Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/TOONOy5Q_RT0Xdkv1KFKuSIfrvU.roa
File:                     TOONOy5Q_RT0Xdkv1KFKuSIfrvU.roa (raw, json)
Hash identifier:          TXGZC4gRCS30Z/KLMEQnuIwYUvM4xeHM8tIdbYo8vlk=
Subject key identifier:   4C:E3:8D:3B:2E:50:FD:14:F4:5D:D9:2F:D4:A1:4A:B9:22:1F:AE:F5
Certificate issuer:       /CN=d1df4803e54b084a99cb7bb044bf791327594b73
Certificate serial:       01942521FFF3BAE0E0CBCC55D82D6BE56729
Authority key identifier: D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/TOONOy5Q_RT0Xdkv1KFKuSIfrvU.roa
Signing time:             Thu 02 Jan 2025 03:49:32 +0000
ROA not before:           Thu 02 Jan 2025 03:49:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48981
IP address blocks:        91.198.28.0/24 maxlen: 24
                          2a0f:5c40::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:ff:f3:ba:e0:e0:cb:cc:55:d8:2d:6b:e5:67:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1df4803e54b084a99cb7bb044bf791327594b73
        Validity
            Not Before: Jan  2 03:49:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ce38d3b2e50fd14f45dd92fd4a14ab9221faef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3f:7b:cd:b6:ff:73:79:27:6b:44:48:6d:2c:
                    1e:7b:56:3c:12:f4:05:c3:93:37:8b:bd:b8:fe:81:
                    89:f0:42:1f:1f:55:91:3b:9f:ea:b6:22:1a:d4:8f:
                    1e:0b:ba:6c:fc:dc:56:dd:8c:40:9e:30:59:23:09:
                    5b:f8:6c:ec:ea:8d:1b:cf:c1:0d:e0:85:73:17:35:
                    de:af:b1:5e:f2:16:f3:35:97:ba:d4:19:c6:60:3b:
                    03:4f:37:13:16:ae:9e:61:c2:80:32:e8:ee:74:26:
                    a5:5e:ce:db:90:fb:d3:0b:35:74:53:a1:f8:10:59:
                    57:9f:5d:67:eb:21:85:59:1e:d5:0a:09:92:23:e6:
                    fd:84:16:dc:f7:04:3d:9a:1b:db:e0:38:b1:1b:46:
                    aa:0e:90:78:79:8a:14:f7:a5:59:1a:79:7c:46:52:
                    12:9a:11:d3:c1:b9:32:42:33:22:91:31:c9:3a:28:
                    78:1e:43:52:5b:bd:b4:af:5a:51:5b:49:e3:88:1d:
                    e5:bc:31:e8:9b:f0:58:c2:41:85:aa:f8:60:16:30:
                    88:c0:57:de:ae:a8:6c:27:81:5f:b5:c4:b9:04:c8:
                    ff:ab:36:39:34:e5:33:8e:c9:e9:cc:4f:ce:7a:ea:
                    ba:da:83:10:78:26:2f:cf:d7:35:dc:2c:d2:c1:a4:
                    85:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:E3:8D:3B:2E:50:FD:14:F4:5D:D9:2F:D4:A1:4A:B9:22:1F:AE:F5
            X509v3 Authority Key Identifier:
                keyid:D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/TOONOy5Q_RT0Xdkv1KFKuSIfrvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.28.0/24
                IPv6:
                  2a0f:5c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:4c:4e:da:56:f8:39:f2:56:51:15:d5:f6:cf:48:2c:cc:25:
         e7:49:88:05:7e:ba:19:ec:2a:59:18:1a:9c:ca:eb:17:84:3e:
         92:47:ef:04:14:75:32:d5:90:a5:bc:75:9d:03:17:6f:10:ac:
         f4:ec:d3:95:18:eb:88:52:16:82:35:d2:dc:72:f0:b5:d4:86:
         68:f9:58:ce:4e:99:83:26:7b:09:0c:0e:a6:ff:42:5c:3e:9e:
         dc:44:ec:71:9a:97:c9:44:5a:d8:dd:42:47:87:1e:a4:b6:79:
         95:ce:f3:8c:f7:c0:23:2a:db:3b:79:63:57:da:e7:48:f6:76:
         5a:a6:d6:6a:6a:06:50:4e:30:90:1e:57:63:d5:35:4e:23:b3:
         7b:01:50:53:4e:63:25:70:0c:7c:42:c2:8f:2b:c8:7f:32:7c:
         63:21:06:a6:dd:27:a5:44:6e:e6:c7:e0:83:8c:8b:a6:63:cf:
         6f:97:c8:bf:22:99:4f:7d:33:d4:a4:48:a7:99:f2:b9:e3:22:
         9d:25:f0:53:91:73:34:e9:d5:a3:a6:19:84:dd:1b:0a:38:28:
         33:51:4d:9c:7a:e9:2c:39:fc:43:6b:80:ba:6d:53:09:4e:0f:
         b9:cd:e8:46:0e:7c:87:f4:4e:c1:22:09:ff:5a:02:75:58:57:
         41:f6:1b:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIf/zuuDgy8xV2C1r5WcpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGY0ODAzZTU0YjA4NGE5OWNiN2JiMDQ0YmY3OTEzMjc1
OTRiNzMwHhcNMjUwMTAyMDM0OTMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2UzOGQzYjJlNTBmZDE0ZjQ1ZGQ5MmZkNGExNGFiOTIyMWZhZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD97zbb/c3kna0RIbSwee1Y8EvQF
w5M3i724/oGJ8EIfH1WRO5/qtiIa1I8eC7ps/NxW3YxAnjBZIwlb+Gzs6o0bz8EN
4IVzFzXer7Fe8hbzNZe61BnGYDsDTzcTFq6eYcKAMujudCalXs7bkPvTCzV0U6H4
EFlXn11n6yGFWR7VCgmSI+b9hBbc9wQ9mhvb4DixG0aqDpB4eYoU96VZGnl8RlIS
mhHTwbkyQjMikTHJOih4HkNSW720r1pRW0njiB3lvDHom/BYwkGFqvhgFjCIwFfe
rqhsJ4FftcS5BMj/qzY5NOUzjsnpzE/Oeuq62oMQeCYvz9c13CzSwaSFBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEzjjTsuUP0U9F3ZL9ShSrkiH671MB8GA1UdIwQY
MBaAFNHfSAPlSwhKmct7sES/eRMnWUtzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5Nzct
NDhmNWU4NzY3ZDAyLzEvVE9PTk95NVFfUlQwWGRrdjFLRkt1U0lmcnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5NzctNDhmNWU4NzY3ZDAy
LzEvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8YcMA0E
AgACMAcDBQMqD1xAMA0GCSqGSIb3DQEBCwUAA4IBAQA/TE7aVvg58lZRFdX2z0gs
zCXnSYgFfroZ7CpZGBqcyusXhD6SR+8EFHUy1ZClvHWdAxdvEKz07NOVGOuIUhaC
NdLccvC11IZo+VjOTpmDJnsJDA6m/0JcPp7cROxxmpfJRFrY3UJHhx6ktnmVzvOM
98AjKts7eWNX2udI9nZaptZqagZQTjCQHldj1TVOI7N7AVBTTmMlcAx8QsKPK8h/
MnxjIQam3SelRG7mx+CDjIumY89vl8i/IplPfTPUpEinmfK54yKdJfBTkXM06dWj
phmE3RsKOCgzUU2ceuksOfxDa4C6bVMJTg+5zehGDnyH9E7BIgn/WgJ1WFdB9hu1
-----END CERTIFICATE-----