Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/xfuYQjKIwNsH8n8qNl-5nn5swlA.roa
File:                     xfuYQjKIwNsH8n8qNl-5nn5swlA.roa (raw, json)
Hash identifier:          EURGAPm/xAIC/hIpJIK0VPaCfzGhmdAUIaI/It3KKIY=
Subject key identifier:   C5:FB:98:42:32:88:C0:DB:07:F2:7F:2A:36:5F:B9:9E:7E:6C:C2:50
Certificate issuer:       /CN=6cb850deb28bdb2f655e2f1b02d37c13c6d43452
Certificate serial:       0194222016B8208914A3CAE9A340BD0B9C4C
Authority key identifier: 6C:B8:50:DE:B2:8B:DB:2F:65:5E:2F:1B:02:D3:7C:13:C6:D4:34:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/xfuYQjKIwNsH8n8qNl-5nn5swlA.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56409
IP address blocks:        91.223.128.0/24 maxlen: 24
                          2001:67c:16f0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 14:24:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:16:b8:20:89:14:a3:ca:e9:a3:40:bd:0b:9c:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cb850deb28bdb2f655e2f1b02d37c13c6d43452
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5fb98423288c0db07f27f2a365fb99e7e6cc250
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:18:f2:c5:57:29:4f:d7:a2:64:a7:cd:27:26:
                    5b:19:a7:d9:31:12:0c:b9:bf:f0:a1:fd:88:a6:3c:
                    d2:62:a9:31:43:ff:12:70:51:5b:13:9b:ef:97:f3:
                    87:27:be:5e:b5:1d:da:44:82:f5:54:77:6c:1b:d2:
                    56:e1:cf:05:95:7d:e7:2e:bd:2a:d4:fa:07:78:60:
                    98:13:32:f1:2d:e0:9e:fc:bd:0a:5f:4d:34:e3:90:
                    09:0e:8e:61:6a:e6:4d:ee:b9:15:2e:e9:03:dc:aa:
                    3c:26:d3:01:dc:28:6b:50:dd:b5:47:bb:cd:27:96:
                    63:28:2b:93:61:dd:b7:76:32:a9:9a:71:a1:a7:36:
                    c6:bb:b6:d5:2b:af:36:80:37:79:8f:1a:51:18:69:
                    2d:10:2b:a6:e6:f9:b8:5f:2b:48:1f:38:1b:f4:0c:
                    8f:17:fa:9c:8b:eb:61:51:94:12:de:47:56:52:3d:
                    da:51:3c:3e:d4:ed:b5:4f:0d:c1:a5:0f:6a:80:a9:
                    92:d8:09:36:6a:a9:51:fe:a5:eb:7e:ea:cf:95:2e:
                    a3:49:6e:44:28:43:15:6b:0d:30:04:60:46:4d:e8:
                    4b:fc:1a:73:32:c9:df:b0:7e:4b:e1:c0:b6:8e:76:
                    64:a6:8b:3d:72:21:5b:85:a1:0d:48:2c:ba:54:69:
                    d2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:FB:98:42:32:88:C0:DB:07:F2:7F:2A:36:5F:B9:9E:7E:6C:C2:50
            X509v3 Authority Key Identifier:
                keyid:6C:B8:50:DE:B2:8B:DB:2F:65:5E:2F:1B:02:D3:7C:13:C6:D4:34:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/xfuYQjKIwNsH8n8qNl-5nn5swlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/b2d70d-4953-4d61-b8c9-88b2d2cf7c31/1/bLhQ3rKL2y9lXi8bAtN8E8bUNFI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.128.0/24
