Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/a29c9a-ca4d-4000-8ff3-d9a104404aaf/1/rAptMRvSUdwv73c1hrV9bfbr3Yk.roa
File:                     rAptMRvSUdwv73c1hrV9bfbr3Yk.roa (raw, json)
Hash identifier:          M82hA2K7N0hc5dPJhXNevznbaSP5bAh4nu7+zgBVgYI=
Subject key identifier:   AC:0A:6D:31:1B:D2:51:DC:2F:EF:77:35:86:B5:7D:6D:F6:EB:DD:89
Certificate issuer:       /CN=9760fd5864826805cf3655eeeb2fb898f36d9821
Certificate serial:       019420683F8A43DA20186F8DBEF541F1F9E9
Authority key identifier: 97:60:FD:58:64:82:68:05:CF:36:55:EE:EB:2F:B8:98:F3:6D:98:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l2D9WGSCaAXPNlXu6y-4mPNtmCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/a29c9a-ca4d-4000-8ff3-d9a104404aaf/1/rAptMRvSUdwv73c1hrV9bfbr3Yk.roa
Signing time:             Wed 01 Jan 2025 05:48:10 +0000
ROA not before:           Wed 01 Jan 2025 05:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51835
IP address blocks:        91.194.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/a29c9a-ca4d-4000-8ff3-d9a104404aaf/1/l2D9WGSCaAXPNlXu6y-4mPNtmCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/a29c9a-ca4d-4000-8ff3-d9a104404aaf/1/l2D9WGSCaAXPNlXu6y-4mPNtmCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l2D9WGSCaAXPNlXu6y-4mPNtmCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 12:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:3f:8a:43:da:20:18:6f:8d:be:f5:41:f1:f9:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9760fd5864826805cf3655eeeb2fb898f36d9821
        Validity
            Not Before: Jan  1 05:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac0a6d311bd251dc2fef773586b57d6df6ebdd89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:34:67:19:c8:6c:d6:ba:0c:a8:79:46:f9:eb:
                    42:87:6a:b5:7a:40:36:7e:b2:d5:f4:b2:71:da:8d:
                    d6:c6:97:c5:45:5f:fb:c4:87:b2:f3:64:0c:a5:21:
                    82:bb:09:5b:68:2c:42:49:23:46:13:f7:7d:8a:53:
                    da:22:21:fe:19:83:5d:f7:f0:76:8f:c1:4d:43:c6:
                    e5:1d:cd:b4:cc:2e:7b:34:b8:81:8a:39:b1:26:b0:
                    36:11:1e:58:0b:00:fd:a3:8c:8a:77:b3:65:db:38:
                    66:56:bf:52:8c:dd:a7:80:b5:91:94:04:b7:18:cf:
                    6d:db:9d:d3:61:ed:e7:66:4b:02:db:da:c8:13:72:
                    a8:c8:99:6d:69:e0:d4:ac:5d:ec:4c:1c:a9:bd:c4:
                    3e:ba:5f:59:ce:c2:e6:62:5b:7d:d1:d6:dc:0e:07:
                    db:ba:23:7e:e1:54:96:09:62:5e:0b:e2:4e:c3:7d:
                    02:49:68:67:04:45:93:32:15:0c:23:37:22:87:50:
                    53:53:21:17:8c:03:9e:1e:57:a2:40:fc:dd:46:0e:
                    2d:6e:7b:89:b8:f8:4c:31:43:fa:2c:b5:38:4f:d6:
                    cd:fc:c2:9c:a5:da:59:26:de:5f:a4:8b:95:bf:c2:
                    98:f5:67:ae:0f:34:a7:4d:66:23:91:b8:41:f5:36:
                    de:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:0A:6D:31:1B:D2:51:DC:2F:EF:77:35:86:B5:7D:6D:F6:EB:DD:89
            X509v3 Authority Key Identifier:
                keyid:97:60:FD:58:64:82:68:05:CF:36:55:EE:EB:2F:B8:98:F3:6D:98:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l2D9WGSCaAXPNlXu6y-4mPNtmCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/a29c9a-ca4d-4000-8ff3-d9a104404aaf/1/rAptMRvSUdwv73c1hrV9bfbr3Yk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/a29c9a-ca4d-4000-8ff3-d9a104404aaf/1/l2D9WGSCaAXPNlXu6y-4mPNtmCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:f2:b8:e9:f2:fd:16:14:23:48:d9:0e:f4:a5:40:e5:2a:73:
         53:1a:16:bb:2b:6d:03:9c:63:3e:21:ba:d9:fc:c1:7a:d0:79:
         bb:e1:77:59:a7:56:15:1f:c5:7d:e1:47:34:6a:53:b6:63:16:
         30:3f:37:93:61:be:2a:3c:2e:92:ed:9e:2b:51:80:d8:cb:a4:
         cc:ea:84:72:d4:c8:48:21:e3:01:1e:53:98:18:1a:ec:1a:e1:
         8d:2a:db:9c:f9:d7:8e:21:3b:a1:3f:c8:6f:67:0d:c7:ed:ec:
         84:f9:31:52:61:ef:6f:52:fd:43:39:c6:61:c2:c1:9c:d5:96:
         f0:7b:1a:b8:75:e0:9e:a5:0c:9e:6e:0e:a0:56:ca:c6:16:30:
         36:60:4d:35:f6:65:99:1c:ea:c1:2d:af:02:6c:0e:e9:9c:5c:
         72:63:80:4b:35:4c:30:66:8b:07:44:fa:b2:c4:fa:8f:ae:69:
         e4:c8:89:24:6b:3e:76:41:0b:7a:33:6e:9a:f2:c1:a9:3a:dd:
         bf:75:6c:a1:3d:ef:83:9f:54:7e:7c:61:95:11:04:dd:20:de:
         64:ff:08:1b:75:3d:d0:2d:55:f0:3c:d5:d2:c5:e1:0c:44:ef:
         b4:89:62:30:a9:83:89:98:56:61:c5:ad:00:b7:6f:f2:91:8e:
         e5:dc:c6:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaD+KQ9ogGG+NvvVB8fnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NjBmZDU4NjQ4MjY4MDVjZjM2NTVlZWViMmZiODk4ZjM2
ZDk4MjEwHhcNMjUwMTAxMDU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzBhNmQzMTFiZDI1MWRjMmZlZjc3MzU4NmI1N2Q2ZGY2ZWJkZDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxDRnGchs1roMqHlG+etCh2q1ekA2
frLV9LJx2o3WxpfFRV/7xIey82QMpSGCuwlbaCxCSSNGE/d9ilPaIiH+GYNd9/B2
j8FNQ8blHc20zC57NLiBijmxJrA2ER5YCwD9o4yKd7Nl2zhmVr9SjN2ngLWRlAS3
GM9t253TYe3nZksC29rIE3KoyJltaeDUrF3sTBypvcQ+ul9ZzsLmYlt90dbcDgfb
uiN+4VSWCWJeC+JOw30CSWhnBEWTMhUMIzcih1BTUyEXjAOeHleiQPzdRg4tbnuJ
uPhMMUP6LLU4T9bN/MKcpdpZJt5fpIuVv8KY9WeuDzSnTWYjkbhB9Tbe1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwKbTEb0lHcL+93NYa1fW32692JMB8GA1UdIwQY
MBaAFJdg/VhkgmgFzzZV7usvuJjzbZghMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDJEOVdHU0NhQVhQTmxYdTZ5LTRtUE50bUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9hMjljOWEtY2E0ZC00MDAwLThmZjMt
ZDlhMTA0NDA0YWFmLzEvckFwdE1SdlNVZHd2NzNjMWhyVjliZmJyM1lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9hMjljOWEtY2E0ZC00MDAwLThmZjMtZDlhMTA0NDA0YWFm
LzEvbDJEOVdHU0NhQVhQTmxYdTZ5LTRtUE50bUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8IfMA0G
CSqGSIb3DQEBCwUAA4IBAQA48rjp8v0WFCNI2Q70pUDlKnNTGha7K20DnGM+IbrZ
/MF60Hm74XdZp1YVH8V94Uc0alO2YxYwPzeTYb4qPC6S7Z4rUYDYy6TM6oRy1MhI
IeMBHlOYGBrsGuGNKtuc+deOITuhP8hvZw3H7eyE+TFSYe9vUv1DOcZhwsGc1Zbw
exq4deCepQyebg6gVsrGFjA2YE019mWZHOrBLa8CbA7pnFxyY4BLNUwwZosHRPqy
xPqPrmnkyIkkaz52QQt6M26a8sGpOt2/dWyhPe+Dn1R+fGGVEQTdIN5k/wgbdT3Q
LVXwPNXSxeEMRO+0iWIwqYOJmFZhxa0At2/ykY7l3MZR
-----END CERTIFICATE-----