Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/d11443-1372-4cfc-8d57-6d3a88153767/1/tT2MkC3bDAt-AG9rSFm6itBZmH0.roa
File:                     tT2MkC3bDAt-AG9rSFm6itBZmH0.roa (raw, json)
Hash identifier:          ZIroNCPsL/l7JhsPE9mGE4anIRCcdf9s2wEC0oqqzzc=
Subject key identifier:   B5:3D:8C:90:2D:DB:0C:0B:7E:00:6F:6B:48:59:BA:8A:D0:59:98:7D
Certificate issuer:       /CN=92b143d7db115957c5db9af895f4e7e15b7b6b17
Certificate serial:       019426D976E3E338C91A5468864880681B23
Authority key identifier: 92:B1:43:D7:DB:11:59:57:C5:DB:9A:F8:95:F4:E7:E1:5B:7B:6B:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/krFD19sRWVfF25r4lfTn4Vt7axc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/d11443-1372-4cfc-8d57-6d3a88153767/1/tT2MkC3bDAt-AG9rSFm6itBZmH0.roa
Signing time:             Thu 02 Jan 2025 11:49:33 +0000
ROA not before:           Thu 02 Jan 2025 11:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51824
IP address blocks:        91.221.84.0/23 maxlen: 23
                          91.221.84.0/24 maxlen: 24
                          91.221.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/d11443-1372-4cfc-8d57-6d3a88153767/1/krFD19sRWVfF25r4lfTn4Vt7axc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/d11443-1372-4cfc-8d57-6d3a88153767/1/krFD19sRWVfF25r4lfTn4Vt7axc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/krFD19sRWVfF25r4lfTn4Vt7axc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:76:e3:e3:38:c9:1a:54:68:86:48:80:68:1b:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92b143d7db115957c5db9af895f4e7e15b7b6b17
        Validity
            Not Before: Jan  2 11:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b53d8c902ddb0c0b7e006f6b4859ba8ad059987d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cc:dd:0c:20:67:1a:e9:4d:22:6f:ac:60:f6:
                    11:7f:d0:87:d1:a8:b3:26:08:e5:89:62:03:f4:3e:
                    54:20:dd:22:ac:83:b3:90:2d:7e:de:d3:d6:54:bb:
                    af:c6:06:60:e4:7a:b4:1a:ac:63:f9:12:bb:ec:6f:
                    d0:84:38:b8:2b:1d:bb:53:c7:14:d1:15:3f:98:2e:
                    38:0b:4f:07:ed:65:c7:4e:c2:64:55:a9:a6:bb:ee:
                    b0:fb:24:35:52:39:e7:3e:84:50:d6:86:9d:cf:00:
                    ee:e2:74:c4:2f:00:2b:87:1c:97:a7:7c:22:d8:94:
                    c3:92:38:6d:52:4e:7b:6c:96:21:70:2b:67:8f:12:
                    c8:2b:17:ae:2e:74:53:6e:90:16:b6:5d:7a:de:b0:
                    63:80:76:fa:f3:f6:74:48:e2:14:bf:9f:b0:fa:18:
                    66:ef:4a:72:3e:55:23:9a:e0:da:7a:42:34:14:4d:
                    61:9d:77:d3:9a:43:5e:3e:d6:83:dd:e1:7c:44:f9:
                    70:ce:2a:b3:9b:e6:e8:69:4b:f8:85:0a:46:44:f3:
                    0a:d4:2a:0d:6d:c6:1e:04:0e:4b:20:cb:0a:5d:7d:
                    5d:d3:ef:18:75:d9:ca:f3:ad:97:f4:3f:65:34:e8:
                    e0:36:27:79:e0:e4:72:46:d1:ba:a6:61:ec:30:c7:
                    30:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:3D:8C:90:2D:DB:0C:0B:7E:00:6F:6B:48:59:BA:8A:D0:59:98:7D
