Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/bK9CgrejwLSheO3uUPc3gSoXEuM.roa
File:                     bK9CgrejwLSheO3uUPc3gSoXEuM.roa (raw, json)
Hash identifier:          yazAgCwjNcsZSgaF8ULBtVRMqRXfNnLvbpG2BCIQgcs=
Subject key identifier:   6C:AF:42:82:B7:A3:C0:B4:A1:78:ED:EE:50:F7:37:81:2A:17:12:E3
Certificate issuer:       /CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
Certificate serial:       01941FFAB042AEB26EDE7209262CF6928950
Authority key identifier: 33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/bK9CgrejwLSheO3uUPc3gSoXEuM.roa
Signing time:             Wed 01 Jan 2025 03:48:30 +0000
ROA not before:           Wed 01 Jan 2025 03:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41489
IP address blocks:        91.240.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b0:42:ae:b2:6e:de:72:09:26:2c:f6:92:89:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
        Validity
            Not Before: Jan  1 03:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6caf4282b7a3c0b4a178edee50f737812a1712e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:3f:7e:33:45:0b:28:fe:de:b0:1d:da:a4:03:
                    f1:8b:98:b9:c9:89:2c:dc:f5:88:8a:6c:89:c0:a6:
                    16:55:73:29:ba:1d:b6:02:63:60:36:bf:55:ea:38:
                    4d:d3:03:5c:8c:37:d8:46:39:63:93:4a:84:a5:41:
                    38:6e:f3:99:e6:c5:a9:ea:dc:49:e6:97:d9:70:a2:
                    5d:c2:45:47:ae:74:4e:2f:a2:7b:d7:9c:09:9e:44:
                    fe:00:55:e4:f5:1a:3a:1e:48:ba:b8:ea:a3:d5:f3:
                    be:35:1d:7e:69:78:ca:62:a3:a5:eb:cc:a6:21:12:
                    e2:49:be:0c:ca:c9:dc:31:8d:6f:4d:16:a9:44:4f:
                    e4:66:44:3a:b6:5e:5e:bb:95:1b:4c:a7:e8:c6:d9:
                    d8:21:72:d4:98:56:84:35:1c:97:92:9c:0d:02:90:
                    6c:55:63:55:a6:c2:4c:c3:da:2b:c4:48:b8:75:9b:
                    1e:13:c0:ea:84:5d:0c:b9:b3:ca:e6:fd:91:97:2f:
                    fc:cf:0d:6e:1c:a5:a2:69:29:cb:98:83:df:f6:aa:
                    81:5f:e8:f4:a5:4b:24:54:3e:db:24:a1:df:01:a6:
                    7a:26:8c:f8:51:94:fa:cc:e2:1b:4e:14:46:38:62:
                    77:99:76:bc:17:65:74:6a:8f:19:61:e4:cc:24:50:
                    7c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:AF:42:82:B7:A3:C0:B4:A1:78:ED:EE:50:F7:37:81:2A:17:12:E3
            X509v3 Authority Key Identifier:
                keyid:33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/bK9CgrejwLSheO3uUPc3gSoXEuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:70:21:8d:0d:a6:9c:96:d9:2d:a6:65:12:4f:29:b3:16:b7:
         d0:3b:b9:6b:db:fa:ac:93:99:4c:17:e9:9c:e1:92:41:6e:ae:
         79:50:de:de:8d:43:81:80:97:bf:7e:e0:f3:32:db:7b:80:a5:
         81:1a:25:f5:77:cf:f2:bf:86:0f:56:cd:73:a2:31:7c:8f:48:
         ee:f9:60:4d:96:9f:89:7b:3f:f9:f3:2d:f2:67:ac:bb:39:dd:
         8c:d2:b2:15:2c:35:82:4d:e5:95:3c:33:27:64:e2:f1:cc:cf:
         8b:ef:c6:85:31:e4:41:b9:6e:58:9e:c2:e9:b7:9d:80:bf:4f:
         45:23:5e:3f:5a:3f:3e:f6:4d:15:4e:7d:ab:1a:e6:ed:ab:18:
         5c:26:0e:59:ca:c1:4f:00:c0:6b:ff:bc:53:66:b3:63:e2:b0:
         e0:bb:b4:ec:d2:fa:03:fb:67:c6:bc:72:be:f8:1c:c7:c7:62:
         35:a0:d9:9a:d4:ad:a1:50:38:e1:22:6e:eb:37:6a:6e:45:1a:
         0d:02:d3:e0:61:db:76:b6:26:e2:d1:52:f3:dd:de:f7:d5:2f:
         5d:10:34:ce:5e:de:e2:b2:df:65:28:74:ea:43:44:16:9a:61:
         13:60:9c:51:9c:ab:45:f6:29:ca:96:74:55:25:86:a3:4b:30:
         3e:cf:90:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+rBCrrJu3nIJJiz2kolQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzODllMGI4YTJmZjgyYTIzYjQ4ZGQ2ZTZlNzYxNzZiNGNk
MzgzMmUwHhcNMjUwMTAxMDM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2FmNDI4MmI3YTNjMGI0YTE3OGVkZWU1MGY3Mzc4MTJhMTcxMmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1D9+M0ULKP7esB3apAPxi5i5yYks
3PWIimyJwKYWVXMpuh22AmNgNr9V6jhN0wNcjDfYRjljk0qEpUE4bvOZ5sWp6txJ
5pfZcKJdwkVHrnROL6J715wJnkT+AFXk9Ro6Hki6uOqj1fO+NR1+aXjKYqOl68ym
IRLiSb4MysncMY1vTRapRE/kZkQ6tl5eu5UbTKfoxtnYIXLUmFaENRyXkpwNApBs
VWNVpsJMw9orxEi4dZseE8DqhF0MubPK5v2Rly/8zw1uHKWiaSnLmIPf9qqBX+j0
pUskVD7bJKHfAaZ6Joz4UZT6zOIbThRGOGJ3mXa8F2V0ao8ZYeTMJFB8KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGyvQoK3o8C0oXjt7lD3N4EqFxLjMB8GA1UdIwQY
MBaAFDOJ4Lii/4KiO0jdbm52F2tM04MuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgt
MjMzN2E4MWIxZjc4LzEvYks5Q2dyZWp3TFNoZU8zdVVQYzNnU29YRXVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgtMjMzN2E4MWIxZjc4
LzEvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/CwMA0G
CSqGSIb3DQEBCwUAA4IBAQBtcCGNDaacltktpmUSTymzFrfQO7lr2/qsk5lMF+mc
4ZJBbq55UN7ejUOBgJe/fuDzMtt7gKWBGiX1d8/yv4YPVs1zojF8j0ju+WBNlp+J
ez/58y3yZ6y7Od2M0rIVLDWCTeWVPDMnZOLxzM+L78aFMeRBuW5YnsLpt52Av09F
I14/Wj8+9k0VTn2rGubtqxhcJg5ZysFPAMBr/7xTZrNj4rDgu7Ts0voD+2fGvHK+
+BzHx2I1oNma1K2hUDjhIm7rN2puRRoNAtPgYdt2tibi0VLz3d731S9dEDTOXt7i
st9lKHTqQ0QWmmETYJxRnKtF9inKlnRVJYajSzA+z5Dj
-----END CERTIFICATE-----