Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/iN4kY7sCfzKOl-coUiFvOhD6wg4.roa
File:                     iN4kY7sCfzKOl-coUiFvOhD6wg4.roa (raw, json)
Hash identifier:          ZI3B1VaDQ0JfOlPoqiW79rOHU3ymg8mbnEbUM636Uvw=
Subject key identifier:   88:DE:24:63:BB:02:7F:32:8E:97:E7:28:52:21:6F:3A:10:FA:C2:0E
Certificate issuer:       /CN=d68b6cfb720a7c92a180ca614bdb0eda1f1ebe9d
Certificate serial:       019421B1DD416BA9C3445130A8DE33812AD2
Authority key identifier: D6:8B:6C:FB:72:0A:7C:92:A1:80:CA:61:4B:DB:0E:DA:1F:1E:BE:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1ots-3IKfJKhgMphS9sO2h8evp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/iN4kY7sCfzKOl-coUiFvOhD6wg4.roa
Signing time:             Wed 01 Jan 2025 11:48:12 +0000
ROA not before:           Wed 01 Jan 2025 11:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51480
IP address blocks:        91.217.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/1ots-3IKfJKhgMphS9sO2h8evp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/1ots-3IKfJKhgMphS9sO2h8evp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1ots-3IKfJKhgMphS9sO2h8evp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 11:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:dd:41:6b:a9:c3:44:51:30:a8:de:33:81:2a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d68b6cfb720a7c92a180ca614bdb0eda1f1ebe9d
        Validity
            Not Before: Jan  1 11:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88de2463bb027f328e97e72852216f3a10fac20e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:07:99:75:7d:85:7b:cf:47:77:cf:03:81:59:
                    94:0a:39:ae:7e:ea:62:d6:a7:75:d9:d7:57:5c:ab:
                    7b:46:b0:0b:55:e5:b2:e8:28:10:cd:6c:de:91:fa:
                    ac:7b:43:95:e0:cb:6b:3c:28:5f:6a:24:98:b0:44:
                    69:ba:a5:78:6f:f3:60:28:66:b2:05:fa:73:f4:e8:
                    4a:ee:e9:24:b0:56:be:ab:34:62:c1:2d:3f:af:08:
                    f4:73:a2:a7:e1:71:a1:ba:7f:79:40:3c:10:95:43:
                    97:22:9a:3a:3c:ac:5f:1f:47:0f:51:30:49:7c:9a:
                    0e:d2:1b:b4:4f:57:64:31:7c:75:db:20:12:0d:41:
                    b9:c8:ae:40:a5:e3:86:98:b7:98:00:38:75:f7:b9:
                    b2:4d:97:00:f4:b5:cc:fc:01:64:73:d1:63:d6:08:
                    ac:2f:55:69:7f:28:e8:2a:9f:d9:51:13:9a:89:cf:
                    46:89:e6:ed:a7:75:1b:ca:7a:b7:44:93:08:34:4b:
                    6f:27:02:a3:1c:66:f4:9e:9e:95:b9:63:11:5b:c1:
                    56:bd:7b:5e:44:53:8e:da:cc:9c:0f:b9:54:ad:7c:
                    e0:03:65:11:8d:89:af:41:02:68:0a:7f:95:2e:eb:
                    9f:c8:1e:9f:ed:eb:10:b7:69:90:51:d7:e9:6b:0b:
                    73:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:DE:24:63:BB:02:7F:32:8E:97:E7:28:52:21:6F:3A:10:FA:C2:0E
            X509v3 Authority Key Identifier:
                keyid:D6:8B:6C:FB:72:0A:7C:92:A1:80:CA:61:4B:DB:0E:DA:1F:1E:BE:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1ots-3IKfJKhgMphS9sO2h8evp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/iN4kY7sCfzKOl-coUiFvOhD6wg4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/b5945d-4915-4bd7-91c1-33e319a454ef/1/1ots-3IKfJKhgMphS9sO2h8evp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:6f:98:94:31:c4:3a:ef:34:4d:f0:be:8c:e8:85:48:1f:7a:
         5f:f6:6d:71:7e:8f:6e:6d:e9:ce:5e:bf:8a:3b:62:e9:7f:80:
         4b:b4:3a:e7:9b:80:bb:32:1c:fe:32:0f:04:09:b0:6f:91:3e:
         74:d2:ff:fd:2b:a8:50:d4:73:0c:07:81:fa:85:3a:12:04:7b:
         ab:8a:e0:26:ec:77:ee:70:b0:87:8e:2e:4c:bd:1b:25:7a:fe:
         d9:b4:05:61:46:f8:bf:d0:a0:b5:91:ba:00:fb:70:38:6e:17:
         90:29:dc:e8:66:f8:20:31:a1:09:ed:34:ac:94:8b:67:bd:a3:
         75:95:a3:64:73:12:56:0f:3d:5a:04:97:33:36:33:8d:f1:6f:
         e8:3b:ef:99:12:e9:e8:d7:31:6a:bf:41:15:81:a4:d2:13:45:
         a7:4e:e4:a2:89:23:34:9c:8d:13:21:b3:f5:56:df:54:3d:5b:
         e3:d1:7d:5e:e5:d8:b9:91:b7:7f:7a:0e:9d:9c:95:16:50:ce:
         04:7e:fd:54:1c:82:b5:d3:1a:6d:04:5c:e4:a7:b9:75:8b:5c:
         82:75:b6:36:91:6e:65:fa:6d:fa:d4:7e:26:5a:ea:92:47:02:
         9c:ca:df:f5:2e:c9:bc:6d:46:72:25:b5:34:fc:61:42:8d:f0:
         71:b7:66:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsd1Ba6nDRFEwqN4zgSrSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2OGI2Y2ZiNzIwYTdjOTJhMTgwY2E2MTRiZGIwZWRhMWYx
ZWJlOWQwHhcNMjUwMTAxMTE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGRlMjQ2M2JiMDI3ZjMyOGU5N2U3Mjg1MjIxNmYzYTEwZmFjMjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgeZdX2Fe89Hd88DgVmUCjmufupi
1qd12ddXXKt7RrALVeWy6CgQzWzekfqse0OV4MtrPChfaiSYsERpuqV4b/NgKGay
Bfpz9OhK7ukksFa+qzRiwS0/rwj0c6Kn4XGhun95QDwQlUOXIpo6PKxfH0cPUTBJ
fJoO0hu0T1dkMXx12yASDUG5yK5ApeOGmLeYADh197myTZcA9LXM/AFkc9Fj1gis
L1VpfyjoKp/ZUROaic9Giebtp3Ubynq3RJMINEtvJwKjHGb0np6VuWMRW8FWvXte
RFOO2sycD7lUrXzgA2URjYmvQQJoCn+VLuufyB6f7esQt2mQUdfpawtzxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjeJGO7An8yjpfnKFIhbzoQ+sIOMB8GA1UdIwQY
MBaAFNaLbPtyCnySoYDKYUvbDtofHr6dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW90cy0zSUtmSktoZ01waFM5c08yaDhldnAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iNTk0NWQtNDkxNS00YmQ3LTkxYzEt
MzNlMzE5YTQ1NGVmLzEvaU40a1k3c0NmektPbC1jb1VpRnZPaEQ2d2c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iNTk0NWQtNDkxNS00YmQ3LTkxYzEtMzNlMzE5YTQ1NGVm
LzEvMW90cy0zSUtmSktoZ01waFM5c08yaDhldnAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9m7MA0G
CSqGSIb3DQEBCwUAA4IBAQAYb5iUMcQ67zRN8L6M6IVIH3pf9m1xfo9ubenOXr+K
O2Lpf4BLtDrnm4C7Mhz+Mg8ECbBvkT500v/9K6hQ1HMMB4H6hToSBHuriuAm7Hfu
cLCHji5MvRslev7ZtAVhRvi/0KC1kboA+3A4bheQKdzoZvggMaEJ7TSslItnvaN1
laNkcxJWDz1aBJczNjON8W/oO++ZEuno1zFqv0EVgaTSE0WnTuSiiSM0nI0TIbP1
Vt9UPVvj0X1e5di5kbd/eg6dnJUWUM4Efv1UHIK10xptBFzkp7l1i1yCdbY2kW5l
+m361H4mWuqSRwKcyt/1Lsm8bUZyJbU0/GFCjfBxt2aD
-----END CERTIFICATE-----