Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/lwAKLfcPZutkbCs3l1rr65okU8U.roa
File:                     lwAKLfcPZutkbCs3l1rr65okU8U.roa (raw, json)
Hash identifier:          wQe65FAh279EvNyxsiAbyzzON1scOJGqaft13LngWyI=
Subject key identifier:   97:00:0A:2D:F7:0F:66:EB:64:6C:2B:37:97:5A:EB:EB:9A:24:53:C5
Certificate issuer:       /CN=42dbcf9b8eb036043bb7f7b8d3386bce24d5dd6e
Certificate serial:       019423D6E6BC8B051AE469330B60EBD78DA0
Authority key identifier: 42:DB:CF:9B:8E:B0:36:04:3B:B7:F7:B8:D3:38:6B:CE:24:D5:DD:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QtvPm46wNgQ7t_e40zhrziTV3W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/lwAKLfcPZutkbCs3l1rr65okU8U.roa
Signing time:             Wed 01 Jan 2025 21:47:53 +0000
ROA not before:           Wed 01 Jan 2025 21:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212151
IP address blocks:        91.213.53.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/QtvPm46wNgQ7t_e40zhrziTV3W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/QtvPm46wNgQ7t_e40zhrziTV3W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QtvPm46wNgQ7t_e40zhrziTV3W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e6:bc:8b:05:1a:e4:69:33:0b:60:eb:d7:8d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42dbcf9b8eb036043bb7f7b8d3386bce24d5dd6e
        Validity
            Not Before: Jan  1 21:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97000a2df70f66eb646c2b37975aebeb9a2453c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:a2:ca:bb:27:39:92:05:9e:2f:d3:39:de:3c:
                    11:35:6d:6b:4c:c9:24:62:27:43:24:71:e3:39:13:
                    89:4b:7b:c2:02:6a:48:56:aa:0b:ce:40:16:92:3e:
                    25:67:ae:7c:39:b5:9b:08:08:4e:32:6a:00:3d:d5:
                    94:b5:ff:d4:a8:08:2c:f5:1d:76:16:43:55:42:68:
                    30:40:f7:d6:a6:ab:0f:ce:a4:88:d0:6e:f9:ef:75:
                    db:32:05:b4:e7:73:ff:de:1f:9d:52:16:7d:eb:b6:
                    0e:20:e9:e2:2c:45:1c:96:34:f5:b3:6a:c4:a0:7a:
                    77:6d:7d:4e:c5:19:43:96:87:cb:7c:9d:23:43:ed:
                    f7:79:00:48:cf:1a:bb:7d:a3:f1:3d:70:aa:7e:15:
                    74:d3:18:0f:cb:30:9e:f1:6f:32:c4:63:17:4e:1f:
                    c6:1a:83:5f:21:d8:93:b0:f7:f2:3b:6f:ba:dd:57:
                    a9:4b:08:d8:63:1a:1a:76:72:10:eb:9e:76:17:2f:
                    3c:f9:ca:a9:21:9a:86:fb:41:1e:62:e8:ac:ad:8e:
                    48:65:87:96:a5:11:d2:8e:55:bf:c6:7a:cb:cb:86:
                    34:f9:6b:16:1d:bd:76:35:48:e3:de:aa:7e:03:2a:
                    08:5c:81:dc:63:b7:6f:f0:18:f8:a4:1b:bc:91:4b:
                    7c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:00:0A:2D:F7:0F:66:EB:64:6C:2B:37:97:5A:EB:EB:9A:24:53:C5
            X509v3 Authority Key Identifier:
                keyid:42:DB:CF:9B:8E:B0:36:04:3B:B7:F7:B8:D3:38:6B:CE:24:D5:DD:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QtvPm46wNgQ7t_e40zhrziTV3W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/lwAKLfcPZutkbCs3l1rr65okU8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/QtvPm46wNgQ7t_e40zhrziTV3W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:fd:42:d1:f5:4b:d8:d4:81:e3:b3:a2:ff:73:12:5d:54:84:
         48:f5:43:61:35:2c:4a:6b:5f:99:19:32:67:a7:b8:87:35:f7:
         10:b0:05:81:93:bb:7a:b0:3c:28:97:a7:88:a4:80:a9:0e:83:
         50:1e:0e:1b:85:39:69:f5:5c:fe:0a:74:fc:85:92:88:81:b9:
         89:bf:eb:5f:2f:86:58:ab:b7:8f:6e:35:db:71:95:f3:87:6e:
         d2:02:6e:1b:ef:00:59:f4:98:9d:eb:a0:e8:59:6a:62:a9:6f:
         de:17:87:de:b4:86:ea:ae:63:54:ed:89:54:a6:cf:36:db:3e:
         40:6a:2e:58:2a:c2:77:32:cf:8a:9e:6c:3f:ff:da:91:db:ee:
         5d:5b:44:cc:7c:b5:bf:67:36:46:21:0e:cd:1d:d8:dc:47:6f:
         c3:8d:86:e7:d2:64:37:ad:92:4a:5f:ef:13:e5:31:8f:29:95:
         0a:11:4c:f8:1b:97:a4:31:52:ea:e8:53:d1:79:df:11:69:36:
         06:e0:30:e0:0a:0e:eb:96:d3:29:71:67:ce:40:84:31:2f:16:
         77:fd:a6:63:ee:6a:e7:8b:dc:c9:e8:f6:20:c6:62:f5:77:97:
         b7:eb:81:2d:ce:bf:53:36:cf:e5:dc:a4:2a:5f:86:35:55:86:
         c3:bd:ed:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1ua8iwUa5GkzC2Dr142gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZGJjZjliOGViMDM2MDQzYmI3ZjdiOGQzMzg2YmNlMjRk
NWRkNmUwHhcNMjUwMTAxMjE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzAwMGEyZGY3MGY2NmViNjQ2YzJiMzc5NzVhZWJlYjlhMjQ1M2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqKLKuyc5kgWeL9M53jwRNW1rTMkk
YidDJHHjOROJS3vCAmpIVqoLzkAWkj4lZ658ObWbCAhOMmoAPdWUtf/UqAgs9R12
FkNVQmgwQPfWpqsPzqSI0G7573XbMgW053P/3h+dUhZ967YOIOniLEUcljT1s2rE
oHp3bX1OxRlDlofLfJ0jQ+33eQBIzxq7faPxPXCqfhV00xgPyzCe8W8yxGMXTh/G
GoNfIdiTsPfyO2+63VepSwjYYxoadnIQ6552Fy88+cqpIZqG+0EeYuisrY5IZYeW
pRHSjlW/xnrLy4Y0+WsWHb12NUjj3qp+AyoIXIHcY7dv8Bj4pBu8kUt8MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJcACi33D2brZGwrN5da6+uaJFPFMB8GA1UdIwQY
MBaAFELbz5uOsDYEO7f3uNM4a84k1d1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXR2UG00NndOZ1E3dF9lNDB6aHJ6aVRWM1c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84MDg0MWEtODhhZS00YjBlLThlMjUt
NDhhZTcwMTYxZTc5LzEvbHdBS0xmY1BadXRrYkNzM2wxcnI2NW9rVThVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84MDg0MWEtODhhZS00YjBlLThlMjUtNDhhZTcwMTYxZTc5
LzEvUXR2UG00NndOZ1E3dF9lNDB6aHJ6aVRWM1c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9U1MA0G
CSqGSIb3DQEBCwUAA4IBAQB5/ULR9UvY1IHjs6L/cxJdVIRI9UNhNSxKa1+ZGTJn
p7iHNfcQsAWBk7t6sDwol6eIpICpDoNQHg4bhTlp9Vz+CnT8hZKIgbmJv+tfL4ZY
q7ePbjXbcZXzh27SAm4b7wBZ9Jid66DoWWpiqW/eF4fetIbqrmNU7YlUps822z5A
ai5YKsJ3Ms+Knmw//9qR2+5dW0TMfLW/ZzZGIQ7NHdjcR2/DjYbn0mQ3rZJKX+8T
5TGPKZUKEUz4G5ekMVLq6FPRed8RaTYG4DDgCg7rltMpcWfOQIQxLxZ3/aZj7mrn
i9zJ6PYgxmL1d5e364Etzr9TNs/l3KQqX4Y1VYbDve11
-----END CERTIFICATE-----