Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/ogHgQyaDJwRla-L-NRcofE85Dtc.roa
File:                     ogHgQyaDJwRla-L-NRcofE85Dtc.roa (raw, json)
Hash identifier:          Am1SCJNRHKVY/nX1SY991hSY0JScSD8ppmyuS/bIXqY=
Subject key identifier:   A2:01:E0:43:26:83:27:04:65:6B:E2:FE:35:17:28:7C:4F:39:0E:D7
Certificate issuer:       /CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
Certificate serial:       0194228E4541C7F0B6E5540CB68A81C455F2
Authority key identifier: BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/ogHgQyaDJwRla-L-NRcofE85Dtc.roa
Signing time:             Wed 01 Jan 2025 15:48:56 +0000
ROA not before:           Wed 01 Jan 2025 15:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9002
IP address blocks:        91.199.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:45:41:c7:f0:b6:e5:54:0c:b6:8a:81:c4:55:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc56db796def0dbdb4c78f2445abecc1570a6fd9
        Validity
            Not Before: Jan  1 15:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a201e04326832704656be2fe3517287c4f390ed7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:40:a0:5d:59:32:e1:a4:67:3f:87:06:5b:dc:
                    34:69:f8:45:2e:90:02:78:a9:11:63:d6:f7:dc:a9:
                    92:de:7c:bd:c4:63:65:af:ac:fb:a0:d7:9c:e0:bf:
                    d2:5c:eb:ed:db:44:6d:89:4a:82:62:48:39:7b:79:
                    74:5d:77:bd:83:d3:73:0c:8c:3c:9d:01:a8:cc:c0:
                    6c:d3:93:82:37:27:1b:73:95:61:8b:db:30:99:7f:
                    d0:40:f0:5b:c6:9c:d1:32:4d:9d:16:59:61:42:31:
                    89:27:76:b5:dd:11:e5:7d:76:e4:66:22:40:06:58:
                    28:04:62:54:e6:d3:e2:11:ec:4d:aa:b8:b2:9a:95:
                    30:bc:72:f7:32:20:cd:5b:37:6f:da:42:51:d1:9c:
                    bd:38:e4:9d:c1:95:01:b7:5d:1f:e3:2b:74:25:87:
                    a3:dd:1d:8f:0e:65:31:25:11:19:67:1f:f2:93:ac:
                    44:81:93:d1:ae:e1:fa:16:7e:93:df:17:60:c1:ed:
                    78:7f:95:f6:d9:ec:21:6a:14:f2:7f:d6:77:b5:cd:
                    83:db:b9:be:a1:2c:74:1d:fa:c0:31:04:45:75:c0:
                    0a:b1:43:dd:a2:31:cf:01:b8:eb:db:71:74:83:2f:
                    53:8e:95:c9:9e:14:1c:36:60:3b:f3:68:55:3a:fa:
                    e6:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:01:E0:43:26:83:27:04:65:6B:E2:FE:35:17:28:7C:4F:39:0E:D7
            X509v3 Authority Key Identifier:
                keyid:BC:56:DB:79:6D:EF:0D:BD:B4:C7:8F:24:45:AB:EC:C1:57:0A:6F:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vFbbeW3vDb20x48kRavswVcKb9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/ogHgQyaDJwRla-L-NRcofE85Dtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/8b9bd9-3f62-4e30-8085-1ec721fa2a30/1/vFbbeW3vDb20x48kRavswVcKb9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:a1:e7:7f:5e:6d:cd:2f:a1:0a:71:cf:6f:a2:24:83:7f:82:
         3b:18:06:57:23:6c:fa:71:ca:32:d5:da:84:e5:c6:16:13:12:
         6e:3c:b8:b4:db:e1:52:1b:1c:14:93:6c:de:51:a7:ad:05:39:
         bc:31:91:b1:a4:58:a3:73:85:77:93:a4:7e:7c:5e:62:f0:24:
         c3:4a:29:6d:b6:e8:fd:29:16:c9:7a:21:83:06:4d:e4:4e:15:
         d2:57:c9:4e:97:e0:76:40:b1:75:22:c6:e6:5b:37:a7:93:9c:
         8d:a1:77:20:ca:2b:eb:c3:db:18:1f:81:1b:40:b0:df:e4:fa:
         2f:15:5e:ff:33:ea:d9:80:2d:6f:bc:b3:80:4d:04:da:cb:48:
         2f:16:52:08:1b:c6:01:7b:bc:da:7e:88:cd:f3:b9:f5:0b:15:
         ca:bd:58:d8:07:a4:c2:30:4e:62:24:5e:63:94:3a:13:a4:72:
         63:32:12:d4:43:d8:fa:41:f5:bc:b0:92:18:7c:85:a8:64:90:
         40:ff:e2:51:96:b2:2c:b7:1b:91:a3:c0:f1:ce:2c:90:ee:d5:
         aa:f9:76:91:6d:da:3e:76:07:cd:ca:51:2e:d9:36:6c:cd:37:
         01:1b:d5:56:3d:ca:43:e3:80:45:2b:f4:a2:09:c6:28:cf:e7:
         07:ff:15:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijkVBx/C25VQMtoqBxFXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjNTZkYjc5NmRlZjBkYmRiNGM3OGYyNDQ1YWJlY2MxNTcw
YTZmZDkwHhcNMjUwMTAxMTU0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjAxZTA0MzI2ODMyNzA0NjU2YmUyZmUzNTE3Mjg3YzRmMzkwZWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00CgXVky4aRnP4cGW9w0afhFLpAC
eKkRY9b33KmS3ny9xGNlr6z7oNec4L/SXOvt20RtiUqCYkg5e3l0XXe9g9NzDIw8
nQGozMBs05OCNycbc5Vhi9swmX/QQPBbxpzRMk2dFllhQjGJJ3a13RHlfXbkZiJA
BlgoBGJU5tPiEexNqriympUwvHL3MiDNWzdv2kJR0Zy9OOSdwZUBt10f4yt0JYej
3R2PDmUxJREZZx/yk6xEgZPRruH6Fn6T3xdgwe14f5X22ewhahTyf9Z3tc2D27m+
oSx0HfrAMQRFdcAKsUPdojHPAbjr23F0gy9TjpXJnhQcNmA782hVOvrmxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIB4EMmgycEZWvi/jUXKHxPOQ7XMB8GA1UdIwQY
MBaAFLxW23lt7w29tMePJEWr7MFXCm/ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUt
MWVjNzIxZmEyYTMwLzEvb2dIZ1F5YURKd1JsYS1MLU5SY29mRTg1RHRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC84YjliZDktM2Y2Mi00ZTMwLTgwODUtMWVjNzIxZmEyYTMw
LzEvdkZiYmVXM3ZEYjIweDQ4a1JhdnN3VmNLYjlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8cQMA0G
CSqGSIb3DQEBCwUAA4IBAQCJoed/Xm3NL6EKcc9voiSDf4I7GAZXI2z6ccoy1dqE
5cYWExJuPLi02+FSGxwUk2zeUaetBTm8MZGxpFijc4V3k6R+fF5i8CTDSilttuj9
KRbJeiGDBk3kThXSV8lOl+B2QLF1IsbmWzenk5yNoXcgyivrw9sYH4EbQLDf5Pov
FV7/M+rZgC1vvLOATQTay0gvFlIIG8YBe7zafojN87n1CxXKvVjYB6TCME5iJF5j
lDoTpHJjMhLUQ9j6QfW8sJIYfIWoZJBA/+JRlrIstxuRo8DxziyQ7tWq+XaRbdo+
dgfNylEu2TZszTcBG9VWPcpD44BFK/SiCcYoz+cH/xXK
-----END CERTIFICATE-----