Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/IsxMtNlQJ4J5OkWPRRyBdod8aQg.roa
File:                     IsxMtNlQJ4J5OkWPRRyBdod8aQg.roa (raw, json)
Hash identifier:          G37zdezcJTNVKE89wqIfwLZT3BTcN0qsQ2l0rpiM6Xo=
Subject key identifier:   22:CC:4C:B4:D9:50:27:82:79:3A:45:8F:45:1C:81:76:87:7C:69:08
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0194221FCF0D5C627C4DF3C417C2433FE0E2
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/IsxMtNlQJ4J5OkWPRRyBdod8aQg.roa
Signing time:             Wed 01 Jan 2025 13:48:17 +0000
ROA not before:           Wed 01 Jan 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202984
IP address blocks:        91.203.232.0/23 maxlen: 23
                          91.238.98.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:cf:0d:5c:62:7c:4d:f3:c4:17:c2:43:3f:e0:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22cc4cb4d9502782793a458f451c8176877c6908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:a1:de:5c:1b:64:98:b3:90:6d:0e:96:fe:7a:
                    f4:2e:0f:7d:48:d2:cf:be:a4:1b:f7:0e:5f:b2:a8:
                    19:c0:26:6f:70:56:2d:a8:b6:98:0b:d7:ff:ba:2f:
                    68:c5:6b:8d:9f:b3:8f:96:e3:b2:c7:2d:41:97:f1:
                    ee:c7:e2:2d:a1:a1:11:b5:75:e9:a8:8d:74:0d:c1:
                    fa:fa:ee:45:67:0b:c9:1e:c8:64:74:4e:ac:a0:34:
                    4f:10:9c:58:d2:9c:64:4c:0a:88:18:8d:97:19:72:
                    c0:70:fa:cb:8d:bf:08:31:48:40:ea:c6:e7:45:ac:
                    be:17:84:fc:a2:6c:88:4a:d5:de:bd:36:18:ca:b1:
                    60:8e:66:52:be:5f:af:77:ee:d9:9c:e1:21:0b:08:
                    13:4c:7a:f0:6c:3b:0b:64:21:c0:34:f5:7a:c2:08:
                    85:21:24:94:d5:61:a7:37:e2:fd:b5:62:d3:8b:e7:
                    24:a4:f3:6d:ac:2c:fd:ac:f5:0f:78:b1:b0:cc:23:
                    1e:54:4c:e3:06:8c:d5:a2:20:08:8e:20:0d:32:db:
                    a9:7e:1d:30:47:b3:a0:da:c2:97:52:29:f8:a5:6a:
                    fe:6e:2f:eb:fd:c3:86:13:3d:0f:2f:de:a9:49:11:
                    6e:00:b1:14:ef:24:c7:1a:f9:3c:a5:5a:4f:f5:10:
                    45:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:CC:4C:B4:D9:50:27:82:79:3A:45:8F:45:1C:81:76:87:7C:69:08
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/IsxMtNlQJ4J5OkWPRRyBdod8aQg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.232.0/23
                  91.238.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         43:09:d6:6b:6f:47:ce:ce:f9:0a:33:37:1f:96:32:0c:7b:d5:
         ee:d6:3b:6e:76:7c:ee:a9:ba:d1:3f:d1:29:6f:80:9b:63:03:
         39:0c:57:5f:af:b1:dc:62:ff:14:db:99:6e:d9:20:bd:1a:f4:
         8f:62:80:53:26:6a:68:7c:48:e4:31:06:78:dc:bc:7d:03:81:
         df:f0:5c:95:a2:39:4c:ee:e2:c2:35:36:4e:c0:37:ad:da:b8:
         77:d0:01:e6:11:c7:4b:4d:ac:63:c3:4b:91:a9:68:f5:e3:35:
         85:88:91:bf:4c:6e:bc:ba:17:97:12:cd:f9:e7:a7:5d:95:39:
         dc:88:66:f5:d3:de:9f:89:be:be:c2:3a:7f:65:b6:a3:b5:33:
         10:a6:17:89:70:8e:77:11:4e:2b:14:e0:96:87:3c:b0:83:c8:
         0e:4f:02:9c:9b:39:75:e3:f9:30:4e:0e:14:1c:91:19:74:bd:
         b7:c2:6c:86:73:94:ec:97:77:1f:4e:c9:0f:cb:cf:7a:0a:29:
         3a:bf:85:e1:42:fb:77:65:99:ac:ab:aa:bb:25:ae:19:b5:d9:
         9c:25:5b:b5:7d:1a:0f:3c:5b:3d:ba:fe:82:df:dd:6c:92:7c:
         11:2e:b6:92:e2:18:14:ae:c6:00:62:2e:f7:0e:e0:96:e3:c2:
         31:45:f7:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH88NXGJ8TfPEF8JDP+DiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmNjNGNiNGQ5NTAyNzgyNzkzYTQ1OGY0NTFjODE3Njg3N2M2OTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqHeXBtkmLOQbQ6W/nr0Lg99SNLP
vqQb9w5fsqgZwCZvcFYtqLaYC9f/ui9oxWuNn7OPluOyxy1Bl/Hux+ItoaERtXXp
qI10DcH6+u5FZwvJHshkdE6soDRPEJxY0pxkTAqIGI2XGXLAcPrLjb8IMUhA6sbn
Ray+F4T8omyIStXevTYYyrFgjmZSvl+vd+7ZnOEhCwgTTHrwbDsLZCHANPV6wgiF
ISSU1WGnN+L9tWLTi+ckpPNtrCz9rPUPeLGwzCMeVEzjBozVoiAIjiANMtupfh0w
R7Og2sKXUin4pWr+bi/r/cOGEz0PL96pSRFuALEU7yTHGvk8pVpP9RBF9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCLMTLTZUCeCeTpFj0UcgXaHfGkIMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvSXN4TXRObFFKNEo1T2tXUFJSeUJkb2Q4YVFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8voAwQB
W+5iMA0GCSqGSIb3DQEBCwUAA4IBAQBDCdZrb0fOzvkKMzcfljIMe9Xu1jtudnzu
qbrRP9Epb4CbYwM5DFdfr7HcYv8U25lu2SC9GvSPYoBTJmpofEjkMQZ43Lx9A4Hf
8FyVojlM7uLCNTZOwDet2rh30AHmEcdLTaxjw0uRqWj14zWFiJG/TG68uheXEs35
56ddlTnciGb1096fib6+wjp/ZbajtTMQpheJcI53EU4rFOCWhzywg8gOTwKcmzl1
4/kwTg4UHJEZdL23wmyGc5Tsl3cfTskPy896Cik6v4XhQvt3ZZmsq6q7Ja4Ztdmc
JVu1fRoPPFs9uv6C391sknwRLraS4hgUrsYAYi73DuCW48IxRfd0
-----END CERTIFICATE-----