Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/bdIq5nOBWGITXlJ9zml2Pg0QFbI.roa
File:                     bdIq5nOBWGITXlJ9zml2Pg0QFbI.roa (raw, json)
Hash identifier:          k0q9hqwpfMQ2WeyDd3IadaGT9hLdAeghDeVvZBVh6H0=
Subject key identifier:   6D:D2:2A:E6:73:81:58:62:13:5E:52:7D:CE:69:76:3E:0D:10:15:B2
Certificate issuer:       /CN=fa4f44ba814b8c94b7afe3022ee01462f513bff7
Certificate serial:       0196828C26A1CB6DFA97DCB75E7987B12AD8
Authority key identifier: FA:4F:44:BA:81:4B:8C:94:B7:AF:E3:02:2E:E0:14:62:F5:13:BF:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/bdIq5nOBWGITXlJ9zml2Pg0QFbI.roa
Signing time:             Tue 29 Apr 2025 17:15:45 +0000
ROA not before:           Tue 29 Apr 2025 17:15:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198031
IP address blocks:        91.146.120.0/22 maxlen: 22
                          2a03:a780::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:8c:26:a1:cb:6d:fa:97:dc:b7:5e:79:87:b1:2a:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa4f44ba814b8c94b7afe3022ee01462f513bff7
        Validity
            Not Before: Apr 29 17:15:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dd22ae673815862135e527dce69763e0d1015b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f3:7f:ae:61:3a:91:bd:8b:b9:52:e5:5b:cb:
                    f4:89:5a:5a:e9:77:c9:48:0d:ab:fd:5b:6c:a4:64:
                    00:d7:98:34:01:28:10:3c:75:ac:7d:d1:80:85:de:
                    62:d3:aa:a8:41:51:7b:4c:27:d1:70:0b:c6:91:47:
                    01:07:04:f8:c2:0f:dd:bd:03:73:64:e4:56:d5:7b:
                    70:b4:be:20:a2:f1:35:04:d1:a5:d0:19:e4:d4:20:
                    ee:85:ff:ab:c0:e3:5e:89:fc:a3:5f:7c:8e:28:8b:
                    64:d2:58:c3:29:51:ab:e9:32:78:0b:55:d8:8b:ec:
                    08:c2:59:9c:10:62:00:3a:ac:7d:84:f6:fc:75:ce:
                    61:62:33:3f:bc:18:cf:57:85:51:ce:8c:34:03:02:
                    90:d0:f8:7e:9b:2d:09:13:11:77:d6:a8:c8:80:b8:
                    c5:91:43:43:1b:fb:be:12:b8:40:55:dd:bb:64:8b:
                    08:b0:00:92:b8:9f:6c:37:cb:8c:4a:3d:87:f5:62:
                    5e:82:5f:2a:e8:84:a3:18:88:6a:b2:6d:68:c1:35:
                    36:be:f7:44:4f:9c:4d:76:65:9a:60:84:c7:fe:b1:
                    c7:90:6f:65:52:09:de:64:24:a2:87:c1:61:5a:6c:
                    f5:e7:9b:28:2c:6f:ca:c0:7e:c1:1a:56:98:b0:c3:
                    91:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D2:2A:E6:73:81:58:62:13:5E:52:7D:CE:69:76:3E:0D:10:15:B2
            X509v3 Authority Key Identifier:
                keyid:FA:4F:44:BA:81:4B:8C:94:B7:AF:E3:02:2E:E0:14:62:F5:13:BF:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/bdIq5nOBWGITXlJ9zml2Pg0QFbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/912110-6fc2-424a-a955-da621cd756d7/1/1-k9EuoFLjJS3r-MCLuAUYvUTv_c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.146.120.0/22
