Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/In0Jw5JnZ3csEpEbMyZKw9CZJLc.roa
File:                     In0Jw5JnZ3csEpEbMyZKw9CZJLc.roa (raw, json)
Hash identifier:          BQTqQKqx4zlJm4JxcLJcv6hnVItXcaWcLAa74Tq6oYo=
Subject key identifier:   22:7D:09:C3:92:67:67:77:2C:12:91:1B:33:26:4A:C3:D0:99:24:B7
Certificate issuer:       /CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
Certificate serial:       0194228E449F1590379F872ACD66BAFF2351
Authority key identifier: BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/In0Jw5JnZ3csEpEbMyZKw9CZJLc.roa
Signing time:             Wed 01 Jan 2025 15:48:56 +0000
ROA not before:           Wed 01 Jan 2025 15:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2854
IP address blocks:        91.199.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:44:9f:15:90:37:9f:87:2a:cd:66:ba:ff:23:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
        Validity
            Not Before: Jan  1 15:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=227d09c3926767772c12911b33264ac3d09924b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e9:f1:39:13:56:12:5a:cf:f7:ad:b8:42:e5:
                    96:ce:ea:c2:f8:21:a2:55:89:93:e9:88:c6:84:66:
                    f1:3b:7f:5a:06:ba:9d:d3:3d:60:8f:60:ea:0b:c5:
                    1a:9a:2d:4c:4c:a7:10:b3:f5:87:58:46:1b:df:57:
                    2d:91:55:75:78:9c:3d:bd:9a:3d:73:0f:cd:f1:bc:
                    40:9f:45:2c:e5:db:b9:48:d2:60:9c:b1:12:34:15:
                    f5:91:98:5f:15:3c:e9:59:db:54:ad:de:ff:83:81:
                    7e:04:55:75:19:12:6e:18:11:0e:b9:e5:de:0e:23:
                    64:82:d1:02:92:fd:f0:87:6b:3c:7e:42:04:08:f6:
                    83:1f:2a:fe:9c:50:7e:e2:89:96:69:bc:95:75:e1:
                    db:7b:19:b3:a9:7a:82:98:6f:51:f7:37:d2:55:ee:
                    5c:18:6e:18:16:6f:4b:a7:8f:f7:1b:97:cb:10:52:
                    f1:c1:70:60:6f:ef:19:0f:cc:b8:a2:4b:1a:91:3a:
                    95:23:9e:90:44:e9:68:99:83:57:90:94:94:06:d8:
                    52:20:45:d8:10:8e:60:2c:6c:69:df:15:03:4e:fb:
                    07:5e:87:a6:cc:99:ac:8b:b2:cf:42:d7:b7:bd:43:
                    99:cd:fd:55:b1:5a:a3:06:2f:27:4d:dc:49:4d:4a:
                    3a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:7D:09:C3:92:67:67:77:2C:12:91:1B:33:26:4A:C3:D0:99:24:B7
            X509v3 Authority Key Identifier:
                keyid:BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/In0Jw5JnZ3csEpEbMyZKw9CZJLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:3d:b3:dd:21:7a:b5:9c:9b:2e:45:e2:7c:fd:bc:80:a1:31:
         6c:f7:9e:ef:98:25:d9:6f:b2:2b:77:d7:43:d7:c8:0b:3e:02:
         18:2f:fe:53:3e:41:02:e5:c3:0f:7b:da:9d:38:af:52:73:47:
         c7:ea:3f:11:01:81:05:fa:93:d1:9c:40:79:e3:ca:8f:b1:c0:
         7c:2b:4e:5e:21:44:ed:6a:39:d6:e9:83:5e:41:04:8c:6f:45:
         da:c0:f5:6a:48:36:53:ae:37:9e:bb:7a:c4:53:6b:0b:0e:a0:
         35:69:31:2a:e5:de:ed:cb:5c:2d:d4:ff:e1:d4:58:d9:b8:c5:
         77:a6:59:d1:0f:8c:41:44:12:2f:9a:51:a6:32:b4:d3:bc:16:
         cc:ff:89:8b:ea:84:d3:95:07:65:64:66:a3:09:cc:2e:f6:73:
         2c:02:55:11:05:1c:ee:23:7b:d2:52:8a:42:44:8c:e2:a5:9a:
         13:5f:60:d9:e9:09:d7:02:bd:50:f5:d4:75:bd:46:59:b7:68:
         a4:f0:8a:64:b5:9c:81:ec:37:06:f1:8c:52:5f:c7:36:f7:a9:
         60:96:d4:b3:18:af:42:87:15:0f:f6:3e:23:95:94:b6:bb:ab:
         bf:90:72:5d:f7:6e:69:0c:2e:7b:64:33:5e:b0:67:45:d3:e1:
         c8:0b:7a:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijkSfFZA3n4cqzWa6/yNRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNTZkYjc5NmRlZjBkYmRiNGM3OGYyNDQ1YWJlY2MxNTcw
YTZmZDkwHhcNMjUwMTAxMTU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjdkMDljMzkyNjc2Nzc3MmMxMjkxMWIzMzI2NGFjM2QwOTkyNGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuenxORNWElrP9624QuWWzurC+CGi
VYmT6YjGhGbxO39aBrqd0z1gj2DqC8Uami1MTKcQs/WHWEYb31ctkVV1eJw9vZo9
cw/N8bxAn0Us5du5SNJgnLESNBX1kZhfFTzpWdtUrd7/g4F+BFV1GRJuGBEOueXe
DiNkgtECkv3wh2s8fkIECPaDHyr+nFB+4omWabyVdeHbexmzqXqCmG9R9zfSVe5c
GG4YFm9Lp4/3G5fLEFLxwXBgb+8ZD8y4oksakTqVI56QROlomYNXkJSUBthSIEXY
EI5gLGxp3xUDTvsHXoemzJmsi7LPQte3vUOZzf1VsVqjBi8nTdxJTUo6kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCJ9CcOSZ2d3LBKRGzMmSsPQmSS3MB8GA1UdIwQY
MBaAFLxW23lt7w29tMePJEWr7MFXCm/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUt
MWVjNzIxZmEyYTMwLzEvSW4wSnc1Sm5aM2NzRXBFYk15Wkt3OUNaSkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUtMWVjNzIxZmEyYTMw
LzEvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cQMA0G
CSqGSIb3DQEBCwUAA4IBAQARPbPdIXq1nJsuReJ8/byAoTFs957vmCXZb7Ird9dD
18gLPgIYL/5TPkEC5cMPe9qdOK9Sc0fH6j8RAYEF+pPRnEB548qPscB8K05eIUTt
ajnW6YNeQQSMb0XawPVqSDZTrjeeu3rEU2sLDqA1aTEq5d7ty1wt1P/h1FjZuMV3
plnRD4xBRBIvmlGmMrTTvBbM/4mL6oTTlQdlZGajCcwu9nMsAlURBRzuI3vSUopC
RIzipZoTX2DZ6QnXAr1Q9dR1vUZZt2ik8IpktZyB7DcG8YxSX8c296lgltSzGK9C
hxUP9j4jlZS2u6u/kHJd925pDC57ZDNesGdF0+HIC3rD
-----END CERTIFICATE-----