Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/cvexNa_0mj6FW8KZpLGAFQIE4OA.roa
File:                     cvexNa_0mj6FW8KZpLGAFQIE4OA.roa (raw, json)
Hash identifier:          iCleYEjTV16uifIQzD0T3cEabw9bGQHX0EZMLPEVxN4=
Subject key identifier:   72:F7:B1:35:AF:F4:9A:3E:85:5B:C2:99:A4:B1:80:15:02:04:E0:E0
Certificate issuer:       /CN=bfb097a36c2325d1031ff4091ba00a86459d4288
Certificate serial:       019528BC971F09836BF9C9368F9081F06DDD
Authority key identifier: BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/cvexNa_0mj6FW8KZpLGAFQIE4OA.roa
Signing time:             Fri 21 Feb 2025 13:40:02 +0000
ROA not before:           Fri 21 Feb 2025 13:40:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213439
IP address blocks:        91.82.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 21:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:28:bc:97:1f:09:83:6b:f9:c9:36:8f:90:81:f0:6d:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bfb097a36c2325d1031ff4091ba00a86459d4288
        Validity
            Not Before: Feb 21 13:40:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72f7b135aff49a3e855bc299a4b180150204e0e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:90:03:c9:e2:14:87:21:be:c0:19:21:ce:d7:
                    12:3b:9f:09:76:21:c4:35:1e:c8:88:00:73:ed:88:
                    eb:ac:df:d7:06:05:6e:21:27:ac:c8:79:c9:00:a4:
                    28:ef:5c:f8:81:1b:16:6c:2c:5f:18:11:42:81:83:
                    6f:79:4c:5f:da:0e:95:34:5f:02:65:c7:aa:de:d6:
                    3a:93:b4:f4:ad:a6:14:88:b4:f0:58:55:89:eb:f7:
                    0c:0d:1f:bf:96:b6:5d:a8:87:e3:a9:82:4b:68:60:
                    0e:5e:74:26:44:46:62:02:db:cc:48:cc:aa:fc:90:
                    b4:b9:e3:db:27:c2:90:ab:53:7e:7b:e5:cf:03:6e:
                    af:9b:f5:87:d2:e7:af:c0:f5:19:3c:27:36:cc:15:
                    a9:e1:43:26:bb:b2:fd:e2:5b:27:02:40:01:b7:f3:
                    2f:9e:db:e2:f7:0c:b3:bb:08:04:1b:27:f4:45:7f:
                    0e:6b:d5:7f:87:a5:c4:88:b8:8c:36:16:90:1c:4f:
                    58:fd:e0:f8:3d:bc:50:40:70:7e:79:c0:f8:48:d4:
                    b8:78:74:9c:bb:96:a3:58:be:4e:43:bf:4d:5d:a0:
                    2b:08:a8:21:b2:33:66:8c:9e:4a:63:70:0c:4e:69:
                    d5:93:a8:aa:dd:d4:e2:84:41:39:8b:ad:7a:4a:dc:
                    62:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F7:B1:35:AF:F4:9A:3E:85:5B:C2:99:A4:B1:80:15:02:04:E0:E0
            X509v3 Authority Key Identifier:
                keyid:BF:B0:97:A3:6C:23:25:D1:03:1F:F4:09:1B:A0:0A:86:45:9D:42:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v7CXo2wjJdEDH_QJG6AKhkWdQog.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/cvexNa_0mj6FW8KZpLGAFQIE4OA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/f2c5e8-8d37-4838-a33b-ecc49bdc2ad8/1/v7CXo2wjJdEDH_QJG6AKhkWdQog.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.82.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:63:88:a5:6a:21:dd:66:5a:7b:18:88:9c:45:a6:b1:72:15:
         55:08:a8:e7:8d:ad:6b:0e:7f:50:3c:d0:e2:42:93:7f:09:4e:
         54:57:c6:e8:68:e3:d8:84:40:fb:47:ce:58:a2:85:52:bb:8a:
         95:1e:11:e7:0e:10:94:a0:4e:27:08:8a:49:87:20:5f:65:90:
         9c:e7:2d:7a:74:b5:49:6f:db:aa:32:33:e9:ed:e0:4d:29:6d:
         d5:ee:d7:fb:1a:1c:f1:e5:39:32:27:70:27:f5:fa:49:78:63:
         a3:f3:38:68:a6:6a:b2:ce:f6:2a:a0:ce:88:ff:28:18:c1:c6:
         50:a3:ba:1c:f1:6f:0f:1f:10:86:90:0b:73:c7:8e:8a:34:6b:
         c4:35:84:fc:aa:f5:d4:a7:47:83:eb:f8:55:d5:17:fc:51:80:
         90:32:74:a0:da:43:40:0d:cb:42:8d:77:ea:fa:c6:6d:53:46:
         3c:ec:2d:c9:30:31:fc:79:c5:c9:95:cd:4b:12:f8:68:6f:a3:
         d6:62:1a:95:d0:ab:ad:2e:70:99:73:09:c0:14:bf:c3:42:18:
         f8:3c:2c:58:8b:8a:45:81:15:6e:c4:ff:0f:6b:5e:d5:7b:56:
         87:d2:a9:f6:cf:43:62:4b:c3:f8:c7:65:43:8b:f0:6e:17:89:
         30:92:52:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUovJcfCYNr+ck2j5CB8G3dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmYjA5N2EzNmMyMzI1ZDEwMzFmZjQwOTFiYTAwYTg2NDU5
ZDQyODgwHhcNMjUwMjIxMTM0MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmY3YjEzNWFmZjQ5YTNlODU1YmMyOTlhNGIxODAxNTAyMDRlMGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopADyeIUhyG+wBkhztcSO58JdiHE
NR7IiABz7YjrrN/XBgVuISesyHnJAKQo71z4gRsWbCxfGBFCgYNveUxf2g6VNF8C
Zceq3tY6k7T0raYUiLTwWFWJ6/cMDR+/lrZdqIfjqYJLaGAOXnQmREZiAtvMSMyq
/JC0uePbJ8KQq1N+e+XPA26vm/WH0uevwPUZPCc2zBWp4UMmu7L94lsnAkABt/Mv
ntvi9wyzuwgEGyf0RX8Oa9V/h6XEiLiMNhaQHE9Y/eD4PbxQQHB+ecD4SNS4eHSc
u5ajWL5OQ79NXaArCKghsjNmjJ5KY3AMTmnVk6iq3dTihEE5i616StxihwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHL3sTWv9Jo+hVvCmaSxgBUCBODgMB8GA1UdIwQY
MBaAFL+wl6NsIyXRAx/0CRugCoZFnUKIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2It
ZWNjNDliZGMyYWQ4LzEvY3ZleE5hXzBtajZGVzhLWnBMR0FGUUlFNE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9mMmM1ZTgtOGQzNy00ODM4LWEzM2ItZWNjNDliZGMyYWQ4
LzEvdjdDWG8yd2pKZEVESF9RSkc2QUtoa1dkUW9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW1LdMA0G
CSqGSIb3DQEBCwUAA4IBAQB0Y4ilaiHdZlp7GIicRaaxchVVCKjnja1rDn9QPNDi
QpN/CU5UV8boaOPYhED7R85YooVSu4qVHhHnDhCUoE4nCIpJhyBfZZCc5y16dLVJ
b9uqMjPp7eBNKW3V7tf7Ghzx5TkyJ3An9fpJeGOj8zhopmqyzvYqoM6I/ygYwcZQ
o7oc8W8PHxCGkAtzx46KNGvENYT8qvXUp0eD6/hV1Rf8UYCQMnSg2kNADctCjXfq
+sZtU0Y87C3JMDH8ecXJlc1LEvhob6PWYhqV0KutLnCZcwnAFL/DQhj4PCxYi4pF
gRVuxP8Pa17Ve1aH0qn2z0NiS8P4x2VDi/BuF4kwklI8
-----END CERTIFICATE-----