Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/t25OJGV5NvLRgoxXnJz-deTU6uc.roa
File:                     t25OJGV5NvLRgoxXnJz-deTU6uc.roa (raw, json)
Hash identifier:          OWcOgM2TqA6qWlRTloEiAGZOkiX5O95wBt/dIiERHpM=
Subject key identifier:   B7:6E:4E:24:65:79:36:F2:D1:82:8C:57:9C:9C:FE:75:E4:D4:EA:E7
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       018CC500B117C62C0686C47EF2D322439B01
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/t25OJGV5NvLRgoxXnJz-deTU6uc.roa
Signing time:             Mon 01 Jan 2024 12:30:06 +0000
ROA not before:           Mon 01 Jan 2024 12:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        92.61.104.0/24 maxlen: 24
                          91.190.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Apr 2024 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b1:17:c6:2c:06:86:c4:7e:f2:d3:22:43:9b:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Jan  1 12:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b76e4e24657936f2d1828c579c9cfe75e4d4eae7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:52:31:c5:d6:f5:71:22:fb:cf:6e:65:a6:36:
                    eb:34:c8:dd:1e:ae:43:66:1e:da:b2:6b:7b:46:43:
                    db:2c:56:8a:b7:a0:aa:b7:7b:c9:e2:ab:7d:2a:ca:
                    50:24:0f:2c:d9:b3:2e:ce:e2:c0:c5:50:78:b6:68:
                    d7:c2:3b:d7:26:3e:dc:f6:19:d9:8f:14:3a:7b:40:
                    ff:a3:cc:98:40:c0:7f:23:3f:92:0a:16:82:bd:4f:
                    67:28:b2:c4:4c:dc:eb:36:d5:92:b3:00:15:c7:99:
                    9c:f6:15:67:a9:9e:04:03:37:2f:b6:57:0e:ec:d0:
                    fd:12:fd:21:60:bf:10:a0:e8:23:2a:ec:77:a6:20:
                    8f:02:65:d7:a4:61:07:50:fe:14:7c:3d:34:45:37:
                    3d:86:8f:e5:8b:76:16:ba:21:d9:61:96:52:82:93:
                    85:eb:38:65:33:91:5c:c1:fa:0e:8e:a9:94:83:59:
                    f0:2c:55:83:a4:af:58:0f:05:6e:67:7f:6c:77:49:
                    52:f9:6a:eb:6f:bc:fc:b6:c6:ae:04:69:b1:7e:4d:
                    3f:43:37:c0:0e:ba:14:1e:1e:d5:cb:57:52:b1:c3:
                    68:ef:c5:b2:bd:ed:6c:e5:2f:b2:83:c8:82:c6:66:
                    76:94:da:d5:b7:88:22:64:25:be:69:9e:ad:85:cc:
                    f7:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:6E:4E:24:65:79:36:F2:D1:82:8C:57:9C:9C:FE:75:E4:D4:EA:E7
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/t25OJGV5NvLRgoxXnJz-deTU6uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.189.0/24
                  92.61.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bf:f4:eb:52:a1:73:3d:0d:2f:86:7e:63:02:be:84:92:47:0f:
         e2:97:c2:c9:5a:78:ad:ad:9b:1e:29:a8:54:b4:f9:07:15:c9:
         4c:12:a8:30:63:03:e8:61:79:44:b8:39:5d:cb:45:36:1b:7a:
         11:28:5f:55:e1:ca:9d:c8:7b:37:7b:fb:15:71:22:df:de:e5:
         f4:db:f5:fb:71:06:4f:8d:8d:fd:e4:71:ea:93:f3:1f:9f:1c:
         7f:cc:8a:dc:ad:79:d6:7c:66:f1:0e:5e:e3:05:88:6e:92:3d:
         5a:fb:06:26:7c:94:eb:5d:ec:9b:01:28:73:b6:30:ad:e5:aa:
         20:7c:52:b1:80:5a:56:e6:5a:5b:5a:08:45:be:75:07:8d:1d:
         df:a7:4b:ed:f1:1b:07:ee:ab:bb:24:93:23:ce:b5:64:93:90:
         1a:94:c5:56:27:cf:24:87:eb:43:c5:ab:da:d8:04:44:c9:66:
         f9:5a:86:a5:34:92:92:bc:d7:83:b8:be:a4:26:82:61:88:67:
         f7:93:99:4f:3d:17:30:64:ff:f6:9c:5c:13:54:55:9d:24:fa:
         ea:9b:67:5c:28:50:fc:e7:df:71:e0:3e:78:10:93:c4:74:23:
         b5:7d:00:20:41:38:89:51:b4:e8:03:86:e0:96:47:bf:19:88:
         34:5e:c2:11
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFALEXxiwGhsR+8tMiQ5sBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjQwMTAxMTIzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzZlNGUyNDY1NzkzNmYyZDE4MjhjNTc5YzljZmU3NWU0ZDRlYWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFIxxdb1cSL7z25lpjbrNMjdHq5D
Zh7asmt7RkPbLFaKt6Cqt3vJ4qt9KspQJA8s2bMuzuLAxVB4tmjXwjvXJj7c9hnZ
jxQ6e0D/o8yYQMB/Iz+SChaCvU9nKLLETNzrNtWSswAVx5mc9hVnqZ4EAzcvtlcO
7ND9Ev0hYL8QoOgjKux3piCPAmXXpGEHUP4UfD00RTc9ho/li3YWuiHZYZZSgpOF
6zhlM5FcwfoOjqmUg1nwLFWDpK9YDwVuZ39sd0lS+Wrrb7z8tsauBGmxfk0/QzfA
DroUHh7Vy1dSscNo78Wyve1s5S+yg8iCxmZ2lNrVt4giZCW+aZ6thcz3YQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLduTiRleTby0YKMV5yc/nXk1OrnMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvdDI1T0pHVjVOdkxSZ294WG5Kei1kZVRVNnVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW769AwQA
XD1oMA0GCSqGSIb3DQEBCwUAA4IBAQC/9OtSoXM9DS+GfmMCvoSSRw/il8LJWnit
rZseKahUtPkHFclMEqgwYwPoYXlEuDldy0U2G3oRKF9V4cqdyHs3e/sVcSLf3uX0
2/X7cQZPjY395HHqk/Mfnxx/zIrcrXnWfGbxDl7jBYhukj1a+wYmfJTrXeybAShz
tjCt5aogfFKxgFpW5lpbWghFvnUHjR3fp0vt8RsH7qu7JJMjzrVkk5AalMVWJ88k
h+tDxava2AREyWb5WoalNJKSvNeDuL6kJoJhiGf3k5lPPRcwZP/2nFwTVFWdJPrq
m2dcKFD8599x4D54EJPEdCO1fQAgQTiJUbToA4bglke/GYg0XsIR
-----END CERTIFICATE-----