Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/kJufVgfjrdPcdWX3qkA2KR7YHjs.roa
File:                     kJufVgfjrdPcdWX3qkA2KR7YHjs.roa (raw, json)
Hash identifier:          UenVgpDEIkOxY2nxxhtL1w6EOZcg5gQgNjcAOlbKVrI=
Subject key identifier:   90:9B:9F:56:07:E3:AD:D3:DC:75:65:F7:AA:40:36:29:1E:D8:1E:3B
Certificate issuer:       /CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
Certificate serial:       0194258F8B7BF29BE4C33D2D33DBA185E8EF
Authority key identifier: 34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/kJufVgfjrdPcdWX3qkA2KR7YHjs.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21743
IP address blocks:        91.234.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:8b:7b:f2:9b:e4:c3:3d:2d:33:db:a1:85:e8:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=349cbbd5c2cf4195cc6ec7f21f607581a0224daa
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=909b9f5607e3add3dc7565f7aa4036291ed81e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:3c:d6:7b:c3:9e:68:ee:f4:24:99:af:88:61:
                    3b:51:2b:35:68:d5:7c:da:aa:2b:79:57:68:e9:68:
                    f8:8f:67:d6:e6:6a:00:a1:b0:c6:77:6a:51:01:7a:
                    55:a7:76:04:7e:af:05:ff:7d:e8:be:db:2d:17:93:
                    85:2d:bf:92:c6:cd:75:c6:4d:3a:eb:49:5f:dc:2e:
                    3c:40:7b:cc:69:18:0d:cb:36:10:15:c8:1a:51:51:
                    68:4a:5e:3d:45:b5:f5:1e:c9:91:a4:1f:12:b5:27:
                    39:1e:29:5f:47:02:6d:f7:ba:52:cc:a2:14:e4:69:
                    0c:57:21:67:cf:ae:19:d5:b6:20:30:78:e0:3c:03:
                    87:6c:d7:83:9b:cd:33:4a:98:b4:eb:45:d0:05:c7:
                    ca:a7:cf:90:ea:43:29:03:fd:86:93:92:76:48:13:
                    78:78:a3:93:c9:09:d3:a1:a1:24:fc:b1:b1:36:b2:
                    c7:9d:c3:8a:7f:71:39:66:9d:66:02:9d:eb:5e:8f:
                    84:43:69:33:48:78:be:72:c9:c1:d1:c6:40:2c:3e:
                    3e:ff:14:96:3d:c8:3e:54:90:d0:1e:4a:44:bc:81:
                    28:82:e0:1d:d8:4d:8a:d3:55:67:4d:1f:31:c5:0d:
                    02:fc:7a:47:64:35:27:35:6f:72:4b:ba:d6:bf:f9:
                    33:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:9B:9F:56:07:E3:AD:D3:DC:75:65:F7:AA:40:36:29:1E:D8:1E:3B
            X509v3 Authority Key Identifier:
                keyid:34:9C:BB:D5:C2:CF:41:95:CC:6E:C7:F2:1F:60:75:81:A0:22:4D:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NJy71cLPQZXMbsfyH2B1gaAiTao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/kJufVgfjrdPcdWX3qkA2KR7YHjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/cdf5f6-2f18-42c7-930e-dc06dd805960/1/NJy71cLPQZXMbsfyH2B1gaAiTao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:ff:63:a7:6e:31:85:d2:bb:7e:c5:a7:b7:6a:6c:e0:a2:92:
         bf:7a:26:3d:d6:db:af:d2:95:b1:32:b2:a1:23:c9:03:98:df:
         a5:94:4e:ce:18:6e:36:bd:c9:6b:1c:dd:80:bc:ac:fe:1f:e2:
         9c:f5:ce:0f:0c:cd:48:86:32:9c:58:8b:fb:80:be:b7:b6:a4:
         c3:12:04:c3:36:ba:6a:78:5c:29:83:f6:86:f0:cb:b1:bb:a9:
         4a:d8:86:2e:46:25:a2:f2:65:ff:23:d7:ea:9a:59:e9:20:25:
         92:ad:8e:47:35:f2:46:34:17:3a:25:2e:0b:84:b5:dd:e6:0e:
         ce:51:ce:50:44:ec:02:12:9b:d7:28:a0:0e:62:09:07:aa:7e:
         33:e7:27:cf:1c:79:e5:60:19:27:8b:6c:63:f6:71:18:c9:65:
         13:cc:ca:28:43:31:4b:a7:fb:0f:39:cd:4f:fd:65:22:fc:92:
         e2:35:6e:e8:6c:cc:16:24:a9:42:a8:a1:0d:99:33:f9:a8:99:
         99:81:ca:c3:eb:12:a2:1f:21:48:39:6a:02:8a:bd:2e:a2:f2:
         cf:1a:3a:d4:32:8e:12:07:a9:75:6a:c4:2b:a7:65:82:24:80:
         14:9c:95:e1:9e:30:c9:e4:0c:b3:c2:4b:a7:bf:b2:37:a2:24:
         aa:bd:96:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4t78pvkwz0tM9uhhejvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0OWNiYmQ1YzJjZjQxOTVjYzZlYzdmMjFmNjA3NTgxYTAy
MjRkYWEwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDliOWY1NjA3ZTNhZGQzZGM3NTY1ZjdhYTQwMzYyOTFlZDgxZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DzWe8OeaO70JJmviGE7USs1aNV8
2qoreVdo6Wj4j2fW5moAobDGd2pRAXpVp3YEfq8F/33ovtstF5OFLb+Sxs11xk06
60lf3C48QHvMaRgNyzYQFcgaUVFoSl49RbX1HsmRpB8StSc5HilfRwJt97pSzKIU
5GkMVyFnz64Z1bYgMHjgPAOHbNeDm80zSpi060XQBcfKp8+Q6kMpA/2Gk5J2SBN4
eKOTyQnToaEk/LGxNrLHncOKf3E5Zp1mAp3rXo+EQ2kzSHi+csnB0cZALD4+/xSW
Pcg+VJDQHkpEvIEoguAd2E2K01VnTR8xxQ0C/HpHZDUnNW9yS7rWv/kzwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJCbn1YH463T3HVl96pANike2B47MB8GA1UdIwQY
MBaAFDScu9XCz0GVzG7H8h9gdYGgIk2qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUt
ZGMwNmRkODA1OTYwLzEva0p1ZlZnZmpyZFBjZFdYM3FrQTJLUjdZSGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9jZGY1ZjYtMmYxOC00MmM3LTkzMGUtZGMwNmRkODA1OTYw
LzEvTkp5NzFjTFBRWlhNYnNmeUgyQjFnYUFpVGFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+qcMA0G
CSqGSIb3DQEBCwUAA4IBAQBp/2OnbjGF0rt+xae3amzgopK/eiY91tuv0pWxMrKh
I8kDmN+llE7OGG42vclrHN2AvKz+H+Kc9c4PDM1IhjKcWIv7gL63tqTDEgTDNrpq
eFwpg/aG8Muxu6lK2IYuRiWi8mX/I9fqmlnpICWSrY5HNfJGNBc6JS4LhLXd5g7O
Uc5QROwCEpvXKKAOYgkHqn4z5yfPHHnlYBkni2xj9nEYyWUTzMooQzFLp/sPOc1P
/WUi/JLiNW7obMwWJKlCqKENmTP5qJmZgcrD6xKiHyFIOWoCir0uovLPGjrUMo4S
B6l1asQrp2WCJIAUnJXhnjDJ5Ayzwkunv7I3oiSqvZYf
-----END CERTIFICATE-----