Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/fL3fAtFLchxlzuCc2GY65y6LmZ0.roa
File:                     fL3fAtFLchxlzuCc2GY65y6LmZ0.roa (raw, json)
Hash identifier:          XRZwhdg6OIZelMOuq2OiZcg4UiZ6j5YXWUKJ7b9dB2A=
Subject key identifier:   7C:BD:DF:02:D1:4B:72:1C:65:CE:E0:9C:D8:66:3A:E7:2E:8B:99:9D
Certificate issuer:       /CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
Certificate serial:       0194236A2A83D98C2EE928835072E2BA7718
Authority key identifier: BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/fL3fAtFLchxlzuCc2GY65y6LmZ0.roa
Signing time:             Wed 01 Jan 2025 19:49:07 +0000
ROA not before:           Wed 01 Jan 2025 19:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42399
IP address blocks:        91.189.112.0/23 maxlen: 23
                          91.189.112.0/24 maxlen: 24
                          91.189.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:2a:83:d9:8c:2e:e9:28:83:50:72:e2:ba:77:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdfad23e11cf0d24a477594eba09f99acc6f1fff
        Validity
            Not Before: Jan  1 19:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7cbddf02d14b721c65cee09cd8663ae72e8b999d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b5:84:12:ac:ad:62:0b:2b:07:56:59:c6:5d:
                    83:4d:4f:f3:19:8f:73:c6:37:79:e9:b0:8d:6d:26:
                    70:7d:ed:4e:84:98:e5:6f:0b:d4:fb:ab:38:a2:d9:
                    a5:3c:39:85:3c:f7:20:33:95:8e:9a:07:49:e9:5d:
                    2b:5d:5f:55:1f:8f:09:91:03:e4:87:10:23:23:11:
                    d9:e5:c6:41:57:98:67:cd:86:9f:fc:04:17:5a:b2:
                    24:c8:57:d9:9e:74:17:fa:70:ab:13:60:ac:61:1c:
                    8a:12:43:73:01:2d:dd:51:e0:8f:bd:c9:39:a4:b8:
                    74:2a:8b:08:27:a9:18:60:54:3d:98:ab:ad:56:45:
                    53:00:55:9c:03:39:bb:f0:50:4c:f3:55:6f:bd:f2:
                    72:1c:d0:82:f6:ed:5d:fd:c9:12:97:d3:7f:71:f0:
                    81:c6:3d:d5:a2:01:a3:2b:fc:b0:9d:de:cd:b4:c0:
                    6d:3e:20:a4:0e:c3:84:d8:1f:cc:01:c6:28:b3:36:
                    3a:5d:fe:13:26:bc:85:cc:a4:68:54:2c:ae:f2:9c:
                    f8:f5:ef:02:86:13:21:08:36:21:65:ab:2b:3d:cf:
                    60:4c:f8:2a:e7:26:f6:5e:84:69:59:71:82:46:30:
                    e4:18:4d:81:0e:c4:a2:8e:bd:e2:29:ae:bc:60:cb:
                    3d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:BD:DF:02:D1:4B:72:1C:65:CE:E0:9C:D8:66:3A:E7:2E:8B:99:9D
            X509v3 Authority Key Identifier:
                keyid:BD:FA:D2:3E:11:CF:0D:24:A4:77:59:4E:BA:09:F9:9A:CC:6F:1F:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vfrSPhHPDSSkd1lOugn5msxvH_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/fL3fAtFLchxlzuCc2GY65y6LmZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/e25239-6ab0-4919-a76a-4f4e71e32084/1/vfrSPhHPDSSkd1lOugn5msxvH_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.189.112.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:3c:c3:64:de:fd:bd:30:36:5d:1d:67:c9:a0:5d:72:5b:a1:
         a3:9d:a9:9b:2e:4e:de:a0:0e:c9:87:e9:df:61:07:ec:3c:3e:
         70:70:56:c3:26:fd:a6:bd:29:4f:33:08:02:87:f5:db:d7:e7:
         b1:57:48:2b:9b:89:6c:ed:18:91:1b:a9:dd:ad:80:37:41:d6:
         e8:b0:a8:e8:bf:59:6a:1f:95:9c:20:bb:45:bf:19:f3:af:07:
         3c:36:1d:03:bf:5f:c0:e3:b6:b3:9d:2f:ee:7b:29:ad:d0:79:
         67:bf:0c:c7:3b:40:4a:dc:be:8f:1c:0b:82:37:dd:bb:61:43:
         0c:96:71:7a:e9:c8:66:02:34:55:ac:96:7b:1e:6b:10:05:69:
         bb:6f:2b:48:67:1f:5e:3e:ea:31:bd:1d:aa:dd:6e:78:c9:d3:
         bd:f6:1e:f6:5a:7c:9f:14:f2:d7:01:9f:62:dd:b7:76:12:4f:
         d1:43:cb:63:3e:b4:ed:a7:72:52:29:5d:30:10:43:9d:76:48:
         78:eb:e5:21:32:a3:30:43:b2:dc:17:1e:06:cf:ab:31:56:e2:
         ea:e7:df:9b:e3:bd:fb:c6:b3:f6:12:95:94:4b:e4:ac:71:d6:
         6c:31:b6:85:f1:c7:f4:57:11:d3:48:d4:30:04:be:69:d8:04:
         6f:44:5a:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaiqD2Ywu6SiDUHLiuncYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZmFkMjNlMTFjZjBkMjRhNDc3NTk0ZWJhMDlmOTlhY2M2
ZjFmZmYwHhcNMjUwMTAxMTk0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2JkZGYwMmQxNGI3MjFjNjVjZWUwOWNkODY2M2FlNzJlOGI5OTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubWEEqytYgsrB1ZZxl2DTU/zGY9z
xjd56bCNbSZwfe1OhJjlbwvU+6s4otmlPDmFPPcgM5WOmgdJ6V0rXV9VH48JkQPk
hxAjIxHZ5cZBV5hnzYaf/AQXWrIkyFfZnnQX+nCrE2CsYRyKEkNzAS3dUeCPvck5
pLh0KosIJ6kYYFQ9mKutVkVTAFWcAzm78FBM81VvvfJyHNCC9u1d/ckSl9N/cfCB
xj3VogGjK/ywnd7NtMBtPiCkDsOE2B/MAcYoszY6Xf4TJryFzKRoVCyu8pz49e8C
hhMhCDYhZasrPc9gTPgq5yb2XoRpWXGCRjDkGE2BDsSijr3iKa68YMs9XwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHy93wLRS3IcZc7gnNhmOucui5mdMB8GA1UdIwQY
MBaAFL360j4Rzw0kpHdZTroJ+ZrMbx//MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEt
NGY0ZTcxZTMyMDg0LzEvZkwzZkF0RkxjaHhsenVDYzJHWTY1eTZMbVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9lMjUyMzktNmFiMC00OTE5LWE3NmEtNGY0ZTcxZTMyMDg0
LzEvdmZyU1BoSFBEU1NrZDFsT3VnbjVtc3h2SF84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW71wMA0G
CSqGSIb3DQEBCwUAA4IBAQCJPMNk3v29MDZdHWfJoF1yW6GjnambLk7eoA7Jh+nf
YQfsPD5wcFbDJv2mvSlPMwgCh/Xb1+exV0grm4ls7RiRG6ndrYA3QdbosKjov1lq
H5WcILtFvxnzrwc8Nh0Dv1/A47aznS/ueymt0HlnvwzHO0BK3L6PHAuCN927YUMM
lnF66chmAjRVrJZ7HmsQBWm7bytIZx9ePuoxvR2q3W54ydO99h72WnyfFPLXAZ9i
3bd2Ek/RQ8tjPrTtp3JSKV0wEEOddkh46+UhMqMwQ7LcFx4Gz6sxVuLq59+b4737
xrP2EpWUS+SscdZsMbaF8cf0VxHTSNQwBL5p2ARvRFrZ
-----END CERTIFICATE-----