Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/cjqlxXd9d603JmJ-9nME9vd7MMs.roa
File:                     cjqlxXd9d603JmJ-9nME9vd7MMs.roa (raw, json)
Hash identifier:          k/vf9BXXM6xYOCcjVLyRSPCeCSgUP+JptIGKabcT1E8=
Subject key identifier:   72:3A:A5:C5:77:7D:77:AD:37:26:62:7E:F6:73:04:F6:F7:7B:30:CB
Certificate issuer:       /CN=6cf2fb0fa52de13c336689cf3f4829d63506750f
Certificate serial:       0194228DBC437AC026DD7445AEB1B2D4A19F
Authority key identifier: 6C:F2:FB:0F:A5:2D:E1:3C:33:66:89:CF:3F:48:29:D6:35:06:75:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/cjqlxXd9d603JmJ-9nME9vd7MMs.roa
Signing time:             Wed 01 Jan 2025 15:48:21 +0000
ROA not before:           Wed 01 Jan 2025 15:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        93.191.217.0/24 maxlen: 24
                          93.191.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:bc:43:7a:c0:26:dd:74:45:ae:b1:b2:d4:a1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf2fb0fa52de13c336689cf3f4829d63506750f
        Validity
            Not Before: Jan  1 15:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=723aa5c5777d77ad3726627ef67304f6f77b30cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:af:ea:6f:2c:59:0f:2c:9a:97:f0:e3:6f:ae:
                    8a:cf:34:57:03:d5:e6:80:49:68:b8:3f:33:28:3b:
                    d4:a6:24:a3:5a:93:58:87:21:d4:85:f7:5d:c4:3f:
                    32:e0:35:d0:33:6b:fe:b6:42:de:3b:2f:9f:ec:32:
                    90:a4:58:8a:eb:c0:4b:e2:b8:f4:5b:db:0d:e5:e7:
                    82:2e:87:95:28:4b:2c:2b:0d:34:f5:2e:5c:b6:0e:
                    cb:d6:01:d9:cc:bd:a7:bc:0b:1c:71:3b:06:23:54:
                    47:86:f1:ae:9d:7e:be:a8:56:6b:07:33:51:71:17:
                    5d:cb:db:ae:0d:df:38:3b:e0:98:1d:46:6c:d2:83:
                    04:78:5a:aa:36:f2:b2:a3:a2:da:31:b1:c8:6f:b5:
                    0e:8c:7d:29:c5:4f:b1:d1:59:8a:ab:33:da:38:6d:
                    f2:87:9f:88:8d:be:ba:c4:6e:d7:01:b7:96:56:cb:
                    51:5d:f2:f3:0a:56:03:23:8b:ce:47:59:ee:df:37:
                    25:d5:a9:c6:a0:e7:4c:05:4a:49:7e:5f:86:0a:4a:
                    77:6c:d4:04:84:34:9d:e8:ca:b6:ad:4c:04:88:2b:
                    bc:b0:f4:af:7f:9f:91:c1:8e:2f:ab:f4:fe:8c:97:
                    bd:a9:80:d5:61:41:bd:b9:fb:09:2f:70:0c:b1:fe:
                    b3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:3A:A5:C5:77:7D:77:AD:37:26:62:7E:F6:73:04:F6:F7:7B:30:CB
            X509v3 Authority Key Identifier:
                keyid:6C:F2:FB:0F:A5:2D:E1:3C:33:66:89:CF:3F:48:29:D6:35:06:75:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/cjqlxXd9d603JmJ-9nME9vd7MMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/cf0715-b993-4348-97e9-6ec982951cf7/1/bPL7D6Ut4TwzZonPP0gp1jUGdQ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.191.217.0/24
