Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/gx5eiwrC9QRov09jLW6Ry8a41tM.roa
File:                     gx5eiwrC9QRov09jLW6Ry8a41tM.roa (raw, json)
Hash identifier:          +LsTPMN/8+zCvgXobio7naaWnMZxaGw5toiq6o6GEUA=
Subject key identifier:   83:1E:5E:8B:0A:C2:F5:04:68:BF:4F:63:2D:6E:91:CB:C6:B8:D6:D3
Certificate issuer:       /CN=d737824e0ffa79f18b9fc49d6cb0dd81c9a6ca28
Certificate serial:       0194221FBEFA76F5C585D439BD74FD0DBCA2
Authority key identifier: D7:37:82:4E:0F:FA:79:F1:8B:9F:C4:9D:6C:B0:DD:81:C9:A6:CA:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1zeCTg_6efGLn8SdbLDdgcmmyig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/gx5eiwrC9QRov09jLW6Ry8a41tM.roa
Signing time:             Wed 01 Jan 2025 13:48:13 +0000
ROA not before:           Wed 01 Jan 2025 13:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        91.232.229.0/24 maxlen: 24
                          2001:7f8:66::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/1zeCTg_6efGLn8SdbLDdgcmmyig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/1zeCTg_6efGLn8SdbLDdgcmmyig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1zeCTg_6efGLn8SdbLDdgcmmyig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:be:fa:76:f5:c5:85:d4:39:bd:74:fd:0d:bc:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d737824e0ffa79f18b9fc49d6cb0dd81c9a6ca28
        Validity
            Not Before: Jan  1 13:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=831e5e8b0ac2f50468bf4f632d6e91cbc6b8d6d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6a:e4:bd:2e:6a:ac:ea:8a:83:9e:0c:77:be:
                    ec:8e:40:f1:92:9f:65:01:3d:39:27:97:09:28:41:
                    0d:cc:e3:22:28:e3:4b:47:e5:fe:b8:79:5a:25:18:
                    61:db:d4:0d:28:0b:03:08:bb:18:10:53:0b:d1:b6:
                    b6:b6:c5:13:c7:14:8b:d2:d2:f7:a9:63:b4:94:7d:
                    c5:64:60:c2:6f:32:d5:c8:1b:b4:73:f9:0f:7a:b2:
                    9c:71:c6:2b:b4:31:e1:09:34:de:4a:a4:c6:02:8f:
                    a8:4b:af:c3:9d:91:39:1d:9b:30:8b:ab:3d:22:e7:
                    5c:dd:bb:a3:a8:78:55:17:bb:ca:10:98:fa:47:0e:
                    ae:76:5f:ec:88:d6:aa:11:b6:d1:0e:11:f3:cf:81:
                    0d:6a:53:e5:da:2e:42:d3:f7:2d:92:e1:2b:5a:6d:
                    2d:0d:c3:ce:2a:8f:df:95:71:ad:24:1f:a6:b5:73:
                    af:6c:5f:84:33:f6:99:90:f4:8f:e7:cf:18:cc:0b:
                    ff:57:7d:68:66:56:5a:07:23:cc:38:42:7a:1d:3c:
                    0d:5c:88:13:0d:02:60:08:f3:cf:64:f9:be:f3:b5:
                    bf:da:35:62:35:36:3b:9e:15:42:8a:fa:1f:26:f1:
                    be:0c:2c:9a:d7:09:ad:da:2d:94:a0:1e:92:e8:4a:
                    6a:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:1E:5E:8B:0A:C2:F5:04:68:BF:4F:63:2D:6E:91:CB:C6:B8:D6:D3
            X509v3 Authority Key Identifier:
