Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/1_nKEKtn-rDapvV_FkI8ith69-A.roa
File:                     1_nKEKtn-rDapvV_FkI8ith69-A.roa (raw, json)
Hash identifier:          HYbESAe393AiWHvbrJ4k/KX49GqaEptIBwkG+L+SrsI=
Subject key identifier:   D7:F9:CA:10:AB:67:FA:B0:DA:A6:F5:7F:16:42:3C:8A:D8:7A:F7:E0
Certificate issuer:       /CN=339e0f5e654393ceda22db44978f273e789e2341
Certificate serial:       01942823C106DB492E20B586BCD186E84BB3
Authority key identifier: 33:9E:0F:5E:65:43:93:CE:DA:22:DB:44:97:8F:27:3E:78:9E:23:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M54PXmVDk87aIttEl48nPnieI0E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/1_nKEKtn-rDapvV_FkI8ith69-A.roa
Signing time:             Thu 02 Jan 2025 17:50:19 +0000
ROA not before:           Thu 02 Jan 2025 17:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48019
IP address blocks:        91.207.66.0/23 maxlen: 23
                          194.105.136.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/M54PXmVDk87aIttEl48nPnieI0E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/M54PXmVDk87aIttEl48nPnieI0E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M54PXmVDk87aIttEl48nPnieI0E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:c1:06:db:49:2e:20:b5:86:bc:d1:86:e8:4b:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=339e0f5e654393ceda22db44978f273e789e2341
        Validity
            Not Before: Jan  2 17:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7f9ca10ab67fab0daa6f57f16423c8ad87af7e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c5:77:d8:e3:52:99:25:85:f5:3f:77:17:73:
                    52:74:ce:fa:b0:33:ab:3e:23:b0:03:76:dd:44:21:
                    0a:47:74:58:85:2e:ae:61:13:5d:d5:87:3d:a3:5d:
                    92:c3:b2:fd:a4:ff:28:c8:d8:eb:c9:08:79:0f:c8:
                    ed:55:b6:ac:0b:33:01:42:df:49:8f:5e:70:8d:25:
                    31:a5:50:c9:64:7d:fa:f6:77:0b:d9:ce:31:34:36:
                    08:1b:d9:c3:b2:2a:83:da:83:10:a5:9f:cf:f6:a3:
                    82:35:67:70:e3:ae:4c:e2:fd:9a:4e:b7:8c:8f:81:
                    88:6e:2a:6b:b3:7f:ec:6e:46:a2:48:4f:cd:e7:13:
                    73:c5:6f:0f:62:1a:ba:50:7b:bc:c0:59:30:ff:31:
                    a7:c9:96:58:af:4e:d7:f2:db:04:34:23:40:49:81:
                    82:99:cd:57:e7:b2:b4:f9:61:0a:29:15:54:ad:0c:
                    46:5b:38:89:60:6d:cb:75:23:6d:11:9c:66:b4:1f:
                    cc:a7:e3:c1:33:58:63:80:fe:2c:3d:92:c6:f2:e0:
                    50:16:76:7a:ee:f0:b4:45:a0:eb:95:32:93:c3:dc:
                    a5:d2:2f:96:0f:66:61:5c:79:3a:91:3d:f4:b3:76:
                    b3:cf:6f:10:2a:b6:c6:87:13:79:fc:50:fc:de:3f:
                    eb:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:F9:CA:10:AB:67:FA:B0:DA:A6:F5:7F:16:42:3C:8A:D8:7A:F7:E0
            X509v3 Authority Key Identifier:
