Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/87f8dc-9fce-41ab-8e75-228e3ffa5ba9/1/tut7oaWJNrhx8vDfjnadysvruEE.roa
File:                     tut7oaWJNrhx8vDfjnadysvruEE.roa (raw, json)
Hash identifier:          oXhco3AY4UNPZerjwlU5WNQYyYnT8TDpF5tOGRePMaY=
Subject key identifier:   B6:EB:7B:A1:A5:89:36:B8:71:F2:F0:DF:8E:76:9D:CA:CB:EB:B8:41
Certificate issuer:       /CN=184177b76891013ba027b35e6edfc1e9f8295cec
Certificate serial:       019420D5AEC2AC4B96120D6D557558A22B08
Authority key identifier: 18:41:77:B7:68:91:01:3B:A0:27:B3:5E:6E:DF:C1:E9:F8:29:5C:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GEF3t2iRATugJ7Nebt_B6fgpXOw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/87f8dc-9fce-41ab-8e75-228e3ffa5ba9/1/tut7oaWJNrhx8vDfjnadysvruEE.roa
Signing time:             Wed 01 Jan 2025 07:47:42 +0000
ROA not before:           Wed 01 Jan 2025 07:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199612
IP address blocks:        91.223.43.0/24 maxlen: 24
                          2001:67c:16c4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/87f8dc-9fce-41ab-8e75-228e3ffa5ba9/1/GEF3t2iRATugJ7Nebt_B6fgpXOw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/87f8dc-9fce-41ab-8e75-228e3ffa5ba9/1/GEF3t2iRATugJ7Nebt_B6fgpXOw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GEF3t2iRATugJ7Nebt_B6fgpXOw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ae:c2:ac:4b:96:12:0d:6d:55:75:58:a2:2b:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=184177b76891013ba027b35e6edfc1e9f8295cec
        Validity
            Not Before: Jan  1 07:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6eb7ba1a58936b871f2f0df8e769dcacbebb841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:0f:62:50:d0:72:ef:b7:35:ce:b7:5e:99:54:
                    8d:7f:94:04:65:5d:c5:93:d4:4a:b4:bd:29:01:35:
                    a8:09:a4:97:2b:37:58:98:71:ea:8f:3b:a0:4d:14:
                    b0:01:62:78:68:18:dd:e6:fb:c3:00:59:49:bd:a4:
                    f9:e4:2f:47:b2:8e:06:a7:15:87:fd:d4:5f:6f:93:
                    d6:01:d6:8a:a7:99:e8:cd:78:0b:6d:ee:cc:c2:08:
                    60:57:bb:07:9b:11:89:cc:2e:65:c9:c2:79:e2:4f:
                    84:04:56:b4:8c:43:fa:e2:45:94:31:08:60:57:c0:
                    bf:88:ef:e5:7d:0c:f6:de:73:0a:d8:77:57:97:db:
                    4c:07:fb:f1:e7:bd:07:f6:0a:ef:71:e6:7a:f3:31:
                    c8:c9:2a:eb:4c:af:cb:6d:61:b9:35:68:18:4a:f3:
                    d2:2b:5d:31:b7:1a:a8:be:5b:de:d4:92:73:be:13:
                    1c:db:f1:3f:d3:78:96:b1:43:c7:47:d6:06:cb:4d:
                    f8:4c:d2:fa:58:e5:67:e0:57:3c:14:65:0f:fa:00:
                    dc:21:04:47:b2:35:0f:8d:4a:ed:42:e4:ba:7a:39:
                    e5:f1:90:dc:95:7f:a5:43:2f:cb:d5:3f:37:2e:af:
                    02:a5:76:3b:e7:90:6a:5e:f7:6a:58:d2:a6:c1:6a:
                    65:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:EB:7B:A1:A5:89:36:B8:71:F2:F0:DF:8E:76:9D:CA:CB:EB:B8:41
            X509v3 Authority Key Identifier:
                keyid:18:41:77:B7:68:91:01:3B:A0:27:B3:5E:6E:DF:C1:E9:F8:29:5C:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GEF3t2iRATugJ7Nebt_B6fgpXOw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/87f8dc-9fce-41ab-8e75-228e3ffa5ba9/1/tut7oaWJNrhx8vDfjnadysvruEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/87f8dc-9fce-41ab-8e75-228e3ffa5ba9/1/GEF3t2iRATugJ7Nebt_B6fgpXOw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.43.0/24
                IPv6:
                  2001:67c:16c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:60:39:44:22:e4:3c:e9:ee:05:e7:76:2f:87:a5:5d:79:f2:
         d0:23:15:57:19:66:2f:7c:d8:5f:bb:8f:98:c5:30:97:3a:83:
         12:1d:67:73:ea:db:81:54:39:9e:24:e7:79:53:3c:5f:df:94:
         65:3c:9c:ac:a6:ab:ff:86:68:2f:e1:0f:fd:81:f5:1c:69:65:
         6f:c5:69:77:ea:e2:70:ae:51:60:67:04:61:81:ea:9a:7b:50:
         f5:5c:84:a7:36:10:72:5e:c8:c7:9d:95:5e:2f:83:61:e2:89:
         24:95:5e:e9:e6:e4:36:26:3e:78:96:c0:5e:a4:f3:cb:fb:90:
         1f:86:26:c1:23:90:92:a7:97:e3:8e:7c:0c:25:13:ed:d5:30:
         f2:13:6a:e5:6b:e0:a5:d1:cd:28:96:02:bc:82:8a:21:a7:17:
         00:4c:d3:bb:38:f5:d3:d1:93:a1:58:d0:7c:25:ad:17:61:0c:
         ac:ff:e9:93:7d:99:e7:69:d3:4c:92:1c:01:41:60:92:57:b0:
         f6:8c:f8:d2:5f:e8:a8:f5:8b:3b:62:f5:37:6f:ba:75:a4:ef:
         18:37:0a:3c:d4:81:a9:c3:24:fd:83:d3:13:e6:43:e1:39:f1:
         6f:74:2a:d4:bd:52:c4:f2:50:d1:a9:03:6b:14:83:27:a8:a3:
         2f:a6:26:4f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQg1a7CrEuWEg1tVXVYoisIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4NDE3N2I3Njg5MTAxM2JhMDI3YjM1ZTZlZGZjMWU5Zjgy
OTVjZWMwHhcNMjUwMTAxMDc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmViN2JhMWE1ODkzNmI4NzFmMmYwZGY4ZTc2OWRjYWNiZWJiODQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzw9iUNBy77c1zrdemVSNf5QEZV3F
k9RKtL0pATWoCaSXKzdYmHHqjzugTRSwAWJ4aBjd5vvDAFlJvaT55C9Hso4GpxWH
/dRfb5PWAdaKp5nozXgLbe7MwghgV7sHmxGJzC5lycJ54k+EBFa0jEP64kWUMQhg
V8C/iO/lfQz23nMK2HdXl9tMB/vx570H9grvceZ68zHIySrrTK/LbWG5NWgYSvPS
K10xtxqovlve1JJzvhMc2/E/03iWsUPHR9YGy034TNL6WOVn4Fc8FGUP+gDcIQRH
sjUPjUrtQuS6ejnl8ZDclX+lQy/L1T83Lq8CpXY755BqXvdqWNKmwWpl4wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLbre6GliTa4cfLw3452ncrL67hBMB8GA1UdIwQY
MBaAFBhBd7dokQE7oCezXm7fwen4KVzsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0VGM3QyaVJBVHVnSjdOZWJ0X0I2ZmdwWE93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84N2Y4ZGMtOWZjZS00MWFiLThlNzUt
MjI4ZTNmZmE1YmE5LzEvdHV0N29hV0pOcmh4OHZEZmpuYWR5c3ZydUVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84N2Y4ZGMtOWZjZS00MWFiLThlNzUtMjI4ZTNmZmE1YmE5
LzEvR0VGM3QyaVJBVHVnSjdOZWJ0X0I2ZmdwWE93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW98rMA8E
AgACMAkDBwAgAQZ8FsQwDQYJKoZIhvcNAQELBQADggEBADpgOUQi5Dzp7gXndi+H
pV158tAjFVcZZi982F+7j5jFMJc6gxIdZ3Pq24FUOZ4k53lTPF/flGU8nKymq/+G
aC/hD/2B9RxpZW/FaXfq4nCuUWBnBGGB6pp7UPVchKc2EHJeyMedlV4vg2HiiSSV
Xunm5DYmPniWwF6k88v7kB+GJsEjkJKnl+OOfAwlE+3VMPITauVr4KXRzSiWAryC
iiGnFwBM07s49dPRk6FY0HwlrRdhDKz/6ZN9medp00ySHAFBYJJXsPaM+NJf6Kj1
izti9TdvunWk7xg3CjzUganDJP2D0xPmQ+E58W90KtS9UsTyUNGpA2sUgyeooy+m
Jk8=
-----END CERTIFICATE-----