Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/oE4zcQkbIPTmCnZJ7kM9O6jAd_0.roa
File:                     oE4zcQkbIPTmCnZJ7kM9O6jAd_0.roa (raw, json)
Hash identifier:          Tgh0ekNP0gf5k9YI0euyW8GBaeKSJS7GrbGpK1bhyJM=
Subject key identifier:   A0:4E:33:71:09:1B:20:F4:E6:0A:76:49:EE:43:3D:3B:A8:C0:77:FD
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019296475D4FE69DCE991E1C67E4861141DA
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/oE4zcQkbIPTmCnZJ7kM9O6jAd_0.roa
Signing time:             Wed 16 Oct 2024 17:01:52 +0000
ROA not before:           Wed 16 Oct 2024 17:01:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57916
IP address blocks:        91.242.64.0/22 maxlen: 22
                          91.242.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:96:47:5d:4f:e6:9d:ce:99:1e:1c:67:e4:86:11:41:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Oct 16 17:01:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a04e3371091b20f4e60a7649ee433d3ba8c077fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ea:1f:9b:b6:b7:33:db:bc:b6:07:36:56:19:
                    66:e1:e2:28:61:73:ea:5a:ae:e2:0a:74:32:26:68:
                    a1:78:ca:9c:35:ee:55:36:2a:80:40:90:9e:b6:95:
                    d8:fd:80:bf:ad:d3:fc:95:77:47:70:7e:d3:99:5a:
                    2f:67:1d:e4:5a:d4:7e:c9:f9:dd:12:7d:93:ff:70:
                    e1:20:70:6b:b1:a1:5d:29:c5:45:31:02:05:3e:e4:
                    8e:5f:c7:c4:3a:cf:dd:b5:9c:ae:a7:ee:77:22:36:
                    9a:dd:84:95:04:ff:c6:04:f8:76:1e:22:67:7b:b1:
                    70:9b:7c:b7:99:81:f4:44:e6:61:31:57:d9:b8:9d:
                    a8:be:72:6c:0d:50:8d:d1:b2:20:5e:6f:5d:c3:ea:
                    75:01:a4:f6:dc:ca:5b:26:19:2f:29:da:4f:e9:3b:
                    11:77:20:d2:85:ce:0a:0a:f5:35:8b:cf:f7:3b:49:
                    74:0a:40:80:0c:44:d2:65:b4:a3:c1:fa:c5:7e:d0:
                    55:f8:89:83:54:76:0f:00:d6:55:4b:dc:dc:5d:b2:
                    8f:77:d4:e2:7a:8b:95:a2:b0:59:bd:84:66:5d:76:
                    fd:f2:40:65:41:5e:66:8f:07:b3:2c:14:13:ec:97:
                    5f:65:95:55:bc:5d:d7:8a:7f:4e:7f:39:1d:b5:f9:
                    f1:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:4E:33:71:09:1B:20:F4:E6:0A:76:49:EE:43:3D:3B:A8:C0:77:FD
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/oE4zcQkbIPTmCnZJ7kM9O6jAd_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.64.0/22
                  91.242.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:4a:97:17:cc:79:3d:07:08:56:be:1e:9e:6d:8c:5a:17:36:
         02:77:14:9a:ac:84:83:9a:cb:e2:de:a7:a2:af:d8:69:03:c6:
         5a:0c:89:65:95:9d:ab:86:0b:91:c5:e5:2d:4a:62:1b:c4:80:
         dc:28:91:82:ec:af:c6:30:01:ab:9e:70:92:bd:fd:91:bb:55:
         68:48:31:b2:40:16:82:44:d8:85:a4:8c:f6:9b:43:f3:88:5b:
         e2:1c:a6:26:1a:bf:1b:93:fb:64:6c:53:1b:48:65:ee:59:9c:
         93:ea:45:a9:0b:a3:36:86:0a:a8:05:fa:04:b3:17:15:82:bf:
         8a:5a:23:4c:9c:33:7e:1d:85:30:fe:4e:6b:c5:80:0b:78:82:
         47:1c:5e:3a:b3:3c:9e:aa:2c:55:2b:84:e5:fb:f9:9a:bb:67:
         98:b4:05:c4:e9:65:0a:d0:90:a1:41:9e:bb:eb:a7:eb:42:1a:
         94:35:2d:46:08:3e:e8:0e:57:17:8f:dc:5c:4f:2b:85:cb:5d:
         8e:65:41:08:4d:15:c3:ee:f4:98:65:d8:57:27:f5:11:47:25:
         43:97:76:77:80:61:f7:90:b3:c9:59:a0:e5:f3:0d:a4:b2:42:
         e6:02:a8:a3:22:bc:83:93:4b:ef:77:3c:5c:12:72:79:26:88:
         a6:ff:e6:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZKWR11P5p3OmR4cZ+SGEUHaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQxMDE2MTcwMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDRlMzM3MTA5MWIyMGY0ZTYwYTc2NDllZTQzM2QzYmE4YzA3N2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eofm7a3M9u8tgc2Vhlm4eIoYXPq
Wq7iCnQyJmiheMqcNe5VNiqAQJCetpXY/YC/rdP8lXdHcH7TmVovZx3kWtR+yfnd
En2T/3DhIHBrsaFdKcVFMQIFPuSOX8fEOs/dtZyup+53Ijaa3YSVBP/GBPh2HiJn
e7Fwm3y3mYH0ROZhMVfZuJ2ovnJsDVCN0bIgXm9dw+p1AaT23MpbJhkvKdpP6TsR
dyDShc4KCvU1i8/3O0l0CkCADETSZbSjwfrFftBV+ImDVHYPANZVS9zcXbKPd9Ti
eouVorBZvYRmXXb98kBlQV5mjwezLBQT7JdfZZVVvF3Xin9OfzkdtfnxYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKBOM3EJGyD05gp2Se5DPTuowHf9MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvb0U0emNRa2JJUFRtQ25aSjdrTTlPNmpBZF8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW/JAAwQA
W/JhMA0GCSqGSIb3DQEBCwUAA4IBAQBvSpcXzHk9BwhWvh6ebYxaFzYCdxSarISD
msvi3qeir9hpA8ZaDIlllZ2rhguRxeUtSmIbxIDcKJGC7K/GMAGrnnCSvf2Ru1Vo
SDGyQBaCRNiFpIz2m0PziFviHKYmGr8bk/tkbFMbSGXuWZyT6kWpC6M2hgqoBfoE
sxcVgr+KWiNMnDN+HYUw/k5rxYALeIJHHF46szyeqixVK4Tl+/mau2eYtAXE6WUK
0JChQZ6766frQhqUNS1GCD7oDlcXj9xcTyuFy12OZUEITRXD7vSYZdhXJ/URRyVD
l3Z3gGH3kLPJWaDl8w2kskLmAqijIryDk0vvdzxcEnJ5Joim/+Yd
-----END CERTIFICATE-----