Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/R-CX4CB0hLo514CToPVhOwxreNk.roa
File:                     R-CX4CB0hLo514CToPVhOwxreNk.roa (raw, json)
Hash identifier:          uWvGHgIozdO3NKS0KfC+P7cEFWYQl8434I9zUzprdfA=
Subject key identifier:   47:E0:97:E0:20:74:84:BA:39:D7:80:93:A0:F5:61:3B:0C:6B:78:D9
Certificate issuer:       /CN=90f792ea8fff9040b2cd7f170736e42e7483a767
Certificate serial:       01942067FA19275AE984C657169B082998C1
Authority key identifier: 90:F7:92:EA:8F:FF:90:40:B2:CD:7F:17:07:36:E4:2E:74:83:A7:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPeS6o__kECyzX8XBzbkLnSDp2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/R-CX4CB0hLo514CToPVhOwxreNk.roa
Signing time:             Wed 01 Jan 2025 05:47:52 +0000
ROA not before:           Wed 01 Jan 2025 05:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51976
IP address blocks:        91.222.68.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/kPeS6o__kECyzX8XBzbkLnSDp2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/kPeS6o__kECyzX8XBzbkLnSDp2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPeS6o__kECyzX8XBzbkLnSDp2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:fa:19:27:5a:e9:84:c6:57:16:9b:08:29:98:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f792ea8fff9040b2cd7f170736e42e7483a767
        Validity
            Not Before: Jan  1 05:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47e097e0207484ba39d78093a0f5613b0c6b78d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:46:7e:9e:52:8d:d8:fd:e3:d0:d5:0e:db:18:
                    6c:de:e2:44:e8:c7:d3:99:3c:7e:25:86:c8:31:cc:
                    c7:15:ed:ce:57:e1:37:fe:0a:cf:a0:1a:06:ee:50:
                    03:72:e8:ef:06:e8:d1:16:ec:00:9b:33:c8:1b:15:
                    8f:09:3d:1b:04:72:65:fe:03:71:e4:82:15:81:10:
                    e1:51:b8:05:fa:b3:a1:e5:3d:1e:a7:62:da:42:2e:
                    19:91:f8:d2:09:65:c8:57:ef:e8:7d:3c:92:ba:2f:
                    17:2b:b3:02:21:32:de:42:22:d3:b7:5a:c5:ca:ac:
                    a8:a2:b9:66:14:73:73:0d:e8:8e:93:ea:d0:67:ab:
                    a4:43:9b:47:a8:55:c7:20:01:ba:fb:b2:d7:cc:f4:
                    38:eb:d0:6c:c7:ff:21:c4:fc:65:40:c6:52:b7:0f:
                    25:c8:fa:43:38:da:ba:d9:3e:2e:2c:a5:86:43:6b:
                    bd:66:85:57:da:ee:80:44:be:f7:eb:be:1e:87:e8:
                    b1:82:be:cf:f8:31:5b:96:00:d5:52:53:b8:4a:5a:
                    5d:7f:50:25:39:df:6f:51:ed:e7:84:c0:42:ce:2f:
                    4d:ad:22:57:fa:6a:60:ad:33:9f:17:11:c7:fa:6d:
                    ab:69:d4:ee:10:be:82:29:21:27:ab:5f:57:19:26:
                    f0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:E0:97:E0:20:74:84:BA:39:D7:80:93:A0:F5:61:3B:0C:6B:78:D9
            X509v3 Authority Key Identifier:
                keyid:90:F7:92:EA:8F:FF:90:40:B2:CD:7F:17:07:36:E4:2E:74:83:A7:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPeS6o__kECyzX8XBzbkLnSDp2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/R-CX4CB0hLo514CToPVhOwxreNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/kPeS6o__kECyzX8XBzbkLnSDp2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a9:7d:8a:62:ad:28:0b:2a:bb:f0:e4:26:38:bb:30:09:8e:25:
         e9:26:01:15:3c:f1:aa:82:34:d1:03:8f:e2:8f:4a:2b:d4:de:
         93:e1:40:0e:fe:62:a4:e7:1a:de:aa:1c:15:85:53:bc:4f:f1:
         2f:ed:fc:a7:87:11:76:55:93:d0:18:dc:de:f6:c9:e0:96:c9:
         7e:a7:ad:dd:9a:65:f1:81:1c:21:75:b4:3b:2d:f0:0d:03:fd:
         22:76:44:8f:1d:b6:d3:37:d4:d8:c1:74:87:24:ae:f8:70:b2:
         4d:ec:c9:53:6e:f7:4b:9a:3a:af:a1:36:24:65:f1:04:d6:db:
         0b:f7:14:6a:02:50:54:b6:0e:96:53:f6:ce:40:5c:a7:f4:c4:
         ce:c7:76:a6:a8:6b:71:e4:08:86:b6:8f:fd:16:99:a3:cb:85:
         c9:10:a3:f0:7c:7e:0e:87:f1:fc:b7:15:d4:8e:12:e8:6a:43:
         3a:4a:8a:fc:83:f9:03:f9:32:37:dd:d0:0e:d6:32:c6:bf:ab:
         21:49:a8:0c:33:69:6d:70:bf:57:a5:51:bd:51:fb:69:63:89:
         7e:69:a8:33:75:38:f4:19:a1:69:31:a3:bc:ee:a4:66:9c:1e:
         e0:88:dc:ea:2e:1c:c5:25:4e:c7:81:71:d4:30:5a:ac:92:e6:
         81:83:5c:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgZ/oZJ1rphMZXFpsIKZjBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjc5MmVhOGZmZjkwNDBiMmNkN2YxNzA3MzZlNDJlNzQ4
M2E3NjcwHhcNMjUwMTAxMDU0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2UwOTdlMDIwNzQ4NGJhMzlkNzgwOTNhMGY1NjEzYjBjNmI3OGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkZ+nlKN2P3j0NUO2xhs3uJE6MfT
mTx+JYbIMczHFe3OV+E3/grPoBoG7lADcujvBujRFuwAmzPIGxWPCT0bBHJl/gNx
5IIVgRDhUbgF+rOh5T0ep2LaQi4ZkfjSCWXIV+/ofTySui8XK7MCITLeQiLTt1rF
yqyoorlmFHNzDeiOk+rQZ6ukQ5tHqFXHIAG6+7LXzPQ469Bsx/8hxPxlQMZStw8l
yPpDONq62T4uLKWGQ2u9ZoVX2u6ARL73674eh+ixgr7P+DFblgDVUlO4Slpdf1Al
Od9vUe3nhMBCzi9NrSJX+mpgrTOfFxHH+m2radTuEL6CKSEnq19XGSbwGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEfgl+AgdIS6OdeAk6D1YTsMa3jZMB8GA1UdIwQY
MBaAFJD3kuqP/5BAss1/Fwc25C50g6dnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BlUzZvX19rRUN5elg4WEJ6YmtMblNEcDJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84NDUyYTgtYmFmZS00YTBmLThjNDQt
Y2I3NDBkYjA2YjI5LzEvUi1DWDRDQjBoTG81MTRDVG9QVmhPd3hyZU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84NDUyYTgtYmFmZS00YTBmLThjNDQtY2I3NDBkYjA2YjI5
LzEva1BlUzZvX19rRUN5elg4WEJ6YmtMblNEcDJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW95EMA0G
CSqGSIb3DQEBCwUAA4IBAQCpfYpirSgLKrvw5CY4uzAJjiXpJgEVPPGqgjTRA4/i
j0or1N6T4UAO/mKk5xreqhwVhVO8T/Ev7fynhxF2VZPQGNze9snglsl+p63dmmXx
gRwhdbQ7LfANA/0idkSPHbbTN9TYwXSHJK74cLJN7MlTbvdLmjqvoTYkZfEE1tsL
9xRqAlBUtg6WU/bOQFyn9MTOx3amqGtx5AiGto/9Fpmjy4XJEKPwfH4Oh/H8txXU
jhLoakM6Sor8g/kD+TI33dAO1jLGv6shSagMM2ltcL9XpVG9UftpY4l+aagzdTj0
GaFpMaO87qRmnB7giNzqLhzFJU7HgXHUMFqskuaBg1wL
-----END CERTIFICATE-----