                keyid:D7:37:82:4E:0F:FA:79:F1:8B:9F:C4:9D:6C:B0:DD:81:C9:A6:CA:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1zeCTg_6efGLn8SdbLDdgcmmyig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/gx5eiwrC9QRov09jLW6Ry8a41tM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/446d40-5782-4de0-a2c5-b68f5d8f651a/1/1zeCTg_6efGLn8SdbLDdgcmmyig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.229.0/24
                IPv6:
                  2001:7f8:66::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:cd:ed:ef:72:52:8f:ec:d7:48:10:81:92:73:c1:32:2f:69:
         c0:90:b6:75:d9:05:35:36:78:fb:d2:5d:57:e8:fa:99:0f:4f:
         05:e5:d0:06:d7:bc:63:d4:7f:85:ea:fc:a2:8b:59:62:b3:17:
         29:30:e7:e6:6c:56:e9:1f:5c:b7:32:47:62:27:1b:a8:69:8a:
         a6:89:e1:a1:cd:8b:0e:3a:31:4c:fd:65:76:77:5d:75:69:ae:
         1e:79:8c:3f:e1:9f:0c:1d:76:f4:6f:63:db:fb:c1:02:31:0f:
         ca:34:29:70:e5:ec:60:19:a7:2a:e5:88:d8:94:a4:f4:e4:25:
         53:47:7a:f0:37:25:30:02:21:ca:04:00:ba:95:15:95:f5:10:
         8c:81:fd:e2:a2:93:81:94:6e:10:c1:2c:15:4f:d3:47:ae:90:
         26:3c:70:92:9e:d2:9a:f5:95:ad:d9:db:c3:11:a7:d8:e7:4e:
         51:1d:43:03:9d:ba:f6:91:d0:a6:e5:15:d7:7e:bd:9b:15:40:
         76:4e:26:20:71:40:b2:67:4d:00:0a:d6:59:c2:2c:e3:f8:2f:
         5d:4a:0b:e0:79:20:89:70:16:d1:13:bc:b5:8d:c8:50:06:fa:
         7a:12:45:13:cc:c9:94:11:a9:fa:ae:cd:c4:8f:e0:d0:3b:92:
         db:ce:45:72
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiH776dvXFhdQ5vXT9DbyiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3Mzc4MjRlMGZmYTc5ZjE4YjlmYzQ5ZDZjYjBkZDgxYzlh
NmNhMjgwHhcNMjUwMTAxMTM0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzFlNWU4YjBhYzJmNTA0NjhiZjRmNjMyZDZlOTFjYmM2YjhkNmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2rkvS5qrOqKg54Md77sjkDxkp9l
AT05J5cJKEENzOMiKONLR+X+uHlaJRhh29QNKAsDCLsYEFML0ba2tsUTxxSL0tL3
qWO0lH3FZGDCbzLVyBu0c/kPerKcccYrtDHhCTTeSqTGAo+oS6/DnZE5HZswi6s9
Iudc3bujqHhVF7vKEJj6Rw6udl/siNaqEbbRDhHzz4ENalPl2i5C0/ctkuErWm0t
DcPOKo/flXGtJB+mtXOvbF+EM/aZkPSP588YzAv/V31oZlZaByPMOEJ6HTwNXIgT
DQJgCPPPZPm+87W/2jViNTY7nhVCivofJvG+DCya1wmt2i2UoB6S6Epq/QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIMeXosKwvUEaL9PYy1ukcvGuNbTMB8GA1UdIwQY
MBaAFNc3gk4P+nnxi5/EnWyw3YHJpsooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXplQ1RnXzZlZkdMbjhTZGJMRGRnY21teWlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80NDZkNDAtNTc4Mi00ZGUwLWEyYzUt
YjY4ZjVkOGY2NTFhLzEvZ3g1ZWl3ckM5UVJvdjA5akxXNlJ5OGE0MXRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80NDZkNDAtNTc4Mi00ZGUwLWEyYzUtYjY4ZjVkOGY2NTFh
LzEvMXplQ1RnXzZlZkdMbjhTZGJMRGRnY21teWlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+jlMA8E
AgACMAkDBwAgAQf4AGYwDQYJKoZIhvcNAQELBQADggEBAATN7e9yUo/s10gQgZJz
wTIvacCQtnXZBTU2ePvSXVfo+pkPTwXl0AbXvGPUf4Xq/KKLWWKzFykw5+ZsVukf
XLcyR2InG6hpiqaJ4aHNiw46MUz9ZXZ3XXVprh55jD/hnwwddvRvY9v7wQIxD8o0
KXDl7GAZpyrliNiUpPTkJVNHevA3JTACIcoEALqVFZX1EIyB/eKik4GUbhDBLBVP
00eukCY8cJKe0pr1la3Z28MRp9jnTlEdQwOduvaR0KblFdd+vZsVQHZOJiBxQLJn
TQAK1lnCLOP4L11KC+B5IIlwFtETvLWNyFAG+noSRRPMyZQRqfquzcSP4NA7ktvO
RXI=
-----END CERTIFICATE-----