Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/ewVsnSugCXk__789cz5d5ZAdZmc.roa
File:                     ewVsnSugCXk__789cz5d5ZAdZmc.roa (raw, json)
Hash identifier:          o+8XbQDDA3JQsPJjR3Lfqf5ZVHX07bm5R0GYVGvsC9M=
Subject key identifier:   7B:05:6C:9D:2B:A0:09:79:3F:FF:BF:3D:73:3E:5D:E5:90:1D:66:67
Certificate issuer:       /CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
Certificate serial:       0194B7C98C945B378C81CA5FCC3274F24107
Authority key identifier: 5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/ewVsnSugCXk__789cz5d5ZAdZmc.roa
Signing time:             Thu 30 Jan 2025 15:17:06 +0000
ROA not before:           Thu 30 Jan 2025 15:17:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42689
IP address blocks:        91.200.252.0/24 maxlen: 24
                          110.172.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b7:c9:8c:94:5b:37:8c:81:ca:5f:cc:32:74:f2:41:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd6f6d299bcdec73d13f2d842fc1df4bc1ee2d3
        Validity
            Not Before: Jan 30 15:17:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b056c9d2ba009793fffbf3d733e5de5901d6667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0b:f7:62:aa:8b:8f:85:46:e4:10:2f:9e:76:
                    55:18:5d:7a:07:d1:5e:bb:09:98:1b:4b:b0:7c:c3:
                    de:41:6f:a4:d1:20:70:01:93:31:21:d8:14:5b:1e:
                    c7:24:31:13:db:df:4b:61:db:09:ce:91:5f:b4:1d:
                    a7:85:2a:cb:25:37:45:74:c2:3c:2b:81:35:33:ac:
                    0b:5c:46:d2:b9:f3:82:c0:4c:2d:1f:f5:e9:cb:10:
                    4b:f5:76:a4:f5:48:2e:0a:bb:e0:78:d8:35:af:3d:
                    16:aa:a8:86:66:67:1f:33:ca:4b:8a:be:d3:9f:d5:
                    60:1d:e6:7e:43:c7:d9:64:f6:95:1e:9e:6a:2b:da:
                    93:9a:f8:5f:73:8d:1f:6e:1c:45:e1:a6:ac:73:b4:
                    a3:5a:0b:33:17:e6:e6:06:ac:22:60:3e:62:32:39:
                    e6:04:df:ff:c2:98:c1:1c:40:27:76:3d:aa:e2:55:
                    0f:06:bb:4d:9e:9e:d5:0d:51:13:00:50:de:5c:35:
                    f2:9f:4e:f9:34:7b:a2:cb:0b:de:9d:a0:1d:ba:48:
                    4b:18:86:cd:78:7c:02:ad:3a:5d:e6:af:a9:4c:49:
                    72:8f:16:a9:17:7e:0a:e0:0d:a6:9d:c5:5b:74:39:
                    f0:26:43:0d:89:a0:c3:42:30:b8:a5:c0:3d:9c:cc:
                    12:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:05:6C:9D:2B:A0:09:79:3F:FF:BF:3D:73:3E:5D:E5:90:1D:66:67
            X509v3 Authority Key Identifier:
                keyid:5D:D6:F6:D2:99:BC:DE:C7:3D:13:F2:D8:42:FC:1D:F4:BC:1E:E2:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xdb20pm83sc9E_LYQvwd9Lwe4tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/ewVsnSugCXk__789cz5d5ZAdZmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/a4b446-bb72-45be-bc46-51f5ff81c117/1/Xdb20pm83sc9E_LYQvwd9Lwe4tM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.252.0/24
