Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/r9qtEucdT5fBEuZvonXHKnblamc.roa
File:                     r9qtEucdT5fBEuZvonXHKnblamc.roa (raw, json)
Hash identifier:          e84AERvT12bRjzteneYAf/72qjIGN9KxsKv7v1cQ7Nk=
Subject key identifier:   AF:DA:AD:12:E7:1D:4F:97:C1:12:E6:6F:A2:75:C7:2A:76:E5:6A:67
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0194266BC5D8934995FBFB43A28BD715BF06
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/r9qtEucdT5fBEuZvonXHKnblamc.roa
Signing time:             Thu 02 Jan 2025 09:49:44 +0000
ROA not before:           Thu 02 Jan 2025 09:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211440
IP address blocks:        91.210.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c5:d8:93:49:95:fb:fb:43:a2:8b:d7:15:bf:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jan  2 09:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=afdaad12e71d4f97c112e66fa275c72a76e56a67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e7:06:01:4b:06:b4:7d:2d:b6:3b:3c:9e:f4:
                    96:cf:8a:2d:42:75:4e:af:02:2c:89:5c:5f:79:3c:
                    09:40:a2:f5:95:6b:7d:f9:bc:99:36:c8:d3:46:5f:
                    6d:64:72:c8:65:bd:26:11:a1:63:81:c8:8d:25:3b:
                    4f:17:a9:ca:1e:85:e4:62:e1:7c:3c:45:f2:ce:ba:
                    a5:63:f1:27:14:34:e0:6f:08:0b:01:cb:e5:e8:6d:
                    d8:7d:c5:c2:3e:c9:73:a4:25:2c:1f:7c:ec:5e:e1:
                    79:9f:f2:fb:d8:1d:6d:f8:4f:74:ac:7c:45:bc:3f:
                    f1:4e:ef:d7:4f:bc:06:0a:8d:a9:36:2e:81:aa:28:
                    3c:9e:17:b4:7e:0c:3f:b5:a3:3e:14:ec:0b:86:bf:
                    d1:15:02:3f:f1:66:88:a2:bb:1d:67:77:64:a3:45:
                    3d:2d:83:e9:d7:39:13:cb:a0:83:b3:3e:62:61:ff:
                    78:48:20:df:9d:56:f2:f4:a4:2c:10:4e:33:ce:ba:
                    9b:30:67:2f:6e:14:bd:a0:a1:f2:c8:66:9e:51:00:
                    a9:19:bb:fe:5d:93:64:45:ca:62:98:ca:a2:cf:6d:
                    91:e6:43:ae:2a:9f:c6:53:07:8a:92:76:f2:9c:cb:
                    30:87:db:76:85:a3:c7:9b:b2:17:13:c3:ad:ba:3d:
                    b7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:DA:AD:12:E7:1D:4F:97:C1:12:E6:6F:A2:75:C7:2A:76:E5:6A:67
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/r9qtEucdT5fBEuZvonXHKnblamc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:57:67:85:34:54:ee:f1:cd:6e:25:23:2e:31:d4:cf:9b:20:
         2d:7b:75:ce:3f:b9:a4:c7:69:0f:2a:fb:7a:3b:a0:d1:38:40:
         ec:70:9f:72:f8:bc:14:93:d4:c1:9b:26:d0:d9:a1:98:55:8e:
         4e:87:64:98:06:5f:45:97:4d:6f:1c:93:45:fa:bd:e5:a4:41:
         4f:62:3e:69:63:39:6b:32:5c:00:67:bd:7e:78:01:3f:7a:0f:
         7e:08:d5:05:0e:58:e1:25:03:46:e6:96:f2:b7:74:59:66:62:
         be:53:cc:fa:86:e3:de:5d:ae:6b:9d:b9:8d:60:41:bf:31:ac:
         01:60:b0:21:cf:fe:d8:be:a6:23:c4:b8:59:9c:37:e1:b8:8d:
         7c:25:f6:ab:d6:4f:2e:3d:72:92:34:33:0f:99:47:cc:77:62:
         71:89:d9:fb:25:3c:4e:71:b4:44:87:2b:83:b6:a2:ba:d6:55:
         2e:9d:cd:c1:6d:b5:43:a4:4b:ca:0b:ab:64:cf:49:a1:0c:eb:
         aa:d2:32:ee:25:55:ed:0a:56:5c:8d:e2:65:d8:7d:5b:d9:e6:
         73:ee:ac:e7:60:a0:ba:30:08:37:d9:9d:90:af:b4:d2:85:f9:
         ac:02:96:ea:40:98:6c:a4:19:bf:5f:a2:f1:25:08:37:75:21:
         db:9d:6f:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma8XYk0mV+/tDoovXFb8GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwMTAyMDk0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmRhYWQxMmU3MWQ0Zjk3YzExMmU2NmZhMjc1YzcyYTc2ZTU2YTY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtucGAUsGtH0ttjs8nvSWz4otQnVO
rwIsiVxfeTwJQKL1lWt9+byZNsjTRl9tZHLIZb0mEaFjgciNJTtPF6nKHoXkYuF8
PEXyzrqlY/EnFDTgbwgLAcvl6G3YfcXCPslzpCUsH3zsXuF5n/L72B1t+E90rHxF
vD/xTu/XT7wGCo2pNi6Bqig8nhe0fgw/taM+FOwLhr/RFQI/8WaIorsdZ3dko0U9
LYPp1zkTy6CDsz5iYf94SCDfnVby9KQsEE4zzrqbMGcvbhS9oKHyyGaeUQCpGbv+
XZNkRcpimMqiz22R5kOuKp/GUweKknbynMswh9t2haPHm7IXE8Otuj23zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/arRLnHU+XwRLmb6J1xyp25WpnMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvcjlxdEV1Y2RUNWZCRXVadm9uWEhLbmJsYW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9KTMA0G
CSqGSIb3DQEBCwUAA4IBAQBLV2eFNFTu8c1uJSMuMdTPmyAte3XOP7mkx2kPKvt6
O6DROEDscJ9y+LwUk9TBmybQ2aGYVY5Oh2SYBl9Fl01vHJNF+r3lpEFPYj5pYzlr
MlwAZ71+eAE/eg9+CNUFDljhJQNG5pbyt3RZZmK+U8z6huPeXa5rnbmNYEG/MawB
YLAhz/7YvqYjxLhZnDfhuI18Jfar1k8uPXKSNDMPmUfMd2Jxidn7JTxOcbREhyuD
tqK61lUunc3BbbVDpEvKC6tkz0mhDOuq0jLuJVXtClZcjeJl2H1b2eZz7qznYKC6
MAg32Z2Qr7TShfmsApbqQJhspBm/X6LxJQg3dSHbnW8z
-----END CERTIFICATE-----