Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/tBNDimUXEukADWJF9dJCQTAu8Xs.roa
File:                     tBNDimUXEukADWJF9dJCQTAu8Xs.roa (raw, json)
Hash identifier:          xy9pbAco54L3WlU6x7baSUsepcCgwp7AyR8Cg3prULc=
Subject key identifier:   B4:13:43:8A:65:17:12:E9:00:0D:62:45:F5:D2:42:41:30:2E:F1:7B
Certificate issuer:       /CN=07d75335f77bf4240976277b1dd0e19bb23a8e1d
Certificate serial:       0194244571251EE80BC42098B2916D9CA376
Authority key identifier: 07:D7:53:35:F7:7B:F4:24:09:76:27:7B:1D:D0:E1:9B:B2:3A:8E:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B9dTNfd79CQJdid7HdDhm7I6jh0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/tBNDimUXEukADWJF9dJCQTAu8Xs.roa
Signing time:             Wed 01 Jan 2025 23:48:38 +0000
ROA not before:           Wed 01 Jan 2025 23:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        91.103.82.0/24 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/B9dTNfd79CQJdid7HdDhm7I6jh0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/B9dTNfd79CQJdid7HdDhm7I6jh0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B9dTNfd79CQJdid7HdDhm7I6jh0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:71:25:1e:e8:0b:c4:20:98:b2:91:6d:9c:a3:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07d75335f77bf4240976277b1dd0e19bb23a8e1d
        Validity
            Not Before: Jan  1 23:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b413438a651712e9000d6245f5d24241302ef17b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:c7:a3:1d:af:86:40:58:30:e5:93:24:19:e7:
                    83:82:e2:14:ba:d2:00:73:58:b8:a1:eb:8a:01:1a:
                    02:68:97:8a:e0:94:ba:2a:99:33:aa:c8:bc:a8:a5:
                    61:e7:49:7d:53:4b:2f:ba:c1:ae:f4:cf:37:8a:67:
                    ed:4b:52:d4:8e:77:ef:fc:d3:e6:bc:91:82:69:d4:
                    7e:29:2d:73:a3:db:12:ba:68:4a:82:09:6b:0e:1a:
                    cd:ee:6c:e7:f5:44:d7:9e:52:27:92:26:a4:70:c5:
                    70:06:96:b0:8e:0d:50:5a:f4:b3:e5:11:14:07:76:
                    5b:ee:40:8f:4f:22:9f:20:16:43:3a:8f:80:93:f5:
                    30:3b:1a:4b:e3:d7:42:f1:31:04:d7:77:8a:28:85:
                    96:d5:4f:24:01:91:13:97:b6:bf:9b:d2:9b:06:78:
                    92:08:e7:78:fa:8f:3e:17:3b:1b:4b:35:48:fb:06:
                    a6:59:06:69:8c:95:02:7a:19:45:f4:2f:2b:6c:67:
                    54:df:f6:9e:72:5e:97:1b:e6:2e:43:1c:ff:7c:42:
                    2a:f8:d0:75:3a:6d:b0:b8:5c:bf:1f:52:69:0e:5d:
                    d9:62:42:83:1b:5c:ee:61:a7:f7:b1:3b:ca:f0:6a:
                    8f:1e:49:24:fd:e5:39:77:d4:37:c5:6d:b5:84:46:
                    96:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:13:43:8A:65:17:12:E9:00:0D:62:45:F5:D2:42:41:30:2E:F1:7B
            X509v3 Authority Key Identifier:
