Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/cd231b-ff1e-4b93-a5b7-85d634c5bd50/1/TWeGvhRSmnN9ba3aLN_PX9mER2s.roa
File:                     TWeGvhRSmnN9ba3aLN_PX9mER2s.roa (raw, json)
Hash identifier:          6BkkLF5ZMW9w4BTie7IiuTOLhKMimv1AW7aDs2REbaI=
Subject key identifier:   4D:67:86:BE:14:52:9A:73:7D:6D:AD:DA:2C:DF:CF:5F:D9:84:47:6B
Certificate issuer:       /CN=d1c15f0aec0e336662de9f6371521ce25e8de10f
Certificate serial:       019423D6B1F6B6DE31A8831732109779461B
Authority key identifier: D1:C1:5F:0A:EC:0E:33:66:62:DE:9F:63:71:52:1C:E2:5E:8D:E1:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0cFfCuwOM2Zi3p9jcVIc4l6N4Q8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/cd231b-ff1e-4b93-a5b7-85d634c5bd50/1/TWeGvhRSmnN9ba3aLN_PX9mER2s.roa
Signing time:             Wed 01 Jan 2025 21:47:40 +0000
ROA not before:           Wed 01 Jan 2025 21:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199381
IP address blocks:        91.223.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/cd231b-ff1e-4b93-a5b7-85d634c5bd50/1/0cFfCuwOM2Zi3p9jcVIc4l6N4Q8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/cd231b-ff1e-4b93-a5b7-85d634c5bd50/1/0cFfCuwOM2Zi3p9jcVIc4l6N4Q8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0cFfCuwOM2Zi3p9jcVIc4l6N4Q8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 08:53:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:b1:f6:b6:de:31:a8:83:17:32:10:97:79:46:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1c15f0aec0e336662de9f6371521ce25e8de10f
        Validity
            Not Before: Jan  1 21:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d6786be14529a737d6dadda2cdfcf5fd984476b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2f:15:44:37:9d:73:7d:7e:cf:de:c7:8d:c3:
                    9d:50:79:a9:e3:d3:af:fb:9e:60:93:06:24:87:00:
                    a8:5d:b7:72:85:09:56:4b:66:d8:37:af:61:ea:df:
                    5e:0c:ba:a6:56:0e:91:8d:93:fa:4d:65:95:7c:79:
                    05:ef:7f:2e:57:0b:e4:98:1e:e3:66:55:92:0b:ce:
                    f1:6c:c8:a8:cf:b6:e1:3a:b9:57:27:74:74:c0:df:
                    fb:9f:d9:67:8c:79:86:e4:92:d7:c1:44:25:27:da:
                    16:76:34:4e:10:55:d7:f9:49:67:f5:d2:a8:26:2f:
                    e6:51:fa:ef:9d:a1:bf:92:d4:ec:0a:bb:08:79:c7:
                    2f:bc:40:fd:04:1e:c8:e8:19:b9:a9:8d:be:73:d4:
                    1f:6e:22:76:fa:ed:7f:07:be:e6:3e:d1:1f:58:95:
                    2b:34:a2:72:5b:f7:b6:74:84:7d:d5:96:3b:a4:f2:
                    be:49:05:45:8c:9a:cf:2b:94:35:6d:c9:56:30:95:
                    77:72:2b:19:48:54:29:d4:46:b1:17:a9:d7:92:47:
                    3f:e8:ee:13:d2:c1:95:d7:e6:61:ba:a9:1d:8e:cd:
                    81:e7:6b:38:d8:4a:cc:b7:f8:72:41:e6:22:18:e0:
                    0c:c8:ac:6a:ee:23:64:b9:60:90:22:68:06:39:26:
                    33:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:67:86:BE:14:52:9A:73:7D:6D:AD:DA:2C:DF:CF:5F:D9:84:47:6B
            X509v3 Authority Key Identifier:
