Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/nEKK32oFQy3X2Yzvdv8fEhGcazg.roa
File:                     nEKK32oFQy3X2Yzvdv8fEhGcazg.roa (raw, json)
Hash identifier:          LMYqTrguswdi0QtX9F4iCp/SyY8hGayYOolliB1rgCg=
Subject key identifier:   9C:42:8A:DF:6A:05:43:2D:D7:D9:8C:EF:76:FF:1F:12:11:9C:6B:38
Certificate issuer:       /CN=c01574cb9e0e35bf9754ef9175014bc746008f0e
Certificate serial:       0194258F480E9995EC2EC1662A66F39F1614
Authority key identifier: C0:15:74:CB:9E:0E:35:BF:97:54:EF:91:75:01:4B:C7:46:00:8F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wBV0y54ONb-XVO-RdQFLx0YAjw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/nEKK32oFQy3X2Yzvdv8fEhGcazg.roa
Signing time:             Thu 02 Jan 2025 05:48:54 +0000
ROA not before:           Thu 02 Jan 2025 05:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24961
IP address blocks:        91.199.44.0/24 maxlen: 24
                          2a0d:b700::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/wBV0y54ONb-XVO-RdQFLx0YAjw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/wBV0y54ONb-XVO-RdQFLx0YAjw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wBV0y54ONb-XVO-RdQFLx0YAjw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:48:0e:99:95:ec:2e:c1:66:2a:66:f3:9f:16:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c01574cb9e0e35bf9754ef9175014bc746008f0e
        Validity
            Not Before: Jan  2 05:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c428adf6a05432dd7d98cef76ff1f12119c6b38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a8:fb:68:0d:08:e4:98:c5:b8:99:d1:a9:75:
                    eb:fc:7c:95:21:89:58:db:83:79:e9:04:0f:20:bd:
                    86:21:29:9e:ce:e4:ce:a9:a4:fa:c5:1f:27:c2:30:
                    fb:c7:f4:ca:ce:88:d5:a4:8f:09:d2:af:dc:de:77:
                    41:25:2a:94:dd:b2:95:ce:f7:67:98:fb:48:ea:6d:
                    94:38:40:15:fc:0b:bf:ac:b6:c8:48:a6:5c:13:59:
                    36:85:98:0d:28:f0:19:d3:ac:46:47:76:cb:9e:1f:
                    a6:ae:c1:c2:91:e6:05:96:ab:53:ab:d7:cb:37:00:
                    a6:02:90:d3:7b:41:53:61:61:e3:f4:47:67:00:d6:
                    8b:e0:db:c2:69:48:d6:c6:c1:80:9e:50:a7:54:bc:
                    19:3c:a4:cc:59:5e:7f:71:2d:ae:83:40:99:b8:91:
                    34:42:84:99:5c:3c:f8:97:ea:8d:ee:e1:20:0b:59:
                    bd:e2:74:55:1c:01:75:e8:9e:a6:78:2e:82:e7:53:
                    ef:28:80:51:90:98:19:f4:91:13:81:0a:3b:e6:93:
                    45:08:6d:ea:ff:e2:3d:84:99:03:d6:47:81:1c:a6:
                    6e:f3:60:61:06:57:95:54:96:8e:df:e3:fe:0b:51:
                    4b:60:d9:d7:99:a7:dc:ae:50:32:af:87:45:09:7c:
                    7d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:42:8A:DF:6A:05:43:2D:D7:D9:8C:EF:76:FF:1F:12:11:9C:6B:38
            X509v3 Authority Key Identifier:
                keyid:C0:15:74:CB:9E:0E:35:BF:97:54:EF:91:75:01:4B:C7:46:00:8F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wBV0y54ONb-XVO-RdQFLx0YAjw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/nEKK32oFQy3X2Yzvdv8fEhGcazg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/396890-e96c-4d1f-936c-8fee7ec7c3cd/1/wBV0y54ONb-XVO-RdQFLx0YAjw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.44.0/24
                IPv6:
                  2a0d:b700::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:0b:36:f6:44:91:b2:3a:96:5b:dc:03:6f:4d:67:8e:4a:a5:
         7a:74:c3:dc:df:5f:e9:2e:61:5c:e9:02:d6:3b:e1:ae:6c:4d:
         3a:60:58:21:1c:58:55:32:3b:98:b3:c3:95:57:6b:f5:60:da:
         90:46:37:53:f9:cc:25:55:b6:4e:3c:83:88:65:04:96:ab:9d:
         37:63:4d:4a:41:dc:6f:d2:2e:ae:40:9e:e0:05:c2:4f:25:f4:
         5f:e4:49:cc:12:1a:0c:85:81:7f:f3:46:23:5a:bf:ac:90:cd:
         03:b6:09:79:06:56:f6:00:7f:9d:d1:6a:e2:1c:76:c7:e3:a9:
         25:d4:21:56:48:5f:4b:e2:97:06:29:01:c9:44:2a:5e:34:c4:
         6f:61:46:aa:31:08:c2:32:be:e8:0a:0f:6b:17:4c:bc:11:e0:
         78:79:d7:87:6f:fc:74:46:e2:b7:01:89:1d:6c:07:9a:f9:29:
         dc:17:fe:e3:6b:06:42:4e:06:0b:03:36:f4:ab:4c:ac:83:a3:
         b5:cf:4f:3b:00:35:2f:50:7c:2b:52:14:26:2d:41:0d:58:65:
         e0:77:02:07:94:37:66:1e:55:70:c3:dd:1b:c7:b3:d1:77:0c:
         32:23:10:29:0f:28:be:a8:56:ec:31:93:00:68:58:f7:58:3e:
         7b:50:1f:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj0gOmZXsLsFmKmbznxYUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwMTU3NGNiOWUwZTM1YmY5NzU0ZWY5MTc1MDE0YmM3NDYw
MDhmMGUwHhcNMjUwMTAyMDU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQyOGFkZjZhMDU0MzJkZDdkOThjZWY3NmZmMWYxMjExOWM2YjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6j7aA0I5JjFuJnRqXXr/HyVIYlY
24N56QQPIL2GISmezuTOqaT6xR8nwjD7x/TKzojVpI8J0q/c3ndBJSqU3bKVzvdn
mPtI6m2UOEAV/Au/rLbISKZcE1k2hZgNKPAZ06xGR3bLnh+mrsHCkeYFlqtTq9fL
NwCmApDTe0FTYWHj9EdnANaL4NvCaUjWxsGAnlCnVLwZPKTMWV5/cS2ug0CZuJE0
QoSZXDz4l+qN7uEgC1m94nRVHAF16J6meC6C51PvKIBRkJgZ9JETgQo75pNFCG3q
/+I9hJkD1keBHKZu82BhBleVVJaO3+P+C1FLYNnXmafcrlAyr4dFCXx94QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJxCit9qBUMt19mM73b/HxIRnGs4MB8GA1UdIwQY
MBaAFMAVdMueDjW/l1TvkXUBS8dGAI8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd0JWMHk1NE9OYi1YVk8tUmRRRkx4MFlBanc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8zOTY4OTAtZTk2Yy00ZDFmLTkzNmMt
OGZlZTdlYzdjM2NkLzEvbkVLSzMyb0ZReTNYMll6dmR2OGZFaEdjYXpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8zOTY4OTAtZTk2Yy00ZDFmLTkzNmMtOGZlZTdlYzdjM2Nk
LzEvd0JWMHk1NE9OYi1YVk8tUmRRRkx4MFlBanc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8csMA0E
AgACMAcDBQAqDbcAMA0GCSqGSIb3DQEBCwUAA4IBAQCQCzb2RJGyOpZb3ANvTWeO
SqV6dMPc31/pLmFc6QLWO+GubE06YFghHFhVMjuYs8OVV2v1YNqQRjdT+cwlVbZO
PIOIZQSWq503Y01KQdxv0i6uQJ7gBcJPJfRf5EnMEhoMhYF/80YjWr+skM0Dtgl5
Blb2AH+d0WriHHbH46kl1CFWSF9L4pcGKQHJRCpeNMRvYUaqMQjCMr7oCg9rF0y8
EeB4edeHb/x0RuK3AYkdbAea+SncF/7jawZCTgYLAzb0q0ysg6O1z087ADUvUHwr
UhQmLUENWGXgdwIHlDdmHlVww90bx7PRdwwyIxApDyi+qFbsMZMAaFj3WD57UB9y
-----END CERTIFICATE-----