Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/P2LC5eQJryM958-FLkXKkEDZeLw.roa
File:                     P2LC5eQJryM958-FLkXKkEDZeLw.roa (raw, json)
Hash identifier:          QpIfoLa+fmj9YdQlV+XdklTrRRwRDMjjOVtTi9BX00s=
Subject key identifier:   3F:62:C2:E5:E4:09:AF:23:3D:E7:CF:85:2E:45:CA:90:40:D9:78:BC
Certificate issuer:       /CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
Certificate serial:       01941F8C807F8E981C8A8F254570D5D198EC
Authority key identifier: 8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/P2LC5eQJryM958-FLkXKkEDZeLw.roa
Signing time:             Wed 01 Jan 2025 01:48:08 +0000
ROA not before:           Wed 01 Jan 2025 01:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43511
IP address blocks:        91.194.248.0/24 maxlen: 24
                          91.194.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:80:7f:8e:98:1c:8a:8f:25:45:70:d5:d1:98:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b7f81a6e782e211189c4f34e459b4226c75f4a6
        Validity
            Not Before: Jan  1 01:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3f62c2e5e409af233de7cf852e45ca9040d978bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:e2:95:8a:11:ab:d3:70:43:16:83:2c:82:a3:
                    01:c4:48:31:1d:85:a3:c5:fb:ca:a0:3e:79:f0:6e:
                    33:d4:da:7b:21:91:b7:78:21:0f:41:0c:d9:41:07:
                    b2:07:3a:87:fa:da:f7:91:c4:27:ba:09:0c:3c:92:
                    44:17:d7:2c:f0:13:b7:4c:6a:d2:97:a8:af:e9:1d:
                    ed:e1:7c:cd:a0:65:89:71:79:0e:c2:d5:d9:ba:fd:
                    a9:28:33:55:ce:90:05:58:e3:f5:ca:db:f1:1a:bf:
                    76:b3:30:b6:b9:ae:62:92:82:52:ed:ff:6a:f8:b1:
                    77:fc:bd:4a:c5:9c:09:66:e6:cb:7e:d9:0f:79:e6:
                    95:56:5b:bb:e7:d2:0a:69:ce:68:76:01:1b:9d:f7:
                    64:d0:04:32:8b:90:8d:f4:64:9f:76:ee:b1:0f:66:
                    20:82:a5:de:5f:e2:5a:66:58:28:df:c3:16:cf:c4:
                    66:f0:25:e0:1d:9b:ac:ab:23:6d:d8:e0:43:21:db:
                    a6:a9:45:dc:da:0e:a4:6e:b4:1d:f5:db:93:2a:25:
                    46:c1:f2:19:5c:92:2a:de:19:2f:ed:cd:a4:06:12:
                    b9:c9:d8:d7:e9:5b:51:e6:8a:1b:f9:91:d2:8c:ba:
                    47:31:f1:83:85:eb:0e:14:fe:0e:85:4c:ff:2e:f8:
                    49:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:62:C2:E5:E4:09:AF:23:3D:E7:CF:85:2E:45:CA:90:40:D9:78:BC
            X509v3 Authority Key Identifier:
