Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/C58mKwVQZDbRnvZ7Z9EpDIFJerE.roa
File:                     C58mKwVQZDbRnvZ7Z9EpDIFJerE.roa (raw, json)
Hash identifier:          VYZ3YkpM4rYIEtyFAuIhB+Rv4KcRCxmZuVYERtnotPA=
Subject key identifier:   0B:9F:26:2B:05:50:64:36:D1:9E:F6:7B:67:D1:29:0C:81:49:7A:B1
Certificate issuer:       /CN=76aa51f2014fa0fd7117069d88a679f1670c32a4
Certificate serial:       019427478AEB0D9293B0E180EE17630916BE
Authority key identifier: 76:AA:51:F2:01:4F:A0:FD:71:17:06:9D:88:A6:79:F1:67:0C:32:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dqpR8gFPoP1xFwadiKZ58WcMMqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/C58mKwVQZDbRnvZ7Z9EpDIFJerE.roa
Signing time:             Thu 02 Jan 2025 13:49:47 +0000
ROA not before:           Thu 02 Jan 2025 13:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20559
IP address blocks:        91.234.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/dqpR8gFPoP1xFwadiKZ58WcMMqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/dqpR8gFPoP1xFwadiKZ58WcMMqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dqpR8gFPoP1xFwadiKZ58WcMMqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 10:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:8a:eb:0d:92:93:b0:e1:80:ee:17:63:09:16:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76aa51f2014fa0fd7117069d88a679f1670c32a4
        Validity
            Not Before: Jan  2 13:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b9f262b05506436d19ef67b67d1290c81497ab1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:06:5b:34:00:00:ec:86:6b:fb:3b:19:3e:03:
                    8d:8c:18:16:d0:3f:eb:5a:ef:bb:ed:72:65:98:b8:
                    82:be:60:70:b8:9a:a2:f4:30:27:16:7c:f8:52:b5:
                    2a:71:ec:43:18:d6:c7:c8:be:5f:89:3f:3a:f3:4c:
                    d5:e6:ed:6a:af:23:81:e8:22:c9:16:a1:da:cc:eb:
                    e9:d4:ba:03:7a:80:97:5a:65:98:cf:01:c6:2b:1d:
                    65:13:3c:89:01:f8:82:0d:a0:71:44:7c:a4:c8:d1:
                    84:16:1f:2b:7a:e9:51:46:d7:8a:12:bd:9e:2f:77:
                    e2:6c:13:d8:2b:68:76:81:48:b1:e0:15:d1:2c:76:
                    3f:49:bb:4b:c8:c7:a0:03:9f:b5:ee:d3:db:2b:49:
                    b8:13:88:68:6b:1e:fc:3e:49:13:38:36:92:7b:3b:
                    b9:e8:34:fb:56:c7:49:86:70:84:96:af:58:5e:69:
                    b8:2b:a1:10:12:21:2e:88:45:ad:51:7f:0a:8d:ad:
                    ad:fd:a4:7a:1f:38:8a:27:e2:f4:e1:67:a8:f1:8c:
                    5f:a1:b6:df:b5:bd:c9:e2:d6:44:a2:21:33:17:be:
                    c6:40:3d:37:20:24:6b:83:49:ea:d5:65:da:c5:1e:
                    d7:ac:b4:06:c1:17:7c:72:86:34:e7:b8:73:58:7e:
                    37:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:9F:26:2B:05:50:64:36:D1:9E:F6:7B:67:D1:29:0C:81:49:7A:B1
            X509v3 Authority Key Identifier:
                keyid:76:AA:51:F2:01:4F:A0:FD:71:17:06:9D:88:A6:79:F1:67:0C:32:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dqpR8gFPoP1xFwadiKZ58WcMMqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/C58mKwVQZDbRnvZ7Z9EpDIFJerE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/5db5a3-a5e6-46c8-aa8e-251f5dce7e4d/1/dqpR8gFPoP1xFwadiKZ58WcMMqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:d4:30:b6:0b:27:9d:f4:e8:93:36:98:89:52:6c:ad:57:6b:
         c2:fc:61:bd:47:c7:f3:2d:0e:5c:cf:2d:c0:86:b7:ff:c3:c9:
         ed:b2:3b:16:d1:52:88:2c:4f:0e:ac:50:2f:aa:cb:8b:9b:70:
         59:11:c5:10:b4:eb:a3:06:ad:02:4d:bf:7f:cf:53:5a:23:ef:
         9e:b5:65:f2:26:04:bd:de:88:1b:60:72:82:68:35:22:8e:1f:
         20:e8:96:e5:8d:3a:72:5d:96:8a:c0:51:39:d7:e1:62:0e:41:
         2e:9c:36:80:ff:42:bd:49:2e:95:44:34:3f:ae:9e:18:69:df:
         e8:8f:3c:41:9b:9e:36:88:b2:3b:e6:04:30:55:26:74:90:93:
         57:ff:84:07:be:25:e8:9a:6f:1e:71:43:da:1e:a3:1f:89:94:
         b9:35:09:b7:00:65:40:5e:d4:96:5b:29:99:1f:d4:d4:0f:7e:
         93:84:36:7e:86:f5:5e:70:04:57:97:0e:93:00:9f:33:36:34:
         07:19:bd:29:c3:b3:27:cb:8d:43:63:c3:01:14:de:1e:72:8c:
         40:44:fc:1b:af:f7:ed:61:8c:f6:d5:c2:e6:96:cd:24:f9:d8:
         38:e2:d5:ef:a5:36:e5:4d:6f:46:b0:a1:08:fd:b2:13:3b:5f:
         d0:a1:a6:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR4rrDZKTsOGA7hdjCRa+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2YWE1MWYyMDE0ZmEwZmQ3MTE3MDY5ZDg4YTY3OWYxNjcw
YzMyYTQwHhcNMjUwMTAyMTM0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjlmMjYyYjA1NTA2NDM2ZDE5ZWY2N2I2N2QxMjkwYzgxNDk3YWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwZbNAAA7IZr+zsZPgONjBgW0D/r
Wu+77XJlmLiCvmBwuJqi9DAnFnz4UrUqcexDGNbHyL5fiT8680zV5u1qryOB6CLJ
FqHazOvp1LoDeoCXWmWYzwHGKx1lEzyJAfiCDaBxRHykyNGEFh8reulRRteKEr2e
L3fibBPYK2h2gUix4BXRLHY/SbtLyMegA5+17tPbK0m4E4hoax78PkkTODaSezu5
6DT7VsdJhnCElq9YXmm4K6EQEiEuiEWtUX8Kja2t/aR6HziKJ+L04Weo8Yxfobbf
tb3J4tZEoiEzF77GQD03ICRrg0nq1WXaxR7XrLQGwRd8coY057hzWH43mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAufJisFUGQ20Z72e2fRKQyBSXqxMB8GA1UdIwQY
MBaAFHaqUfIBT6D9cRcGnYimefFnDDKkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHFwUjhnRlBvUDF4RndhZGlLWjU4V2NNTXFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS81ZGI1YTMtYTVlNi00NmM4LWFhOGUt
MjUxZjVkY2U3ZTRkLzEvQzU4bUt3VlFaRGJSbnZaN1o5RXBESUZKZXJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS81ZGI1YTMtYTVlNi00NmM4LWFhOGUtMjUxZjVkY2U3ZTRk
LzEvZHFwUjhnRlBvUDF4RndhZGlLWjU4V2NNTXFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rBMA0G
CSqGSIb3DQEBCwUAA4IBAQB91DC2Cyed9OiTNpiJUmytV2vC/GG9R8fzLQ5czy3A
hrf/w8ntsjsW0VKILE8OrFAvqsuLm3BZEcUQtOujBq0CTb9/z1NaI++etWXyJgS9
3ogbYHKCaDUijh8g6JbljTpyXZaKwFE51+FiDkEunDaA/0K9SS6VRDQ/rp4Yad/o
jzxBm542iLI75gQwVSZ0kJNX/4QHviXomm8ecUPaHqMfiZS5NQm3AGVAXtSWWymZ
H9TUD36ThDZ+hvVecARXlw6TAJ8zNjQHGb0pw7Mny41DY8MBFN4ecoxARPwbr/ft
YYz21cLmls0k+dg44tXvpTblTW9GsKEI/bITO1/Qoaav
-----END CERTIFICATE-----