Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0V_tvh0L8H5KH0gotvxrO6T-brE.roa
File:                     0V_tvh0L8H5KH0gotvxrO6T-brE.roa (raw, json)
Hash identifier:          Jp+8CPeigkgyJhO0YOsmnFTNOZtByMguvQto7si0g2Q=
Subject key identifier:   D1:5F:ED:BE:1D:0B:F0:7E:4A:1F:48:28:B6:FC:6B:3B:A4:FE:6E:B1
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422202BECAC4049569A486DDAF49782F1
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0V_tvh0L8H5KH0gotvxrO6T-brE.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197731
IP address blocks:        91.190.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2b:ec:ac:40:49:56:9a:48:6d:da:f4:97:82:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d15fedbe1d0bf07e4a1f4828b6fc6b3ba4fe6eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a3:dc:14:91:6f:a3:db:74:5c:bd:0a:50:81:
                    5f:f1:52:fd:9c:5c:ee:56:5c:3d:e1:fe:99:89:d5:
                    f7:69:e9:b2:1d:fe:13:af:b5:49:49:eb:d5:b2:1e:
                    20:f2:32:bb:21:b6:17:24:67:81:45:63:5d:a6:18:
                    c9:96:62:65:52:be:3f:15:b7:ba:f6:5d:d0:f1:de:
                    9d:1e:bc:f9:de:f7:2b:87:8b:77:bd:9b:a4:ca:3f:
                    25:d6:cd:c0:db:7a:fa:45:63:e5:7b:0c:51:aa:4a:
                    44:88:1f:43:6e:83:14:b9:b7:4d:d4:6b:58:c1:53:
                    c2:e2:84:bd:f2:6e:7b:ab:e1:ab:9b:59:33:27:c3:
                    4b:fb:62:79:e5:70:c6:1e:63:f7:7c:d1:93:d4:4e:
                    25:3c:0a:ef:ae:93:b8:df:fb:a3:8d:e7:68:7a:e0:
                    a1:77:43:89:7b:9b:0c:24:06:b2:8b:91:fc:ff:fb:
                    40:cd:22:2c:97:5a:3f:52:d2:2f:24:24:2f:35:2c:
                    e8:3a:31:13:42:61:47:0f:7e:28:39:d7:c8:ce:56:
                    f6:ae:14:db:cb:8f:37:49:62:99:3f:b8:90:93:ad:
                    23:6a:cf:09:97:54:76:4e:f5:16:8d:06:bd:11:24:
                    2c:69:02:48:d1:8c:47:90:fe:da:e4:46:e4:e0:d6:
                    c1:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:5F:ED:BE:1D:0B:F0:7E:4A:1F:48:28:B6:FC:6B:3B:A4:FE:6E:B1
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/0V_tvh0L8H5KH0gotvxrO6T-brE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:3c:aa:71:27:cd:9b:85:3f:d9:cf:e6:eb:a5:48:8b:cc:39:
         cb:f3:c5:71:dd:cb:3e:d8:6b:17:54:53:06:9a:91:07:df:26:
         d6:c0:a2:59:e3:a8:0b:7a:52:f9:de:c0:b1:96:91:a3:60:dd:
         c6:9a:05:ca:02:80:aa:77:83:ff:52:61:d4:20:cb:2e:67:a5:
         76:b8:75:a8:93:38:0e:fa:e1:04:63:fa:a4:24:a9:a3:3a:f0:
         45:1f:21:c2:76:18:65:de:0c:e5:ed:c6:60:db:01:cf:15:d7:
         09:29:0d:e2:3a:91:e3:06:0a:2d:0d:f3:a6:5b:2b:b9:1e:35:
         dc:df:99:21:c1:58:e9:82:e7:bd:ef:f8:51:a6:8b:89:72:1b:
         32:e2:97:c6:20:bb:8f:31:19:bd:ec:c8:be:f1:b2:c0:37:74:
         8c:a9:9d:38:c7:90:22:0e:6c:d0:9c:68:02:fc:68:ab:78:6e:
         f2:2e:76:69:05:f0:f6:cb:20:e2:2e:31:dd:e0:ed:6a:78:8b:
         db:31:d3:47:58:fd:17:2d:26:8d:0f:f0:30:a4:32:c7:2b:5c:
         36:c5:f8:a0:0e:ee:7f:32:17:74:02:b0:71:4f:d6:c5:7b:45:
         1b:cc:2a:b5:c8:8e:21:2e:5c:74:1f:92:f3:57:56:43:a9:5d:
         35:f4:ea:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICvsrEBJVppIbdr0l4LxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTVmZWRiZTFkMGJmMDdlNGExZjQ4MjhiNmZjNmIzYmE0ZmU2ZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKPcFJFvo9t0XL0KUIFf8VL9nFzu
Vlw94f6ZidX3aemyHf4Tr7VJSevVsh4g8jK7IbYXJGeBRWNdphjJlmJlUr4/Fbe6
9l3Q8d6dHrz53vcrh4t3vZukyj8l1s3A23r6RWPlewxRqkpEiB9DboMUubdN1GtY
wVPC4oS98m57q+Grm1kzJ8NL+2J55XDGHmP3fNGT1E4lPArvrpO43/ujjedoeuCh
d0OJe5sMJAayi5H8//tAzSIsl1o/UtIvJCQvNSzoOjETQmFHD34oOdfIzlb2rhTb
y483SWKZP7iQk60jas8Jl1R2TvUWjQa9ESQsaQJI0YxHkP7a5Ebk4NbB3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNFf7b4dC/B+Sh9IKLb8azuk/m6xMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvMFZfdHZoMEw4SDVLSDBnb3R2eHJPNlQtYnJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW75rMA0G
CSqGSIb3DQEBCwUAA4IBAQAqPKpxJ82bhT/Zz+brpUiLzDnL88Vx3cs+2GsXVFMG
mpEH3ybWwKJZ46gLelL53sCxlpGjYN3GmgXKAoCqd4P/UmHUIMsuZ6V2uHWokzgO
+uEEY/qkJKmjOvBFHyHCdhhl3gzl7cZg2wHPFdcJKQ3iOpHjBgotDfOmWyu5HjXc
35khwVjpgue97/hRpouJchsy4pfGILuPMRm97Mi+8bLAN3SMqZ04x5AiDmzQnGgC
/GireG7yLnZpBfD2yyDiLjHd4O1qeIvbMdNHWP0XLSaND/AwpDLHK1w2xfigDu5/
Mhd0ArBxT9bFe0UbzCq1yI4hLlx0H5LzV1ZDqV019Or3
-----END CERTIFICATE-----