Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/b62zrr5wzYN2MOAEsHfWSMG7FHQ.roa
File:                     b62zrr5wzYN2MOAEsHfWSMG7FHQ.roa (raw, json)
Hash identifier:          QoQnJbFutWiN0bVjBSQujyBlpWiG4wn++jIZ23iyHu0=
Subject key identifier:   6F:AD:B3:AE:BE:70:CD:83:76:30:E0:04:B0:77:D6:48:C1:BB:14:74
Certificate issuer:       /CN=16979d37da016abd13279270ba55d6b3c2960578
Certificate serial:       0194236A507359DB2A05CC5AB12262CB6F29
Authority key identifier: 16:97:9D:37:DA:01:6A:BD:13:27:92:70:BA:55:D6:B3:C2:96:05:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/b62zrr5wzYN2MOAEsHfWSMG7FHQ.roa
Signing time:             Wed 01 Jan 2025 19:49:17 +0000
ROA not before:           Wed 01 Jan 2025 19:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        91.198.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:50:73:59:db:2a:05:cc:5a:b1:22:62:cb:6f:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16979d37da016abd13279270ba55d6b3c2960578
        Validity
            Not Before: Jan  1 19:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fadb3aebe70cd837630e004b077d648c1bb1474
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f3:c9:0c:3c:8c:f3:ab:9c:80:5e:4b:7f:2c:
                    ff:2a:f4:42:3c:c1:bf:f8:5f:57:dd:a6:f4:c1:bd:
                    bc:b2:84:f7:78:f4:a4:d6:e5:2c:8a:90:ec:0a:d8:
                    98:d8:b7:77:74:8a:59:d6:3c:6c:de:8b:ef:ea:8f:
                    73:97:9a:96:ea:81:4f:73:3e:74:f3:ee:7d:24:d3:
                    2a:31:44:06:c9:87:5f:19:15:00:ea:ea:13:a7:68:
                    f6:83:f2:f1:c4:27:54:96:0b:b0:cc:7e:ea:7a:71:
                    26:1b:c9:bf:c0:7c:ba:ac:af:50:54:24:04:39:79:
                    5e:d6:82:85:de:67:e8:e0:4e:ca:70:86:c2:ec:bc:
                    a7:81:5b:a7:0a:bc:c9:7c:74:28:0a:b2:c3:39:37:
                    d9:d4:c1:a1:c2:c5:c8:b3:cb:7e:aa:9d:a0:59:ff:
                    0f:7d:a5:14:10:24:12:ed:4d:5a:93:ae:29:60:46:
                    35:38:25:30:dd:50:77:1b:12:79:c8:56:9d:7f:d3:
                    7c:2b:e8:9a:6e:9c:3e:d2:77:34:d9:7d:7e:9e:21:
                    44:97:59:28:af:fc:c9:b7:05:e4:12:85:36:e8:cb:
                    88:ca:ed:28:2d:0a:52:bf:c3:fd:b3:e7:68:f7:74:
                    71:64:c5:65:84:f8:50:38:1f:78:07:da:a2:f7:34:
                    c4:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:AD:B3:AE:BE:70:CD:83:76:30:E0:04:B0:77:D6:48:C1:BB:14:74
            X509v3 Authority Key Identifier:
                keyid:16:97:9D:37:DA:01:6A:BD:13:27:92:70:BA:55:D6:B3:C2:96:05:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FpedN9oBar0TJ5JwulXWs8KWBXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/b62zrr5wzYN2MOAEsHfWSMG7FHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/9825a0-1fdc-4162-8372-b9dbdc8b439c/1/FpedN9oBar0TJ5JwulXWs8KWBXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:28:3c:73:ec:87:e3:75:28:f2:d9:5c:25:d3:7a:4e:b9:e4:
         8c:c4:99:9a:ec:33:2b:9b:f8:08:6f:6a:51:d4:94:65:df:ff:
         8d:19:29:58:6e:8c:02:18:94:c9:ba:33:bb:e8:34:20:5b:89:
         a3:c3:68:aa:83:70:08:a3:2a:f4:63:75:f4:81:82:67:72:92:
         c3:c8:cd:0b:6c:0e:8d:5e:83:a1:75:39:2b:aa:2e:99:86:fb:
         70:80:81:b4:34:0f:ba:12:07:31:74:c4:13:80:3b:b4:c9:f6:
         6a:8e:2a:30:b5:87:fb:8a:34:c0:6d:fb:5c:87:c1:50:98:ea:
         2f:fc:f9:95:a1:5c:ea:f8:5f:5c:54:b8:2c:2a:e1:87:47:c1:
         aa:94:2c:11:7c:10:ca:60:6b:d6:66:d1:dd:01:dd:d7:cb:f3:
         1c:15:c1:a5:e1:4f:f5:91:bc:89:53:39:b8:79:0b:d4:fe:6a:
         23:ee:07:a4:23:52:41:f7:b6:44:58:32:6b:39:e9:ad:2d:a7:
         94:9e:1e:50:0f:34:e3:ba:2c:38:3a:d3:d8:2d:f4:f5:76:7a:
         9f:88:b9:9f:dd:0a:f4:d9:24:0c:c6:63:83:34:97:25:cb:37:
         35:70:24:75:3a:2d:7b:f8:17:61:19:77:5f:b0:53:1a:27:0e:
         d8:59:60:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjalBzWdsqBcxasSJiy28pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2OTc5ZDM3ZGEwMTZhYmQxMzI3OTI3MGJhNTVkNmIzYzI5
NjA1NzgwHhcNMjUwMTAxMTk0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmFkYjNhZWJlNzBjZDgzNzYzMGUwMDRiMDc3ZDY0OGMxYmIxNDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PPJDDyM86ucgF5Lfyz/KvRCPMG/
+F9X3ab0wb28soT3ePSk1uUsipDsCtiY2Ld3dIpZ1jxs3ovv6o9zl5qW6oFPcz50
8+59JNMqMUQGyYdfGRUA6uoTp2j2g/LxxCdUlguwzH7qenEmG8m/wHy6rK9QVCQE
OXle1oKF3mfo4E7KcIbC7LyngVunCrzJfHQoCrLDOTfZ1MGhwsXIs8t+qp2gWf8P
faUUECQS7U1ak64pYEY1OCUw3VB3GxJ5yFadf9N8K+iabpw+0nc02X1+niFEl1ko
r/zJtwXkEoU26MuIyu0oLQpSv8P9s+do93RxZMVlhPhQOB94B9qi9zTE8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+ts66+cM2DdjDgBLB31kjBuxR0MB8GA1UdIwQY
MBaAFBaXnTfaAWq9EyeScLpV1rPClgV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnBlZE45b0JhcjBUSjVKd3VsWFdzOEtXQlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS85ODI1YTAtMWZkYy00MTYyLTgzNzIt
YjlkYmRjOGI0MzljLzEvYjYyenJyNXd6WU4yTU9BRXNIZldTTUc3RkhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS85ODI1YTAtMWZkYy00MTYyLTgzNzItYjlkYmRjOGI0Mzlj
LzEvRnBlZE45b0JhcjBUSjVKd3VsWFdzOEtXQlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8blMA0G
CSqGSIb3DQEBCwUAA4IBAQBrKDxz7IfjdSjy2Vwl03pOueSMxJma7DMrm/gIb2pR
1JRl3/+NGSlYbowCGJTJujO76DQgW4mjw2iqg3AIoyr0Y3X0gYJncpLDyM0LbA6N
XoOhdTkrqi6ZhvtwgIG0NA+6EgcxdMQTgDu0yfZqjiowtYf7ijTAbftch8FQmOov
/PmVoVzq+F9cVLgsKuGHR8GqlCwRfBDKYGvWZtHdAd3Xy/McFcGl4U/1kbyJUzm4
eQvU/moj7gekI1JB97ZEWDJrOemtLaeUnh5QDzTjuiw4OtPYLfT1dnqfiLmf3Qr0
2SQMxmODNJclyzc1cCR1Oi17+BdhGXdfsFMaJw7YWWA5
-----END CERTIFICATE-----