Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/XfuXo6o_rAvS3auaRDpRyYbh-Ho.roa
File:                     XfuXo6o_rAvS3auaRDpRyYbh-Ho.roa (raw, json)
Hash identifier:          UXkgT+p8/Vdf5Yzbn+kQFWB0bdLGQBqp49YReLFZmdw=
Subject key identifier:   5D:FB:97:A3:AA:3F:AC:0B:D2:DD:AB:9A:44:3A:51:C9:86:E1:F8:7A
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0194221FD07F20D49F6E7AAF829A9E45A7F0
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/XfuXo6o_rAvS3auaRDpRyYbh-Ho.roa
Signing time:             Wed 01 Jan 2025 13:48:17 +0000
ROA not before:           Wed 01 Jan 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212496
IP address blocks:        91.240.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d0:7f:20:d4:9f:6e:7a:af:82:9a:9e:45:a7:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5dfb97a3aa3fac0bd2ddab9a443a51c986e1f87a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:2c:9f:3c:96:e9:4d:b5:2b:86:bc:1a:30:c8:
                    e4:e5:0a:0a:7e:57:97:56:77:73:e0:90:9e:90:07:
                    9c:15:e0:73:9c:a3:9e:02:ed:26:06:b9:7a:a0:07:
                    ad:c2:c7:a5:92:ea:0c:86:95:6a:67:b8:a9:b8:75:
                    7d:40:28:80:bc:84:74:54:fb:c9:54:82:4f:97:d6:
                    7e:34:6e:bb:5b:e3:4f:c8:66:f6:11:73:7e:0f:10:
                    ec:87:ad:2c:cc:74:d6:2a:29:c7:a6:94:70:5f:51:
                    33:7a:7f:4a:6d:91:2b:3d:7f:73:94:34:dc:3c:1c:
                    da:e7:db:c4:8a:33:ce:9e:70:cf:b1:0c:41:1b:e2:
                    75:26:12:3e:8c:a5:12:6d:18:87:05:fc:6d:07:90:
                    19:a8:3b:fa:7d:cd:94:94:4f:2a:c9:02:36:27:ec:
                    6a:57:f9:25:9b:4b:79:e5:a4:0b:b5:14:17:b4:fd:
                    64:2b:c0:89:cf:54:65:55:39:55:27:00:ee:10:a7:
                    8c:cd:a6:dd:38:9c:4c:3e:47:13:13:58:79:c8:b1:
                    4b:fa:1a:90:1f:0c:95:ae:0b:bd:3c:b6:19:cf:f0:
                    05:67:22:3c:b1:54:15:29:c5:12:ea:f5:4e:df:21:
                    44:3e:4f:6d:ff:7b:60:9d:6b:a0:d2:65:b6:dc:2f:
                    73:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:FB:97:A3:AA:3F:AC:0B:D2:DD:AB:9A:44:3A:51:C9:86:E1:F8:7A
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/XfuXo6o_rAvS3auaRDpRyYbh-Ho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:a2:e8:42:35:4a:ca:04:e6:7a:bf:00:ca:ed:08:e2:89:80:
         f0:78:4d:d0:c3:95:1e:b4:8b:04:6f:d6:12:57:06:8a:4e:f8:
         4b:59:17:9b:48:a3:de:a7:19:cb:bc:59:02:0f:8d:f9:41:1a:
         fe:a2:ed:eb:23:a7:59:ce:05:f7:50:e0:0a:cd:37:e7:ce:2f:
         25:5a:e9:3e:87:74:ac:f5:5b:21:b1:83:ec:0a:0a:ed:53:0a:
         58:c9:cc:3e:6f:fe:63:af:0a:51:8c:ec:88:5f:4d:8c:ac:e7:
         7c:02:02:49:9e:b9:45:f4:3c:ad:0f:51:df:e4:55:47:9c:82:
         6f:f0:cc:b0:f1:ed:2d:26:40:0e:6a:d7:de:27:59:e2:66:5e:
         ba:b8:e8:00:e6:9c:85:ad:ba:f6:61:59:c0:6d:6e:67:f1:3a:
         76:06:ed:ea:5e:67:a7:9f:e3:0a:48:75:bc:d8:d7:87:e0:98:
         00:b4:28:12:7a:4f:f3:92:7e:36:d1:ec:ee:d4:22:a8:49:71:
         95:2d:de:67:38:48:3e:42:de:c9:3d:10:6d:07:32:5a:89:14:
         22:cb:33:f8:82:80:40:45:12:89:27:7a:35:d0:66:7e:ea:cd:
         fe:a7:ec:37:53:ee:fd:25:72:fd:20:e1:36:14:46:3a:e9:11:
         c7:eb:aa:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9B/INSfbnqvgpqeRafwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGZiOTdhM2FhM2ZhYzBiZDJkZGFiOWE0NDNhNTFjOTg2ZTFmODdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCyfPJbpTbUrhrwaMMjk5QoKfleX
Vndz4JCekAecFeBznKOeAu0mBrl6oAetwselkuoMhpVqZ7ipuHV9QCiAvIR0VPvJ
VIJPl9Z+NG67W+NPyGb2EXN+DxDsh60szHTWKinHppRwX1Ezen9KbZErPX9zlDTc
PBza59vEijPOnnDPsQxBG+J1JhI+jKUSbRiHBfxtB5AZqDv6fc2UlE8qyQI2J+xq
V/klm0t55aQLtRQXtP1kK8CJz1RlVTlVJwDuEKeMzabdOJxMPkcTE1h5yLFL+hqQ
HwyVrgu9PLYZz/AFZyI8sVQVKcUS6vVO3yFEPk9t/3tgnWug0mW23C9zqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF37l6OqP6wL0t2rmkQ6UcmG4fh6MB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvWGZ1WG82b19yQXZTM2F1YVJEcFJ5WWJoLUhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/DzMA0G
CSqGSIb3DQEBCwUAA4IBAQCSouhCNUrKBOZ6vwDK7QjiiYDweE3Qw5UetIsEb9YS
VwaKTvhLWRebSKPepxnLvFkCD435QRr+ou3rI6dZzgX3UOAKzTfnzi8lWuk+h3Ss
9VshsYPsCgrtUwpYycw+b/5jrwpRjOyIX02MrOd8AgJJnrlF9DytD1Hf5FVHnIJv
8Myw8e0tJkAOatfeJ1niZl66uOgA5pyFrbr2YVnAbW5n8Tp2Bu3qXmenn+MKSHW8
2NeH4JgAtCgSek/zkn420ezu1CKoSXGVLd5nOEg+Qt7JPRBtBzJaiRQiyzP4goBA
RRKJJ3o10GZ+6s3+p+w3U+79JXL9IOE2FEY66RHH66o0
-----END CERTIFICATE-----