Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/_Z27vdbVNx1AkVs4_tUBUqOLYnE.roa
File:                     _Z27vdbVNx1AkVs4_tUBUqOLYnE.roa (raw, json)
Hash identifier:          GcXnOCS0CtBJVhbx+3s+RdmGrB9WpH4rUku+ZZjo1A8=
Subject key identifier:   FD:9D:BB:BD:D6:D5:37:1D:40:91:5B:38:FE:D5:01:52:A3:8B:62:71
Certificate issuer:       /CN=c84758053a0c4c6d5e003f3c869a89e4f2a9e177
Certificate serial:       019422FB702F5FB9DA0950F69991979AB5A2
Authority key identifier: C8:47:58:05:3A:0C:4C:6D:5E:00:3F:3C:86:9A:89:E4:F2:A9:E1:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yEdYBToMTG1eAD88hpqJ5PKp4Xc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/_Z27vdbVNx1AkVs4_tUBUqOLYnE.roa
Signing time:             Wed 01 Jan 2025 17:48:10 +0000
ROA not before:           Wed 01 Jan 2025 17:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43040
IP address blocks:        91.194.44.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/yEdYBToMTG1eAD88hpqJ5PKp4Xc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/yEdYBToMTG1eAD88hpqJ5PKp4Xc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yEdYBToMTG1eAD88hpqJ5PKp4Xc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:70:2f:5f:b9:da:09:50:f6:99:91:97:9a:b5:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84758053a0c4c6d5e003f3c869a89e4f2a9e177
        Validity
            Not Before: Jan  1 17:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd9dbbbdd6d5371d40915b38fed50152a38b6271
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:21:4a:3f:8d:13:c7:4e:4f:bf:26:f6:dd:10:
                    da:cc:07:2c:e4:df:12:d0:7c:2f:a4:d9:28:46:9b:
                    43:d7:6b:96:58:a0:19:67:7e:ab:83:00:75:42:d0:
                    a9:f0:e8:f5:e2:51:23:1d:05:d8:ae:b6:95:f4:0a:
                    26:a5:eb:54:02:13:02:69:95:13:ae:a6:4d:bb:32:
                    3b:2b:7e:dd:ee:bb:a0:b1:e5:1f:49:78:5b:4b:a4:
                    e4:b0:9c:ab:19:c8:95:55:b3:c4:ab:a9:fd:79:5f:
                    21:ec:f6:e0:ec:9e:3a:a9:cd:8f:99:a5:3f:7b:23:
                    7d:06:bc:79:14:ab:15:53:63:a2:32:ff:0f:ac:36:
                    6a:83:98:60:cd:43:1a:af:9d:0e:1d:93:1b:f1:06:
                    91:11:cb:87:82:9c:f5:5e:47:c2:2f:1a:6a:93:63:
                    01:1c:c7:96:fb:12:a4:ae:6c:6e:d5:64:29:4e:b3:
                    f8:c2:7d:7f:85:2c:f9:f2:6f:23:99:7e:8a:b2:1d:
                    35:3c:b0:19:16:89:86:35:2b:4d:fd:b4:43:79:43:
                    f8:d8:21:6a:28:f4:b2:2d:a2:bc:51:b5:b4:7d:68:
                    44:42:3a:1b:ed:81:ee:4a:f0:88:9d:a9:22:06:6b:
                    29:ad:8b:f0:1d:6b:e1:68:63:b5:5c:d2:f0:16:eb:
                    e1:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:9D:BB:BD:D6:D5:37:1D:40:91:5B:38:FE:D5:01:52:A3:8B:62:71
            X509v3 Authority Key Identifier:
                keyid:C8:47:58:05:3A:0C:4C:6D:5E:00:3F:3C:86:9A:89:E4:F2:A9:E1:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yEdYBToMTG1eAD88hpqJ5PKp4Xc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/_Z27vdbVNx1AkVs4_tUBUqOLYnE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/f08d9c-5ca9-4e53-97e3-9af2cb5dccf3/1/yEdYBToMTG1eAD88hpqJ5PKp4Xc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0e:1f:a3:cd:ac:ea:c0:6d:4c:dc:df:a7:24:3a:96:99:83:a4:
         27:53:17:9c:a7:20:db:e1:07:49:ec:30:2b:2e:c3:f3:bf:64:
         24:04:ce:ec:a8:d0:ce:89:ad:0d:8f:d7:14:aa:7d:cd:08:76:
         e0:cb:f3:86:29:1f:56:48:31:8f:d7:a4:da:99:f5:47:37:62:
         a9:0a:d5:2d:05:1e:39:5e:f0:df:b1:23:11:8a:bb:52:af:d5:
         6c:da:ce:44:6d:de:1f:96:3c:34:3f:cf:0a:a3:0c:86:44:79:
         5c:ee:64:1c:f2:c0:fa:59:0c:84:5e:dc:27:ac:89:41:9b:93:
         2a:a7:35:df:6a:c9:99:4e:a1:64:cc:21:29:5b:67:0f:d0:cb:
         6b:ab:d4:e0:c7:a2:f1:4c:f8:60:41:d2:4b:a3:51:44:c0:c6:
         0b:99:35:33:77:b0:07:4c:46:9d:2b:bf:f9:8c:5c:7d:c5:a4:
         4b:24:95:97:82:8f:43:67:d4:d8:d6:ca:dc:9b:24:66:34:5a:
         69:11:18:6c:a6:5f:fe:48:9b:77:e2:c9:54:48:18:d6:35:59:
         68:eb:b4:06:5a:96:fd:57:ab:90:b2:62:b4:a9:28:f6:7a:bf:
         59:62:72:75:a4:42:b7:0e:5c:9e:3c:c2:84:17:f4:47:ec:6b:
         0c:71:44:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+3AvX7naCVD2mZGXmrWiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NDc1ODA1M2EwYzRjNmQ1ZTAwM2YzYzg2OWE4OWU0ZjJh
OWUxNzcwHhcNMjUwMTAxMTc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDlkYmJiZGQ2ZDUzNzFkNDA5MTViMzhmZWQ1MDE1MmEzOGI2MjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSFKP40Tx05Pvyb23RDazAcs5N8S
0HwvpNkoRptD12uWWKAZZ36rgwB1QtCp8Oj14lEjHQXYrraV9AompetUAhMCaZUT
rqZNuzI7K37d7rugseUfSXhbS6TksJyrGciVVbPEq6n9eV8h7Pbg7J46qc2PmaU/
eyN9Brx5FKsVU2OiMv8PrDZqg5hgzUMar50OHZMb8QaREcuHgpz1XkfCLxpqk2MB
HMeW+xKkrmxu1WQpTrP4wn1/hSz58m8jmX6Ksh01PLAZFomGNStN/bRDeUP42CFq
KPSyLaK8UbW0fWhEQjob7YHuSvCInakiBmsprYvwHWvhaGO1XNLwFuvhVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2du73W1TcdQJFbOP7VAVKji2JxMB8GA1UdIwQY
MBaAFMhHWAU6DExtXgA/PIaaieTyqeF3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUVkWUJUb01URzFlQUQ4OGhwcUo1UEtwNFhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9mMDhkOWMtNWNhOS00ZTUzLTk3ZTMt
OWFmMmNiNWRjY2YzLzEvX1oyN3ZkYlZOeDFBa1ZzNF90VUJVcU9MWW5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9mMDhkOWMtNWNhOS00ZTUzLTk3ZTMtOWFmMmNiNWRjY2Yz
LzEveUVkWUJUb01URzFlQUQ4OGhwcUo1UEtwNFhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8IsMA0G
CSqGSIb3DQEBCwUAA4IBAQAOH6PNrOrAbUzc36ckOpaZg6QnUxecpyDb4QdJ7DAr
LsPzv2QkBM7sqNDOia0Nj9cUqn3NCHbgy/OGKR9WSDGP16TamfVHN2KpCtUtBR45
XvDfsSMRirtSr9Vs2s5Ebd4fljw0P88KowyGRHlc7mQc8sD6WQyEXtwnrIlBm5Mq
pzXfasmZTqFkzCEpW2cP0Mtrq9Tgx6LxTPhgQdJLo1FEwMYLmTUzd7AHTEadK7/5
jFx9xaRLJJWXgo9DZ9TY1srcmyRmNFppERhspl/+SJt34slUSBjWNVlo67QGWpb9
V6uQsmK0qSj2er9ZYnJ1pEK3DlyePMKEF/RH7GsMcUSQ
-----END CERTIFICATE-----