Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/lAqndAolY7BWQzN7LT0Q-IX6vb0.roa
File:                     lAqndAolY7BWQzN7LT0Q-IX6vb0.roa (raw, json)
Hash identifier:          TGjadtZcD24yjuhtvBWL3IHkQVMYaJkPJka0+x4+n2k=
Subject key identifier:   94:0A:A7:74:0A:25:63:B0:56:43:33:7B:2D:3D:10:F8:85:FA:BD:BD
Certificate issuer:       /CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
Certificate serial:       019425FDA6EF0385C4F0AA8008D6E2B8C35E
Authority key identifier: 62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/lAqndAolY7BWQzN7LT0Q-IX6vb0.roa
Signing time:             Thu 02 Jan 2025 07:49:27 +0000
ROA not before:           Thu 02 Jan 2025 07:49:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44907
IP address blocks:        91.108.20.0/22 maxlen: 22
                          91.108.20.0/23 maxlen: 23
                          2001:b28:f23c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 20:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:a6:ef:03:85:c4:f0:aa:80:08:d6:e2:b8:c3:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6228e7e01fada49c1a52fa13f3626c41b41a51b8
        Validity
            Not Before: Jan  2 07:49:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=940aa7740a2563b05643337b2d3d10f885fabdbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:78:a4:c4:65:25:3c:5e:c2:a9:9d:84:14:15:
                    e1:6c:5c:4e:15:bc:5b:d9:1e:a1:9a:b8:f3:9b:92:
                    06:06:54:36:49:19:f1:64:d1:b3:79:14:95:65:5f:
                    a3:e1:6e:85:0f:2a:e7:1d:36:10:98:96:33:5e:b8:
                    cb:c2:e6:b4:46:63:81:bb:3a:87:a9:8f:e7:cf:4e:
                    5a:71:bd:51:00:23:02:46:81:fc:e4:7b:df:fd:75:
                    63:14:b1:9c:f0:6b:a6:ee:0e:cc:b1:43:7f:af:c4:
                    56:97:45:7f:34:a6:dc:ed:af:5b:3c:34:ea:f7:7d:
                    0f:a9:03:c6:c2:c8:1e:43:ad:cd:21:8f:ba:31:eb:
                    f0:2c:93:c6:c9:b1:7b:ad:1c:b9:6a:58:7a:94:c4:
                    77:7a:cc:bd:df:21:69:52:e8:e7:b1:85:80:81:e3:
                    96:be:14:4f:ab:1f:32:55:01:cf:56:cf:c0:74:0f:
                    a6:1f:43:d4:d1:78:aa:d4:48:bc:05:00:4e:67:99:
                    84:b2:06:2a:8a:3f:80:53:56:05:7e:87:08:13:ab:
                    c5:af:26:53:41:58:06:03:1c:31:e1:7b:48:63:32:
                    55:b4:89:de:a8:82:50:40:4d:01:15:9c:86:f8:2c:
                    53:41:69:47:c4:25:a5:59:f9:f1:35:f7:7a:5b:83:
                    c2:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:0A:A7:74:0A:25:63:B0:56:43:33:7B:2D:3D:10:F8:85:FA:BD:BD
            X509v3 Authority Key Identifier:
                keyid:62:28:E7:E0:1F:AD:A4:9C:1A:52:FA:13:F3:62:6C:41:B4:1A:51:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yijn4B-tpJwaUvoT82JsQbQaUbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/lAqndAolY7BWQzN7LT0Q-IX6vb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/baaff3-aeb4-4616-8fb5-76741652510d/1/Yijn4B-tpJwaUvoT82JsQbQaUbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.20.0/22
                IPv6:
                  2001:b28:f23c::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:35:d6:1d:5f:e9:1d:fa:91:f0:d8:86:0e:a6:14:67:f7:66:
         c9:6b:1a:0d:e2:14:51:a1:fb:1f:c8:ce:ac:58:53:72:3d:1c:
         50:1c:43:e0:22:06:99:5d:45:8c:f8:00:f3:d9:f1:56:2d:63:
         f9:4e:4e:2d:85:07:49:9e:1d:d8:d6:42:32:6f:f6:6d:e3:1f:
         37:bf:aa:d7:f1:73:83:40:bd:2c:70:9b:1a:a7:2f:e7:d2:09:
         68:89:55:26:77:d5:b0:53:ca:93:c7:fa:08:9f:57:51:f7:8a:
         7b:6c:61:0e:ed:ca:6f:6a:9c:4b:92:b2:20:94:c5:fe:1a:93:
         74:92:71:d5:7f:94:7c:d7:7e:bf:0e:71:e7:0a:12:24:65:54:
         2b:4f:ac:54:39:95:b3:da:24:07:1a:cc:49:cd:a9:e7:d4:75:
         9d:47:a6:be:a9:8f:a0:92:4a:85:cf:ae:0a:ba:49:d9:e5:dd:
         4b:f3:39:48:f2:20:30:d5:c1:f6:9f:22:1b:af:8c:c7:79:1a:
         d2:48:1f:8a:a7:51:a2:cb:ec:60:13:51:78:14:9b:32:b7:eb:
         42:de:60:d7:8f:26:59:2c:38:62:f7:f3:eb:c2:fc:d3:56:dc:
         b6:ba:93:3b:83:fa:c3:c4:45:21:d8:e4:d8:81:69:9d:87:c6:
         06:37:88:ce
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQl/abvA4XE8KqACNbiuMNeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjhlN2UwMWZhZGE0OWMxYTUyZmExM2YzNjI2YzQxYjQx
YTUxYjgwHhcNMjUwMTAyMDc0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDBhYTc3NDBhMjU2M2IwNTY0MzMzN2IyZDNkMTBmODg1ZmFiZGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0nikxGUlPF7CqZ2EFBXhbFxOFbxb
2R6hmrjzm5IGBlQ2SRnxZNGzeRSVZV+j4W6FDyrnHTYQmJYzXrjLwua0RmOBuzqH
qY/nz05acb1RACMCRoH85Hvf/XVjFLGc8Gum7g7MsUN/r8RWl0V/NKbc7a9bPDTq
930PqQPGwsgeQ63NIY+6MevwLJPGybF7rRy5alh6lMR3esy93yFpUujnsYWAgeOW
vhRPqx8yVQHPVs/AdA+mH0PU0Xiq1Ei8BQBOZ5mEsgYqij+AU1YFfocIE6vFryZT
QVgGAxwx4XtIYzJVtIneqIJQQE0BFZyG+CxTQWlHxCWlWfnxNfd6W4PCLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJQKp3QKJWOwVkMzey09EPiF+r29MB8GA1UdIwQY
MBaAFGIo5+AfraScGlL6E/NibEG0GlG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUt
NzY3NDE2NTI1MTBkLzEvbEFxbmRBb2xZN0JXUXpON0xUMFEtSVg2dmIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iYWFmZjMtYWViNC00NjE2LThmYjUtNzY3NDE2NTI1MTBk
LzEvWWlqbjRCLXRwSndhVXZvVDgySnNRYlFhVWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW2wUMA8E
AgACMAkDBwAgAQso8jwwDQYJKoZIhvcNAQELBQADggEBAGg11h1f6R36kfDYhg6m
FGf3ZslrGg3iFFGh+x/IzqxYU3I9HFAcQ+AiBpldRYz4APPZ8VYtY/lOTi2FB0me
HdjWQjJv9m3jHze/qtfxc4NAvSxwmxqnL+fSCWiJVSZ31bBTypPH+gifV1H3ints
YQ7tym9qnEuSsiCUxf4ak3SScdV/lHzXfr8OcecKEiRlVCtPrFQ5lbPaJAcazEnN
qefUdZ1Hpr6pj6CSSoXPrgq6Sdnl3UvzOUjyIDDVwfafIhuvjMd5GtJIH4qnUaLL
7GATUXgUmzK360LeYNePJlksOGL38+vC/NNW3La6kzuD+sPERSHY5NiBaZ2HxgY3
iM4=
-----END CERTIFICATE-----