                  110.172.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:1c:5b:95:37:a4:e0:0a:5d:79:53:ce:58:0b:dd:5c:21:24:
         96:07:73:c2:e9:b1:60:74:e0:03:b4:46:fa:c5:b3:c4:89:87:
         06:fd:c2:aa:9c:77:63:a1:fd:de:2b:2a:7d:51:90:00:bb:8d:
         f4:ab:42:60:f8:90:cf:b4:42:1f:5b:0a:07:dd:ff:d3:3d:d3:
         c8:c1:3c:83:e1:c8:b6:a0:de:8a:0d:53:9a:92:4a:e3:25:03:
         72:90:b1:cb:67:12:d5:82:c2:e1:f6:48:82:e8:90:2c:7f:7c:
         f7:59:58:31:fe:4e:69:34:b1:55:9f:fa:c2:62:50:1f:28:43:
         07:ca:84:ec:2e:d1:4b:3f:be:e6:e6:e0:c8:de:9f:6e:f8:61:
         b1:9c:fa:bc:12:41:69:39:ba:de:d5:07:38:55:07:59:72:13:
         1d:3c:1d:f4:87:6e:41:07:e2:e6:cd:8d:9c:45:47:a9:0b:8c:
         ff:86:cc:73:f2:af:e4:42:b0:c5:64:da:5e:16:8e:b3:95:7b:
         f3:6e:35:5a:09:89:ef:56:96:54:d3:5b:70:f8:0e:57:d6:45:
         e7:10:b1:72:18:59:84:72:49:f4:53:34:46:87:0c:af:fb:bb:
         91:85:b1:d7:0e:6c:4c:25:84:ff:2d:72:19:99:4d:dd:82:d8:
         e7:b3:7e:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZS3yYyUWzeMgcpfzDJ08kEHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDZmNmQyOTliY2RlYzczZDEzZjJkODQyZmMxZGY0YmMx
ZWUyZDMwHhcNMjUwMTMwMTUxNzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjA1NmM5ZDJiYTAwOTc5M2ZmZmJmM2Q3MzNlNWRlNTkwMWQ2NjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQv3YqqLj4VG5BAvnnZVGF16B9Fe
uwmYG0uwfMPeQW+k0SBwAZMxIdgUWx7HJDET299LYdsJzpFftB2nhSrLJTdFdMI8
K4E1M6wLXEbSufOCwEwtH/XpyxBL9Xak9UguCrvgeNg1rz0WqqiGZmcfM8pLir7T
n9VgHeZ+Q8fZZPaVHp5qK9qTmvhfc40fbhxF4aasc7SjWgszF+bmBqwiYD5iMjnm
BN//wpjBHEAndj2q4lUPBrtNnp7VDVETAFDeXDXyn075NHuiywvenaAdukhLGIbN
eHwCrTpd5q+pTElyjxapF34K4A2mncVbdDnwJkMNiaDDQjC4pcA9nMwSJwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHsFbJ0roAl5P/+/PXM+XeWQHWZnMB8GA1UdIwQY
MBaAFF3W9tKZvN7HPRPy2EL8HfS8HuLTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYt
NTFmNWZmODFjMTE3LzEvZXdWc25TdWdDWGtfXzc4OWN6NWQ1WkFkWm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9hNGI0NDYtYmI3Mi00NWJlLWJjNDYtNTFmNWZmODFjMTE3
LzEvWGRiMjBwbTgzc2M5RV9MWVF2d2Q5THdlNHRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8j8AwQA
bqy+MA0GCSqGSIb3DQEBCwUAA4IBAQBBHFuVN6TgCl15U85YC91cISSWB3PC6bFg
dOADtEb6xbPEiYcG/cKqnHdjof3eKyp9UZAAu430q0Jg+JDPtEIfWwoH3f/TPdPI
wTyD4ci2oN6KDVOakkrjJQNykLHLZxLVgsLh9kiC6JAsf3z3WVgx/k5pNLFVn/rC
YlAfKEMHyoTsLtFLP77m5uDI3p9u+GGxnPq8EkFpObre1Qc4VQdZchMdPB30h25B
B+LmzY2cRUepC4z/hsxz8q/kQrDFZNpeFo6zlXvzbjVaCYnvVpZU01tw+A5X1kXn
ELFyGFmEckn0UzRGhwyv+7uRhbHXDmxMJYT/LXIZmU3dgtjns35o
-----END CERTIFICATE-----