                keyid:D1:C1:5F:0A:EC:0E:33:66:62:DE:9F:63:71:52:1C:E2:5E:8D:E1:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0cFfCuwOM2Zi3p9jcVIc4l6N4Q8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/cd231b-ff1e-4b93-a5b7-85d634c5bd50/1/TWeGvhRSmnN9ba3aLN_PX9mER2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/cd231b-ff1e-4b93-a5b7-85d634c5bd50/1/0cFfCuwOM2Zi3p9jcVIc4l6N4Q8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:0a:a5:7c:89:6b:9d:ca:e9:d7:b0:3e:ac:ea:0d:58:37:2e:
         54:4a:33:7b:27:97:a4:d7:b9:3b:2a:ad:c4:b5:9b:c9:3d:bd:
         48:76:54:15:b0:b3:a4:77:a9:24:1b:66:f4:73:7c:be:e4:1d:
         86:a9:f7:0b:4e:5e:e6:30:82:b7:e7:04:91:04:a9:b3:a9:b3:
         f9:00:5e:a5:b5:98:79:c8:fe:b6:56:5d:24:ba:31:ee:bf:3a:
         f2:ba:da:5c:1f:69:18:8f:29:67:7e:4a:9f:ba:28:55:0c:eb:
         c6:a2:00:5d:76:01:fd:c0:32:bf:50:34:2f:88:77:e5:03:66:
         bd:d5:3d:ad:4e:57:f5:2e:74:de:0b:ec:bc:70:7d:cf:d1:0d:
         3d:10:70:9a:90:13:c9:f6:e5:2a:00:6b:6f:c2:0a:d8:1f:31:
         69:51:67:2f:e7:a2:09:3e:88:29:e7:ff:b0:3c:89:1a:f7:59:
         78:d8:19:cd:7f:37:2d:a2:94:31:00:d4:90:51:ec:10:db:f6:
         34:9e:b0:45:c1:23:7f:37:a9:09:eb:7a:46:67:83:57:c7:5e:
         a3:a8:62:ef:22:65:8a:04:5a:f5:bc:e9:23:6c:55:b3:c7:29:
         6f:25:20:e8:0d:7f:08:d4:78:90:0b:3e:c4:e0:a8:4e:90:31:
         a3:c8:fd:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1rH2tt4xqIMXMhCXeUYbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYzE1ZjBhZWMwZTMzNjY2MmRlOWY2MzcxNTIxY2UyNWU4
ZGUxMGYwHhcNMjUwMTAxMjE0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDY3ODZiZTE0NTI5YTczN2Q2ZGFkZGEyY2RmY2Y1ZmQ5ODQ0NzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAry8VRDedc31+z97HjcOdUHmp49Ov
+55gkwYkhwCoXbdyhQlWS2bYN69h6t9eDLqmVg6RjZP6TWWVfHkF738uVwvkmB7j
ZlWSC87xbMioz7bhOrlXJ3R0wN/7n9lnjHmG5JLXwUQlJ9oWdjROEFXX+Uln9dKo
Ji/mUfrvnaG/ktTsCrsIeccvvED9BB7I6Bm5qY2+c9QfbiJ2+u1/B77mPtEfWJUr
NKJyW/e2dIR91ZY7pPK+SQVFjJrPK5Q1bclWMJV3cisZSFQp1EaxF6nXkkc/6O4T
0sGV1+Zhuqkdjs2B52s42ErMt/hyQeYiGOAMyKxq7iNkuWCQImgGOSYzGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE1nhr4UUppzfW2t2izfz1/ZhEdrMB8GA1UdIwQY
MBaAFNHBXwrsDjNmYt6fY3FSHOJejeEPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGNGZkN1d09NMlppM3A5amNWSWM0bDZONFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9jZDIzMWItZmYxZS00YjkzLWE1Yjct
ODVkNjM0YzViZDUwLzEvVFdlR3ZoUlNtbk45YmEzYUxOX1BYOW1FUjJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9jZDIzMWItZmYxZS00YjkzLWE1YjctODVkNjM0YzViZDUw
LzEvMGNGZkN1d09NMlppM3A5amNWSWM0bDZONFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW985MA0G
CSqGSIb3DQEBCwUAA4IBAQCECqV8iWudyunXsD6s6g1YNy5USjN7J5ek17k7Kq3E
tZvJPb1IdlQVsLOkd6kkG2b0c3y+5B2GqfcLTl7mMIK35wSRBKmzqbP5AF6ltZh5
yP62Vl0kujHuvzryutpcH2kYjylnfkqfuihVDOvGogBddgH9wDK/UDQviHflA2a9
1T2tTlf1LnTeC+y8cH3P0Q09EHCakBPJ9uUqAGtvwgrYHzFpUWcv56IJPogp5/+w
PIka91l42BnNfzctopQxANSQUewQ2/Y0nrBFwSN/N6kJ63pGZ4NXx16jqGLvImWK
BFr1vOkjbFWzxylvJSDoDX8I1HiQCz7E4KhOkDGjyP1a
-----END CERTIFICATE-----