Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zA51efKnn-MCbOohkjzrKYttkLc.roa
File:                     zA51efKnn-MCbOohkjzrKYttkLc.roa (raw, json)
Hash identifier:          BZW4FB67avsz1oQPktGr327/V/T7DKHa/M/PvVTKh7Y=
Subject key identifier:   CC:0E:75:79:F2:A7:9F:E3:02:6C:EA:21:92:3C:EB:29:8B:6D:90:B7
Certificate issuer:       /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial:       019422FC15B1B7AACE128DBF328256C1FE60
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zA51efKnn-MCbOohkjzrKYttkLc.roa
Signing time:             Wed 01 Jan 2025 17:48:53 +0000
ROA not before:           Wed 01 Jan 2025 17:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202722
IP address blocks:        91.242.80.0/24 maxlen: 24
                          91.242.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:15:b1:b7:aa:ce:12:8d:bf:32:82:56:c1:fe:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc0e7579f2a79fe3026cea21923ceb298b6d90b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e2:9e:d5:da:03:b7:65:68:aa:16:31:99:47:
                    2a:aa:4a:a7:75:bd:f0:c4:d7:da:45:42:68:f5:62:
                    f4:24:4c:99:af:63:b8:64:8d:4a:f2:11:9a:8e:f7:
                    31:7f:0e:70:f5:2a:aa:e1:14:e0:ba:3c:07:e4:8d:
                    b1:c7:54:93:65:b3:fe:f1:54:f4:ac:ce:23:e5:70:
                    f7:38:76:13:91:1e:ef:1b:27:3f:e3:8b:c1:50:6d:
                    73:66:8d:b3:09:1b:54:8c:6e:58:af:83:a5:1b:18:
                    f8:98:dc:1d:ae:52:89:40:87:59:96:fe:83:b2:06:
                    40:04:53:e7:3e:6d:98:81:bf:fc:3b:d1:b9:7f:72:
                    05:10:cf:7d:09:b5:14:37:3a:c8:e3:9a:4b:3b:6e:
                    0f:76:b1:60:8f:cb:83:65:c7:06:50:79:dc:17:c0:
                    94:c1:17:0c:49:f4:72:bf:93:26:f4:83:78:3d:6b:
                    28:35:0a:2e:23:fb:26:37:52:a5:9b:10:32:70:69:
                    06:49:cb:ae:9c:be:19:32:87:fd:2d:bb:aa:61:75:
                    b1:a3:ba:d7:b8:49:1c:08:80:b1:f6:f7:b7:c6:ac:
                    9c:39:48:9e:19:80:6b:ab:57:40:54:6b:38:20:5b:
                    35:28:67:cb:b4:f7:ed:8e:3b:1f:13:04:4d:19:01:
                    cc:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:0E:75:79:F2:A7:9F:E3:02:6C:EA:21:92:3C:EB:29:8B:6D:90:B7
            X509v3 Authority Key Identifier:
                keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zA51efKnn-MCbOohkjzrKYttkLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.80.0/24
                  91.242.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:30:38:45:7a:52:5a:f7:2d:2c:7d:99:62:ea:49:b7:f1:38:
         2b:c9:c6:74:1d:bc:c4:e2:5f:12:42:4b:83:7e:d6:23:d8:9d:
         c9:a7:65:06:ec:ca:18:f8:d3:83:db:66:a7:31:60:b5:72:0e:
         a0:ac:7f:db:3c:b9:3f:8b:f1:43:84:71:df:1d:10:19:6c:60:
         b1:e3:11:53:a4:86:f7:74:c7:dc:75:58:17:b7:f9:57:2c:6c:
         38:73:2d:7a:d0:c6:77:31:31:5d:f1:c2:f7:1a:1d:04:1c:58:
         93:f0:23:e9:1f:a1:93:63:92:d6:d7:17:fa:17:e0:87:2d:f6:
         d6:2b:e9:f4:cd:4a:8d:c0:af:0f:7b:94:1e:53:74:ef:fd:dc:
         e6:ab:f0:64:8c:15:f8:46:46:05:0c:16:9c:27:2c:89:6e:f4:
         c1:ef:2a:35:5a:69:b2:f3:67:72:86:a6:f4:a5:ca:6d:32:be:
         4c:36:0d:7c:a4:40:d0:4f:95:2f:7d:d6:1f:de:ef:5f:09:33:
         08:5d:c7:c4:ee:24:d8:aa:f7:81:bb:ff:84:b7:e1:56:86:d6:
         f7:01:87:73:05:ad:b4:3d:6d:48:e7:42:1b:b0:67:af:24:49:
         ff:16:3a:ec:35:d7:c0:6f:73:14:9c:d2:9f:ca:22:04:0e:e7:
         2d:84:aa:09
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi/BWxt6rOEo2/MoJWwf5gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzBlNzU3OWYyYTc5ZmUzMDI2Y2VhMjE5MjNjZWIyOThiNmQ5MGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+Ke1doDt2VoqhYxmUcqqkqndb3w
xNfaRUJo9WL0JEyZr2O4ZI1K8hGajvcxfw5w9Sqq4RTgujwH5I2xx1STZbP+8VT0
rM4j5XD3OHYTkR7vGyc/44vBUG1zZo2zCRtUjG5Yr4OlGxj4mNwdrlKJQIdZlv6D
sgZABFPnPm2Ygb/8O9G5f3IFEM99CbUUNzrI45pLO24PdrFgj8uDZccGUHncF8CU
wRcMSfRyv5Mm9IN4PWsoNQouI/smN1KlmxAycGkGScuunL4ZMof9LbuqYXWxo7rX
uEkcCICx9ve3xqycOUieGYBrq1dAVGs4IFs1KGfLtPftjjsfEwRNGQHMpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMwOdXnyp5/jAmzqIZI86ymLbZC3MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvekE1MWVmS25uLU1DYk9vaGtqenJLWXR0a0xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW/JQAwQA
W/JjMA0GCSqGSIb3DQEBCwUAA4IBAQB5MDhFelJa9y0sfZli6km38TgrycZ0HbzE
4l8SQkuDftYj2J3Jp2UG7MoY+NOD22anMWC1cg6grH/bPLk/i/FDhHHfHRAZbGCx
4xFTpIb3dMfcdVgXt/lXLGw4cy160MZ3MTFd8cL3Gh0EHFiT8CPpH6GTY5LW1xf6
F+CHLfbWK+n0zUqNwK8Pe5QeU3Tv/dzmq/BkjBX4RkYFDBacJyyJbvTB7yo1Wmmy
82dyhqb0pcptMr5MNg18pEDQT5UvfdYf3u9fCTMIXcfE7iTYqveBu/+Et+FWhtb3
AYdzBa20PW1I50IbsGevJEn/FjrsNdfAb3MUnNKfyiIEDucthKoJ
-----END CERTIFICATE-----