Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/ZuTxi79Ck2OCXbkDauPT87FQh1E.roa
File:                     ZuTxi79Ck2OCXbkDauPT87FQh1E.roa (raw, json)
Hash identifier:          xuj1se8JvfBc00cfkDYRLRVr3K+o4nQ3N/ymEwvuis8=
Subject key identifier:   66:E4:F1:8B:BF:42:93:63:82:5D:B9:03:6A:E3:D3:F3:B1:50:87:51
Certificate issuer:       /CN=a9d6b171233f20b37e61a3a1ff59ea553bcf21d3
Certificate serial:       0194236A0E050A27FD222831E5171EEBAF42
Authority key identifier: A9:D6:B1:71:23:3F:20:B3:7E:61:A3:A1:FF:59:EA:55:3B:CF:21:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qdaxcSM_ILN-YaOh_1nqVTvPIdM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/ZuTxi79Ck2OCXbkDauPT87FQh1E.roa
Signing time:             Wed 01 Jan 2025 19:49:00 +0000
ROA not before:           Wed 01 Jan 2025 19:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216286
IP address blocks:        91.199.2.0/24 maxlen: 24
                          2a13:e440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/qdaxcSM_ILN-YaOh_1nqVTvPIdM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/qdaxcSM_ILN-YaOh_1nqVTvPIdM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qdaxcSM_ILN-YaOh_1nqVTvPIdM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:02:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:0e:05:0a:27:fd:22:28:31:e5:17:1e:eb:af:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a9d6b171233f20b37e61a3a1ff59ea553bcf21d3
        Validity
            Not Before: Jan  1 19:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66e4f18bbf429363825db9036ae3d3f3b1508751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1e:33:cb:42:2f:89:18:50:de:97:df:dc:8e:
                    5c:84:0b:df:5b:7a:cc:ea:20:e8:49:4f:15:ee:91:
                    b1:30:c2:12:54:e8:8a:f2:03:c5:d7:88:ca:a4:f9:
                    4e:ba:81:d3:d4:f1:2a:f4:74:22:d3:6d:4a:75:40:
                    46:1b:1a:a6:4a:bd:8a:c0:48:65:8f:58:3d:07:e6:
                    79:48:70:52:bd:e4:68:18:c5:44:66:0e:f9:ee:e3:
                    95:8c:94:73:82:6a:4c:24:8a:c9:22:59:36:fe:ec:
                    c2:c5:b0:dd:83:70:36:e0:6e:50:51:c7:47:30:c1:
                    35:5a:89:d2:07:72:f2:48:78:19:1b:d7:f2:36:93:
                    57:0b:88:2d:47:be:30:9a:5d:28:c2:f2:d3:cb:af:
                    ce:a7:f5:2a:4b:5a:12:7c:9c:d7:da:99:c6:90:a1:
                    26:fd:96:8b:12:2c:f1:19:d1:b0:a8:e3:8f:10:54:
                    14:57:bc:b4:bf:5a:f7:36:07:eb:88:9e:e2:24:41:
                    91:b2:13:e2:fe:c9:98:db:3a:1a:53:04:d1:b0:72:
                    d9:3a:06:82:67:38:b4:38:b0:1b:e3:f6:aa:5d:c7:
                    18:ea:cf:67:8f:d5:8f:01:34:61:9e:ea:ea:a4:66:
                    25:c0:58:2a:6d:e8:9b:10:1e:c0:a9:4a:3e:3e:ad:
                    6c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:E4:F1:8B:BF:42:93:63:82:5D:B9:03:6A:E3:D3:F3:B1:50:87:51
            X509v3 Authority Key Identifier:
                keyid:A9:D6:B1:71:23:3F:20:B3:7E:61:A3:A1:FF:59:EA:55:3B:CF:21:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qdaxcSM_ILN-YaOh_1nqVTvPIdM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/ZuTxi79Ck2OCXbkDauPT87FQh1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/896914-41b1-4b67-9db4-095dce0e019e/1/qdaxcSM_ILN-YaOh_1nqVTvPIdM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.2.0/24
                IPv6:
                  2a13:e440::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:09:f7:01:4c:01:dc:69:8c:e2:7c:c9:ca:33:bc:fe:de:0e:
         9a:20:b7:e9:09:2b:67:9b:e1:a8:51:c3:e4:b9:90:c8:79:b7:
         fe:a9:e8:18:07:bc:d5:e7:a1:ae:0a:55:a5:77:2b:a0:be:4e:
         33:73:f5:24:7c:72:74:62:20:6b:d7:92:e4:17:8a:1a:29:ef:
         4f:89:be:97:ae:e9:47:43:b5:89:b1:81:b0:5f:a9:9e:63:e6:
         39:4e:1d:04:d9:58:c6:4a:8f:53:2e:a1:9f:ea:c1:bd:e4:9a:
         33:7f:48:63:17:10:c0:d6:3e:0e:31:9a:74:fb:45:17:62:df:
         8f:9c:15:db:93:f1:b3:0b:93:7e:4e:86:ff:ea:a1:c3:d2:bf:
         c4:cc:e5:7a:76:33:ed:cf:06:8e:2a:81:4e:72:96:ac:01:4c:
         87:51:95:1a:c4:b7:48:e5:05:d1:65:39:0c:2a:d7:82:24:9f:
         fb:b2:46:fc:77:cb:0f:dc:75:8c:6a:22:7f:94:a0:dc:d8:81:
         41:a0:4f:66:10:62:52:fa:44:6b:d9:71:db:91:ea:c5:3f:3b:
         53:ff:8b:57:d9:56:e1:af:c9:bd:d9:90:87:bb:4e:0f:02:bb:
         8f:fe:cc:df:2f:30:8e:22:cd:f6:e1:66:0b:1c:54:51:5b:71:
         01:a8:f2:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjag4FCif9Iigx5Rce669CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ZDZiMTcxMjMzZjIwYjM3ZTYxYTNhMWZmNTllYTU1M2Jj
ZjIxZDMwHhcNMjUwMTAxMTk0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmU0ZjE4YmJmNDI5MzYzODI1ZGI5MDM2YWUzZDNmM2IxNTA4NzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlh4zy0IviRhQ3pff3I5chAvfW3rM
6iDoSU8V7pGxMMISVOiK8gPF14jKpPlOuoHT1PEq9HQi021KdUBGGxqmSr2KwEhl
j1g9B+Z5SHBSveRoGMVEZg757uOVjJRzgmpMJIrJIlk2/uzCxbDdg3A24G5QUcdH
MME1WonSB3LySHgZG9fyNpNXC4gtR74wml0owvLTy6/Op/UqS1oSfJzX2pnGkKEm
/ZaLEizxGdGwqOOPEFQUV7y0v1r3NgfriJ7iJEGRshPi/smY2zoaUwTRsHLZOgaC
Zzi0OLAb4/aqXccY6s9nj9WPATRhnurqpGYlwFgqbeibEB7AqUo+Pq1sOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGbk8Yu/QpNjgl25A2rj0/OxUIdRMB8GA1UdIwQY
MBaAFKnWsXEjPyCzfmGjof9Z6lU7zyHTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWRheGNTTV9JTE4tWWFPaF8xbnFWVHZQSWRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84OTY5MTQtNDFiMS00YjY3LTlkYjQt
MDk1ZGNlMGUwMTllLzEvWnVUeGk3OUNrMk9DWGJrRGF1UFQ4N0ZRaDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84OTY5MTQtNDFiMS00YjY3LTlkYjQtMDk1ZGNlMGUwMTll
LzEvcWRheGNTTV9JTE4tWWFPaF8xbnFWVHZQSWRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8cCMA0E
AgACMAcDBQMqE+RAMA0GCSqGSIb3DQEBCwUAA4IBAQCcCfcBTAHcaYzifMnKM7z+
3g6aILfpCStnm+GoUcPkuZDIebf+qegYB7zV56GuClWldyugvk4zc/UkfHJ0YiBr
15LkF4oaKe9Pib6XrulHQ7WJsYGwX6meY+Y5Th0E2VjGSo9TLqGf6sG95Jozf0hj
FxDA1j4OMZp0+0UXYt+PnBXbk/GzC5N+Tob/6qHD0r/EzOV6djPtzwaOKoFOcpas
AUyHUZUaxLdI5QXRZTkMKteCJJ/7skb8d8sP3HWMaiJ/lKDc2IFBoE9mEGJS+kRr
2XHbkerFPztT/4tX2Vbhr8m92ZCHu04PAruP/szfLzCOIs324WYLHFRRW3EBqPJ3
-----END CERTIFICATE-----