Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/25237e-ce6a-4302-b6a4-b5405834f0c5/1/DVOzFfjLRaTUZyMinPqbQ4S_9DE.roa
File:                     DVOzFfjLRaTUZyMinPqbQ4S_9DE.roa (raw, json)
Hash identifier:          W1flvtqrAEaVVbhIS1vtvgxbygP7i6aEq71rS+R0/KY=
Subject key identifier:   0D:53:B3:15:F8:CB:45:A4:D4:67:23:22:9C:FA:9B:43:84:BF:F4:31
Certificate issuer:       /CN=01c2863a6438b3402752a4740e90ce42eb589129
Certificate serial:       0194228DA652A9F67407D411D976EAF4A552
Authority key identifier: 01:C2:86:3A:64:38:B3:40:27:52:A4:74:0E:90:CE:42:EB:58:91:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AcKGOmQ4s0AnUqR0DpDOQutYkSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/25237e-ce6a-4302-b6a4-b5405834f0c5/1/DVOzFfjLRaTUZyMinPqbQ4S_9DE.roa
Signing time:             Wed 01 Jan 2025 15:48:16 +0000
ROA not before:           Wed 01 Jan 2025 15:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42910
IP address blocks:        91.209.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/25237e-ce6a-4302-b6a4-b5405834f0c5/1/AcKGOmQ4s0AnUqR0DpDOQutYkSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/25237e-ce6a-4302-b6a4-b5405834f0c5/1/AcKGOmQ4s0AnUqR0DpDOQutYkSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AcKGOmQ4s0AnUqR0DpDOQutYkSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:a6:52:a9:f6:74:07:d4:11:d9:76:ea:f4:a5:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01c2863a6438b3402752a4740e90ce42eb589129
        Validity
            Not Before: Jan  1 15:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d53b315f8cb45a4d46723229cfa9b4384bff431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:42:26:0f:ce:a3:fe:99:f0:f7:ac:a8:c0:92:
                    97:1f:7d:9d:4e:5f:00:59:80:03:7d:d4:52:75:ac:
                    d6:a5:66:ac:67:57:8e:f5:09:3b:53:bf:61:99:b0:
                    bb:78:15:e0:b8:b8:cc:3d:ea:ab:58:4e:39:b7:de:
                    b5:91:06:41:7a:27:1d:d9:2e:05:35:64:59:96:9e:
                    08:fe:2c:d7:a4:cf:68:ce:e1:d9:9c:f7:69:d9:4f:
                    af:47:98:90:50:27:c1:36:7f:64:c2:af:89:2f:61:
                    2d:d0:91:6a:39:15:f0:96:25:24:40:b2:3e:76:67:
                    21:8d:e7:0c:ad:1a:85:3a:da:fb:34:40:af:7b:21:
                    0c:fe:ec:4b:44:ff:6b:98:c1:72:e5:26:d4:e5:c3:
                    27:29:07:12:40:89:ee:5a:93:db:73:3d:0f:9c:12:
                    fd:3d:1a:a8:a5:a6:0d:ff:d0:b6:f4:3b:98:9c:9a:
                    5b:e7:08:58:4a:57:c0:db:22:11:0b:ac:25:23:a3:
                    56:7b:86:e8:f9:21:86:d1:12:ca:57:8f:2d:96:94:
                    17:0a:f6:7c:c4:e4:ef:79:17:77:ea:2f:a8:01:61:
                    b1:29:6a:57:1d:30:43:66:bb:40:27:86:b9:5e:9e:
                    c6:6f:c8:8e:10:42:d1:69:32:73:f7:db:8e:21:82:
                    32:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:53:B3:15:F8:CB:45:A4:D4:67:23:22:9C:FA:9B:43:84:BF:F4:31
            X509v3 Authority Key Identifier:
                keyid:01:C2:86:3A:64:38:B3:40:27:52:A4:74:0E:90:CE:42:EB:58:91:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AcKGOmQ4s0AnUqR0DpDOQutYkSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/25237e-ce6a-4302-b6a4-b5405834f0c5/1/DVOzFfjLRaTUZyMinPqbQ4S_9DE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/25237e-ce6a-4302-b6a4-b5405834f0c5/1/AcKGOmQ4s0AnUqR0DpDOQutYkSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:03:c2:66:cc:c9:3f:9c:cd:60:c2:44:5b:ac:29:20:f8:cf:
         06:e3:e4:5e:00:73:05:1b:6c:f8:b6:e6:6b:a3:8d:92:c9:5e:
         9a:75:0f:75:aa:7a:06:f6:4a:81:10:32:a5:93:78:ae:7e:55:
         43:05:33:ee:c7:2d:74:6e:a1:62:7c:08:9d:ad:6d:8e:af:a0:
         08:78:92:00:37:fb:0e:9c:aa:d4:93:5f:d3:54:4f:9e:13:86:
         70:dc:4a:f9:df:59:79:73:80:8e:a0:55:a9:03:f3:b5:61:96:
         54:27:2e:37:df:19:21:96:aa:da:3d:7f:03:8b:6a:04:91:95:
         b0:f5:1b:b2:ff:1f:4d:d1:80:88:e4:09:57:c3:a7:a5:ae:39:
         1b:5d:a7:b3:03:82:e2:8d:9a:9d:30:63:ed:2c:c4:ae:dd:90:
         7a:82:84:3c:c6:64:f8:ac:1a:dc:e4:3a:77:86:18:70:07:d8:
         12:55:36:64:37:44:98:57:7f:91:3e:84:62:16:b0:a8:1a:02:
         5a:8a:14:da:f1:4a:a3:62:d6:1e:96:d9:cf:ba:19:a5:8d:76:
         cf:b8:47:30:19:16:45:16:98:74:f5:cb:66:1c:57:2a:50:66:
         89:7e:fa:d3:d4:14:bd:c7:a8:44:ca:ac:fe:80:4c:bd:a8:41:
         d9:02:7d:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijaZSqfZ0B9QR2Xbq9KVSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxYzI4NjNhNjQzOGIzNDAyNzUyYTQ3NDBlOTBjZTQyZWI1
ODkxMjkwHhcNMjUwMTAxMTU0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDUzYjMxNWY4Y2I0NWE0ZDQ2NzIzMjI5Y2ZhOWI0Mzg0YmZmNDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0ImD86j/pnw96yowJKXH32dTl8A
WYADfdRSdazWpWasZ1eO9Qk7U79hmbC7eBXguLjMPeqrWE45t961kQZBeicd2S4F
NWRZlp4I/izXpM9ozuHZnPdp2U+vR5iQUCfBNn9kwq+JL2Et0JFqORXwliUkQLI+
dmchjecMrRqFOtr7NECveyEM/uxLRP9rmMFy5SbU5cMnKQcSQInuWpPbcz0PnBL9
PRqopaYN/9C29DuYnJpb5whYSlfA2yIRC6wlI6NWe4bo+SGG0RLKV48tlpQXCvZ8
xOTveRd36i+oAWGxKWpXHTBDZrtAJ4a5Xp7Gb8iOEELRaTJz99uOIYIyzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA1TsxX4y0Wk1GcjIpz6m0OEv/QxMB8GA1UdIwQY
MBaAFAHChjpkOLNAJ1KkdA6QzkLrWJEpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWNLR09tUTRzMEFuVXFSMERwRE9RdXRZa1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS8yNTIzN2UtY2U2YS00MzAyLWI2YTQt
YjU0MDU4MzRmMGM1LzEvRFZPekZmakxSYVRVWnlNaW5QcWJRNFNfOURFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS8yNTIzN2UtY2U2YS00MzAyLWI2YTQtYjU0MDU4MzRmMGM1
LzEvQWNLR09tUTRzMEFuVXFSMERwRE9RdXRZa1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GvMA0G
CSqGSIb3DQEBCwUAA4IBAQBxA8JmzMk/nM1gwkRbrCkg+M8G4+ReAHMFG2z4tuZr
o42SyV6adQ91qnoG9kqBEDKlk3iuflVDBTPuxy10bqFifAidrW2Or6AIeJIAN/sO
nKrUk1/TVE+eE4Zw3Er531l5c4COoFWpA/O1YZZUJy433xkhlqraPX8Di2oEkZWw
9Ruy/x9N0YCI5AlXw6elrjkbXaezA4LijZqdMGPtLMSu3ZB6goQ8xmT4rBrc5Dp3
hhhwB9gSVTZkN0SYV3+RPoRiFrCoGgJaihTa8UqjYtYeltnPuhmljXbPuEcwGRZF
Fph09ctmHFcqUGaJfvrT1BS9x6hEyqz+gEy9qEHZAn1G
-----END CERTIFICATE-----