Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/otKZ958cq46JjeuiWtQS_1cQ4O8.roa
File:                     otKZ958cq46JjeuiWtQS_1cQ4O8.roa (raw, json)
Hash identifier:          I3AuxBmpkKEz/bDKuyUmT7Of3tiFEgKl0C6pbBn4Ceg=
Subject key identifier:   A2:D2:99:F7:9F:1C:AB:8E:89:8D:EB:A2:5A:D4:12:FF:57:10:E0:EF
Certificate issuer:       /CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
Certificate serial:       01941FFA5470F780DAF2D41380B9F88E0704
Authority key identifier: 76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/otKZ958cq46JjeuiWtQS_1cQ4O8.roa
Signing time:             Wed 01 Jan 2025 03:48:06 +0000
ROA not before:           Wed 01 Jan 2025 03:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50204
IP address blocks:        91.197.236.0/22 maxlen: 24
                          195.214.236.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 12:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:54:70:f7:80:da:f2:d4:13:80:b9:f8:8e:07:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7642fd3f336ce6ee99e61fa977049a6c6a923e4a
        Validity
            Not Before: Jan  1 03:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2d299f79f1cab8e898deba25ad412ff5710e0ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c0:af:44:bf:10:c8:6e:52:fe:dc:02:a2:0c:
                    a0:c9:35:50:c8:00:11:f9:3f:b7:cd:3f:df:bb:12:
                    a6:3c:d3:9f:14:5e:b7:60:17:af:43:05:88:99:3d:
                    25:af:7d:b9:64:3d:36:7b:ab:33:be:3e:36:0e:fe:
                    e2:8d:6c:96:4d:b1:cb:9c:04:f9:f1:3b:0a:47:f8:
                    81:5a:ab:f7:e1:e8:53:88:62:4b:be:48:8d:5c:34:
                    5e:f9:4b:03:32:64:f2:48:f8:bd:e6:6a:8d:2a:f4:
                    06:4e:32:a1:3f:ec:0c:3c:7d:51:5f:ce:fb:17:1d:
                    58:47:eb:e2:f7:69:20:6c:ed:0f:9e:f2:34:e9:79:
                    37:fe:ef:08:3e:e6:da:56:1c:f2:d6:be:37:60:e2:
                    f2:49:75:7c:d1:d7:2e:13:46:75:44:51:f7:2d:a9:
                    6c:c9:1d:14:90:66:0e:96:f2:3b:88:3c:9c:23:12:
                    48:fc:f9:6a:32:fa:f0:7c:a3:2b:6b:99:37:d5:15:
                    b1:f8:fa:6a:88:ae:ba:c2:0a:fc:57:7c:83:8e:9f:
                    0b:b3:f2:f3:58:ba:dd:99:2d:22:6e:85:31:e3:09:
                    81:60:44:30:e3:27:3b:e2:7b:bc:23:4a:a5:00:05:
                    21:0d:18:6e:57:c0:af:00:1e:52:aa:51:b9:98:2c:
                    fa:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:D2:99:F7:9F:1C:AB:8E:89:8D:EB:A2:5A:D4:12:FF:57:10:E0:EF
            X509v3 Authority Key Identifier:
                keyid:76:42:FD:3F:33:6C:E6:EE:99:E6:1F:A9:77:04:9A:6C:6A:92:3E:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkL9PzNs5u6Z5h-pdwSabGqSPko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/otKZ958cq46JjeuiWtQS_1cQ4O8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/924546-d9c7-4a0d-ae00-62c43ac7c02f/1/dkL9PzNs5u6Z5h-pdwSabGqSPko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.236.0/22
                  195.214.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:36:67:ee:0a:db:1e:fe:79:18:f3:0a:e0:08:0f:f0:82:de:
         ce:19:97:be:58:d1:2e:34:78:28:04:e9:67:7b:b8:3c:58:88:
         6b:b2:d2:98:c3:c6:e7:04:92:45:4e:77:09:4e:d2:60:02:08:
         11:c7:cd:54:ca:95:2e:15:bd:08:ec:d2:13:5c:b8:e2:0f:96:
         3a:ad:c9:59:ae:e1:74:a6:1b:1e:fb:ea:66:0b:91:93:37:6e:
         f4:78:2a:37:c1:9b:ad:58:53:c6:82:57:e5:62:62:7f:62:d7:
         11:44:1d:1d:1e:94:02:9e:0d:29:7e:1d:4c:42:fd:c0:11:25:
         ae:d6:7b:2b:5e:9e:17:f9:61:70:e2:34:4e:da:eb:35:ab:30:
         67:92:2c:de:66:34:d9:73:58:c5:11:c7:e3:d5:22:a1:0c:95:
         97:d1:a8:8a:b0:f7:f6:b3:f5:a9:ad:6a:20:86:9b:1b:cc:53:
         46:4c:7e:fd:8f:96:fe:01:42:1c:a3:20:51:f6:03:aa:ad:74:
         8b:08:66:59:d9:55:07:e0:b7:70:f3:b2:8d:d9:fc:a8:b0:d2:
         08:60:58:70:80:72:74:a8:8f:80:7a:b6:bd:70:f4:ed:d5:b6:
         eb:bd:83:fb:ca:89:46:f0:29:7c:87:40:ee:12:8e:5e:c1:26:
         00:04:51:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+lRw94Da8tQTgLn4jgcEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDJmZDNmMzM2Y2U2ZWU5OWU2MWZhOTc3MDQ5YTZjNmE5
MjNlNGEwHhcNMjUwMTAxMDM0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmQyOTlmNzlmMWNhYjhlODk4ZGViYTI1YWQ0MTJmZjU3MTBlMGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8CvRL8QyG5S/twCogygyTVQyAAR
+T+3zT/fuxKmPNOfFF63YBevQwWImT0lr325ZD02e6szvj42Dv7ijWyWTbHLnAT5
8TsKR/iBWqv34ehTiGJLvkiNXDRe+UsDMmTySPi95mqNKvQGTjKhP+wMPH1RX877
Fx1YR+vi92kgbO0PnvI06Xk3/u8IPubaVhzy1r43YOLySXV80dcuE0Z1RFH3Lals
yR0UkGYOlvI7iDycIxJI/PlqMvrwfKMra5k31RWx+PpqiK66wgr8V3yDjp8Ls/Lz
WLrdmS0iboUx4wmBYEQw4yc74nu8I0qlAAUhDRhuV8CvAB5SqlG5mCz6pwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKLSmfefHKuOiY3rolrUEv9XEODvMB8GA1UdIwQY
MBaAFHZC/T8zbObumeYfqXcEmmxqkj5KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAt
NjJjNDNhYzdjMDJmLzEvb3RLWjk1OGNxNDZKamV1aVd0UVNfMWNRNE84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy85MjQ1NDYtZDljNy00YTBkLWFlMDAtNjJjNDNhYzdjMDJm
LzEvZGtMOVB6TnM1dTZaNWgtcGR3U2FiR3FTUGtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8XsAwQC
w9bsMA0GCSqGSIb3DQEBCwUAA4IBAQBlNmfuCtse/nkY8wrgCA/wgt7OGZe+WNEu
NHgoBOlne7g8WIhrstKYw8bnBJJFTncJTtJgAggRx81UypUuFb0I7NITXLjiD5Y6
rclZruF0phse++pmC5GTN270eCo3wZutWFPGglflYmJ/YtcRRB0dHpQCng0pfh1M
Qv3AESWu1nsrXp4X+WFw4jRO2us1qzBnkizeZjTZc1jFEcfj1SKhDJWX0aiKsPf2
s/WprWoghpsbzFNGTH79j5b+AUIcoyBR9gOqrXSLCGZZ2VUH4Ldw87KN2fyosNII
YFhwgHJ0qI+Aera9cPTt1bbrvYP7yolG8Cl8h0DuEo5ewSYABFFe
-----END CERTIFICATE-----