                  93.191.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:9f:26:da:e3:75:aa:8c:b3:39:d1:7e:05:0f:b2:73:0e:c0:
         2d:24:d3:c2:e0:74:cd:b7:31:c0:04:0f:bf:cc:31:c5:e6:e9:
         68:1f:e1:75:b4:75:67:36:d0:6b:c5:5a:d0:e2:fe:52:dd:55:
         10:fa:4c:f2:a9:f4:c0:86:bf:ee:ef:18:d6:db:1b:72:e3:29:
         b9:3a:0e:5d:b1:31:a2:ed:9f:32:dc:9c:94:d3:55:5e:61:4e:
         3e:b6:03:e8:6c:c5:98:05:3d:1a:88:61:28:ad:77:c9:c1:90:
         9b:57:3f:e4:8c:ca:12:a8:33:91:e1:12:b5:ce:65:ff:16:e6:
         43:2f:3f:69:29:c2:88:e3:cc:00:50:a1:c8:b8:cc:31:62:11:
         64:7e:52:45:79:f6:3d:f1:5f:36:e7:88:57:70:9a:cf:95:1d:
         96:5d:f3:02:e5:19:e2:70:c6:1a:8b:5e:80:e7:2a:f5:04:2c:
         c4:84:c4:fa:b5:10:35:07:44:b3:fa:aa:a3:df:35:6a:e9:d2:
         08:02:7e:84:56:1f:df:b3:92:d4:68:f6:af:71:55:31:40:a2:
         53:64:b8:17:c5:12:2d:9a:8d:9d:75:d3:10:90:c4:dd:f9:82:
         7c:c6:bc:43:b7:ab:2c:8d:2c:2a:cb:6b:ed:54:79:e6:5c:ab:
         02:e9:e5:3c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijbxDesAm3XRFrrGy1KGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZjJmYjBmYTUyZGUxM2MzMzY2ODljZjNmNDgyOWQ2MzUw
Njc1MGYwHhcNMjUwMTAxMTU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjNhYTVjNTc3N2Q3N2FkMzcyNjYyN2VmNjczMDRmNmY3N2IzMGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsK/qbyxZDyyal/Djb66KzzRXA9Xm
gElouD8zKDvUpiSjWpNYhyHUhfddxD8y4DXQM2v+tkLeOy+f7DKQpFiK68BL4rj0
W9sN5eeCLoeVKEssKw009S5ctg7L1gHZzL2nvAsccTsGI1RHhvGunX6+qFZrBzNR
cRddy9uuDd84O+CYHUZs0oMEeFqqNvKyo6LaMbHIb7UOjH0pxU+x0VmKqzPaOG3y
h5+Ijb66xG7XAbeWVstRXfLzClYDI4vOR1nu3zcl1anGoOdMBUpJfl+GCkp3bNQE
hDSd6Mq2rUwEiCu8sPSvf5+RwY4vq/T+jJe9qYDVYUG9ufsJL3AMsf6zqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHI6pcV3fXetNyZifvZzBPb3ezDLMB8GA1UdIwQY
MBaAFGzy+w+lLeE8M2aJzz9IKdY1BnUPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlBMN0Q2VXQ0VHd6Wm9uUFAwZ3AxalVHZFE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9jZjA3MTUtYjk5My00MzQ4LTk3ZTkt
NmVjOTgyOTUxY2Y3LzEvY2pxbHhYZDlkNjAzSm1KLTluTUU5dmQ3TU1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9jZjA3MTUtYjk5My00MzQ4LTk3ZTktNmVjOTgyOTUxY2Y3
LzEvYlBMN0Q2VXQ0VHd6Wm9uUFAwZ3AxalVHZFE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXb/ZAwQA
Xb/bMA0GCSqGSIb3DQEBCwUAA4IBAQAonyba43WqjLM50X4FD7JzDsAtJNPC4HTN
tzHABA+/zDHF5uloH+F1tHVnNtBrxVrQ4v5S3VUQ+kzyqfTAhr/u7xjW2xty4ym5
Og5dsTGi7Z8y3JyU01VeYU4+tgPobMWYBT0aiGEorXfJwZCbVz/kjMoSqDOR4RK1
zmX/FuZDLz9pKcKI48wAUKHIuMwxYhFkflJFefY98V8254hXcJrPlR2WXfMC5Rni
cMYai16A5yr1BCzEhMT6tRA1B0Sz+qqj3zVq6dIIAn6EVh/fs5LUaPavcVUxQKJT
ZLgXxRItmo2dddMQkMTd+YJ8xrxDt6ssjSwqy2vtVHnmXKsC6eU8
-----END CERTIFICATE-----