Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/rrglEeDtNMMTRuZ3vbypZH_RQmE.roa
File:                     rrglEeDtNMMTRuZ3vbypZH_RQmE.roa (raw, json)
Hash identifier:          urqCGELvaxYkBx+UEtrFXZNDg3RBmJzxwZn3ZWt36zo=
Subject key identifier:   AE:B8:25:11:E0:ED:34:C3:13:46:E6:77:BD:BC:A9:64:7F:D1:42:61
Certificate issuer:       /CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
Certificate serial:       019426D9D7B75A2DF131ABACC3070CD577EE
Authority key identifier: DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/rrglEeDtNMMTRuZ3vbypZH_RQmE.roa
Signing time:             Thu 02 Jan 2025 11:49:58 +0000
ROA not before:           Thu 02 Jan 2025 11:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.236.66.0/24 maxlen: 24
                          91.236.67.0/24 maxlen: 24
                          2a10:a700:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d7:b7:5a:2d:f1:31:ab:ac:c3:07:0c:d5:77:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
        Validity
            Not Before: Jan  2 11:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aeb82511e0ed34c31346e677bdbca9647fd14261
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:00:e3:e3:42:57:91:6f:70:e6:67:d4:5b:1e:
                    1b:72:9e:5b:22:57:8a:ae:62:5d:58:21:e6:6f:9a:
                    63:3f:23:85:ee:4b:69:ee:ae:d6:ab:e2:ec:da:f6:
                    71:4f:48:2c:42:19:ea:3d:59:65:a1:dc:4f:2f:d8:
                    72:a0:32:48:85:00:00:c5:cd:b5:62:43:8b:0b:10:
                    e9:d7:4b:eb:f3:4b:c8:f5:ca:64:37:27:d4:42:0a:
                    4a:e1:24:4b:38:fd:22:11:57:3d:a4:16:68:a1:22:
                    2a:6a:d8:03:e9:fe:48:47:c9:a8:d9:3d:6a:a7:f7:
                    40:58:b7:28:1c:6f:0d:45:33:b0:1c:b8:b0:a2:17:
                    d3:33:ff:a7:fa:65:c0:b8:32:a2:3e:1c:6c:46:7c:
                    b6:6e:cf:7d:42:b2:2d:b5:d3:bd:d6:29:4f:fe:7c:
                    9f:0d:6d:3d:97:9e:48:f8:a3:ac:19:ed:3d:e3:2e:
                    89:16:41:4a:91:7d:5a:9c:95:2c:f1:a9:9d:04:0c:
                    19:32:24:f3:d7:b2:45:b9:f6:b1:22:e5:a2:46:fe:
                    18:54:32:d6:bb:b2:96:26:14:2a:5f:18:b6:28:c6:
                    ba:12:09:41:97:1f:a5:fe:86:50:01:9d:2b:3d:fc:
                    e2:3a:71:79:54:b9:23:7e:6b:27:a3:e5:9f:40:fd:
                    b2:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:B8:25:11:E0:ED:34:C3:13:46:E6:77:BD:BC:A9:64:7F:D1:42:61
            X509v3 Authority Key Identifier:
                keyid:DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/rrglEeDtNMMTRuZ3vbypZH_RQmE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.66.0/23
                IPv6:
                  2a10:a700:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         b3:10:6e:da:a9:92:18:f9:b3:80:8a:3b:0f:30:61:b5:84:67:
         c6:3c:a3:98:62:b2:db:64:a0:9d:89:58:3c:b8:80:e6:6f:6d:
         72:7b:a0:96:01:53:cd:9f:33:aa:8e:f3:1b:89:ba:90:68:80:
         51:88:1f:68:32:1f:24:b3:57:5b:af:cf:6f:d6:b4:45:bb:ab:
         b4:b5:55:a7:54:2e:09:c0:2a:f8:92:26:6f:d4:8b:4e:3f:a8:
         77:1d:35:9d:87:45:9f:a2:00:5f:99:2a:49:d7:7d:b0:ee:57:
         ea:22:6e:54:9e:eb:fc:79:8d:69:20:54:f5:05:e8:5f:fd:a2:
         d3:38:45:15:a5:ec:9f:ed:b2:75:92:25:9c:6c:28:69:b6:d8:
         00:bf:24:1e:98:a2:e7:83:3c:df:5e:67:9a:44:3f:39:a4:b7:
         35:b1:59:1d:3d:e3:be:ad:3c:49:87:02:ec:1c:96:de:82:e1:
         59:6b:8f:85:3e:b5:d9:40:17:97:74:48:b9:3e:94:2d:ee:cf:
         3a:af:ad:45:d1:df:0f:db:48:ac:84:ea:3b:ed:6f:e5:de:3c:
         fa:b6:8a:0c:3e:1d:6b:b7:d3:3f:d3:c1:80:64:5d:b4:4b:f8:
         69:7b:cb:56:d1:c6:21:19:21:8a:2b:98:4a:82:0f:1d:66:d8:
         55:31:ad:97
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQm2de3Wi3xMauswwcM1XfuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZmFlN2Q0ZTY5ZDQyZTRmNGM5NWQ5OWY0ODJiOWE5NDRk
YmVmYzgwHhcNMjUwMTAyMTE0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZWI4MjUxMWUwZWQzNGMzMTM0NmU2NzdiZGJjYTk2NDdmZDE0MjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzwDj40JXkW9w5mfUWx4bcp5bIleK
rmJdWCHmb5pjPyOF7ktp7q7Wq+Ls2vZxT0gsQhnqPVllodxPL9hyoDJIhQAAxc21
YkOLCxDp10vr80vI9cpkNyfUQgpK4SRLOP0iEVc9pBZooSIqatgD6f5IR8mo2T1q
p/dAWLcoHG8NRTOwHLiwohfTM/+n+mXAuDKiPhxsRny2bs99QrIttdO91ilP/nyf
DW09l55I+KOsGe094y6JFkFKkX1anJUs8amdBAwZMiTz17JFufaxIuWiRv4YVDLW
u7KWJhQqXxi2KMa6EglBlx+l/oZQAZ0rPfziOnF5VLkjfmsno+WfQP2yKwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFK64JRHg7TTDE0bmd728qWR/0UJhMB8GA1UdIwQY
MBaAFNz659TmnULk9MldmfSCualE2+/IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYt
MzcyNzNkZjM5MDFjLzEvcnJnbEVlRHROTU1UUnVaM3ZieXBaSF9SUW1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYtMzcyNzNkZjM5MDFj
LzEvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQBW+xCMA4E
AgACMAgDBgAqEKcAATANBgkqhkiG9w0BAQsFAAOCAQEAsxBu2qmSGPmzgIo7DzBh
tYRnxjyjmGKy22SgnYlYPLiA5m9tcnuglgFTzZ8zqo7zG4m6kGiAUYgfaDIfJLNX
W6/Pb9a0RburtLVVp1QuCcAq+JImb9SLTj+odx01nYdFn6IAX5kqSdd9sO5X6iJu
VJ7r/HmNaSBU9QXoX/2i0zhFFaXsn+2ydZIlnGwoabbYAL8kHpii54M8315nmkQ/
OaS3NbFZHT3jvq08SYcC7ByW3oLhWWuPhT612UAXl3RIuT6ULe7POq+tRdHfD9tI
rITqO+1v5d48+raKDD4da7fTP9PBgGRdtEv4aXvLVtHGIRkhiiuYSoIPHWbYVTGt
lw==
-----END CERTIFICATE-----