                keyid:33:9E:0F:5E:65:43:93:CE:DA:22:DB:44:97:8F:27:3E:78:9E:23:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M54PXmVDk87aIttEl48nPnieI0E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/1_nKEKtn-rDapvV_FkI8ith69-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/36b098-e9ac-4910-a6f5-8e5d9eefaf91/1/M54PXmVDk87aIttEl48nPnieI0E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.66.0/23
                  194.105.136.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0c:6c:65:46:ac:3d:96:a4:cf:bf:0b:9a:91:23:8f:e6:d9:46:
         9a:31:b9:ba:30:0e:e9:34:7c:03:b3:2f:f3:20:a6:fd:b4:0d:
         26:48:79:40:92:43:89:b1:20:4f:64:79:f4:cb:74:a6:a5:51:
         67:21:c7:be:3a:2a:a2:15:c6:fa:68:45:e3:a2:9f:b8:6a:12:
         6a:fb:5b:ff:a1:1a:d3:25:24:6e:b6:bf:ee:87:e2:b1:60:22:
         2a:6a:76:7e:7d:00:fb:a5:4b:6a:89:61:48:cd:de:97:d2:8e:
         80:34:f6:71:e8:8a:70:24:5a:49:2e:39:51:71:04:24:e2:6a:
         6f:0d:33:b4:dc:f7:bc:2f:58:0f:19:0d:93:2e:74:61:51:38:
         8f:db:30:76:8e:b8:b9:2b:b1:28:ce:6b:34:03:9e:18:2f:6e:
         49:ad:4a:95:86:1d:af:8b:d3:93:a1:83:09:6a:c5:53:6c:33:
         f5:3a:e2:b1:fa:06:a2:16:01:2c:af:d1:7d:49:17:69:15:a6:
         af:de:df:14:ed:5f:2f:93:51:cb:18:2a:ca:9e:96:7e:5f:38:
         e1:58:a6:82:c9:e2:09:d3:85:09:fa:1e:81:55:25:b9:4d:9c:
         04:f8:97:95:62:05:b9:b0:22:c8:2e:22:44:55:34:25:b9:f6:
         5d:a8:87:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoI8EG20kuILWGvNGG6EuzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOWUwZjVlNjU0MzkzY2VkYTIyZGI0NDk3OGYyNzNlNzg5
ZTIzNDEwHhcNMjUwMTAyMTc1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2Y5Y2ExMGFiNjdmYWIwZGFhNmY1N2YxNjQyM2M4YWQ4N2FmN2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscV32ONSmSWF9T93F3NSdM76sDOr
PiOwA3bdRCEKR3RYhS6uYRNd1Yc9o12Sw7L9pP8oyNjryQh5D8jtVbasCzMBQt9J
j15wjSUxpVDJZH369ncL2c4xNDYIG9nDsiqD2oMQpZ/P9qOCNWdw465M4v2aTreM
j4GIbiprs3/sbkaiSE/N5xNzxW8PYhq6UHu8wFkw/zGnyZZYr07X8tsENCNASYGC
mc1X57K0+WEKKRVUrQxGWziJYG3LdSNtEZxmtB/Mp+PBM1hjgP4sPZLG8uBQFnZ6
7vC0RaDrlTKTw9yl0i+WD2ZhXHk6kT30s3azz28QKrbGhxN5/FD83j/rZQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNf5yhCrZ/qw2qb1fxZCPIrYevfgMB8GA1UdIwQY
MBaAFDOeD15lQ5PO2iLbRJePJz54niNBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTU0UFhtVkRrODdhSXR0RWw0OG5QbmllSTBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8zNmIwOTgtZTlhYy00OTEwLWE2ZjUt
OGU1ZDllZWZhZjkxLzEvMV9uS0VLdG4tckRhcHZWX0ZrSThpdGg2OS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8zNmIwOTgtZTlhYy00OTEwLWE2ZjUtOGU1ZDllZWZhZjkx
LzEvTTU0UFhtVkRrODdhSXR0RWw0OG5QbmllSTBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW89CAwQB
wmmIMA0GCSqGSIb3DQEBCwUAA4IBAQAMbGVGrD2WpM+/C5qRI4/m2UaaMbm6MA7p
NHwDsy/zIKb9tA0mSHlAkkOJsSBPZHn0y3SmpVFnIce+OiqiFcb6aEXjop+4ahJq
+1v/oRrTJSRutr/uh+KxYCIqanZ+fQD7pUtqiWFIzd6X0o6ANPZx6IpwJFpJLjlR
cQQk4mpvDTO03Pe8L1gPGQ2TLnRhUTiP2zB2jri5K7Eozms0A54YL25JrUqVhh2v
i9OToYMJasVTbDP1OuKx+gaiFgEsr9F9SRdpFaav3t8U7V8vk1HLGCrKnpZ+Xzjh
WKaCyeIJ04UJ+h6BVSW5TZwE+JeVYgW5sCLILiJEVTQlufZdqIdH
-----END CERTIFICATE-----