Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/DtOZa_QnwbfCZcw6Ri25L5g5nKw.roa
File:                     DtOZa_QnwbfCZcw6Ri25L5g5nKw.roa (raw, json)
Hash identifier:          gPjF2bHK3b5JRNcNAuMcqGVmU2CAaScFraaS80Iy5UA=
Subject key identifier:   0E:D3:99:6B:F4:27:C1:B7:C2:65:CC:3A:46:2D:B9:2F:98:39:9C:AC
Certificate issuer:       /CN=63636c3bef55d12a64536b70130a74f53f44d6d0
Certificate serial:       019422FC1B524D41B8672CC12EBC6B159861
Authority key identifier: 63:63:6C:3B:EF:55:D1:2A:64:53:6B:70:13:0A:74:F5:3F:44:D6:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2NsO-9V0SpkU2twEwp09T9E1tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/DtOZa_QnwbfCZcw6Ri25L5g5nKw.roa
Signing time:             Wed 01 Jan 2025 17:48:54 +0000
ROA not before:           Wed 01 Jan 2025 17:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197946
IP address blocks:        91.208.163.0/24 maxlen: 24
                          185.105.237.0/24 maxlen: 24
                          185.231.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/Y2NsO-9V0SpkU2twEwp09T9E1tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/Y2NsO-9V0SpkU2twEwp09T9E1tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2NsO-9V0SpkU2twEwp09T9E1tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:1b:52:4d:41:b8:67:2c:c1:2e:bc:6b:15:98:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63636c3bef55d12a64536b70130a74f53f44d6d0
        Validity
            Not Before: Jan  1 17:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0ed3996bf427c1b7c265cc3a462db92f98399cac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:42:ed:2e:19:31:fe:1b:69:22:aa:28:86:fa:
                    f8:4a:e9:7b:dd:30:c4:54:7f:11:3d:e6:f3:ce:68:
                    34:da:81:10:16:66:aa:3e:74:fd:7d:bc:fc:71:13:
                    32:9e:4c:a6:3b:e5:5b:b2:e6:95:eb:50:dd:c3:16:
                    af:04:19:33:b1:ae:ce:cb:73:a7:e2:60:d7:9e:74:
                    05:ab:40:f8:aa:97:18:73:34:83:e6:3a:43:f4:84:
                    53:39:db:2a:7e:3d:71:cb:09:ed:cb:f4:c7:bc:a5:
                    73:c4:d5:83:42:bf:df:8d:89:7c:73:b2:cd:ee:50:
                    cf:32:b4:c2:17:39:7d:3c:f9:55:19:22:52:29:f3:
                    40:75:2b:ea:39:26:14:0c:a8:dd:be:90:b3:de:47:
                    20:80:ca:b3:f4:58:45:f9:83:84:06:59:ad:2d:0f:
                    2f:5f:71:ca:1c:c6:2c:26:d4:e7:a5:42:e6:f8:da:
                    f6:fd:fd:71:06:97:65:0a:a9:69:f6:90:36:44:3f:
                    a0:48:74:6d:07:ac:de:3a:eb:6b:41:3a:4c:9d:84:
                    03:c2:e3:24:d6:19:51:90:ed:8c:c4:29:58:ed:e8:
                    3c:b1:57:1a:f6:07:36:63:26:c2:1e:06:6e:a6:b5:
                    23:ff:f4:ce:3a:cb:d9:9e:4c:60:d3:9f:56:30:34:
                    7a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:D3:99:6B:F4:27:C1:B7:C2:65:CC:3A:46:2D:B9:2F:98:39:9C:AC
            X509v3 Authority Key Identifier:
                keyid:63:63:6C:3B:EF:55:D1:2A:64:53:6B:70:13:0A:74:F5:3F:44:D6:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2NsO-9V0SpkU2twEwp09T9E1tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/DtOZa_QnwbfCZcw6Ri25L5g5nKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/Y2NsO-9V0SpkU2twEwp09T9E1tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.163.0/24
                  185.105.237.0/24
                  185.231.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:04:2b:80:56:5f:3b:29:0c:ce:2c:18:93:27:ee:ee:e6:79:
         28:6e:cc:f0:9c:dc:98:09:09:21:fe:b6:8f:1c:80:d2:32:63:
         2d:1a:f1:6a:82:41:ab:2c:a6:8c:10:9d:a5:4c:91:61:65:61:
         e2:69:b2:da:c7:40:1a:01:d4:09:73:e1:aa:01:71:c5:52:29:
         a7:06:0b:a4:a5:ca:06:31:e9:20:00:05:98:92:54:da:60:5c:
         0c:67:79:b8:3f:42:c3:cc:de:56:36:d1:bf:91:24:4b:25:ef:
         29:ae:72:41:0c:ff:2e:f1:55:44:4d:f6:02:64:07:6c:a9:af:
         88:8e:6e:18:df:42:a2:ab:fe:fc:f8:05:38:e7:30:d9:10:72:
         92:16:23:e5:2c:fa:9a:77:d0:f6:fd:6a:00:f0:b4:bb:be:28:
         45:60:8c:be:05:fa:10:f6:53:22:fa:34:46:a3:1b:02:33:c7:
         ae:32:5d:67:12:43:ad:45:5a:53:70:02:85:28:c3:50:75:b7:
         13:05:be:e8:44:6b:5f:6f:60:8f:b4:64:30:95:e7:7f:af:f1:
         71:b5:1d:08:96:be:f0:e7:05:ca:fa:bd:59:51:78:da:12:1e:
         65:2b:c0:c1:da:ce:4f:7a:73:89:99:0c:2f:9f:aa:67:e6:72:
         d3:a2:5d:0b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQi/BtSTUG4ZyzBLrxrFZhhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjM2YzNiZWY1NWQxMmE2NDUzNmI3MDEzMGE3NGY1M2Y0
NGQ2ZDAwHhcNMjUwMTAxMTc0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWQzOTk2YmY0MjdjMWI3YzI2NWNjM2E0NjJkYjkyZjk4Mzk5Y2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuELtLhkx/htpIqoohvr4Sul73TDE
VH8RPebzzmg02oEQFmaqPnT9fbz8cRMynkymO+VbsuaV61DdwxavBBkzsa7Oy3On
4mDXnnQFq0D4qpcYczSD5jpD9IRTOdsqfj1xywnty/THvKVzxNWDQr/fjYl8c7LN
7lDPMrTCFzl9PPlVGSJSKfNAdSvqOSYUDKjdvpCz3kcggMqz9FhF+YOEBlmtLQ8v
X3HKHMYsJtTnpULm+Nr2/f1xBpdlCqlp9pA2RD+gSHRtB6zeOutrQTpMnYQDwuMk
1hlRkO2MxClY7eg8sVca9gc2YybCHgZuprUj//TOOsvZnkxg059WMDR68wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA7TmWv0J8G3wmXMOkYtuS+YOZysMB8GA1UdIwQY
MBaAFGNjbDvvVdEqZFNrcBMKdPU/RNbQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJOc08tOVYwU3BrVTJ0d0V3cDA5VDlFMXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hNTY0ZTktM2E0ZS00ZDRhLTgwN2Qt
NzA1NWMyZTA0NzZmLzEvRHRPWmFfUW53YmZDWmN3NlJpMjVMNWc1bkt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hNTY0ZTktM2E0ZS00ZDRhLTgwN2QtNzA1NWMyZTA0NzZm
LzEvWTJOc08tOVYwU3BrVTJ0d0V3cDA5VDlFMXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9CjAwQA
uWntAwQAuedyMA0GCSqGSIb3DQEBCwUAA4IBAQAiBCuAVl87KQzOLBiTJ+7u5nko
bszwnNyYCQkh/raPHIDSMmMtGvFqgkGrLKaMEJ2lTJFhZWHiabLax0AaAdQJc+Gq
AXHFUimnBgukpcoGMekgAAWYklTaYFwMZ3m4P0LDzN5WNtG/kSRLJe8prnJBDP8u
8VVETfYCZAdsqa+Ijm4Y30Kiq/78+AU45zDZEHKSFiPlLPqad9D2/WoA8LS7vihF
YIy+BfoQ9lMi+jRGoxsCM8euMl1nEkOtRVpTcAKFKMNQdbcTBb7oRGtfb2CPtGQw
led/r/FxtR0Ilr7w5wXK+r1ZUXjaEh5lK8DB2s5PenOJmQwvn6pn5nLTol0L
-----END CERTIFICATE-----