                keyid:8B:7F:81:A6:E7:82:E2:11:18:9C:4F:34:E4:59:B4:22:6C:75:F4:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i3-BpueC4hEYnE805Fm0Imx19KY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/P2LC5eQJryM958-FLkXKkEDZeLw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/9b60e5-f98f-4ac6-98a5-f2f426efe039/1/i3-BpueC4hEYnE805Fm0Imx19KY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         53:ec:23:a4:7e:fa:0a:ba:ec:7f:c3:d1:ca:6e:a9:79:ac:0f:
         7b:97:70:dc:d6:49:d5:19:1e:23:b8:7b:8e:34:2c:47:94:a4:
         9b:8d:a8:60:0a:60:64:3e:b4:12:77:88:0a:86:e7:e7:0b:3c:
         d7:f8:dd:6e:f1:d7:57:ac:0d:48:c0:49:d5:8c:eb:9d:4c:aa:
         ea:4a:7e:0c:2b:e3:b3:e6:59:e6:5c:17:28:57:12:65:aa:c5:
         68:f9:24:0d:dc:34:0d:2d:5b:32:02:89:06:d2:4f:11:32:43:
         c5:b9:ef:d1:f7:ec:bd:ac:13:96:0f:d6:9a:d8:a4:40:8a:e5:
         c2:19:7f:18:5a:58:06:af:9e:f3:c0:c1:6d:be:c6:06:7e:7e:
         2b:a2:a0:f0:4b:5a:26:71:8f:5a:7c:96:22:11:77:33:c5:24:
         d5:1b:a8:39:a9:02:73:65:ea:c6:46:a7:70:80:d2:aa:dd:54:
         59:a1:41:9e:9f:a0:83:8f:6c:06:71:1b:e4:20:a5:35:4e:31:
         25:2b:8b:d4:2c:43:de:fb:52:9a:6b:ae:42:9a:a0:dc:ae:39:
         6e:61:f8:2e:b6:be:3b:4b:48:61:c0:15:5b:a3:40:ce:67:0c:
         3e:7d:34:7d:39:2d:74:b3:9a:b0:d3:84:3e:71:41:73:7d:be:
         f6:2c:18:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjIB/jpgcio8lRXDV0ZjsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiN2Y4MWE2ZTc4MmUyMTExODljNGYzNGU0NTliNDIyNmM3
NWY0YTYwHhcNMjUwMTAxMDE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjYyYzJlNWU0MDlhZjIzM2RlN2NmODUyZTQ1Y2E5MDQwZDk3OGJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3uKVihGr03BDFoMsgqMBxEgxHYWj
xfvKoD558G4z1Np7IZG3eCEPQQzZQQeyBzqH+tr3kcQnugkMPJJEF9cs8BO3TGrS
l6iv6R3t4XzNoGWJcXkOwtXZuv2pKDNVzpAFWOP1ytvxGr92szC2ua5ikoJS7f9q
+LF3/L1KxZwJZubLftkPeeaVVlu759IKac5odgEbnfdk0AQyi5CN9GSfdu6xD2Yg
gqXeX+JaZlgo38MWz8Rm8CXgHZusqyNt2OBDIdumqUXc2g6kbrQd9duTKiVGwfIZ
XJIq3hkv7c2kBhK5ydjX6VtR5oob+ZHSjLpHMfGDhesOFP4OhUz/LvhJAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9iwuXkCa8jPefPhS5FypBA2Xi8MB8GA1UdIwQY
MBaAFIt/gabnguIRGJxPNORZtCJsdfSmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUt
ZjJmNDI2ZWZlMDM5LzEvUDJMQzVlUUpyeU05NTgtRkxrWEtrRURaZUx3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi85YjYwZTUtZjk4Zi00YWM2LTk4YTUtZjJmNDI2ZWZlMDM5
LzEvaTMtQnB1ZUM0aEVZbkU4MDVGbTBJbXgxOUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8L4MA0G
CSqGSIb3DQEBCwUAA4IBAQBT7COkfvoKuux/w9HKbql5rA97l3Dc1knVGR4juHuO
NCxHlKSbjahgCmBkPrQSd4gKhufnCzzX+N1u8ddXrA1IwEnVjOudTKrqSn4MK+Oz
5lnmXBcoVxJlqsVo+SQN3DQNLVsyAokG0k8RMkPFue/R9+y9rBOWD9aa2KRAiuXC
GX8YWlgGr57zwMFtvsYGfn4roqDwS1omcY9afJYiEXczxSTVG6g5qQJzZerGRqdw
gNKq3VRZoUGen6CDj2wGcRvkIKU1TjElK4vULEPe+1Kaa65CmqDcrjluYfgutr47
S0hhwBVbo0DOZww+fTR9OS10s5qw04Q+cUFzfb72LBgZ
-----END CERTIFICATE-----