Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/0vF0gFHCKbav6GbEKyJcrztoM70.roa
File:                     0vF0gFHCKbav6GbEKyJcrztoM70.roa (raw, json)
Hash identifier:          3GJJhs9MQpGvWXk1FqNRB7SXiQvuJwcBJyHinoV355o=
Subject key identifier:   D2:F1:74:80:51:C2:29:B6:AF:E8:66:C4:2B:22:5C:AF:3B:68:33:BD
Certificate issuer:       /CN=c45bd26bc5d81eee9c8e1a2d0d78d10daae08195
Certificate serial:       019423D7C284068CF3B8080C4FDF7A4BA912
Authority key identifier: C4:5B:D2:6B:C5:D8:1E:EE:9C:8E:1A:2D:0D:78:D1:0D:AA:E0:81:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFvSa8XYHu6cjhotDXjRDarggZU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/0vF0gFHCKbav6GbEKyJcrztoM70.roa
Signing time:             Wed 01 Jan 2025 21:48:50 +0000
ROA not before:           Wed 01 Jan 2025 21:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        91.216.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/xFvSa8XYHu6cjhotDXjRDarggZU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/xFvSa8XYHu6cjhotDXjRDarggZU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFvSa8XYHu6cjhotDXjRDarggZU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:c2:84:06:8c:f3:b8:08:0c:4f:df:7a:4b:a9:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45bd26bc5d81eee9c8e1a2d0d78d10daae08195
        Validity
            Not Before: Jan  1 21:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2f1748051c229b6afe866c42b225caf3b6833bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:0f:6c:72:56:54:69:56:b5:a4:d9:6f:dc:43:
                    6f:2a:b0:56:5e:6e:ff:8a:d5:87:9d:ff:09:6e:32:
                    e7:8d:74:38:17:8a:27:56:51:58:44:66:b0:11:53:
                    a8:e2:d8:d7:3c:a7:97:e2:65:58:2f:46:13:9a:c0:
                    6d:b8:28:c3:81:fd:9f:3c:08:77:51:28:66:ef:b0:
                    e4:0e:d1:05:16:88:b0:be:67:11:5f:8a:97:e8:90:
                    e7:cf:e3:a0:c6:b4:09:d1:94:a4:fe:eb:78:6b:de:
                    d9:a4:35:41:34:86:22:69:90:20:78:ff:0a:f7:c6:
                    31:fe:e5:3d:c5:d2:57:c3:50:24:47:15:23:e1:21:
                    4e:22:07:33:00:a8:b0:10:5e:09:3b:06:a7:a1:9d:
                    ef:68:46:5c:d6:55:5b:51:82:72:c2:a4:73:43:25:
                    12:a0:2d:24:0c:fa:c8:71:78:19:f3:1a:b4:90:f0:
                    5a:f1:a2:39:ea:e0:3a:c7:e9:20:64:0a:b2:4b:07:
                    03:42:20:86:40:09:57:60:af:a2:af:8d:7c:e7:11:
                    30:42:30:12:95:e3:61:66:e5:21:be:c2:5f:8c:49:
                    91:bc:a7:25:50:a5:fd:f1:42:fa:26:f8:85:1a:67:
                    da:20:3b:6d:c9:65:bf:33:d0:65:ff:bb:5b:86:71:
                    9e:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:F1:74:80:51:C2:29:B6:AF:E8:66:C4:2B:22:5C:AF:3B:68:33:BD
            X509v3 Authority Key Identifier:
                keyid:C4:5B:D2:6B:C5:D8:1E:EE:9C:8E:1A:2D:0D:78:D1:0D:AA:E0:81:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFvSa8XYHu6cjhotDXjRDarggZU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/0vF0gFHCKbav6GbEKyJcrztoM70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/87829a-e332-424f-9c4f-e447be2ac68e/1/xFvSa8XYHu6cjhotDXjRDarggZU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:61:d1:c1:91:06:67:e0:e3:4f:c4:80:70:c6:91:76:e3:ca:
         cb:cf:01:8d:24:81:78:59:ef:c0:6e:39:a9:44:13:69:24:2e:
         f8:20:1e:b5:94:8a:e1:d6:e4:39:44:fb:1b:00:4c:2c:25:10:
         26:5c:6e:97:b8:32:51:36:f6:38:6a:f5:e3:70:31:04:b5:27:
         1d:08:88:16:bf:54:a8:2b:c6:e3:47:93:c8:7b:18:18:d9:de:
         40:09:63:81:6a:8e:61:ae:c9:a4:40:49:1e:7b:23:4a:6e:83:
         79:bb:a1:b2:ee:03:92:bc:76:cc:56:fa:32:36:66:d7:23:ad:
         be:a7:f7:7f:e5:4d:b4:e4:f7:60:34:d7:31:3a:1f:87:9a:2f:
         ab:c7:07:93:54:ec:ab:ad:de:90:31:2a:ba:62:6b:62:f2:80:
         05:49:9f:73:99:1b:50:b4:80:97:f2:30:fd:cc:18:bc:ee:9b:
         d6:de:e9:de:dd:4f:72:be:d9:bc:b4:ed:10:92:ac:64:c9:75:
         bd:2c:7c:e9:f9:32:68:40:22:5c:82:36:5b:10:dd:65:80:4b:
         37:9d:53:e1:20:36:7f:ae:11:3e:1b:a3:fb:bc:3d:c7:8d:8e:
         d6:36:26:fd:23:42:8c:82:a1:23:c8:4c:82:b3:30:05:94:f0:
         b6:d0:af:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj18KEBozzuAgMT996S6kSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWJkMjZiYzVkODFlZWU5YzhlMWEyZDBkNzhkMTBkYWFl
MDgxOTUwHhcNMjUwMTAxMjE0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmYxNzQ4MDUxYzIyOWI2YWZlODY2YzQyYjIyNWNhZjNiNjgzM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtQ9sclZUaVa1pNlv3ENvKrBWXm7/
itWHnf8JbjLnjXQ4F4onVlFYRGawEVOo4tjXPKeX4mVYL0YTmsBtuCjDgf2fPAh3
UShm77DkDtEFFoiwvmcRX4qX6JDnz+OgxrQJ0ZSk/ut4a97ZpDVBNIYiaZAgeP8K
98Yx/uU9xdJXw1AkRxUj4SFOIgczAKiwEF4JOwanoZ3vaEZc1lVbUYJywqRzQyUS
oC0kDPrIcXgZ8xq0kPBa8aI56uA6x+kgZAqySwcDQiCGQAlXYK+ir4185xEwQjAS
leNhZuUhvsJfjEmRvKclUKX98UL6JviFGmfaIDttyWW/M9Bl/7tbhnGemQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNLxdIBRwim2r+hmxCsiXK87aDO9MB8GA1UdIwQY
MBaAFMRb0mvF2B7unI4aLQ140Q2q4IGVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ2U2E4WFlIdTZjamhvdERYalJEYXJnZ1pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84NzgyOWEtZTMzMi00MjRmLTljNGYt
ZTQ0N2JlMmFjNjhlLzEvMHZGMGdGSENLYmF2NkdiRUt5SmNyenRvTTcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC84NzgyOWEtZTMzMi00MjRmLTljNGYtZTQ0N2JlMmFjNjhl
LzEveEZ2U2E4WFlIdTZjamhvdERYalJEYXJnZ1pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9gEMA0G
CSqGSIb3DQEBCwUAA4IBAQBrYdHBkQZn4ONPxIBwxpF248rLzwGNJIF4We/Abjmp
RBNpJC74IB61lIrh1uQ5RPsbAEwsJRAmXG6XuDJRNvY4avXjcDEEtScdCIgWv1So
K8bjR5PIexgY2d5ACWOBao5hrsmkQEkeeyNKboN5u6Gy7gOSvHbMVvoyNmbXI62+
p/d/5U205PdgNNcxOh+Hmi+rxweTVOyrrd6QMSq6Ymti8oAFSZ9zmRtQtICX8jD9
zBi87pvW3une3U9yvtm8tO0QkqxkyXW9LHzp+TJoQCJcgjZbEN1lgEs3nVPhIDZ/
rhE+G6P7vD3HjY7WNib9I0KMgqEjyEyCszAFlPC20K81
-----END CERTIFICATE-----