Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/3c91a8-080b-4e5a-b8c3-74afc3043b78/1/aQ-qDCY1qeVbJJsBlOvZHxebQf8.roa
File:                     aQ-qDCY1qeVbJJsBlOvZHxebQf8.roa (raw, json)
Hash identifier:          6nVxdqBTWKlPlm7FszEv225aVsSdVPTbs0KodfF4aic=
Subject key identifier:   69:0F:AA:0C:26:35:A9:E5:5B:24:9B:01:94:EB:D9:1F:17:9B:41:FF
Certificate issuer:       /CN=3725f754004edbe30ab8cafeef9f7132cb0c2417
Certificate serial:       018CC8DE41CE87BA6DFF7797C8C3F005651A
Authority key identifier: 37:25:F7:54:00:4E:DB:E3:0A:B8:CA:FE:EF:9F:71:32:CB:0C:24:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NyX3VABO2-MKuMr-759xMssMJBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/3c91a8-080b-4e5a-b8c3-74afc3043b78/1/aQ-qDCY1qeVbJJsBlOvZHxebQf8.roa
Signing time:             Tue 02 Jan 2024 06:30:58 +0000
ROA not before:           Tue 02 Jan 2024 06:30:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15404
IP address blocks:        91.244.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/3c91a8-080b-4e5a-b8c3-74afc3043b78/1/NyX3VABO2-MKuMr-759xMssMJBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/3c91a8-080b-4e5a-b8c3-74afc3043b78/1/NyX3VABO2-MKuMr-759xMssMJBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NyX3VABO2-MKuMr-759xMssMJBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 09:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:41:ce:87:ba:6d:ff:77:97:c8:c3:f0:05:65:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3725f754004edbe30ab8cafeef9f7132cb0c2417
        Validity
            Not Before: Jan  2 06:30:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=690faa0c2635a9e55b249b0194ebd91f179b41ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fc:0b:ce:b0:aa:1f:85:fb:f9:4c:a9:55:58:
                    cc:c0:ab:72:04:3c:18:1f:02:46:a4:d4:08:47:a0:
                    b8:0c:99:62:c7:ae:24:6d:75:e4:fd:2d:36:ab:57:
                    d7:9c:31:2a:c1:af:fe:25:2d:3e:29:a3:34:8f:c1:
                    d4:d0:24:14:ad:4e:bf:c7:24:18:fc:98:6f:7e:fe:
                    ee:90:0d:ab:dd:95:fe:5e:a3:cb:40:70:5c:4d:36:
                    19:a9:bf:dd:42:67:0a:49:ee:04:28:3f:4b:83:a3:
                    9b:e3:cb:ad:14:40:92:51:26:9d:eb:69:7a:fb:51:
                    1b:2e:17:4e:42:d2:a2:9b:52:5f:2e:d0:0e:09:ff:
                    7c:eb:bf:ed:83:a8:9c:86:6e:08:09:d0:9b:8e:99:
                    2a:f0:fd:45:09:1f:1c:5a:05:35:72:d0:f5:eb:fb:
                    16:70:1c:76:e5:a4:ef:db:3e:c1:26:ff:0e:68:c0:
                    89:1a:e2:99:1b:dc:22:a0:27:75:cc:58:56:e4:10:
                    95:b5:c7:4f:01:48:8d:45:dc:ef:79:e0:13:2d:6f:
                    11:44:e0:5c:4a:2e:28:7b:bb:43:b9:9a:9c:7d:54:
                    79:c9:a6:64:f8:f8:38:4d:35:3e:66:b1:89:15:15:
                    83:1b:c7:9d:2d:19:f6:cd:8f:38:98:32:21:bd:7e:
                    cb:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:0F:AA:0C:26:35:A9:E5:5B:24:9B:01:94:EB:D9:1F:17:9B:41:FF
            X509v3 Authority Key Identifier:
                keyid:37:25:F7:54:00:4E:DB:E3:0A:B8:CA:FE:EF:9F:71:32:CB:0C:24:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NyX3VABO2-MKuMr-759xMssMJBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/3c91a8-080b-4e5a-b8c3-74afc3043b78/1/aQ-qDCY1qeVbJJsBlOvZHxebQf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/3c91a8-080b-4e5a-b8c3-74afc3043b78/1/NyX3VABO2-MKuMr-759xMssMJBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:49:45:87:8b:f1:ab:ca:bf:86:94:75:2a:2c:07:ef:0a:1c:
         eb:ef:44:cc:9a:f1:43:c9:cd:64:45:99:9e:80:7c:f9:36:ae:
         e1:71:07:83:ac:6c:ce:89:ca:3d:c1:d6:fd:c4:82:84:10:be:
         06:34:86:6e:74:7f:14:7a:04:98:0d:2f:29:7c:7d:53:9c:01:
         d1:ad:09:6a:c5:1f:9f:9a:78:1e:71:b3:05:cc:60:b0:7a:8a:
         22:30:41:80:b2:c8:05:0f:be:4f:3f:f0:d7:a4:3c:32:49:54:
         f5:2d:23:48:ba:b6:58:47:36:e0:4a:49:cc:c6:20:81:bc:34:
         20:09:64:86:17:93:40:e2:b9:ff:2d:77:8c:3d:63:d2:f3:77:
         21:ce:6e:08:d7:9b:04:e6:c1:d2:82:15:9f:0c:ff:69:6e:05:
         09:b7:66:1f:58:25:96:05:6f:68:53:64:de:e6:4a:3a:97:f8:
         68:52:9b:55:25:3c:44:e3:fd:ee:6b:0e:46:be:b9:99:f7:4c:
         e3:bb:86:49:c4:2d:b7:4b:ee:33:1c:34:c1:c3:a8:bf:bb:91:
         23:b0:cb:e5:9b:30:0b:a7:e6:d0:8c:74:08:e7:52:f6:a2:34:
         29:2a:98:f6:72:8b:3b:19:7e:8b:a1:db:99:ac:c2:70:49:67:
         ac:13:9d:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3kHOh7pt/3eXyMPwBWUaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MjVmNzU0MDA0ZWRiZTMwYWI4Y2FmZWVmOWY3MTMyY2Iw
YzI0MTcwHhcNMjQwMTAyMDYzMDU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTBmYWEwYzI2MzVhOWU1NWIyNDliMDE5NGViZDkxZjE3OWI0MWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/wLzrCqH4X7+UypVVjMwKtyBDwY
HwJGpNQIR6C4DJlix64kbXXk/S02q1fXnDEqwa/+JS0+KaM0j8HU0CQUrU6/xyQY
/Jhvfv7ukA2r3ZX+XqPLQHBcTTYZqb/dQmcKSe4EKD9Lg6Ob48utFECSUSad62l6
+1EbLhdOQtKim1JfLtAOCf9867/tg6ichm4ICdCbjpkq8P1FCR8cWgU1ctD16/sW
cBx25aTv2z7BJv8OaMCJGuKZG9wioCd1zFhW5BCVtcdPAUiNRdzveeATLW8RROBc
Si4oe7tDuZqcfVR5yaZk+Pg4TTU+ZrGJFRWDG8edLRn2zY84mDIhvX7L0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGkPqgwmNanlWySbAZTr2R8Xm0H/MB8GA1UdIwQY
MBaAFDcl91QATtvjCrjK/u+fcTLLDCQXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnlYM1ZBQk8yLU1LdU1yLTc1OXhNc3NNSkJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8zYzkxYTgtMDgwYi00ZTVhLWI4YzMt
NzRhZmMzMDQzYjc4LzEvYVEtcURDWTFxZVZiSkpzQmxPdlpIeGViUWY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8zYzkxYTgtMDgwYi00ZTVhLWI4YzMtNzRhZmMzMDQzYjc4
LzEvTnlYM1ZBQk8yLU1LdU1yLTc1OXhNc3NNSkJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/R9MA0G
CSqGSIb3DQEBCwUAA4IBAQAVSUWHi/Gryr+GlHUqLAfvChzr70TMmvFDyc1kRZme
gHz5Nq7hcQeDrGzOico9wdb9xIKEEL4GNIZudH8UegSYDS8pfH1TnAHRrQlqxR+f
mngecbMFzGCweooiMEGAssgFD75PP/DXpDwySVT1LSNIurZYRzbgSknMxiCBvDQg
CWSGF5NA4rn/LXeMPWPS83chzm4I15sE5sHSghWfDP9pbgUJt2YfWCWWBW9oU2Te
5ko6l/hoUptVJTxE4/3uaw5GvrmZ90zju4ZJxC23S+4zHDTBw6i/u5EjsMvlmzAL
p+bQjHQI51L2ojQpKpj2cos7GX6LoduZrMJwSWesE53B
-----END CERTIFICATE-----