Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/Ow9-1popY8awsgXf2GNA95SUDT0.roa
File:                     Ow9-1popY8awsgXf2GNA95SUDT0.roa (raw, json)
Hash identifier:          VV75kE6L9UJcAH7/vX99k0BbRR6uwoTqG3wp/AEMXlA=
Subject key identifier:   3B:0F:7E:D6:9A:29:63:C6:B0:B2:05:DF:D8:63:40:F7:94:94:0D:3D
Certificate issuer:       /CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
Certificate serial:       019425FDBBC0569019A73406862F163930C7
Authority key identifier: D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/Ow9-1popY8awsgXf2GNA95SUDT0.roa
Signing time:             Thu 02 Jan 2025 07:49:33 +0000
ROA not before:           Thu 02 Jan 2025 07:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        91.208.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:bb:c0:56:90:19:a7:34:06:86:2f:16:39:30:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6dbaa1b52f3a73289ff768acb7baa7f387f955f
        Validity
            Not Before: Jan  2 07:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b0f7ed69a2963c6b0b205dfd86340f794940d3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6a:52:3b:86:73:8d:7c:ba:37:39:af:93:ab:
                    b7:23:21:dc:1a:eb:c5:17:9a:5c:f3:b1:34:29:54:
                    2f:d3:24:35:6f:95:dd:fc:14:ad:90:38:bf:36:a2:
                    44:88:82:eb:c2:1c:b8:73:19:42:ff:7a:1c:7e:7e:
                    04:f1:70:64:9c:fd:57:5f:33:10:57:13:f1:2b:89:
                    e9:15:c9:f9:a2:79:6e:a0:ed:c6:f2:a2:48:9c:09:
                    23:f0:e2:28:99:0d:66:a4:38:d1:e1:ca:fb:ee:e1:
                    a4:ea:05:bb:83:94:a8:3e:37:f9:75:eb:5a:d8:63:
                    42:23:a1:46:c9:2d:53:7c:f6:eb:1c:85:27:2b:9e:
                    68:66:49:57:f8:f0:3b:60:51:9f:16:d9:c2:36:29:
                    76:cf:97:d2:43:f4:c3:04:0f:d4:a9:9e:b8:60:d0:
                    af:f2:08:43:ef:36:28:f4:48:91:52:71:53:33:68:
                    cb:e7:2c:aa:2e:d6:74:9e:a2:15:d5:23:77:55:cd:
                    39:04:45:fa:1f:05:23:58:86:39:8d:6f:82:76:58:
                    ef:81:67:09:dd:f7:9e:e2:ff:76:b7:46:25:36:ed:
                    d2:3b:14:7b:15:6f:3d:29:18:67:db:f4:71:b3:e3:
                    1b:44:bd:81:ab:44:d0:7e:c7:03:ec:d6:3f:a9:3b:
                    bc:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:0F:7E:D6:9A:29:63:C6:B0:B2:05:DF:D8:63:40:F7:94:94:0D:3D
            X509v3 Authority Key Identifier:
                keyid:D6:DB:AA:1B:52:F3:A7:32:89:FF:76:8A:CB:7B:AA:7F:38:7F:95:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/Ow9-1popY8awsgXf2GNA95SUDT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/b0b6e7-3e23-4426-8c84-fab83d403558/1/1tuqG1LzpzKJ_3aKy3uqfzh_lV8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:2a:76:5c:aa:99:8b:e8:e2:49:c7:f8:a6:5d:5f:5b:ab:8d:
         0f:9a:db:d3:aa:3a:e7:e9:cf:91:2f:1c:31:82:bd:e4:6b:55:
         e8:a0:4d:0e:21:1a:c8:33:40:8a:a5:ce:10:a3:94:b7:aa:e1:
         4a:6b:f7:83:e9:38:04:c0:41:c3:d1:be:0d:7c:d3:49:7b:01:
         49:20:39:46:d9:3c:12:91:c9:6f:6e:f5:58:35:f0:a3:e7:c7:
         c0:16:02:28:69:41:4d:a2:a4:a1:e9:1c:ec:40:7b:53:31:dd:
         5a:da:cc:39:35:41:15:bb:2d:10:aa:b6:90:ba:3a:20:76:4b:
         29:ba:6c:c8:46:65:ba:bb:40:8e:50:31:46:95:93:1e:5e:e8:
         60:42:1f:6b:4c:86:6a:08:58:c5:9c:99:09:2e:7e:bc:82:8d:
         01:2f:5a:29:62:89:4e:4c:ec:02:d3:bc:b8:e1:7a:aa:c8:9a:
         aa:11:7e:ca:69:d0:77:e9:a2:25:4c:10:08:52:1a:2e:cc:e9:
         83:69:fc:cf:3b:91:e6:00:a3:38:ed:ff:4c:69:f6:f9:a1:19:
         34:8b:5e:86:07:26:de:2d:51:af:88:19:c8:76:a8:6a:ae:7e:
         46:85:73:0a:8f:b0:5d:21:eb:a2:f5:ce:e2:16:92:79:68:fd:
         5a:19:be:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/bvAVpAZpzQGhi8WOTDHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZGJhYTFiNTJmM2E3MzI4OWZmNzY4YWNiN2JhYTdmMzg3
Zjk1NWYwHhcNMjUwMTAyMDc0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjBmN2VkNjlhMjk2M2M2YjBiMjA1ZGZkODYzNDBmNzk0OTQwZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02pSO4ZzjXy6Nzmvk6u3IyHcGuvF
F5pc87E0KVQv0yQ1b5Xd/BStkDi/NqJEiILrwhy4cxlC/3ocfn4E8XBknP1XXzMQ
VxPxK4npFcn5onluoO3G8qJInAkj8OIomQ1mpDjR4cr77uGk6gW7g5SoPjf5deta
2GNCI6FGyS1TfPbrHIUnK55oZklX+PA7YFGfFtnCNil2z5fSQ/TDBA/UqZ64YNCv
8ghD7zYo9EiRUnFTM2jL5yyqLtZ0nqIV1SN3Vc05BEX6HwUjWIY5jW+CdljvgWcJ
3fee4v92t0YlNu3SOxR7FW89KRhn2/Rxs+MbRL2Bq0TQfscD7NY/qTu8gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDsPftaaKWPGsLIF39hjQPeUlA09MB8GA1UdIwQY
MBaAFNbbqhtS86cyif92ist7qn84f5VfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXR1cUcxTHpwektKXzNhS3kzdXFmemhfbFY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9iMGI2ZTctM2UyMy00NDI2LThjODQt
ZmFiODNkNDAzNTU4LzEvT3c5LTFwb3BZOGF3c2dYZjJHTkE5NVNVRFQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9iMGI2ZTctM2UyMy00NDI2LThjODQtZmFiODNkNDAzNTU4
LzEvMXR1cUcxTHpwektKXzNhS3kzdXFmemhfbFY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AVMA0G
CSqGSIb3DQEBCwUAA4IBAQCUKnZcqpmL6OJJx/imXV9bq40PmtvTqjrn6c+RLxwx
gr3ka1XooE0OIRrIM0CKpc4Qo5S3quFKa/eD6TgEwEHD0b4NfNNJewFJIDlG2TwS
kclvbvVYNfCj58fAFgIoaUFNoqSh6RzsQHtTMd1a2sw5NUEVuy0QqraQujogdksp
umzIRmW6u0COUDFGlZMeXuhgQh9rTIZqCFjFnJkJLn68go0BL1opYolOTOwC07y4
4XqqyJqqEX7KadB36aIlTBAIUhouzOmDafzPO5HmAKM47f9Mafb5oRk0i16GBybe
LVGviBnIdqhqrn5GhXMKj7BdIeui9c7iFpJ5aP1aGb6g
-----END CERTIFICATE-----