Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/aBnhuCyVg4pVl4Cu-1q0sSCGSow.roa
File:                     aBnhuCyVg4pVl4Cu-1q0sSCGSow.roa (raw, json)
Hash identifier:          VQIqr/RAqzgxu4SPZE6Psd9Jss+IRfVZ1r0b7rL29Wo=
Subject key identifier:   68:19:E1:B8:2C:95:83:8A:55:97:80:AE:FB:5A:B4:B1:20:86:4A:8C
Certificate issuer:       /CN=3befe50a40fb1732541e8a97450ab5de774771d8
Certificate serial:       019422FB8CA8E0B2AE7C014A09C535625390
Authority key identifier: 3B:EF:E5:0A:40:FB:17:32:54:1E:8A:97:45:0A:B5:DE:77:47:71:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O-_lCkD7FzJUHoqXRQq13ndHcdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/aBnhuCyVg4pVl4Cu-1q0sSCGSow.roa
Signing time:             Wed 01 Jan 2025 17:48:18 +0000
ROA not before:           Wed 01 Jan 2025 17:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212217
IP address blocks:        91.238.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/O-_lCkD7FzJUHoqXRQq13ndHcdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/O-_lCkD7FzJUHoqXRQq13ndHcdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O-_lCkD7FzJUHoqXRQq13ndHcdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:8c:a8:e0:b2:ae:7c:01:4a:09:c5:35:62:53:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3befe50a40fb1732541e8a97450ab5de774771d8
        Validity
            Not Before: Jan  1 17:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6819e1b82c95838a559780aefb5ab4b120864a8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:19:73:de:3f:9a:4d:2c:33:97:aa:f9:16:a7:
                    e6:fa:cf:c5:de:c9:bc:86:07:53:f3:54:56:1f:67:
                    9b:90:80:30:1a:7e:bc:db:18:1c:df:55:a5:3b:5f:
                    f0:25:41:9a:58:4a:ad:28:3f:94:80:c9:f6:c6:bd:
                    5d:83:4a:5c:71:f2:85:65:fa:04:25:1a:b9:00:86:
                    72:f3:48:d5:c4:82:49:8e:99:6d:d9:4f:0b:f0:59:
                    cb:7b:88:23:b5:79:fa:e2:aa:56:ba:35:48:13:3b:
                    eb:18:d6:26:6e:78:18:16:38:07:44:4e:53:5e:68:
                    fc:b0:97:86:5e:9e:71:66:72:5a:f0:bb:70:0f:5a:
                    43:1d:25:33:32:49:cb:2a:8d:c0:a0:0c:8d:d3:6c:
                    af:55:e8:86:17:84:38:41:ef:35:aa:45:1c:ef:1f:
                    a9:16:5f:76:8b:f1:18:b2:f8:db:f4:2c:d0:ac:ff:
                    b5:4c:c1:a7:10:4e:a2:f1:14:51:c2:60:01:d6:a2:
                    47:d9:c8:2d:00:c3:08:18:3e:24:98:df:4f:e9:a0:
                    26:98:2c:e7:08:4b:01:3a:be:0d:e6:92:d3:c6:f6:
                    2d:91:22:b9:53:e0:8d:fc:11:5a:e6:90:e6:3e:d5:
                    52:7d:0a:4c:79:32:94:41:66:d0:7f:4a:fb:e8:a3:
                    89:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:19:E1:B8:2C:95:83:8A:55:97:80:AE:FB:5A:B4:B1:20:86:4A:8C
            X509v3 Authority Key Identifier:
                keyid:3B:EF:E5:0A:40:FB:17:32:54:1E:8A:97:45:0A:B5:DE:77:47:71:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O-_lCkD7FzJUHoqXRQq13ndHcdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/aBnhuCyVg4pVl4Cu-1q0sSCGSow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/8ef740-1052-49ec-a409-e615493117d2/1/O-_lCkD7FzJUHoqXRQq13ndHcdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:2a:11:00:72:9a:76:a7:ef:1a:24:5e:df:4e:25:ca:eb:9f:
         8f:a8:5f:0c:7a:ea:34:2a:66:fa:16:c2:62:75:f6:eb:9d:58:
         b5:f5:b5:71:f8:77:e3:6a:7a:8c:13:dd:b4:ff:0b:09:9a:30:
         81:75:39:c5:ae:cd:74:39:c7:66:42:38:c1:4e:c3:74:f1:8c:
         59:88:b6:ff:d1:fe:3b:f2:f5:6e:02:77:73:54:8c:fc:f4:b9:
         4d:6d:f7:b0:fb:8b:7a:e9:69:47:a8:d4:7d:4b:56:fb:75:f0:
         17:77:78:9c:57:02:2c:27:fd:03:81:26:ff:dd:92:9b:3c:81:
         a8:a9:5b:0d:65:2c:56:e7:56:59:95:4a:6a:fb:ac:83:40:41:
         47:93:03:19:4b:0a:5c:29:62:10:46:85:01:53:87:91:0d:e9:
         36:2a:83:2b:82:47:9b:7b:cf:ce:37:3c:1b:22:29:d3:4d:4b:
         4b:ee:92:eb:b6:95:c6:a5:90:f3:14:54:ac:73:b8:b4:9f:c3:
         19:fd:48:6d:4b:dd:54:0a:11:94:42:54:11:70:0b:95:4d:d4:
         01:e2:3e:1d:42:e5:ae:83:48:d0:4a:e5:0f:9a:91:1b:58:c4:
         48:d8:8d:48:27:26:a7:30:a8:cc:b8:17:c1:fe:e9:a5:15:7e:
         99:58:67:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+4yo4LKufAFKCcU1YlOQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZWZlNTBhNDBmYjE3MzI1NDFlOGE5NzQ1MGFiNWRlNzc0
NzcxZDgwHhcNMjUwMTAxMTc0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODE5ZTFiODJjOTU4MzhhNTU5NzgwYWVmYjVhYjRiMTIwODY0YThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxBlz3j+aTSwzl6r5Fqfm+s/F3sm8
hgdT81RWH2ebkIAwGn682xgc31WlO1/wJUGaWEqtKD+UgMn2xr1dg0pccfKFZfoE
JRq5AIZy80jVxIJJjplt2U8L8FnLe4gjtXn64qpWujVIEzvrGNYmbngYFjgHRE5T
Xmj8sJeGXp5xZnJa8LtwD1pDHSUzMknLKo3AoAyN02yvVeiGF4Q4Qe81qkUc7x+p
Fl92i/EYsvjb9CzQrP+1TMGnEE6i8RRRwmAB1qJH2cgtAMMIGD4kmN9P6aAmmCzn
CEsBOr4N5pLTxvYtkSK5U+CN/BFa5pDmPtVSfQpMeTKUQWbQf0r76KOJZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGgZ4bgslYOKVZeArvtatLEghkqMMB8GA1UdIwQY
MBaAFDvv5QpA+xcyVB6Kl0UKtd53R3HYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTy1fbENrRDdGekpVSG9xWFJRcTEzbmRIY2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi84ZWY3NDAtMTA1Mi00OWVjLWE0MDkt
ZTYxNTQ5MzExN2QyLzEvYUJuaHVDeVZnNHBWbDRDdS0xcTBzU0NHU293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi84ZWY3NDAtMTA1Mi00OWVjLWE0MDktZTYxNTQ5MzExN2Qy
LzEvTy1fbENrRDdGekpVSG9xWFJRcTEzbmRIY2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+7CMA0G
CSqGSIb3DQEBCwUAA4IBAQDHKhEAcpp2p+8aJF7fTiXK65+PqF8Meuo0Kmb6FsJi
dfbrnVi19bVx+HfjanqME920/wsJmjCBdTnFrs10OcdmQjjBTsN08YxZiLb/0f47
8vVuAndzVIz89LlNbfew+4t66WlHqNR9S1b7dfAXd3icVwIsJ/0DgSb/3ZKbPIGo
qVsNZSxW51ZZlUpq+6yDQEFHkwMZSwpcKWIQRoUBU4eRDek2KoMrgkebe8/ONzwb
IinTTUtL7pLrtpXGpZDzFFSsc7i0n8MZ/UhtS91UChGUQlQRcAuVTdQB4j4dQuWu
g0jQSuUPmpEbWMRI2I1IJyanMKjMuBfB/umlFX6ZWGdu
-----END CERTIFICATE-----