Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/v2JyWYyakC753CgT-i_OOHfYFYw.roa
File:                     v2JyWYyakC753CgT-i_OOHfYFYw.roa (raw, json)
Hash identifier:          0mKSsvAKgPfmeAT4fMDlHdbkPBmXEr1yCoIRQwQhi8U=
Subject key identifier:   BF:62:72:59:8C:9A:90:2E:F9:DC:28:13:FA:2F:CE:38:77:D8:15:8C
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       0194282425B848E7B5EDC0711327A3495449
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/v2JyWYyakC753CgT-i_OOHfYFYw.roa
Signing time:             Thu 02 Jan 2025 17:50:45 +0000
ROA not before:           Thu 02 Jan 2025 17:50:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57509
IP address blocks:        91.191.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:25:b8:48:e7:b5:ed:c0:71:13:27:a3:49:54:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 17:50:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf6272598c9a902ef9dc2813fa2fce3877d8158c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b5:35:cc:21:5c:a2:4d:7f:4b:37:db:8f:fc:
                    7c:36:43:3e:fc:51:70:c4:44:71:b7:cc:e4:8f:61:
                    8c:f3:dd:a6:c4:58:4f:bf:8a:6c:ae:44:8e:17:ac:
                    49:f1:4c:fb:54:2e:36:be:03:f1:fa:b3:b6:12:ab:
                    0b:b9:aa:29:c1:74:af:a0:8f:85:c4:f9:f1:84:16:
                    ad:81:e6:a3:8d:e2:7b:a6:c0:09:44:27:c4:46:0a:
                    90:2f:81:1e:02:b0:6c:33:3e:90:e9:0e:4b:cf:3c:
                    25:a3:03:12:11:79:6a:2c:57:67:b1:e7:2b:25:70:
                    94:3e:17:43:0f:1f:8a:37:32:39:44:10:05:b0:a9:
                    46:8c:f0:61:27:7c:13:e4:ea:04:6a:f0:54:e5:9d:
                    bc:0f:47:b7:a7:10:18:7e:7e:c3:c7:8c:ed:dc:22:
                    b0:51:f9:ee:f5:de:7c:ef:f6:fc:7c:80:57:ae:29:
                    94:e2:08:db:aa:b2:97:d7:a0:de:6a:4b:9f:64:d7:
                    60:f9:2c:a8:37:a6:82:3d:92:77:b1:52:26:b5:29:
                    b8:3e:2e:ac:ef:48:a6:e9:26:94:6d:2b:c7:fb:ad:
                    38:5c:3f:de:53:81:c4:14:95:16:87:62:d7:52:da:
                    2c:85:dd:7f:4c:6e:43:82:5a:7a:d5:5e:c8:c6:14:
                    71:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:62:72:59:8C:9A:90:2E:F9:DC:28:13:FA:2F:CE:38:77:D8:15:8C
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/v2JyWYyakC753CgT-i_OOHfYFYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.191.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:b9:24:32:89:c0:1b:87:33:83:37:13:02:04:87:cd:67:6d:
         9d:c1:09:ec:9d:68:73:65:7b:2f:41:51:6a:db:b1:4b:44:29:
         57:cc:98:8e:e7:e7:d4:4a:29:ad:8f:e0:64:33:22:07:7c:1b:
         a7:07:48:e6:52:d4:0d:5b:8b:99:f7:1f:2e:a8:d3:ab:f9:27:
         05:b5:e6:06:9e:bd:70:37:51:21:09:f3:9c:6a:7c:55:9f:56:
         a5:7f:b5:a0:31:b4:f1:a9:08:fc:4e:b1:8a:78:fa:b9:9a:bb:
         c6:db:82:c8:0c:53:b2:74:7b:4b:da:2f:67:4c:5a:14:34:55:
         65:a9:3f:99:b4:cc:65:bb:88:56:7f:03:b3:91:71:8a:30:84:
         04:64:b1:de:97:31:8c:55:cd:bf:71:fe:08:e7:61:89:54:db:
         be:1c:c5:25:79:8c:6e:ad:55:88:bb:6a:6d:33:aa:aa:23:22:
         fa:b4:bd:ef:87:23:ce:36:b0:2f:f4:68:d8:e3:c6:e4:5c:63:
         bf:b2:ab:f6:8d:77:b0:51:c6:92:70:83:e6:9a:38:10:37:d5:
         41:9f:c1:e5:69:1c:76:cb:d9:ba:bc:4b:ef:ab:ec:d7:43:c5:
         ee:6b:d6:69:6d:cc:74:7a:00:ab:87:10:41:5f:02:70:e8:eb:
         8c:63:b3:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJCW4SOe17cBxEyejSVRJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTAyMTc1MDQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjYyNzI1OThjOWE5MDJlZjlkYzI4MTNmYTJmY2UzODc3ZDgxNThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLU1zCFcok1/Szfbj/x8NkM+/FFw
xERxt8zkj2GM892mxFhPv4psrkSOF6xJ8Uz7VC42vgPx+rO2EqsLuaopwXSvoI+F
xPnxhBatgeajjeJ7psAJRCfERgqQL4EeArBsMz6Q6Q5LzzwlowMSEXlqLFdnsecr
JXCUPhdDDx+KNzI5RBAFsKlGjPBhJ3wT5OoEavBU5Z28D0e3pxAYfn7Dx4zt3CKw
Ufnu9d587/b8fIBXrimU4gjbqrKX16DeakufZNdg+SyoN6aCPZJ3sVImtSm4Pi6s
70im6SaUbSvH+604XD/eU4HEFJUWh2LXUtoshd1/TG5Dglp61V7IxhRx/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9iclmMmpAu+dwoE/ovzjh32BWMMB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvdjJKeVdZeWFrQzc1M0NnVC1pX09PSGZZRll3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7/RMA0G
CSqGSIb3DQEBCwUAA4IBAQBluSQyicAbhzODNxMCBIfNZ22dwQnsnWhzZXsvQVFq
27FLRClXzJiO5+fUSimtj+BkMyIHfBunB0jmUtQNW4uZ9x8uqNOr+ScFteYGnr1w
N1EhCfOcanxVn1alf7WgMbTxqQj8TrGKePq5mrvG24LIDFOydHtL2i9nTFoUNFVl
qT+ZtMxlu4hWfwOzkXGKMIQEZLHelzGMVc2/cf4I52GJVNu+HMUleYxurVWIu2pt
M6qqIyL6tL3vhyPONrAv9GjY48bkXGO/sqv2jXewUcaScIPmmjgQN9VBn8HlaRx2
y9m6vEvvq+zXQ8Xua9Zpbcx0egCrhxBBXwJw6OuMY7Ox
-----END CERTIFICATE-----