Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/75gL-QM6p_WWaZpy6iMBTgopl4A.roa
File:                     75gL-QM6p_WWaZpy6iMBTgopl4A.roa (raw, json)
Hash identifier:          C70hkA6dezEt2xcdG5Lxg7y2p7KFd6680YSWy+fNqPg=
Subject key identifier:   EF:98:0B:F9:03:3A:A7:F5:96:69:9A:72:EA:23:01:4E:0A:29:97:80
Certificate issuer:       /CN=e622f6539781c50bc497c7a0b6f5d505ef88b9d6
Certificate serial:       01942748461CB03B35D304C7866AFD7A9F59
Authority key identifier: E6:22:F6:53:97:81:C5:0B:C4:97:C7:A0:B6:F5:D5:05:EF:88:B9:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5iL2U5eBxQvEl8egtvXVBe-IudY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/75gL-QM6p_WWaZpy6iMBTgopl4A.roa
Signing time:             Thu 02 Jan 2025 13:50:35 +0000
ROA not before:           Thu 02 Jan 2025 13:50:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47760
IP address blocks:        91.208.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/5iL2U5eBxQvEl8egtvXVBe-IudY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/5iL2U5eBxQvEl8egtvXVBe-IudY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5iL2U5eBxQvEl8egtvXVBe-IudY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 19:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:46:1c:b0:3b:35:d3:04:c7:86:6a:fd:7a:9f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e622f6539781c50bc497c7a0b6f5d505ef88b9d6
        Validity
            Not Before: Jan  2 13:50:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef980bf9033aa7f596699a72ea23014e0a299780
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ae:4b:85:9f:4a:dc:65:7f:30:41:b9:7c:cd:
                    59:b1:4b:ad:64:27:dd:81:6d:8b:a8:fd:cd:51:61:
                    d8:0b:0d:7d:da:bc:04:47:ee:4a:4d:12:ff:0c:a6:
                    19:63:b0:e8:da:29:2b:94:7b:8d:91:6a:4a:8a:4f:
                    39:44:b5:3e:55:8c:59:ae:d1:3a:c7:28:62:84:3a:
                    ba:d1:04:91:77:39:3a:c2:bb:90:4c:49:63:de:0b:
                    06:25:92:cd:4f:c3:7a:3e:db:6c:ea:cf:dc:b3:9a:
                    6e:72:3c:52:65:b5:cc:75:80:83:5e:77:fc:65:c2:
                    76:ff:b7:9c:12:0f:52:80:8e:d5:23:e8:94:bd:9d:
                    b4:d9:a6:2a:49:60:f1:6f:2a:21:7d:44:4c:e9:ed:
                    01:28:5b:bb:21:2a:4b:6e:e7:b7:ad:0d:21:cd:2f:
                    fe:1d:59:6a:6c:fc:a7:ee:31:ff:7d:aa:c3:db:de:
                    eb:84:a1:9f:fe:19:3b:6e:51:36:5e:3d:fb:76:85:
                    9a:a5:d0:ec:c9:9d:49:0d:84:c3:2d:d6:0a:d9:5c:
                    ea:f6:17:ce:e1:7a:80:67:7d:72:08:7c:7c:a8:11:
                    c9:e1:65:9d:ec:ac:1b:a8:ba:00:89:7a:c8:96:02:
                    91:cb:03:5e:f3:fd:6e:7e:e3:51:a8:ef:0c:e3:93:
                    c0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:98:0B:F9:03:3A:A7:F5:96:69:9A:72:EA:23:01:4E:0A:29:97:80
            X509v3 Authority Key Identifier:
                keyid:E6:22:F6:53:97:81:C5:0B:C4:97:C7:A0:B6:F5:D5:05:EF:88:B9:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5iL2U5eBxQvEl8egtvXVBe-IudY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/75gL-QM6p_WWaZpy6iMBTgopl4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/11aa8c-9591-4cc8-a76a-698e6a8e6708/1/5iL2U5eBxQvEl8egtvXVBe-IudY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:db:ce:b4:60:ca:5a:e6:ee:bd:d8:78:9a:c3:c5:a1:f6:a1:
         46:cb:83:fc:28:44:bf:f8:b3:8c:a3:32:f2:35:b4:ac:73:11:
         01:dc:ba:ed:14:23:f6:46:74:56:fb:7e:4a:28:da:61:04:39:
         15:2c:7f:00:2e:c8:1c:de:73:91:81:22:78:7d:75:72:25:5a:
         82:c9:2a:01:79:a5:93:6d:54:ba:dd:3f:66:49:a1:59:58:b1:
         48:88:a6:bf:90:79:e9:b4:04:ed:b3:0d:62:02:20:47:14:91:
         02:d4:71:cf:5c:a1:ab:1d:51:c9:5b:40:fa:58:8b:5c:67:28:
         be:1e:2b:e4:d1:f4:c3:0d:28:f0:2f:1e:74:56:70:9e:8b:54:
         cb:1f:5d:0e:17:2a:a2:ae:db:85:b6:39:ef:fd:73:38:37:31:
         df:5e:da:bf:5f:63:ec:f1:c7:c0:30:1e:42:03:fd:3c:d9:2e:
         d1:6a:bf:31:24:aa:7f:0f:8f:3e:13:56:4e:44:aa:17:17:84:
         7c:eb:6d:7e:fc:f6:ae:f9:91:ed:5a:69:5b:b1:cb:00:7c:f9:
         cd:c2:25:fb:3c:cf:d2:01:87:12:64:5e:fb:67:52:05:7f:2c:
         5b:78:06:f3:2f:20:45:3e:0e:74:58:4a:ee:d5:f2:6f:cb:9c:
         17:bf:ad:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSEYcsDs10wTHhmr9ep9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2MjJmNjUzOTc4MWM1MGJjNDk3YzdhMGI2ZjVkNTA1ZWY4
OGI5ZDYwHhcNMjUwMTAyMTM1MDM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjk4MGJmOTAzM2FhN2Y1OTY2OTlhNzJlYTIzMDE0ZTBhMjk5NzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAra5LhZ9K3GV/MEG5fM1ZsUutZCfd
gW2LqP3NUWHYCw192rwER+5KTRL/DKYZY7Do2ikrlHuNkWpKik85RLU+VYxZrtE6
xyhihDq60QSRdzk6wruQTElj3gsGJZLNT8N6Ptts6s/cs5pucjxSZbXMdYCDXnf8
ZcJ2/7ecEg9SgI7VI+iUvZ202aYqSWDxbyohfURM6e0BKFu7ISpLbue3rQ0hzS/+
HVlqbPyn7jH/farD297rhKGf/hk7blE2Xj37doWapdDsyZ1JDYTDLdYK2Vzq9hfO
4XqAZ31yCHx8qBHJ4WWd7KwbqLoAiXrIlgKRywNe8/1ufuNRqO8M45PAvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+YC/kDOqf1lmmacuojAU4KKZeAMB8GA1UdIwQY
MBaAFOYi9lOXgcULxJfHoLb11QXviLnWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWlMMlU1ZUJ4UXZFbDhlZ3R2WFZCZS1JdWRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS8xMWFhOGMtOTU5MS00Y2M4LWE3NmEt
Njk4ZTZhOGU2NzA4LzEvNzVnTC1RTTZwX1dXYVpweTZpTUJUZ29wbDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS8xMWFhOGMtOTU5MS00Y2M4LWE3NmEtNjk4ZTZhOGU2NzA4
LzEvNWlMMlU1ZUJ4UXZFbDhlZ3R2WFZCZS1JdWRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BgMA0G
CSqGSIb3DQEBCwUAA4IBAQBr2860YMpa5u692Hiaw8Wh9qFGy4P8KES/+LOMozLy
NbSscxEB3LrtFCP2RnRW+35KKNphBDkVLH8ALsgc3nORgSJ4fXVyJVqCySoBeaWT
bVS63T9mSaFZWLFIiKa/kHnptATtsw1iAiBHFJEC1HHPXKGrHVHJW0D6WItcZyi+
Hivk0fTDDSjwLx50VnCei1TLH10OFyqirtuFtjnv/XM4NzHfXtq/X2Ps8cfAMB5C
A/082S7Rar8xJKp/D48+E1ZORKoXF4R8621+/Pau+ZHtWmlbscsAfPnNwiX7PM/S
AYcSZF77Z1IFfyxbeAbzLyBFPg50WEru1fJvy5wXv62l
-----END CERTIFICATE-----