                IPv6:
                  2a03:a780::/32

    Signature Algorithm: sha256WithRSAEncryption
         bd:f4:56:68:cb:44:ca:d5:2a:be:97:a3:c1:c3:e0:6d:3d:24:
         e3:2c:55:e7:24:00:5f:9e:2d:c3:3b:a5:af:9b:c1:05:96:a2:
         3f:90:23:88:73:e6:64:4a:c3:d7:5f:ee:95:4a:24:21:d7:a5:
         0f:05:7a:52:cc:e9:2a:e5:f7:07:42:8e:22:db:97:b7:4a:e3:
         19:36:e8:51:de:bf:2f:51:1a:62:9f:e8:ce:c3:d0:ab:e1:a0:
         63:82:f6:8a:c3:9d:fd:2f:39:e7:bf:c5:1a:25:ec:04:2f:2c:
         af:3c:b4:d5:24:51:41:47:59:6b:4e:da:c7:79:5a:67:52:94:
         03:fb:9e:67:90:70:f3:0f:e9:1c:ae:15:c6:dd:b8:2f:5e:f2:
         38:f0:38:62:68:8e:5e:04:77:6a:15:41:70:81:2d:70:76:e1:
         eb:16:11:78:b8:f4:c2:80:fd:d3:ab:b3:1d:93:32:a4:9e:17:
         e3:93:fe:65:b7:6b:94:ba:47:22:e0:86:a2:2f:8f:40:a8:93:
         cc:92:9a:22:4d:69:c3:af:a9:fa:70:09:97:f6:d5:b1:ac:75:
         db:d1:f0:fd:b4:10:ff:7d:5b:9c:10:31:73:5a:b2:ec:89:10:
         7b:cf:83:d7:bf:da:61:72:8e:fb:7c:ae:3f:6f:ce:7d:fd:8f:
         79:bd:04:9f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZaCjCahy236l9y3XnmHsSrYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNGY0NGJhODE0YjhjOTRiN2FmZTMwMjJlZTAxNDYyZjUx
M2JmZjcwHhcNMjUwNDI5MTcxNTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQyMmFlNjczODE1ODYyMTM1ZTUyN2RjZTY5NzYzZTBkMTAxNWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvN/rmE6kb2LuVLlW8v0iVpa6XfJ
SA2r/VtspGQA15g0ASgQPHWsfdGAhd5i06qoQVF7TCfRcAvGkUcBBwT4wg/dvQNz
ZORW1XtwtL4govE1BNGl0Bnk1CDuhf+rwONeifyjX3yOKItk0ljDKVGr6TJ4C1XY
i+wIwlmcEGIAOqx9hPb8dc5hYjM/vBjPV4VRzow0AwKQ0Ph+my0JExF31qjIgLjF
kUNDG/u+ErhAVd27ZIsIsACSuJ9sN8uMSj2H9WJegl8q6ISjGIhqsm1owTU2vvdE
T5xNdmWaYITH/rHHkG9lUgneZCSih8FhWmz155soLG/KwH7BGlaYsMORiQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG3SKuZzgVhiE15Sfc5pdj4NEBWyMB8GA1UdIwQY
MBaAFPpPRLqBS4yUt6/jAi7gFGL1E7/3MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1rOUV1b0ZMakpTM3ItTUNMdUFVWXZVVHZfYy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDUvOTEyMTEwLTZmYzItNDI0YS1hOTU1
LWRhNjIxY2Q3NTZkNy8xL2JkSXE1bk9CV0dJVFhsSjl6bWwyUGcwUUZiSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDUvOTEyMTEwLTZmYzItNDI0YS1hOTU1LWRhNjIxY2Q3NTZk
Ny8xLzEtazlFdW9GTGpKUzNyLU1DTHVBVVl2VVR2X2MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAJbkngw
DQQCAAIwBwMFACoDp4AwDQYJKoZIhvcNAQELBQADggEBAL30VmjLRMrVKr6Xo8HD
4G09JOMsVeckAF+eLcM7pa+bwQWWoj+QI4hz5mRKw9df7pVKJCHXpQ8FelLM6Srl
9wdCjiLbl7dK4xk26FHevy9RGmKf6M7D0KvhoGOC9orDnf0vOee/xRol7AQvLK88
tNUkUUFHWWtO2sd5WmdSlAP7nmeQcPMP6RyuFcbduC9e8jjwOGJojl4Ed2oVQXCB
LXB24esWEXi49MKA/dOrsx2TMqSeF+OT/mW3a5S6RyLghqIvj0Cok8ySmiJNacOv
qfpwCZf21bGsddvR8P20EP99W5wQMXNasuyJEHvPg9e/2mFyjvt8rj9vzn39j3m9
BJ8=
-----END CERTIFICATE-----