Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/KV3y67WzUL1dd636tV-tGwBKS6Y.roa
File:                     KV3y67WzUL1dd636tV-tGwBKS6Y.roa (raw, json)
Hash identifier:          BJK7UzSsG4bIRgy/oUjNbXPmO5iJK9tZClLQ8IpL8JQ=
Subject key identifier:   29:5D:F2:EB:B5:B3:50:BD:5D:77:AD:FA:B5:5F:AD:1B:00:4A:4B:A6
Certificate issuer:       /CN=780de16eee947b0a8c75714fc5da6a0259ca1b90
Certificate serial:       019421B244CE33AF39B7AB56871C2D131D0B
Authority key identifier: 78:0D:E1:6E:EE:94:7B:0A:8C:75:71:4F:C5:DA:6A:02:59:CA:1B:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eA3hbu6UewqMdXFPxdpqAlnKG5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/KV3y67WzUL1dd636tV-tGwBKS6Y.roa
Signing time:             Wed 01 Jan 2025 11:48:38 +0000
ROA not before:           Wed 01 Jan 2025 11:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8455
IP address blocks:        91.208.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/eA3hbu6UewqMdXFPxdpqAlnKG5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/eA3hbu6UewqMdXFPxdpqAlnKG5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eA3hbu6UewqMdXFPxdpqAlnKG5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:44:ce:33:af:39:b7:ab:56:87:1c:2d:13:1d:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=780de16eee947b0a8c75714fc5da6a0259ca1b90
        Validity
            Not Before: Jan  1 11:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=295df2ebb5b350bd5d77adfab55fad1b004a4ba6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:28:1b:bb:c5:bc:9f:74:e0:be:ab:ac:45:bd:
                    8a:ad:ac:db:4b:20:04:4c:0a:a5:27:11:b4:0c:01:
                    b9:69:e8:21:b6:28:61:40:8f:a5:31:06:ec:c6:67:
                    15:9c:25:4b:55:03:c1:68:3d:c9:60:9f:14:4e:1b:
                    61:31:11:69:53:ef:77:29:90:c1:f3:25:57:b4:58:
                    ca:c6:d1:f2:0f:20:4e:a8:b9:32:07:11:7a:2b:73:
                    c5:27:96:9c:d1:41:36:2c:e5:f8:de:4f:6f:79:66:
                    03:ee:31:91:f5:32:3e:76:55:9f:ee:41:8e:ec:77:
                    29:65:8a:1d:38:6c:f4:e6:57:1c:8e:68:21:d9:27:
                    c0:6f:6c:c2:5f:ef:c0:bd:2e:9b:bb:34:4d:c4:0a:
                    29:74:d0:f6:97:4e:a6:64:76:63:ee:fb:3a:cf:ea:
                    bf:19:d6:cb:54:89:7c:5d:89:7c:9f:a6:7e:6d:ee:
                    d7:5a:3c:ca:b9:96:ff:8a:6f:0b:13:b5:03:12:c2:
                    39:53:64:b4:37:b8:fd:51:be:11:fc:42:c2:82:ea:
                    1e:c7:f1:25:a4:d8:3e:03:44:f3:e1:55:5b:3b:48:
                    03:51:84:ff:52:c6:7e:ba:9d:b5:e7:94:09:5e:68:
                    d1:d6:02:89:99:c5:c3:4b:d1:1f:1b:a9:df:1a:45:
                    a9:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:5D:F2:EB:B5:B3:50:BD:5D:77:AD:FA:B5:5F:AD:1B:00:4A:4B:A6
            X509v3 Authority Key Identifier:
                keyid:78:0D:E1:6E:EE:94:7B:0A:8C:75:71:4F:C5:DA:6A:02:59:CA:1B:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eA3hbu6UewqMdXFPxdpqAlnKG5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/KV3y67WzUL1dd636tV-tGwBKS6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/107195-cc51-471b-8da2-e005543f0374/1/eA3hbu6UewqMdXFPxdpqAlnKG5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:d1:ef:3d:e7:4b:36:41:08:3f:50:21:79:5f:2e:41:ff:bb:
         c9:70:8d:98:91:cb:9b:a5:0d:23:f0:b5:8d:1e:af:f4:b5:50:
         f5:b2:a4:9f:80:4e:75:2a:79:c2:bb:a0:f2:82:a6:1b:f3:34:
         86:9c:ec:ae:91:35:f5:4a:10:09:42:b0:50:06:88:74:78:ce:
         ec:30:0a:58:f0:fa:dd:aa:f7:b6:3a:1d:d7:7b:ea:34:68:14:
         3a:40:b8:bc:aa:0e:33:b3:8f:05:bf:cb:77:e5:f1:5f:20:95:
         fa:0a:96:bf:7a:fd:e5:11:07:09:f1:d0:80:1a:22:16:ba:26:
         80:7e:b6:bf:98:8c:e1:ae:a9:8f:d9:02:fe:48:96:a8:6a:a3:
         c6:3a:07:88:1a:51:4d:e4:2c:3a:70:17:d6:dd:44:05:2d:0d:
         ac:f3:86:8d:4e:72:e5:ca:94:6b:9f:88:a5:36:43:bc:ca:76:
         53:fd:ea:5c:ab:f2:93:60:bf:1f:d2:38:83:e4:a0:5d:2f:64:
         87:91:e7:8f:e0:07:19:f6:73:c0:24:4f:0a:22:06:4f:a3:93:
         8b:39:f4:78:4a:91:09:e0:ae:14:1e:76:0d:07:77:b7:69:ca:
         0e:c1:9a:27:12:30:10:b6:c5:a5:07:74:71:dc:a4:83:13:bb:
         b5:40:25:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskTOM685t6tWhxwtEx0LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4MGRlMTZlZWU5NDdiMGE4Yzc1NzE0ZmM1ZGE2YTAyNTlj
YTFiOTAwHhcNMjUwMTAxMTE0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTVkZjJlYmI1YjM1MGJkNWQ3N2FkZmFiNTVmYWQxYjAwNGE0YmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAligbu8W8n3TgvqusRb2KrazbSyAE
TAqlJxG0DAG5aeghtihhQI+lMQbsxmcVnCVLVQPBaD3JYJ8UThthMRFpU+93KZDB
8yVXtFjKxtHyDyBOqLkyBxF6K3PFJ5ac0UE2LOX43k9veWYD7jGR9TI+dlWf7kGO
7HcpZYodOGz05lccjmgh2SfAb2zCX+/AvS6buzRNxAopdND2l06mZHZj7vs6z+q/
GdbLVIl8XYl8n6Z+be7XWjzKuZb/im8LE7UDEsI5U2S0N7j9Ub4R/ELCguoex/El
pNg+A0Tz4VVbO0gDUYT/UsZ+up2155QJXmjR1gKJmcXDS9EfG6nfGkWp5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCld8uu1s1C9XXet+rVfrRsASkumMB8GA1UdIwQY
MBaAFHgN4W7ulHsKjHVxT8XaagJZyhuQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUEzaGJ1NlVld3FNZFhGUHhkcHFBbG5LRzVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi8xMDcxOTUtY2M1MS00NzFiLThkYTIt
ZTAwNTU0M2YwMzc0LzEvS1YzeTY3V3pVTDFkZDYzNnRWLXRHd0JLUzZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi8xMDcxOTUtY2M1MS00NzFiLThkYTItZTAwNTU0M2YwMzc0
LzEvZUEzaGJ1NlVld3FNZFhGUHhkcHFBbG5LRzVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9AxMA0G
CSqGSIb3DQEBCwUAA4IBAQBc0e8950s2QQg/UCF5Xy5B/7vJcI2YkcubpQ0j8LWN
Hq/0tVD1sqSfgE51KnnCu6DygqYb8zSGnOyukTX1ShAJQrBQBoh0eM7sMApY8Prd
qve2Oh3Xe+o0aBQ6QLi8qg4zs48Fv8t35fFfIJX6Cpa/ev3lEQcJ8dCAGiIWuiaA
fra/mIzhrqmP2QL+SJaoaqPGOgeIGlFN5Cw6cBfW3UQFLQ2s84aNTnLlypRrn4il
NkO8ynZT/epcq/KTYL8f0jiD5KBdL2SHkeeP4AcZ9nPAJE8KIgZPo5OLOfR4SpEJ
4K4UHnYNB3e3acoOwZonEjAQtsWlB3Rx3KSDE7u1QCVy
-----END CERTIFICATE-----