Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/t0oLewvfmtctM6fLKW7JACNy67I.roa
File:                     t0oLewvfmtctM6fLKW7JACNy67I.roa (raw, json)
Hash identifier:          eoIen7jr8ftFR2LBFlJ/X2GszHh0uXwaMxdCabuer48=
Subject key identifier:   B7:4A:0B:7B:0B:DF:9A:D7:2D:33:A7:CB:29:6E:C9:00:23:72:EB:B2
Certificate issuer:       /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial:       01942445A1715F07B551CF45765F3E3C9438
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/t0oLewvfmtctM6fLKW7JACNy67I.roa
Signing time:             Wed 01 Jan 2025 23:48:50 +0000
ROA not before:           Wed 01 Jan 2025 23:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203056
IP address blocks:        91.146.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a1:71:5f:07:b5:51:cf:45:76:5f:3e:3c:94:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
        Validity
            Not Before: Jan  1 23:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b74a0b7b0bdf9ad72d33a7cb296ec9002372ebb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:30:b9:1d:16:0c:53:35:af:f5:d9:f8:3d:d2:
                    c0:f7:b5:31:06:96:48:da:fc:ae:5f:a4:8f:bc:fb:
                    a4:a6:b7:c6:02:38:44:61:59:a6:c6:6f:72:bd:cf:
                    15:fd:25:c2:cd:d9:93:e4:63:ed:f3:33:ea:2b:f4:
                    a9:b7:10:6d:5a:ae:6b:5b:c3:f3:03:14:b4:03:e2:
                    53:b6:7e:ea:a6:c9:4b:7a:7a:da:c1:7a:86:04:e6:
                    58:f6:e2:cb:43:64:15:24:0c:9a:46:f3:68:a1:d1:
                    55:39:b6:11:fd:07:2b:1b:0d:95:ac:75:81:f7:7a:
                    4c:a9:c2:eb:76:83:a6:52:2c:de:6e:50:9c:69:2c:
                    5b:4b:18:b3:01:ae:82:37:dd:47:90:23:48:c1:1f:
                    5f:7e:c8:c4:c4:c2:38:df:15:4c:02:3a:e2:40:a8:
                    ec:86:27:da:7c:c2:42:51:f4:6d:d0:28:3f:3c:f2:
                    3d:a0:1f:74:da:1a:98:e5:88:68:27:0c:b3:dc:fd:
                    45:ac:a9:77:9d:cb:fe:f4:63:84:68:2a:a7:6b:4d:
                    51:09:31:ab:56:ec:6a:99:ea:52:50:33:90:b3:27:
                    3a:ed:f0:52:75:94:7d:d4:fc:dc:c0:9b:76:79:9d:
                    96:c8:67:4c:37:12:48:eb:ff:39:51:68:a8:f6:a1:
                    dd:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:4A:0B:7B:0B:DF:9A:D7:2D:33:A7:CB:29:6E:C9:00:23:72:EB:B2
            X509v3 Authority Key Identifier:
                keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/t0oLewvfmtctM6fLKW7JACNy67I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.146.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:86:a0:c2:0f:07:3e:9b:c6:7a:c2:bd:63:e6:70:10:18:78:
         64:00:90:b9:2f:4f:33:f2:d4:34:54:af:c4:50:ad:5a:40:e7:
         cd:19:8b:5f:87:ce:f9:69:3e:c4:88:e6:1c:97:9c:9a:9a:b0:
         44:7e:99:ce:a8:54:4c:af:97:88:17:51:de:d5:3d:56:ac:4e:
         8b:08:5c:10:7f:34:e2:13:7a:75:58:e4:4c:1b:aa:2c:3a:ef:
         73:ee:45:bf:33:12:13:65:a1:ca:12:16:e6:ec:2b:17:b5:91:
         1a:0f:63:84:55:b0:d1:d0:80:11:d4:fc:e7:c7:a0:4d:7a:6a:
         0c:4f:df:a4:6c:18:a5:a4:6d:e8:e2:3f:02:ef:c3:d8:e0:fd:
         b2:c7:9a:ea:5f:a6:35:2c:19:0e:15:75:91:34:37:5b:47:b3:
         2c:3a:2a:43:df:7c:0b:b3:69:c1:c0:89:e3:33:2d:34:1a:14:
         3d:c7:9c:c0:e8:cf:e4:71:b1:d8:43:08:f8:a8:14:e5:aa:b3:
         95:33:56:6c:72:15:cf:67:e7:e0:51:1f:d4:c3:3e:e3:cb:6f:
         ae:e8:fe:03:19:1b:de:b8:50:07:ef:9d:2d:62:42:ff:28:c8:
         af:18:46:0b:5f:64:8f:06:cc:ee:b6:9d:a3:67:75:85:d4:f6:
         d4:65:ac:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRaFxXwe1Uc9Fdl8+PJQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjUwMTAxMjM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzRhMGI3YjBiZGY5YWQ3MmQzM2E3Y2IyOTZlYzkwMDIzNzJlYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzC5HRYMUzWv9dn4PdLA97UxBpZI
2vyuX6SPvPukprfGAjhEYVmmxm9yvc8V/SXCzdmT5GPt8zPqK/SptxBtWq5rW8Pz
AxS0A+JTtn7qpslLenrawXqGBOZY9uLLQ2QVJAyaRvNoodFVObYR/QcrGw2VrHWB
93pMqcLrdoOmUizeblCcaSxbSxizAa6CN91HkCNIwR9ffsjExMI43xVMAjriQKjs
hifafMJCUfRt0Cg/PPI9oB902hqY5YhoJwyz3P1FrKl3ncv+9GOEaCqna01RCTGr
VuxqmepSUDOQsyc67fBSdZR91PzcwJt2eZ2WyGdMNxJI6/85UWio9qHdyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdKC3sL35rXLTOnyyluyQAjcuuyMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvdDBvTGV3dmZtdGN0TTZmTEtXN0pBQ055NjdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5JyMA0G
CSqGSIb3DQEBCwUAA4IBAQCHhqDCDwc+m8Z6wr1j5nAQGHhkAJC5L08z8tQ0VK/E
UK1aQOfNGYtfh875aT7EiOYcl5yamrBEfpnOqFRMr5eIF1He1T1WrE6LCFwQfzTi
E3p1WORMG6osOu9z7kW/MxITZaHKEhbm7CsXtZEaD2OEVbDR0IAR1Pznx6BNemoM
T9+kbBilpG3o4j8C78PY4P2yx5rqX6Y1LBkOFXWRNDdbR7MsOipD33wLs2nBwInj
My00GhQ9x5zA6M/kcbHYQwj4qBTlqrOVM1ZschXPZ+fgUR/Uwz7jy2+u6P4DGRve
uFAH750tYkL/KMivGEYLX2SPBszutp2jZ3WF1PbUZazi
-----END CERTIFICATE-----