Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/JMceSfi0AqXXn3Vf_3TI3F7NzUY.roa
File:                     JMceSfi0AqXXn3Vf_3TI3F7NzUY.roa (raw, json)
Hash identifier:          pe6susqm7TY0tacMrKbk21inj2AOVSm8thD8J6ZV9Xk=
Subject key identifier:   24:C7:1E:49:F8:B4:02:A5:D7:9F:75:5F:FF:74:C8:DC:5E:CD:CD:46
Certificate issuer:       /CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
Certificate serial:       01941FFAB00896BAD7482C80B88CFC2A2518
Authority key identifier: 33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/JMceSfi0AqXXn3Vf_3TI3F7NzUY.roa
Signing time:             Wed 01 Jan 2025 03:48:30 +0000
ROA not before:           Wed 01 Jan 2025 03:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        91.240.176.0/24 maxlen: 24
                          2001:67c:2a40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b0:08:96:ba:d7:48:2c:80:b8:8c:fc:2a:25:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
        Validity
            Not Before: Jan  1 03:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24c71e49f8b402a5d79f755fff74c8dc5ecdcd46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f2:a4:d0:01:5a:05:ba:68:e3:3a:11:70:51:
                    c8:34:2c:40:21:76:ab:77:2f:93:62:11:58:0f:b0:
                    3e:cd:a1:4f:d7:e3:f5:6c:ae:b1:3b:5b:22:0b:42:
                    76:91:a3:df:e9:9a:e8:77:8f:9b:e8:87:1d:4e:a3:
                    57:48:b7:ed:fb:e3:a2:32:12:97:3d:66:28:b9:f4:
                    3d:7c:8f:3f:34:86:1f:4c:55:8d:aa:d3:4f:cc:d9:
                    51:9e:8c:28:3a:30:2e:d8:e5:87:d8:c9:54:9c:9e:
                    7e:69:08:21:84:4f:ed:50:05:68:f2:c6:6a:62:01:
                    97:20:ea:25:91:f0:f2:0e:6f:55:38:bd:59:60:31:
                    20:9e:5e:d7:d1:2b:39:ba:76:09:fa:41:57:1b:7a:
                    cf:c0:fb:6f:d3:28:49:1f:f2:1f:8d:4e:19:4c:34:
                    94:72:cd:7a:f0:4c:94:ce:58:89:20:30:4a:74:eb:
                    3f:e5:45:20:cf:f4:c1:64:ae:e2:e5:a2:97:ae:de:
                    13:15:48:60:4b:c5:5b:00:a7:d7:a7:6f:57:af:a3:
                    4f:36:28:27:85:46:bc:f0:fc:16:c3:30:70:54:13:
                    5c:61:2b:a9:23:68:12:7d:ed:da:ec:ac:ec:3d:32:
                    b0:09:72:90:f0:12:26:f8:56:61:c6:6f:ab:dd:b1:
                    ae:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C7:1E:49:F8:B4:02:A5:D7:9F:75:5F:FF:74:C8:DC:5E:CD:CD:46
            X509v3 Authority Key Identifier:
                keyid:33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/JMceSfi0AqXXn3Vf_3TI3F7NzUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.176.0/24
                IPv6:
                  2001:67c:2a40::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:29:30:02:80:c0:23:62:83:3b:b0:14:20:bc:dc:d1:81:5a:
         99:e8:2d:a9:31:69:4e:92:f4:dc:2a:7f:a2:36:47:e2:26:29:
         af:54:76:e0:36:e2:64:7f:59:4d:bd:ed:48:fc:59:d6:cf:34:
         b6:92:4a:b9:06:21:bb:9a:ae:36:a7:e6:a1:9e:a9:8a:a1:6a:
         ab:56:8b:04:b6:0c:ee:33:00:6a:82:b7:0d:ec:60:c3:0a:e1:
         b4:2a:dd:00:3c:84:1b:75:d5:96:18:6f:ac:7d:d3:47:0b:80:
         9b:ba:8a:f5:fe:20:53:0a:e6:72:18:a2:54:a3:05:96:ad:6d:
         e0:36:23:50:3d:f6:0f:04:35:6e:e4:09:00:83:92:4a:65:12:
         b3:67:c5:11:3d:ce:36:f3:eb:da:4d:2c:28:d5:60:cd:b5:ca:
         94:ed:dc:eb:72:5d:f0:6f:1e:e0:70:3a:53:c8:e1:cf:c1:8a:
         26:10:b9:3e:6c:06:10:b5:75:fb:f7:d6:b6:52:b6:62:7b:32:
         0c:ce:9e:ba:61:8f:c1:1e:2d:ed:72:ae:84:11:61:21:36:b5:
         19:59:3d:69:df:cd:a2:e7:6a:8a:37:51:7d:a0:5b:cd:4d:d7:
         2a:cd:e8:2e:88:1d:9f:fa:7f:b3:49:b1:07:d7:e9:ff:fd:ec:
         2a:fe:76:97
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQf+rAIlrrXSCyAuIz8KiUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzODllMGI4YTJmZjgyYTIzYjQ4ZGQ2ZTZlNzYxNzZiNGNk
MzgzMmUwHhcNMjUwMTAxMDM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGM3MWU0OWY4YjQwMmE1ZDc5Zjc1NWZmZjc0YzhkYzVlY2RjZDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/Kk0AFaBbpo4zoRcFHINCxAIXar
dy+TYhFYD7A+zaFP1+P1bK6xO1siC0J2kaPf6Zrod4+b6IcdTqNXSLft++OiMhKX
PWYoufQ9fI8/NIYfTFWNqtNPzNlRnowoOjAu2OWH2MlUnJ5+aQghhE/tUAVo8sZq
YgGXIOolkfDyDm9VOL1ZYDEgnl7X0Ss5unYJ+kFXG3rPwPtv0yhJH/IfjU4ZTDSU
cs168EyUzliJIDBKdOs/5UUgz/TBZK7i5aKXrt4TFUhgS8VbAKfXp29Xr6NPNign
hUa88PwWwzBwVBNcYSupI2gSfe3a7KzsPTKwCXKQ8BIm+FZhxm+r3bGu0QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCTHHkn4tAKl1591X/90yNxezc1GMB8GA1UdIwQY
MBaAFDOJ4Lii/4KiO0jdbm52F2tM04MuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgt
MjMzN2E4MWIxZjc4LzEvSk1jZVNmaTBBcVhYbjNWZl8zVEkzRjdOelVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgtMjMzN2E4MWIxZjc4
LzEvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/CwMA8E
AgACMAkDBwAgAQZ8KkAwDQYJKoZIhvcNAQELBQADggEBAJ4pMAKAwCNigzuwFCC8
3NGBWpnoLakxaU6S9Nwqf6I2R+ImKa9UduA24mR/WU297Uj8WdbPNLaSSrkGIbua
rjan5qGeqYqhaqtWiwS2DO4zAGqCtw3sYMMK4bQq3QA8hBt11ZYYb6x900cLgJu6
ivX+IFMK5nIYolSjBZatbeA2I1A99g8ENW7kCQCDkkplErNnxRE9zjbz69pNLCjV
YM21ypTt3OtyXfBvHuBwOlPI4c/BiiYQuT5sBhC1dfv31rZStmJ7MgzOnrphj8Ee
Le1yroQRYSE2tRlZPWnfzaLnaoo3UX2gW81N1yrN6C6IHZ/6f7NJsQfX6f/97Cr+
dpc=
-----END CERTIFICATE-----