Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/Prl9jiIf5yTV5DsYzdlJSoaKLUM.roa
File:                     Prl9jiIf5yTV5DsYzdlJSoaKLUM.roa (raw, json)
Hash identifier:          Z5P6WiB+sh7qt8RUQthul2w53RzYUIGwq58APY2ZYXU=
Subject key identifier:   3E:B9:7D:8E:22:1F:E7:24:D5:E4:3B:18:CD:D9:49:4A:86:8A:2D:43
Certificate issuer:       /CN=aeaaee1f0923e14a2371f240540fdd21549b14a6
Certificate serial:       0194221FA03221FA06B1104948A6CB49CBDB
Authority key identifier: AE:AA:EE:1F:09:23:E1:4A:23:71:F2:40:54:0F:DD:21:54:9B:14:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rqruHwkj4UojcfJAVA_dIVSbFKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/Prl9jiIf5yTV5DsYzdlJSoaKLUM.roa
Signing time:             Wed 01 Jan 2025 13:48:05 +0000
ROA not before:           Wed 01 Jan 2025 13:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51573
IP address blocks:        91.217.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/rqruHwkj4UojcfJAVA_dIVSbFKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/rqruHwkj4UojcfJAVA_dIVSbFKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rqruHwkj4UojcfJAVA_dIVSbFKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a0:32:21:fa:06:b1:10:49:48:a6:cb:49:cb:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeaaee1f0923e14a2371f240540fdd21549b14a6
        Validity
            Not Before: Jan  1 13:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3eb97d8e221fe724d5e43b18cdd9494a868a2d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:44:93:80:b7:75:15:76:1c:0d:1a:31:07:d5:
                    08:52:d4:2d:0e:5e:a4:61:8b:8e:ba:1c:1f:09:c5:
                    94:a7:59:8d:a8:d6:51:9e:50:d7:e3:d1:43:40:5f:
                    a6:a1:aa:7f:55:d9:bd:6f:01:1f:c5:7d:03:4b:bb:
                    ad:18:37:8f:c8:d4:81:f3:0a:7d:85:34:40:b5:0b:
                    cb:bf:c5:6e:91:3a:9e:14:c1:be:f1:63:a0:ca:d5:
                    44:63:e5:2c:7f:7e:5e:b8:ff:0b:81:d2:79:fa:7c:
                    42:2f:12:3c:eb:62:b5:de:e4:91:25:5a:07:a6:74:
                    d3:06:16:4f:52:43:f7:11:d4:30:38:5f:be:bb:2a:
                    d7:82:da:ca:bb:81:5b:68:18:da:e1:4c:94:68:52:
                    88:ba:98:58:2c:5d:63:94:04:91:fd:c8:16:3a:aa:
                    d0:1e:f3:65:b7:ed:f4:a2:7b:0b:eb:87:91:1d:fc:
                    6c:e7:bb:c7:1a:7c:0f:ce:3f:00:1e:81:94:ed:c6:
                    5b:a1:0e:8e:ac:b4:45:8e:b2:a1:12:e1:24:6a:b5:
                    f9:63:c9:e3:12:8f:94:b6:b9:aa:bc:64:c8:be:75:
                    52:48:e3:ab:b9:fb:80:95:a0:ab:ef:96:23:53:6b:
                    7b:6f:6d:67:08:b3:97:33:6c:11:f7:ae:c1:d3:3f:
                    84:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:B9:7D:8E:22:1F:E7:24:D5:E4:3B:18:CD:D9:49:4A:86:8A:2D:43
            X509v3 Authority Key Identifier:
                keyid:AE:AA:EE:1F:09:23:E1:4A:23:71:F2:40:54:0F:DD:21:54:9B:14:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rqruHwkj4UojcfJAVA_dIVSbFKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/Prl9jiIf5yTV5DsYzdlJSoaKLUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/586ab9-1a81-4284-b4b2-cd8b0c4be215/1/rqruHwkj4UojcfJAVA_dIVSbFKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:14:c9:d1:03:49:58:75:0f:8a:5a:d4:19:85:ff:ee:85:a5:
         87:d9:ea:fb:bb:b1:87:8d:13:c0:93:d2:7a:fd:f3:5f:70:3f:
         3a:c6:ef:56:ec:9a:6c:29:18:c9:a6:77:17:34:6a:88:16:1d:
         58:29:83:b4:0e:0f:f1:69:21:6c:73:f8:74:a0:3d:8f:53:80:
         3a:b4:60:8c:3d:50:0e:2e:85:a8:41:b9:12:82:54:26:ec:88:
         27:90:d8:b5:82:55:a6:f9:9d:cb:17:ff:86:06:16:12:b9:36:
         c8:87:b4:7a:74:de:d3:ab:c9:ba:25:37:bd:5f:b9:8f:06:9c:
         03:7d:b1:66:dc:58:42:04:d2:03:28:01:d7:a2:d7:2e:51:8b:
         c8:2a:c9:b9:a0:ed:b0:0d:11:7b:c2:5e:b7:eb:e0:72:41:a8:
         ac:1c:81:c6:5e:b6:5a:b9:0c:f1:93:af:3b:7b:74:81:2a:7b:
         9f:cc:8f:a3:aa:94:4c:8a:aa:a7:55:2d:0a:1e:39:a3:d8:55:
         09:ce:b0:9f:e8:eb:d7:8a:0b:df:55:d1:ba:64:91:2e:2c:6a:
         90:4e:18:7a:2d:ca:bf:95:72:d9:c5:db:69:55:de:7f:56:aa:
         f8:90:62:ab:77:76:6e:ea:75:24:75:56:3b:f5:10:d5:0f:0d:
         0a:d4:00:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6AyIfoGsRBJSKbLScvbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYWFlZTFmMDkyM2UxNGEyMzcxZjI0MDU0MGZkZDIxNTQ5
YjE0YTYwHhcNMjUwMTAxMTM0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWI5N2Q4ZTIyMWZlNzI0ZDVlNDNiMThjZGQ5NDk0YTg2OGEyZDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0STgLd1FXYcDRoxB9UIUtQtDl6k
YYuOuhwfCcWUp1mNqNZRnlDX49FDQF+moap/Vdm9bwEfxX0DS7utGDePyNSB8wp9
hTRAtQvLv8VukTqeFMG+8WOgytVEY+Usf35euP8LgdJ5+nxCLxI862K13uSRJVoH
pnTTBhZPUkP3EdQwOF++uyrXgtrKu4FbaBja4UyUaFKIuphYLF1jlASR/cgWOqrQ
HvNlt+30onsL64eRHfxs57vHGnwPzj8AHoGU7cZboQ6OrLRFjrKhEuEkarX5Y8nj
Eo+UtrmqvGTIvnVSSOOrufuAlaCr75YjU2t7b21nCLOXM2wR967B0z+ErwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD65fY4iH+ck1eQ7GM3ZSUqGii1DMB8GA1UdIwQY
MBaAFK6q7h8JI+FKI3HyQFQP3SFUmxSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnFydUh3a2o0VW9qY2ZKQVZBX2RJVlNiRktZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81ODZhYjktMWE4MS00Mjg0LWI0YjIt
Y2Q4YjBjNGJlMjE1LzEvUHJsOWppSWY1eVRWNURzWXpkbEpTb2FLTFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81ODZhYjktMWE4MS00Mjg0LWI0YjItY2Q4YjBjNGJlMjE1
LzEvcnFydUh3a2o0VW9qY2ZKQVZBX2RJVlNiRktZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9n/MA0G
CSqGSIb3DQEBCwUAA4IBAQC5FMnRA0lYdQ+KWtQZhf/uhaWH2er7u7GHjRPAk9J6
/fNfcD86xu9W7JpsKRjJpncXNGqIFh1YKYO0Dg/xaSFsc/h0oD2PU4A6tGCMPVAO
LoWoQbkSglQm7IgnkNi1glWm+Z3LF/+GBhYSuTbIh7R6dN7Tq8m6JTe9X7mPBpwD
fbFm3FhCBNIDKAHXotcuUYvIKsm5oO2wDRF7wl636+ByQaisHIHGXrZauQzxk687
e3SBKnufzI+jqpRMiqqnVS0KHjmj2FUJzrCf6OvXigvfVdG6ZJEuLGqQThh6Lcq/
lXLZxdtpVd5/Vqr4kGKrd3Zu6nUkdVY79RDVDw0K1ABU
-----END CERTIFICATE-----