Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6d7f0d-7e4e-47d6-b9db-ca0c772b729f/1/4XFlits89wxyHX1vn5VHIsNuyKg.roa
File:                     4XFlits89wxyHX1vn5VHIsNuyKg.roa (raw, json)
Hash identifier:          BT2LxZu3wA5VCThqQPlS1bE8oOkqeH9p+4dqdYk4cGk=
Subject key identifier:   E1:71:65:8A:DB:3C:F7:0C:72:1D:7D:6F:9F:95:47:22:C3:6E:C8:A8
Certificate issuer:       /CN=268f501bbf9e13cdd2eb899d97121f669aa29135
Certificate serial:       0194258EE2466A511364803DA672E70B92B9
Authority key identifier: 26:8F:50:1B:BF:9E:13:CD:D2:EB:89:9D:97:12:1F:66:9A:A2:91:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jo9QG7-eE83S64mdlxIfZpqikTU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6d7f0d-7e4e-47d6-b9db-ca0c772b729f/1/4XFlits89wxyHX1vn5VHIsNuyKg.roa
Signing time:             Thu 02 Jan 2025 05:48:28 +0000
ROA not before:           Thu 02 Jan 2025 05:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        91.234.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6d7f0d-7e4e-47d6-b9db-ca0c772b729f/1/Jo9QG7-eE83S64mdlxIfZpqikTU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6d7f0d-7e4e-47d6-b9db-ca0c772b729f/1/Jo9QG7-eE83S64mdlxIfZpqikTU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jo9QG7-eE83S64mdlxIfZpqikTU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:e2:46:6a:51:13:64:80:3d:a6:72:e7:0b:92:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=268f501bbf9e13cdd2eb899d97121f669aa29135
        Validity
            Not Before: Jan  2 05:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e171658adb3cf70c721d7d6f9f954722c36ec8a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:0e:c4:7f:7d:21:ac:18:83:a5:cb:5d:d8:4b:
                    10:9d:cc:e4:39:98:1b:eb:df:65:25:cd:8e:0a:86:
                    79:6c:4e:ec:75:81:55:37:bc:51:fb:ad:d5:fa:8c:
                    03:4e:a7:cf:17:cd:2a:0c:6e:14:ab:f8:ed:28:dc:
                    15:51:c6:99:d8:0d:2e:c7:83:05:4f:06:a2:a9:13:
                    2a:f6:8f:c8:1c:37:b2:df:46:12:44:bd:3c:47:e1:
                    41:ca:9c:68:66:83:58:a2:ea:89:e5:8e:19:eb:75:
                    cf:82:37:13:3a:cf:6a:39:98:ce:32:bd:5f:f1:72:
                    a0:e6:0d:94:7a:9b:05:44:6d:1e:de:2a:0b:34:b7:
                    5e:78:fe:98:3a:6b:80:00:12:98:7a:58:63:e6:d1:
                    0a:b8:ee:d7:b1:6d:65:39:ad:f1:0f:ea:bf:2d:e1:
                    d4:9e:8d:3e:06:76:ae:b6:e7:80:e9:c2:96:c6:ef:
                    b1:c9:3d:a1:bd:2b:a4:7d:3b:c1:91:a5:4c:d5:36:
                    87:87:c5:8e:5d:3b:57:6e:45:79:ff:bf:b3:22:30:
                    9c:fa:d3:75:cb:12:7d:6f:4d:ed:b2:71:57:5a:f6:
                    0d:d4:bb:22:b2:06:ce:99:c7:5e:06:85:a6:d2:01:
                    31:ba:27:70:00:d7:4f:ea:a1:5a:19:d2:72:bf:08:
                    61:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:71:65:8A:DB:3C:F7:0C:72:1D:7D:6F:9F:95:47:22:C3:6E:C8:A8
            X509v3 Authority Key Identifier:
                keyid:26:8F:50:1B:BF:9E:13:CD:D2:EB:89:9D:97:12:1F:66:9A:A2:91:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jo9QG7-eE83S64mdlxIfZpqikTU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6d7f0d-7e4e-47d6-b9db-ca0c772b729f/1/4XFlits89wxyHX1vn5VHIsNuyKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6d7f0d-7e4e-47d6-b9db-ca0c772b729f/1/Jo9QG7-eE83S64mdlxIfZpqikTU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:2b:be:58:b2:16:dc:66:e4:14:17:f2:47:a2:19:d8:7a:a8:
         60:89:5f:ea:23:1c:19:7c:e7:ad:e1:f7:e1:a0:7c:0b:99:ca:
         d3:96:2d:f4:d7:f1:e5:b5:a8:98:e6:d5:9b:86:8c:d4:99:33:
         9a:5a:57:58:40:fd:0a:4d:8b:76:73:d7:cd:89:5c:e7:4b:c9:
         65:ae:d0:4d:46:5a:58:75:c4:5d:87:c9:a0:8f:ca:de:13:30:
         fe:35:b4:49:2b:2b:ff:40:7a:eb:db:f3:9f:c4:be:d4:04:39:
         9c:2a:92:45:a1:c3:a8:29:38:44:6a:5b:7d:57:bd:26:8c:64:
         52:56:33:fc:af:8f:48:3a:76:c3:28:b4:9e:ec:b6:69:2f:2d:
         87:3b:66:bd:7d:77:4f:f7:93:f0:45:c9:d0:eb:7d:5e:9b:86:
         d7:9b:ce:44:06:20:73:bf:a0:0b:fb:1b:57:eb:d5:9d:ce:5e:
         d6:5b:44:f8:35:58:e1:60:25:63:70:7d:9d:b0:5c:a0:00:71:
         da:f0:68:34:08:fb:e3:cc:97:29:55:c9:c7:18:65:9e:a9:f0:
         37:6b:53:03:18:88:7f:88:e4:86:a9:31:3b:af:80:5b:ce:e1:
         97:31:97:ac:56:fd:a7:a4:0d:26:be:c1:9d:55:7e:7e:e7:13:
         26:7e:34:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljuJGalETZIA9pnLnC5K5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2OGY1MDFiYmY5ZTEzY2RkMmViODk5ZDk3MTIxZjY2OWFh
MjkxMzUwHhcNMjUwMTAyMDU0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTcxNjU4YWRiM2NmNzBjNzIxZDdkNmY5Zjk1NDcyMmMzNmVjOGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Q7Ef30hrBiDpctd2EsQnczkOZgb
699lJc2OCoZ5bE7sdYFVN7xR+63V+owDTqfPF80qDG4Uq/jtKNwVUcaZ2A0ux4MF
TwaiqRMq9o/IHDey30YSRL08R+FBypxoZoNYouqJ5Y4Z63XPgjcTOs9qOZjOMr1f
8XKg5g2UepsFRG0e3ioLNLdeeP6YOmuAABKYelhj5tEKuO7XsW1lOa3xD+q/LeHU
no0+BnautueA6cKWxu+xyT2hvSukfTvBkaVM1TaHh8WOXTtXbkV5/7+zIjCc+tN1
yxJ9b03tsnFXWvYN1LsisgbOmcdeBoWm0gExuidwANdP6qFaGdJyvwhhqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOFxZYrbPPcMch19b5+VRyLDbsioMB8GA1UdIwQY
MBaAFCaPUBu/nhPN0uuJnZcSH2aaopE1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm85UUc3LWVFODNTNjRtZGx4SWZacHFpa1RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82ZDdmMGQtN2U0ZS00N2Q2LWI5ZGIt
Y2EwYzc3MmI3MjlmLzEvNFhGbGl0czg5d3h5SFgxdm41VkhJc051eUtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82ZDdmMGQtN2U0ZS00N2Q2LWI5ZGItY2EwYzc3MmI3Mjlm
LzEvSm85UUc3LWVFODNTNjRtZGx4SWZacHFpa1RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+okMA0G
CSqGSIb3DQEBCwUAA4IBAQC7K75YshbcZuQUF/JHohnYeqhgiV/qIxwZfOet4ffh
oHwLmcrTli301/HltaiY5tWbhozUmTOaWldYQP0KTYt2c9fNiVznS8llrtBNRlpY
dcRdh8mgj8reEzD+NbRJKyv/QHrr2/OfxL7UBDmcKpJFocOoKThEalt9V70mjGRS
VjP8r49IOnbDKLSe7LZpLy2HO2a9fXdP95PwRcnQ631em4bXm85EBiBzv6AL+xtX
69Wdzl7WW0T4NVjhYCVjcH2dsFygAHHa8Gg0CPvjzJcpVcnHGGWeqfA3a1MDGIh/
iOSGqTE7r4BbzuGXMZesVv2npA0mvsGdVX5+5xMmfjQQ
-----END CERTIFICATE-----