Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/tGlHaeP9l4PIJg0VnS_cNRO7zcQ.roa
File:                     tGlHaeP9l4PIJg0VnS_cNRO7zcQ.roa (raw, json)
Hash identifier:          OUc0RlEHBoBsIR+K/PErkMIbX3pRL0dEZfaQuWCuRDQ=
Subject key identifier:   B4:69:47:69:E3:FD:97:83:C8:26:0D:15:9D:2F:DC:35:13:BB:CD:C4
Certificate issuer:       /CN=6689c3995e2461d5a52fd4f1000782f99a4d4822
Certificate serial:       019423D7601B4BE53E3E2ACEC9FB2845A577
Authority key identifier: 66:89:C3:99:5E:24:61:D5:A5:2F:D4:F1:00:07:82:F9:9A:4D:48:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/tGlHaeP9l4PIJg0VnS_cNRO7zcQ.roa
Signing time:             Wed 01 Jan 2025 21:48:24 +0000
ROA not before:           Wed 01 Jan 2025 21:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199894
IP address blocks:        91.187.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:60:1b:4b:e5:3e:3e:2a:ce:c9:fb:28:45:a5:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6689c3995e2461d5a52fd4f1000782f99a4d4822
        Validity
            Not Before: Jan  1 21:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4694769e3fd9783c8260d159d2fdc3513bbcdc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f5:bd:d0:6c:4e:92:45:54:c0:77:65:de:0b:
                    f0:a9:f6:8f:9a:46:9f:61:21:6f:d6:72:99:79:32:
                    fd:21:a1:84:d2:66:95:70:61:cd:84:86:3a:1f:c8:
                    76:20:39:9f:e0:13:c3:79:37:96:09:d2:75:3b:96:
                    b3:93:19:14:b4:b5:7e:a0:f7:6c:0a:24:bd:9e:60:
                    2a:2e:c1:8c:7e:29:6d:e0:e7:4b:30:c2:d6:7b:63:
                    d3:23:fe:b0:41:23:41:e2:9f:fc:51:4c:72:89:56:
                    10:ad:ad:a8:db:80:e8:b1:00:d2:a3:09:78:9f:b0:
                    f0:bc:95:bb:6f:05:e4:2e:22:ff:7d:0c:ef:bb:c4:
                    e2:3a:02:f0:47:59:ee:01:fd:90:9d:60:8a:0c:45:
                    03:42:d4:07:ce:fc:b8:ae:7a:cb:45:86:f3:25:bd:
                    35:b3:da:4a:0f:fd:a8:62:dd:38:0a:d2:92:e5:af:
                    85:26:3f:5e:58:f8:9b:93:70:21:6a:82:5e:b6:18:
                    b7:09:f5:cb:a1:28:67:e6:c5:55:9d:d5:98:81:2b:
                    ac:c1:c1:e3:51:04:70:53:79:35:d1:2a:a0:68:b6:
                    69:be:41:1a:56:3f:45:cc:3a:fa:c2:ae:00:b5:bb:
                    91:18:c0:4c:0e:d1:68:43:8c:10:7b:2d:44:64:20:
                    a7:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:69:47:69:E3:FD:97:83:C8:26:0D:15:9D:2F:DC:35:13:BB:CD:C4
            X509v3 Authority Key Identifier:
                keyid:66:89:C3:99:5E:24:61:D5:A5:2F:D4:F1:00:07:82:F9:9A:4D:48:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/tGlHaeP9l4PIJg0VnS_cNRO7zcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/346966-069a-40b0-b143-41eaa1fde11b/1/ZonDmV4kYdWlL9TxAAeC-ZpNSCI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.187.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:22:bd:db:86:22:7c:f2:fc:c3:e0:4e:d8:da:c6:a9:9f:a3:
         1d:f7:b9:2f:79:7a:20:85:8a:46:a7:1a:2d:7d:a6:e6:6d:ff:
         70:e8:3e:d5:b3:8e:3b:5a:38:35:2d:b4:8f:12:00:d6:ff:85:
         8d:e8:79:ab:02:e8:44:dc:4a:ae:7e:13:be:36:02:14:a2:ee:
         8a:5f:6f:49:e2:b1:23:1b:44:ee:dd:c6:31:ea:93:5f:cf:7d:
         fb:6b:9c:e7:10:7b:b1:c7:69:53:63:4b:bb:f1:fe:6e:1f:ce:
         23:39:aa:61:0d:8d:58:f1:60:ad:40:3e:74:0e:13:08:63:01:
         e1:15:8c:68:11:e5:c5:eb:16:ea:37:10:2d:f7:d4:21:84:24:
         b3:86:8c:b1:18:61:d7:04:c8:77:60:48:62:05:68:2d:e4:f8:
         fc:21:6f:08:dc:2f:69:19:66:8f:3d:f8:cb:91:7c:37:2a:64:
         23:b0:59:4d:d3:a3:16:c0:53:09:42:88:5e:66:5b:0d:d4:ac:
         b2:1a:6b:a0:ed:19:59:fe:0c:37:a7:95:51:13:29:32:1c:a3:
         9c:1d:05:ce:55:49:47:d7:8a:95:fa:7b:b6:8f:7d:19:f1:de:
         1d:f8:80:d9:ab:5e:e1:50:53:25:5d:75:0d:30:7b:c3:02:bb:
         76:55:98:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj12AbS+U+PirOyfsoRaV3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ODljMzk5NWUyNDYxZDVhNTJmZDRmMTAwMDc4MmY5OWE0
ZDQ4MjIwHhcNMjUwMTAxMjE0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDY5NDc2OWUzZmQ5NzgzYzgyNjBkMTU5ZDJmZGMzNTEzYmJjZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/W90GxOkkVUwHdl3gvwqfaPmkaf
YSFv1nKZeTL9IaGE0maVcGHNhIY6H8h2IDmf4BPDeTeWCdJ1O5azkxkUtLV+oPds
CiS9nmAqLsGMfilt4OdLMMLWe2PTI/6wQSNB4p/8UUxyiVYQra2o24DosQDSowl4
n7DwvJW7bwXkLiL/fQzvu8TiOgLwR1nuAf2QnWCKDEUDQtQHzvy4rnrLRYbzJb01
s9pKD/2oYt04CtKS5a+FJj9eWPibk3AhaoJethi3CfXLoShn5sVVndWYgSuswcHj
UQRwU3k10SqgaLZpvkEaVj9FzDr6wq4AtbuRGMBMDtFoQ4wQey1EZCCnsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLRpR2nj/ZeDyCYNFZ0v3DUTu83EMB8GA1UdIwQY
MBaAFGaJw5leJGHVpS/U8QAHgvmaTUgiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm9uRG1WNGtZZFdsTDlUeEFBZUMtWnBOU0NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zNDY5NjYtMDY5YS00MGIwLWIxNDMt
NDFlYWExZmRlMTFiLzEvdEdsSGFlUDlsNFBJSmcwVm5TX2NOUk83emNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zNDY5NjYtMDY5YS00MGIwLWIxNDMtNDFlYWExZmRlMTFi
LzEvWm9uRG1WNGtZZFdsTDlUeEFBZUMtWnBOU0NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7viMA0G
CSqGSIb3DQEBCwUAA4IBAQAuIr3bhiJ88vzD4E7Y2sapn6Md97kveXoghYpGpxot
fabmbf9w6D7Vs447Wjg1LbSPEgDW/4WN6HmrAuhE3EqufhO+NgIUou6KX29J4rEj
G0Tu3cYx6pNfz337a5znEHuxx2lTY0u78f5uH84jOaphDY1Y8WCtQD50DhMIYwHh
FYxoEeXF6xbqNxAt99QhhCSzhoyxGGHXBMh3YEhiBWgt5Pj8IW8I3C9pGWaPPfjL
kXw3KmQjsFlN06MWwFMJQoheZlsN1KyyGmug7RlZ/gw3p5VREykyHKOcHQXOVUlH
14qV+nu2j30Z8d4d+IDZq17hUFMlXXUNMHvDArt2VZhz
-----END CERTIFICATE-----