Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/1b332d-4715-475e-989f-6eeaca15b5a1/1/gFd5tgCJMeij35zzi5bD-2NK_Kg.roa
File:                     gFd5tgCJMeij35zzi5bD-2NK_Kg.roa (raw, json)
Hash identifier:          Z6aGas3PZ0QdIX51TPr1IW3EEbWOk5nQI3+RmZvvBLA=
Subject key identifier:   80:57:79:B6:00:89:31:E8:A3:DF:9C:F3:8B:96:C3:FB:63:4A:FC:A8
Certificate issuer:       /CN=104c0dc87b02232e49dc54d4ffbf4495ee033655
Certificate serial:       01942445A6B1093457103EE7B5C943DFA453
Authority key identifier: 10:4C:0D:C8:7B:02:23:2E:49:DC:54:D4:FF:BF:44:95:EE:03:36:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EEwNyHsCIy5J3FTU_79Ele4DNlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/1b332d-4715-475e-989f-6eeaca15b5a1/1/gFd5tgCJMeij35zzi5bD-2NK_Kg.roa
Signing time:             Wed 01 Jan 2025 23:48:51 +0000
ROA not before:           Wed 01 Jan 2025 23:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197490
IP address blocks:        91.221.210.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/1b332d-4715-475e-989f-6eeaca15b5a1/1/EEwNyHsCIy5J3FTU_79Ele4DNlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/1b332d-4715-475e-989f-6eeaca15b5a1/1/EEwNyHsCIy5J3FTU_79Ele4DNlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EEwNyHsCIy5J3FTU_79Ele4DNlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 11:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a6:b1:09:34:57:10:3e:e7:b5:c9:43:df:a4:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=104c0dc87b02232e49dc54d4ffbf4495ee033655
        Validity
            Not Before: Jan  1 23:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=805779b6008931e8a3df9cf38b96c3fb634afca8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:f0:c4:b6:fe:72:62:b4:0a:c1:73:89:09:92:
                    22:9a:b4:6e:cd:aa:97:b7:cf:dd:55:46:d5:4c:f3:
                    34:bd:5c:20:42:14:e9:62:5a:5a:24:c3:e0:0f:92:
                    26:47:35:6b:72:97:c5:b2:f0:d5:11:e4:37:1f:ef:
                    47:03:1c:f8:7b:81:0e:d8:76:8b:b7:b7:df:f6:d5:
                    9b:e4:ab:06:d8:a0:73:67:2e:9e:8c:e8:3a:82:1d:
                    dc:78:cc:b6:65:f5:96:34:35:ab:d9:c5:3f:cb:65:
                    50:2f:05:8a:a6:85:c9:c2:8d:34:c6:d5:99:ad:b2:
                    f9:ca:1a:48:5c:6d:dd:6b:78:3e:e7:f9:b0:4f:42:
                    39:50:ee:7c:bc:c4:52:9b:11:ef:36:29:51:c1:52:
                    be:bc:21:cb:c6:71:15:31:db:5c:33:da:c5:7e:b6:
                    e8:f6:45:66:b0:2b:cb:d4:7b:cc:9d:16:ef:9f:b1:
                    d6:49:da:26:02:b3:12:9a:ae:bf:22:1d:8f:b5:2f:
                    2f:e3:89:57:bf:03:50:3d:f9:b4:8f:1e:b3:12:c4:
                    9b:60:43:1e:c2:2f:59:05:eb:98:be:6e:cf:9c:39:
                    dc:0a:d1:ea:df:08:ed:40:a2:4f:53:26:11:61:8e:
                    28:68:1f:55:04:5d:71:ab:bf:5e:17:c4:4f:cb:ed:
                    fb:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:57:79:B6:00:89:31:E8:A3:DF:9C:F3:8B:96:C3:FB:63:4A:FC:A8
            X509v3 Authority Key Identifier:
                keyid:10:4C:0D:C8:7B:02:23:2E:49:DC:54:D4:FF:BF:44:95:EE:03:36:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EEwNyHsCIy5J3FTU_79Ele4DNlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1b332d-4715-475e-989f-6eeaca15b5a1/1/gFd5tgCJMeij35zzi5bD-2NK_Kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/1b332d-4715-475e-989f-6eeaca15b5a1/1/EEwNyHsCIy5J3FTU_79Ele4DNlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:0c:38:98:83:6f:c8:cb:27:9e:e2:da:fd:fc:47:97:ce:3e:
         08:50:26:09:e7:9b:1e:8c:25:fe:b9:49:67:9a:c2:ca:7e:4c:
         b8:ec:c0:99:d7:99:22:4a:67:18:d6:53:db:4b:18:d6:55:c6:
         26:f0:38:72:e0:d6:07:da:3b:dc:a5:ae:78:5b:df:8f:84:52:
         6d:b9:7e:1d:47:90:9b:65:43:ba:dc:2a:73:c2:91:84:e9:8c:
         e0:d1:8c:e7:88:4d:6e:23:d1:2f:71:3d:d7:b2:5b:91:91:12:
         71:56:be:5d:42:99:5f:4a:42:dc:7f:0b:24:d1:f1:69:0e:d5:
         28:48:ca:56:30:43:06:8a:32:c4:9f:22:5f:c1:03:47:a9:47:
         39:32:77:77:cc:33:91:b2:ed:b0:8b:b4:30:84:f7:64:e6:39:
         a9:c4:44:bd:5e:36:8e:75:27:04:6d:06:a2:2e:fd:cb:70:fa:
         7a:1d:11:58:32:7d:4e:61:3e:18:f8:d7:56:d5:13:ad:ae:b3:
         94:45:46:d3:f4:4e:17:a7:bb:9d:34:cf:27:43:79:14:77:32:
         a1:5f:14:26:24:9f:ce:c5:db:43:94:25:60:4c:c5:b1:b0:05:
         d3:e3:64:f2:66:7a:0c:91:63:1c:18:c6:8f:ab:6e:82:d0:4d:
         ce:79:a2:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRaaxCTRXED7ntclD36RTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNGMwZGM4N2IwMjIzMmU0OWRjNTRkNGZmYmY0NDk1ZWUw
MzM2NTUwHhcNMjUwMTAxMjM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDU3NzliNjAwODkzMWU4YTNkZjljZjM4Yjk2YzNmYjYzNGFmY2E4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fDEtv5yYrQKwXOJCZIimrRuzaqX
t8/dVUbVTPM0vVwgQhTpYlpaJMPgD5ImRzVrcpfFsvDVEeQ3H+9HAxz4e4EO2HaL
t7ff9tWb5KsG2KBzZy6ejOg6gh3ceMy2ZfWWNDWr2cU/y2VQLwWKpoXJwo00xtWZ
rbL5yhpIXG3da3g+5/mwT0I5UO58vMRSmxHvNilRwVK+vCHLxnEVMdtcM9rFfrbo
9kVmsCvL1HvMnRbvn7HWSdomArMSmq6/Ih2PtS8v44lXvwNQPfm0jx6zEsSbYEMe
wi9ZBeuYvm7PnDncCtHq3wjtQKJPUyYRYY4oaB9VBF1xq79eF8RPy+37EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIBXebYAiTHoo9+c84uWw/tjSvyoMB8GA1UdIwQY
MBaAFBBMDch7AiMuSdxU1P+/RJXuAzZVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUV3TnlIc0NJeTVKM0ZUVV83OUVsZTRETmxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8xYjMzMmQtNDcxNS00NzVlLTk4OWYt
NmVlYWNhMTViNWExLzEvZ0ZkNXRnQ0pNZWlqMzV6emk1YkQtMk5LX0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8xYjMzMmQtNDcxNS00NzVlLTk4OWYtNmVlYWNhMTViNWEx
LzEvRUV3TnlIc0NJeTVKM0ZUVV83OUVsZTRETmxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW93SMA0G
CSqGSIb3DQEBCwUAA4IBAQA9DDiYg2/Iyyee4tr9/EeXzj4IUCYJ55sejCX+uUln
msLKfky47MCZ15kiSmcY1lPbSxjWVcYm8Dhy4NYH2jvcpa54W9+PhFJtuX4dR5Cb
ZUO63CpzwpGE6Yzg0YzniE1uI9EvcT3XsluRkRJxVr5dQplfSkLcfwsk0fFpDtUo
SMpWMEMGijLEnyJfwQNHqUc5Mnd3zDORsu2wi7QwhPdk5jmpxES9XjaOdScEbQai
Lv3LcPp6HRFYMn1OYT4Y+NdW1ROtrrOURUbT9E4Xp7udNM8nQ3kUdzKhXxQmJJ/O
xdtDlCVgTMWxsAXT42TyZnoMkWMcGMaPq26C0E3OeaIg
-----END CERTIFICATE-----