                keyid:07:D7:53:35:F7:7B:F4:24:09:76:27:7B:1D:D0:E1:9B:B2:3A:8E:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B9dTNfd79CQJdid7HdDhm7I6jh0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/tBNDimUXEukADWJF9dJCQTAu8Xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ce3fa7-fc88-4f48-a5ce-a45bbcb34de5/1/B9dTNfd79CQJdid7HdDhm7I6jh0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:52:3a:b9:bf:61:0d:9a:73:12:70:93:65:13:35:17:c7:86:
         d7:93:cd:38:5b:0a:80:c9:90:82:34:8b:4e:ef:72:cd:87:dd:
         81:31:7b:ab:26:00:32:4f:e6:b3:bd:6a:ef:07:d7:3f:8c:c1:
         10:cc:57:fd:3d:01:36:eb:9d:33:8d:9c:51:af:e7:da:55:ee:
         23:37:ae:ce:da:23:dd:a4:a2:8e:b2:45:81:5d:f2:fd:58:52:
         74:df:18:11:06:c6:a5:89:54:67:08:1d:dc:72:c7:98:30:a0:
         d8:3a:e3:7b:d6:07:86:80:f4:57:a8:12:c2:19:49:d1:d3:96:
         47:c1:27:ff:59:7b:71:88:1e:d3:92:59:e4:87:70:2c:98:0c:
         2f:a6:33:fd:91:aa:ef:69:a4:ca:36:85:48:e7:f3:94:39:71:
         0b:9d:1d:cc:1f:5a:6c:f7:71:2d:91:27:c1:c7:23:7f:86:3b:
         8c:7d:f3:85:02:7f:f6:15:bf:1e:ce:a6:8e:fc:ab:d9:ad:bc:
         8f:dc:18:72:8b:61:7f:4d:ab:4e:57:3b:73:a2:5b:1f:90:8f:
         75:2c:4b:f2:63:1a:84:b9:9e:60:a3:2f:68:4f:43:92:29:e2:
         b7:7c:84:e2:26:d8:66:c3:ec:63:5f:56:91:46:21:de:45:02:
         5a:fa:47:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRXElHugLxCCYspFtnKN2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZDc1MzM1Zjc3YmY0MjQwOTc2Mjc3YjFkZDBlMTliYjIz
YThlMWQwHhcNMjUwMTAxMjM0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDEzNDM4YTY1MTcxMmU5MDAwZDYyNDVmNWQyNDI0MTMwMmVmMTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocejHa+GQFgw5ZMkGeeDguIUutIA
c1i4oeuKARoCaJeK4JS6Kpkzqsi8qKVh50l9U0svusGu9M83imftS1LUjnfv/NPm
vJGCadR+KS1zo9sSumhKgglrDhrN7mzn9UTXnlInkiakcMVwBpawjg1QWvSz5REU
B3Zb7kCPTyKfIBZDOo+Ak/UwOxpL49dC8TEE13eKKIWW1U8kAZETl7a/m9KbBniS
COd4+o8+FzsbSzVI+wamWQZpjJUCehlF9C8rbGdU3/aecl6XG+YuQxz/fEIq+NB1
Om2wuFy/H1JpDl3ZYkKDG1zuYaf3sTvK8GqPHkkk/eU5d9Q3xW21hEaWpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLQTQ4plFxLpAA1iRfXSQkEwLvF7MB8GA1UdIwQY
MBaAFAfXUzX3e/QkCXYnex3Q4ZuyOo4dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjlkVE5mZDc5Q1FKZGlkN0hkRGhtN0k2amgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9jZTNmYTctZmM4OC00ZjQ4LWE1Y2Ut
YTQ1YmJjYjM0ZGU1LzEvdEJORGltVVhFdWtBRFdKRjlkSkNRVEF1OFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9jZTNmYTctZmM4OC00ZjQ4LWE1Y2UtYTQ1YmJjYjM0ZGU1
LzEvQjlkVE5mZDc5Q1FKZGlkN0hkRGhtN0k2amgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2dSMA0G
CSqGSIb3DQEBCwUAA4IBAQB2Ujq5v2ENmnMScJNlEzUXx4bXk804WwqAyZCCNItO
73LNh92BMXurJgAyT+azvWrvB9c/jMEQzFf9PQE2650zjZxRr+faVe4jN67O2iPd
pKKOskWBXfL9WFJ03xgRBsaliVRnCB3ccseYMKDYOuN71geGgPRXqBLCGUnR05ZH
wSf/WXtxiB7Tklnkh3AsmAwvpjP9karvaaTKNoVI5/OUOXELnR3MH1ps93EtkSfB
xyN/hjuMffOFAn/2Fb8ezqaO/KvZrbyP3Bhyi2F/TatOVztzolsfkI91LEvyYxqE
uZ5goy9oT0OSKeK3fITiJthmw+xjX1aRRiHeRQJa+kfM
-----END CERTIFICATE-----