            X509v3 Authority Key Identifier:
                keyid:92:B1:43:D7:DB:11:59:57:C5:DB:9A:F8:95:F4:E7:E1:5B:7B:6B:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/krFD19sRWVfF25r4lfTn4Vt7axc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/d11443-1372-4cfc-8d57-6d3a88153767/1/tT2MkC3bDAt-AG9rSFm6itBZmH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/d11443-1372-4cfc-8d57-6d3a88153767/1/krFD19sRWVfF25r4lfTn4Vt7axc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:71:40:e8:f4:b9:98:d6:e8:65:15:99:d2:7c:eb:9e:42:57:
         8b:67:00:56:7c:fd:17:3c:89:e5:41:73:22:a6:a7:8b:b3:93:
         f7:3d:f4:18:c8:b4:ce:1b:49:cb:90:c0:68:cd:d1:7d:4c:11:
         4a:08:db:07:af:11:e1:5c:2c:6a:8c:26:09:ef:c8:9c:75:f1:
         13:8e:21:50:23:37:56:62:db:f3:b1:44:d1:2b:cc:bc:21:26:
         46:26:06:ce:9c:07:b5:59:dc:f4:d7:a1:cd:47:f8:65:b9:f3:
         4b:07:18:b2:1a:ea:08:bf:53:0a:3b:db:25:3b:16:93:79:35:
         05:fa:b0:1a:8b:17:49:e9:40:89:0d:bc:ac:08:72:33:2e:6e:
         37:07:f5:76:5a:13:df:9e:36:9c:4e:c9:81:18:73:be:38:04:
         88:3f:92:0f:d2:e4:c0:04:63:4e:08:0a:da:c5:e5:f3:7e:28:
         56:25:32:de:0a:2b:ee:d5:3c:c4:7d:f2:7e:04:eb:66:dc:bb:
         34:c4:36:20:45:ac:3d:17:a5:f0:34:3a:05:82:a6:6b:d8:73:
         da:a4:82:a4:14:6f:6e:e6:30:d9:06:49:c6:fd:83:aa:b4:21:
         69:18:0d:50:49:8e:ea:a0:f7:c3:6f:58:36:2d:ab:e7:50:e9:
         f6:b0:eb:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Xbj4zjJGlRohkiAaBsjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyYjE0M2Q3ZGIxMTU5NTdjNWRiOWFmODk1ZjRlN2UxNWI3
YjZiMTcwHhcNMjUwMTAyMTE0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTNkOGM5MDJkZGIwYzBiN2UwMDZmNmI0ODU5YmE4YWQwNTk5ODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMzdDCBnGulNIm+sYPYRf9CH0aiz
JgjliWID9D5UIN0irIOzkC1+3tPWVLuvxgZg5Hq0Gqxj+RK77G/QhDi4Kx27U8cU
0RU/mC44C08H7WXHTsJkVammu+6w+yQ1UjnnPoRQ1oadzwDu4nTELwArhxyXp3wi
2JTDkjhtUk57bJYhcCtnjxLIKxeuLnRTbpAWtl163rBjgHb68/Z0SOIUv5+w+hhm
70pyPlUjmuDaekI0FE1hnXfTmkNePtaD3eF8RPlwziqzm+boaUv4hQpGRPMK1CoN
bcYeBA5LIMsKXX1d0+8YddnK862X9D9lNOjgNid54ORyRtG6pmHsMMcwcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLU9jJAt2wwLfgBva0hZuorQWZh9MB8GA1UdIwQY
MBaAFJKxQ9fbEVlXxdua+JX05+Fbe2sXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3JGRDE5c1JXVmZGMjVyNGxmVG40VnQ3YXhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kMTE0NDMtMTM3Mi00Y2ZjLThkNTct
NmQzYTg4MTUzNzY3LzEvdFQyTWtDM2JEQXQtQUc5clNGbTZpdEJabUgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kMTE0NDMtMTM3Mi00Y2ZjLThkNTctNmQzYTg4MTUzNzY3
LzEva3JGRDE5c1JXVmZGMjVyNGxmVG40VnQ3YXhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW91UMA0G
CSqGSIb3DQEBCwUAA4IBAQCOcUDo9LmY1uhlFZnSfOueQleLZwBWfP0XPInlQXMi
pqeLs5P3PfQYyLTOG0nLkMBozdF9TBFKCNsHrxHhXCxqjCYJ78icdfETjiFQIzdW
YtvzsUTRK8y8ISZGJgbOnAe1Wdz016HNR/hlufNLBxiyGuoIv1MKO9slOxaTeTUF
+rAaixdJ6UCJDbysCHIzLm43B/V2WhPfnjacTsmBGHO+OASIP5IP0uTABGNOCAra
xeXzfihWJTLeCivu1TzEffJ+BOtm3Ls0xDYgRaw9F6XwNDoFgqZr2HPapIKkFG9u
5jDZBknG/YOqtCFpGA1QSY7qoPfDb1g2LavnUOn2sOtt
-----END CERTIFICATE-----