                IPv6:
                  2001:67c:16f0::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:3d:2a:11:29:fc:e2:0f:9f:16:03:d3:c3:80:77:20:9f:6f:
         b6:4a:d8:a3:e4:b7:36:83:0a:1f:80:ad:b5:8f:d4:7b:06:61:
         16:32:3b:ce:51:3b:7c:1a:87:8f:6d:fa:97:25:f8:ee:e3:6a:
         33:b5:ca:4f:b2:ab:37:46:04:1d:70:ca:2e:00:82:f8:2c:53:
         e8:c6:e5:67:d2:d4:f1:83:16:d8:1a:e3:c2:33:11:20:80:3c:
         35:ae:f7:3b:05:ea:6d:21:5e:d7:e2:c2:3f:3a:a6:b6:51:ae:
         d9:0e:e4:94:2f:3d:bb:81:9d:41:5a:37:41:69:20:aa:58:7b:
         32:18:c2:7c:a3:b0:44:36:0f:87:9d:e3:4f:55:c2:d8:61:7e:
         b3:7c:ab:7b:68:ec:fc:2d:77:0a:9c:b7:9b:6a:55:c7:79:3e:
         4c:47:9a:1f:55:36:ee:7c:42:34:3d:fe:2a:66:55:96:b5:7a:
         2f:c3:e3:fe:ee:79:fa:ce:b0:fc:2b:37:f6:6b:87:a8:33:c8:
         83:97:37:a3:18:e7:7b:14:31:25:a3:a2:53:d3:89:05:66:38:
         9a:b0:ff:58:82:9b:29:95:33:fb:95:c1:b1:f4:bf:7d:e9:5c:
         c4:f9:51:8c:ec:3a:24:2f:b9:8c:ac:c2:3a:59:60:0f:4f:0f:
         45:83:81:68
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQiIBa4IIkUo8rpo0C9C5xMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYjg1MGRlYjI4YmRiMmY2NTVlMmYxYjAyZDM3YzEzYzZk
NDM0NTIwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWZiOTg0MjMyODhjMGRiMDdmMjdmMmEzNjVmYjk5ZTdlNmNjMjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhjyxVcpT9eiZKfNJyZbGafZMRIM
ub/wof2IpjzSYqkxQ/8ScFFbE5vvl/OHJ75etR3aRIL1VHdsG9JW4c8FlX3nLr0q
1PoHeGCYEzLxLeCe/L0KX00045AJDo5hauZN7rkVLukD3Ko8JtMB3ChrUN21R7vN
J5ZjKCuTYd23djKpmnGhpzbGu7bVK682gDd5jxpRGGktECum5vm4XytIHzgb9AyP
F/qci+thUZQS3kdWUj3aUTw+1O21Tw3BpQ9qgKmS2Ak2aqlR/qXrfurPlS6jSW5E
KEMVaw0wBGBGTehL/BpzMsnfsH5L4cC2jnZkpos9ciFbhaENSCy6VGnSYQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMX7mEIyiMDbB/J/KjZfuZ5+bMJQMB8GA1UdIwQY
MBaAFGy4UN6yi9svZV4vGwLTfBPG1DRSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkxoUTNyS0wyeTlsWGk4YkF0TjhFOGJVTkZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9iMmQ3MGQtNDk1My00ZDYxLWI4Yzkt
ODhiMmQyY2Y3YzMxLzEveGZ1WVFqS0l3TnNIOG44cU5sLTVubjVzd2xBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9iMmQ3MGQtNDk1My00ZDYxLWI4YzktODhiMmQyY2Y3YzMx
LzEvYkxoUTNyS0wyeTlsWGk4YkF0TjhFOGJVTkZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9+AMA8E
AgACMAkDBwAgAQZ8FvAwDQYJKoZIhvcNAQELBQADggEBACE9KhEp/OIPnxYD08OA
dyCfb7ZK2KPktzaDCh+ArbWP1HsGYRYyO85RO3wah49t+pcl+O7jajO1yk+yqzdG
BB1wyi4AgvgsU+jG5WfS1PGDFtga48IzESCAPDWu9zsF6m0hXtfiwj86prZRrtkO
5JQvPbuBnUFaN0FpIKpYezIYwnyjsEQ2D4ed409VwthhfrN8q3to7Pwtdwqct5tq
Vcd5PkxHmh9VNu58QjQ9/ipmVZa1ei/D4/7uefrOsPwrN/Zrh6gzyIOXN6MY53sU
MSWjolPTiQVmOJqw/1iCmymVM/uVwbH0v33pXMT5UYzsOiQvuYyswjpZYA9PD0WD
gWg=
-----END CERTIFICATE-----