Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/xTCv3RXSZS1iTavCUS9l9JR_D5E.roa
File:                     xTCv3RXSZS1iTavCUS9l9JR_D5E.roa (raw, json)
Hash identifier:          A3hLBLSXg8J7g4DoDdWC6smLJPKHGcfSEfHqAmRLjjg=
Subject key identifier:   C5:30:AF:DD:15:D2:65:2D:62:4D:AB:C2:51:2F:65:F4:94:7F:0F:91
Certificate issuer:       /CN=6f94587c1199a2c3df40197b19f3650c617de145
Certificate serial:       01961E02A5CCC75786C1A9BD1E377001B6E1
Authority key identifier: 6F:94:58:7C:11:99:A2:C3:DF:40:19:7B:19:F3:65:0C:61:7D:E1:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b5RYfBGZosPfQBl7GfNlDGF94UU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/xTCv3RXSZS1iTavCUS9l9JR_D5E.roa
Signing time:             Thu 10 Apr 2025 04:43:32 +0000
ROA not before:           Thu 10 Apr 2025 04:43:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198817
IP address blocks:        91.236.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/b5RYfBGZosPfQBl7GfNlDGF94UU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/b5RYfBGZosPfQBl7GfNlDGF94UU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b5RYfBGZosPfQBl7GfNlDGF94UU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1e:02:a5:cc:c7:57:86:c1:a9:bd:1e:37:70:01:b6:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f94587c1199a2c3df40197b19f3650c617de145
        Validity
            Not Before: Apr 10 04:43:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c530afdd15d2652d624dabc2512f65f4947f0f91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:17:79:d9:2a:f8:87:e6:f2:12:7f:90:50:75:
                    9f:25:aa:42:69:a3:eb:4b:2e:ee:4c:c7:b9:6e:3f:
                    bf:f8:82:5b:86:37:68:27:6b:b9:5a:71:9f:c3:87:
                    8b:81:b4:7e:71:83:d3:b8:a9:b1:c9:ef:92:e5:4b:
                    ea:fb:c6:be:ff:62:71:12:dd:16:7a:f7:3b:d6:7d:
                    a3:d9:4c:02:31:0a:16:07:88:5f:b1:19:e8:e9:c2:
                    7c:5e:bd:3e:5a:a9:61:7f:f2:37:eb:78:75:2a:4c:
                    b7:81:09:74:5e:e1:9b:b5:34:0d:78:77:91:aa:51:
                    b6:fd:47:5b:e5:69:19:64:9f:23:1e:6a:80:54:a4:
                    b0:3e:83:81:d0:9d:65:2f:e1:af:a4:78:c8:25:10:
                    bd:c3:ba:98:22:24:89:2b:ff:98:7d:09:94:be:72:
                    54:4a:13:29:dc:9f:48:0a:31:43:61:5d:87:c5:d1:
                    7d:d9:83:6e:39:a9:63:dc:b6:63:12:23:32:10:e1:
                    80:84:b1:ac:9a:9e:95:08:5f:57:fe:bc:28:3b:db:
                    a7:b5:47:bd:31:6f:17:ee:4f:ac:a3:16:3d:99:a9:
                    65:08:39:88:27:dc:f7:22:e7:74:95:b1:d7:8f:5c:
                    b4:68:1d:bb:3f:51:33:24:15:f9:d7:dd:8d:db:4f:
                    a4:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:30:AF:DD:15:D2:65:2D:62:4D:AB:C2:51:2F:65:F4:94:7F:0F:91
            X509v3 Authority Key Identifier:
                keyid:6F:94:58:7C:11:99:A2:C3:DF:40:19:7B:19:F3:65:0C:61:7D:E1:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5RYfBGZosPfQBl7GfNlDGF94UU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/xTCv3RXSZS1iTavCUS9l9JR_D5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/0c14db-8620-4996-afae-b9cf40094640/1/b5RYfBGZosPfQBl7GfNlDGF94UU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:7f:5b:a9:cb:44:c2:79:f8:a5:ed:af:39:0d:b1:07:16:fd:
         0a:8f:2b:51:64:1f:20:60:0e:53:b3:07:ff:f1:f3:3c:42:3e:
         49:9e:9d:88:90:40:7d:54:0d:52:cf:80:fa:22:e9:7e:6c:ab:
         ab:0f:9e:4f:c8:b7:46:e8:49:8c:80:a7:2c:91:68:bd:06:3b:
         81:0d:10:2c:25:be:c0:ce:30:36:3d:02:56:c2:00:8e:dd:f7:
         7e:a1:17:29:71:e2:40:91:99:9d:ca:ee:e9:7b:46:3b:35:b8:
         c6:64:e1:4b:0a:2d:ab:5e:27:e0:d9:43:76:58:63:9e:2f:76:
         e8:55:a2:7c:e1:27:46:9d:d9:2e:31:6d:1f:88:27:44:74:60:
         66:0f:47:03:bb:46:72:9d:5b:7e:ad:a5:17:f7:f3:6f:fb:88:
         1f:8e:3b:89:c7:da:68:b4:c2:17:6c:f8:99:75:70:96:1c:ae:
         8c:82:57:8d:d0:e7:e0:eb:11:91:35:56:ce:7a:a2:a5:79:08:
         81:9b:a1:f2:89:ff:f7:81:3d:86:24:0c:c8:f8:25:6d:76:14:
         29:95:51:81:65:84:08:c7:a6:d9:5c:28:46:5b:1b:68:50:a1:
         6b:34:44:a0:b3:af:12:f2:ac:c1:bc:db:e2:bf:08:a0:cc:73:
         28:df:bb:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYeAqXMx1eGwam9HjdwAbbhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmOTQ1ODdjMTE5OWEyYzNkZjQwMTk3YjE5ZjM2NTBjNjE3
ZGUxNDUwHhcNMjUwNDEwMDQ0MzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTMwYWZkZDE1ZDI2NTJkNjI0ZGFiYzI1MTJmNjVmNDk0N2YwZjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBd52Sr4h+byEn+QUHWfJapCaaPr
Sy7uTMe5bj+/+IJbhjdoJ2u5WnGfw4eLgbR+cYPTuKmxye+S5Uvq+8a+/2JxEt0W
evc71n2j2UwCMQoWB4hfsRno6cJ8Xr0+Wqlhf/I363h1Kky3gQl0XuGbtTQNeHeR
qlG2/Udb5WkZZJ8jHmqAVKSwPoOB0J1lL+GvpHjIJRC9w7qYIiSJK/+YfQmUvnJU
ShMp3J9ICjFDYV2HxdF92YNuOalj3LZjEiMyEOGAhLGsmp6VCF9X/rwoO9untUe9
MW8X7k+soxY9mallCDmIJ9z3Iud0lbHXj1y0aB27P1EzJBX5192N20+kHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMUwr90V0mUtYk2rwlEvZfSUfw+RMB8GA1UdIwQY
MBaAFG+UWHwRmaLD30AZexnzZQxhfeFFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjVSWWZCR1pvc1BmUUJsN0dmTmxER0Y5NFVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi8wYzE0ZGItODYyMC00OTk2LWFmYWUt
YjljZjQwMDk0NjQwLzEveFRDdjNSWFNaUzFpVGF2Q1VTOWw5SlJfRDVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi8wYzE0ZGItODYyMC00OTk2LWFmYWUtYjljZjQwMDk0NjQw
LzEvYjVSWWZCR1pvc1BmUUJsN0dmTmxER0Y5NFVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+zqMA0G
CSqGSIb3DQEBCwUAA4IBAQBDf1upy0TCefil7a85DbEHFv0KjytRZB8gYA5Tswf/
8fM8Qj5Jnp2IkEB9VA1Sz4D6Iul+bKurD55PyLdG6EmMgKcskWi9BjuBDRAsJb7A
zjA2PQJWwgCO3fd+oRcpceJAkZmdyu7pe0Y7NbjGZOFLCi2rXifg2UN2WGOeL3bo
VaJ84SdGndkuMW0fiCdEdGBmD0cDu0ZynVt+raUX9/Nv+4gfjjuJx9potMIXbPiZ
dXCWHK6MgleN0Ofg6xGRNVbOeqKleQiBm6Hyif/3gT2GJAzI+CVtdhQplVGBZYQI
x6bZXChGWxtoUKFrNESgs68S8qzBvNvivwigzHMo37tA
-----END CERTIFICATE-----