Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/k8iZcfak9_5QgHS7iWQKKbEAkDk.roa
File:                     k8iZcfak9_5QgHS7iWQKKbEAkDk.roa (raw, json)
Hash identifier:          DXTLfl5DmKPP1gtWBPO48Z0DwWrE8Txs0tw+YahVRjs=
Subject key identifier:   93:C8:99:71:F6:A4:F7:FE:50:80:74:BB:89:64:0A:29:B1:00:90:39
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CC58256975D516C89F5CF121E7BE5
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/k8iZcfak9_5QgHS7iWQKKbEAkDk.roa
Signing time:             Wed 01 Jan 2025 01:48:26 +0000
ROA not before:           Wed 01 Jan 2025 01:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209670
IP address blocks:        91.132.24.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:c5:82:56:97:5d:51:6c:89:f5:cf:12:1e:7b:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93c89971f6a4f7fe508074bb89640a29b1009039
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a7:ea:cc:36:29:95:a8:38:90:d8:91:50:ed:
                    72:9d:1e:a2:27:a5:ec:5b:59:e8:ef:72:8c:dd:82:
                    50:7e:b2:82:80:8e:0e:af:c2:a1:7a:c1:6d:f9:21:
                    86:41:6c:b2:56:9b:8e:37:5f:14:b8:56:07:f1:84:
                    22:0a:fe:01:11:ce:21:12:a9:d8:4c:c2:bd:d6:05:
                    a2:f9:74:0c:47:8f:ac:d4:c5:c9:ae:d2:2e:8c:4d:
                    13:89:84:4e:db:8d:d0:f8:3a:de:94:56:2c:e9:4d:
                    f8:90:69:6f:03:6b:20:29:7d:85:a2:4f:fe:01:bc:
                    45:f6:d6:10:e7:6a:40:bf:ab:a3:1f:f1:1f:96:be:
                    a9:3d:cd:87:02:04:24:7d:5e:b0:2d:14:4c:ab:4d:
                    8b:46:3a:e6:24:fe:31:78:10:19:20:d8:1d:e3:45:
                    6e:d8:5c:52:db:c0:e9:2c:6c:99:94:d7:74:a8:02:
                    9c:c8:8d:57:19:84:dd:19:e1:6c:96:6b:d4:c9:73:
                    c9:13:2a:fe:e4:f1:d7:11:dc:35:38:98:38:dc:2f:
                    f2:ab:72:fe:62:ce:43:cb:0b:fc:66:2e:7b:e9:bd:
                    42:ce:9e:bb:21:0f:95:07:af:20:36:77:0f:08:11:
                    20:44:4d:df:25:54:42:e7:b1:c3:71:ce:28:d2:ad:
                    f2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:C8:99:71:F6:A4:F7:FE:50:80:74:BB:89:64:0A:29:B1:00:90:39
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/k8iZcfak9_5QgHS7iWQKKbEAkDk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:e0:4e:61:ba:3f:2d:6d:9d:61:b1:8e:a3:ab:25:af:c4:30:
         ea:1c:12:45:15:36:0f:41:12:f7:f3:05:e0:81:82:7c:f1:90:
         fa:c1:2b:2b:13:f7:50:ea:07:7b:df:38:15:76:02:b8:21:ba:
         1b:04:bd:c2:83:0c:10:b7:90:a7:c9:6d:1c:f5:aa:d9:e7:21:
         d5:91:2a:33:e5:25:c8:14:aa:83:f4:6d:8f:51:31:27:55:44:
         b2:52:17:96:89:d5:b4:1d:c4:77:31:cc:c3:c3:9e:99:d6:77:
         41:ba:38:5e:64:d8:e9:b7:fb:f9:04:1f:47:04:ec:aa:4f:38:
         fd:b2:1f:8d:16:18:3f:8c:a2:0e:8a:68:f3:68:a0:94:6b:a8:
         59:4f:b9:c1:2c:16:f1:6c:f8:d8:17:65:e6:90:b3:67:47:10:
         f3:85:ee:8a:1e:9f:ff:fa:5e:9b:17:2c:69:37:01:8c:25:d3:
         26:fb:4a:24:a2:56:08:e6:9d:91:fc:33:b7:86:cc:a0:e6:91:
         ed:b1:58:34:a5:31:9e:57:09:d9:5a:14:4f:3b:b6:34:fc:39:
         8b:dc:7e:c1:d2:c3:2d:22:73:d6:83:82:83:1d:44:79:c4:e4:
         f6:bc:60:8c:a9:1d:6b:c1:76:6e:36:a9:d5:d3:16:ab:4f:98:
         07:ef:09:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjMWCVpddUWyJ9c8SHnvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2M4OTk3MWY2YTRmN2ZlNTA4MDc0YmI4OTY0MGEyOWIxMDA5MDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3afqzDYplag4kNiRUO1ynR6iJ6Xs
W1no73KM3YJQfrKCgI4Or8KhesFt+SGGQWyyVpuON18UuFYH8YQiCv4BEc4hEqnY
TMK91gWi+XQMR4+s1MXJrtIujE0TiYRO243Q+DrelFYs6U34kGlvA2sgKX2Fok/+
AbxF9tYQ52pAv6ujH/Eflr6pPc2HAgQkfV6wLRRMq02LRjrmJP4xeBAZINgd40Vu
2FxS28DpLGyZlNd0qAKcyI1XGYTdGeFslmvUyXPJEyr+5PHXEdw1OJg43C/yq3L+
Ys5Dywv8Zi576b1Czp67IQ+VB68gNncPCBEgRE3fJVRC57HDcc4o0q3ylQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPImXH2pPf+UIB0u4lkCimxAJA5MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEvazhpWmNmYWs5XzVRZ0hTN2lXUUtLYkVBa0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW4QYMA0G
CSqGSIb3DQEBCwUAA4IBAQBS4E5huj8tbZ1hsY6jqyWvxDDqHBJFFTYPQRL38wXg
gYJ88ZD6wSsrE/dQ6gd73zgVdgK4IbobBL3CgwwQt5CnyW0c9arZ5yHVkSoz5SXI
FKqD9G2PUTEnVUSyUheWidW0HcR3MczDw56Z1ndBujheZNjpt/v5BB9HBOyqTzj9
sh+NFhg/jKIOimjzaKCUa6hZT7nBLBbxbPjYF2XmkLNnRxDzhe6KHp//+l6bFyxp
NwGMJdMm+0okolYI5p2R/DO3hsyg5pHtsVg0pTGeVwnZWhRPO7Y0/DmL3H7B0sMt
InPWg4KDHUR5xOT2vGCMqR1rwXZuNqnV0xarT5gH7wnN
-----END CERTIFICATE-----