Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/hj3e4V3BcXmmC3J4J-LR8jJvgpQ.roa
File:                     hj3e4V3BcXmmC3J4J-LR8jJvgpQ.roa (raw, json)
Hash identifier:          ajCXRDGbAHENq7O0wMkVKgSnARDHbWRHh8qUlDNLW3k=
Subject key identifier:   86:3D:DE:E1:5D:C1:71:79:A6:0B:72:78:27:E2:D1:F2:32:6F:82:94
Certificate issuer:       /CN=bdd4262f642b1bb0b53b2a6d7798c0899d1e4d43
Certificate serial:       01967C2EE6270B04C5B9080B6EABCC54D116
Authority key identifier: BD:D4:26:2F:64:2B:1B:B0:B5:3B:2A:6D:77:98:C0:89:9D:1E:4D:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/hj3e4V3BcXmmC3J4J-LR8jJvgpQ.roa
Signing time:             Mon 28 Apr 2025 11:36:10 +0000
ROA not before:           Mon 28 Apr 2025 11:36:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211248
IP address blocks:        91.221.2.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 20:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:2e:e6:27:0b:04:c5:b9:08:0b:6e:ab:cc:54:d1:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdd4262f642b1bb0b53b2a6d7798c0899d1e4d43
        Validity
            Not Before: Apr 28 11:36:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=863ddee15dc17179a60b727827e2d1f2326f8294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:67:73:44:7a:ab:36:a3:d2:9e:61:7d:a6:1c:
                    54:2d:80:7d:88:05:c8:10:b6:a6:bc:fd:fc:80:60:
                    49:df:05:e7:43:06:8b:c1:e6:08:af:11:f5:68:fa:
                    8e:1a:4d:f9:61:c2:c1:83:44:06:69:7b:5c:0c:0c:
                    7b:1b:7a:d1:bd:66:cd:28:44:de:98:b7:3c:26:2b:
                    7e:11:ed:cb:00:67:29:f7:73:b7:67:4e:b2:84:5c:
                    9a:8f:bd:c8:72:e4:8a:f8:df:ca:18:13:20:40:d7:
                    c9:ad:bc:26:9b:6b:1d:bb:37:27:0a:74:05:68:40:
                    e1:d2:43:f7:80:8d:57:89:a2:6d:cb:b0:88:a8:00:
                    f9:3d:78:88:2c:cf:64:00:cb:f5:02:e5:87:8e:28:
                    9b:89:01:70:9b:ac:37:00:ad:fe:75:6d:b6:aa:d0:
                    d5:0b:4c:fa:a9:59:6d:e1:00:86:d3:97:1c:f3:18:
                    5f:47:8f:e5:e5:b8:b0:67:e6:b7:5d:c3:73:08:f7:
                    24:6a:bb:9c:23:f2:a2:75:fa:9d:ce:ae:09:3e:78:
                    b4:d0:10:16:9e:c9:91:b6:e3:d7:96:3e:be:35:12:
                    f6:ad:62:5c:ec:8f:9d:f5:60:50:cc:21:2b:0c:62:
                    d9:9f:b7:56:e9:0a:47:fd:27:bf:d6:63:0e:a4:8b:
                    50:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:3D:DE:E1:5D:C1:71:79:A6:0B:72:78:27:E2:D1:F2:32:6F:82:94
            X509v3 Authority Key Identifier:
                keyid:BD:D4:26:2F:64:2B:1B:B0:B5:3B:2A:6D:77:98:C0:89:9D:1E:4D:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/hj3e4V3BcXmmC3J4J-LR8jJvgpQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/90c5be-2f6e-4441-9461-3bd79ffc6398/1/vdQmL2QrG7C1Oyptd5jAiZ0eTUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:be:5d:bb:ba:1a:6e:e3:52:41:28:4d:20:f0:b5:d0:1f:37:
         9e:d3:cd:c9:ee:a1:83:9b:3d:d6:8d:a6:32:b5:ea:7b:84:4b:
         66:31:fd:cb:fb:c4:64:c2:a6:2e:60:f7:94:2e:02:3a:92:e3:
         84:7e:41:22:01:2e:0f:22:77:5d:74:37:52:cb:fa:70:32:ad:
         93:e6:8f:72:9d:bd:4c:5d:18:02:83:d5:c6:88:4c:5e:0e:7f:
         8c:be:50:13:4f:97:86:43:7f:e9:fa:78:69:e3:e2:ae:6d:c0:
         b6:6c:2a:9b:b1:c3:20:65:b3:65:5b:7c:09:9a:7a:1e:cd:1d:
         50:1b:b0:bd:91:b6:29:35:84:2a:bf:0d:d7:54:8c:a0:03:0d:
         50:31:2c:03:e9:aa:d5:cd:96:1c:70:36:dc:5b:66:53:47:16:
         4f:11:00:f0:2b:c1:d2:54:5e:06:72:d5:06:d1:69:2f:e8:0b:
         98:9e:8f:a7:4d:19:29:f0:9a:7b:14:4b:47:ff:73:6d:b2:ef:
         89:84:b8:20:5f:7b:c4:9f:18:5f:6c:0d:8c:fb:cd:79:18:31:
         ad:ca:93:6e:71:4b:91:86:9b:d7:df:24:09:8d:19:82:ad:62:
         a0:89:8e:b1:5f:a0:b0:8a:01:38:f6:68:52:2d:45:b6:9c:b0:
         ca:9f:10:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ8LuYnCwTFuQgLbqvMVNEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkZDQyNjJmNjQyYjFiYjBiNTNiMmE2ZDc3OThjMDg5OWQx
ZTRkNDMwHhcNMjUwNDI4MTEzNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjNkZGVlMTVkYzE3MTc5YTYwYjcyNzgyN2UyZDFmMjMyNmY4Mjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12dzRHqrNqPSnmF9phxULYB9iAXI
ELamvP38gGBJ3wXnQwaLweYIrxH1aPqOGk35YcLBg0QGaXtcDAx7G3rRvWbNKETe
mLc8Jit+Ee3LAGcp93O3Z06yhFyaj73IcuSK+N/KGBMgQNfJrbwmm2sduzcnCnQF
aEDh0kP3gI1XiaJty7CIqAD5PXiILM9kAMv1AuWHjiibiQFwm6w3AK3+dW22qtDV
C0z6qVlt4QCG05cc8xhfR4/l5biwZ+a3XcNzCPckarucI/Kidfqdzq4JPni00BAW
nsmRtuPXlj6+NRL2rWJc7I+d9WBQzCErDGLZn7dW6QpH/Se/1mMOpItQ9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIY93uFdwXF5pgtyeCfi0fIyb4KUMB8GA1UdIwQY
MBaAFL3UJi9kKxuwtTsqbXeYwImdHk1DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmRRbUwyUXJHN0MxT3lwdGQ1akFpWjBlVFVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy85MGM1YmUtMmY2ZS00NDQxLTk0NjEt
M2JkNzlmZmM2Mzk4LzEvaGozZTRWM0JjWG1tQzNKNEotTFI4akp2Z3BRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy85MGM1YmUtMmY2ZS00NDQxLTk0NjEtM2JkNzlmZmM2Mzk4
LzEvdmRRbUwyUXJHN0MxT3lwdGQ1akFpWjBlVFVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW90CMA0G
CSqGSIb3DQEBCwUAA4IBAQCgvl27uhpu41JBKE0g8LXQHzee083J7qGDmz3WjaYy
tep7hEtmMf3L+8RkwqYuYPeULgI6kuOEfkEiAS4PIndddDdSy/pwMq2T5o9ynb1M
XRgCg9XGiExeDn+MvlATT5eGQ3/p+nhp4+KubcC2bCqbscMgZbNlW3wJmnoezR1Q
G7C9kbYpNYQqvw3XVIygAw1QMSwD6arVzZYccDbcW2ZTRxZPEQDwK8HSVF4GctUG
0Wkv6AuYno+nTRkp8Jp7FEtH/3Ntsu+JhLggX3vEnxhfbA2M+815GDGtypNucUuR
hpvX3yQJjRmCrWKgiY6xX6CwigE49mhSLUW2nLDKnxBM
-----END CERTIFICATE-----