OChBG6+rAG51/Q3V9fnvVewlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXo0NEtFRWJyNnNBYm5YOURkWDEtZTlWN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9hNmNmZmMtYmU2NC00ZDA4LTk0YTYt
YTE1ZjBlNzhhNWE5LzEvTkNvZWhkbVV2YkY5aGpybU15STZCWV95MVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9hNmNmZmMtYmU2NC00ZDA4LTk0YTYtYTE1ZjBlNzhhNWE5
LzEvSXo0NEtFRWJyNnNBYm5YOURkWDEtZTlWN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/EtMA0G
CSqGSIb3DQEBCwUAA4IBAQAVFOleEhGECyWus7qWm/0Xn5ICOsBhpZDloq+g8mbG
wJpazSqH5KiYzTiNZq/zcKJTPBeY30acEXkfDg96ksElAYgxyPUDU58n7RKje12l
XcxVVYQPMqjn27IHfLDuJqi+uFjah5zrQiaaUEWgyPlwYGDxn3Zs10zPBwgHxs2A
Y2zr5aeWmUanulpWUKHC8npQGTvSLT09ctxxmc6jVuXkAbP8TyvAclOqRjpyXZzm
+HUxwbVFAXtXSwPA8yAXZlKPHWOMiwzoPoTuu1SNfLh6/6YaxAn5eBW88PMa0ivg
ktfS8UaihEg/dPQhoziySZ1PTjKGeMJrf0b7SnWFgqWo
-----END CERTIFICATE-----