Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/GnQoHq2ALkHnA-1hM45uzLeJnlg.roa
File:                     GnQoHq2ALkHnA-1hM45uzLeJnlg.roa (raw, json)
Hash identifier:          56wbhZ1KfSgNZ2QOQ2O1i7JWNQODxAT5JXlghcuIe+0=
Subject key identifier:   1A:74:28:1E:AD:80:2E:41:E7:03:ED:61:33:8E:6E:CC:B7:89:9E:58
Certificate issuer:       /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial:       019427B5B2A44A39351F74646EF2865C56B9
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/GnQoHq2ALkHnA-1hM45uzLeJnlg.roa
Signing time:             Thu 02 Jan 2025 15:50:06 +0000
ROA not before:           Thu 02 Jan 2025 15:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212384
IP address blocks:        91.213.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b2:a4:4a:39:35:1f:74:64:6e:f2:86:5c:56:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
        Validity
            Not Before: Jan  2 15:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1a74281ead802e41e703ed61338e6eccb7899e58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9c:6d:4c:97:12:20:60:48:50:8b:c1:65:a1:
                    90:f3:94:23:75:51:56:47:7b:a2:e6:ef:86:a6:15:
                    7d:af:70:70:1b:78:9d:8a:4d:65:10:f6:24:16:51:
                    bd:b9:c6:2d:b4:18:6b:d6:ca:4e:ea:8f:d5:04:72:
                    91:67:53:b6:df:a5:c9:7c:7c:8a:80:9f:9c:52:1f:
                    30:a2:8d:ae:3f:2c:5a:81:84:d6:cb:6c:56:de:e1:
                    f1:d6:5d:9a:36:67:d0:1a:85:50:c1:6f:fc:f6:73:
                    33:ef:c9:25:f2:8d:54:be:a5:8f:0a:1a:82:17:44:
                    95:66:a2:3b:8f:2f:9f:89:a4:5d:0a:5e:ff:a4:27:
                    b9:2e:3e:9a:aa:32:58:33:52:63:27:fc:7d:e4:06:
                    63:75:a5:a7:a6:04:d4:2a:61:61:b1:d1:b8:95:37:
                    08:1b:d0:22:45:4d:e3:6f:88:04:30:3a:2b:dd:fe:
                    c4:c7:29:5c:71:56:0a:b3:cc:9c:42:aa:32:df:ad:
                    c1:03:b2:57:b6:5f:af:41:00:3e:a1:72:37:de:82:
                    9b:d8:6d:4a:07:63:41:41:c1:21:eb:eb:9f:90:7c:
                    dd:61:f1:ff:b0:fb:5d:cc:96:3c:c8:8d:42:14:ff:
                    95:69:3c:59:68:61:c9:4d:4d:0c:8b:c1:bd:a9:eb:
                    7f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:74:28:1E:AD:80:2E:41:E7:03:ED:61:33:8E:6E:CC:B7:89:9E:58
            X509v3 Authority Key Identifier:
                keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/GnQoHq2ALkHnA-1hM45uzLeJnlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:ba:a3:ad:cc:17:3b:56:46:81:06:a0:7c:12:e0:5e:1f:4d:
         2d:07:7e:ac:d8:e5:5a:15:fb:5a:17:1c:50:02:e6:0f:94:82:
         9f:95:df:a4:38:fe:10:ef:d5:de:cb:cc:fc:02:32:c4:8e:1f:
         c1:36:cf:46:72:90:8b:aa:38:f1:32:89:c9:47:c2:21:61:1f:
         c3:1f:ff:84:b9:a5:8c:22:43:ec:ce:1f:42:0f:e7:36:a7:c0:
         4a:df:70:7b:40:7b:8e:82:7e:90:0c:8e:0c:2c:61:a6:e4:25:
         35:71:65:5f:45:c0:31:0d:2c:49:a4:1f:17:fc:ed:03:b5:d4:
         74:a4:c9:a3:47:ab:6f:30:bb:be:77:20:70:a3:0a:a1:bf:e2:
         85:de:50:3a:73:1b:56:22:4b:39:a9:1a:1d:e2:ac:00:e1:7e:
         7d:f5:26:de:4e:34:a0:b9:df:a2:d5:ba:e2:60:69:7a:38:59:
         6e:0e:41:ae:8c:4b:0c:bf:25:16:6f:2a:7c:7a:31:c6:ab:49:
         7f:aa:8f:47:d4:4d:38:ce:e5:3b:89:5f:89:6e:ec:2a:42:8c:
         7f:df:02:03:35:9e:d6:ef:b4:96:20:85:12:40:1c:cf:08:c7:
         41:d5:48:eb:1f:89:35:73:ee:30:85:85:f3:14:49:30:27:ed:
         f6:33:89:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbKkSjk1H3RkbvKGXFa5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjUwMTAyMTU1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTc0MjgxZWFkODAyZTQxZTcwM2VkNjEzMzhlNmVjY2I3ODk5ZTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJxtTJcSIGBIUIvBZaGQ85QjdVFW
R3ui5u+GphV9r3BwG3idik1lEPYkFlG9ucYttBhr1spO6o/VBHKRZ1O236XJfHyK
gJ+cUh8woo2uPyxagYTWy2xW3uHx1l2aNmfQGoVQwW/89nMz78kl8o1UvqWPChqC
F0SVZqI7jy+fiaRdCl7/pCe5Lj6aqjJYM1JjJ/x95AZjdaWnpgTUKmFhsdG4lTcI
G9AiRU3jb4gEMDor3f7ExylccVYKs8ycQqoy363BA7JXtl+vQQA+oXI33oKb2G1K
B2NBQcEh6+ufkHzdYfH/sPtdzJY8yI1CFP+VaTxZaGHJTU0Mi8G9qet/ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBp0KB6tgC5B5wPtYTOObsy3iZ5YMB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvR25Rb0hxMkFMa0huQS0xaE00NXV6TGVKbmxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WtMA0G
CSqGSIb3DQEBCwUAA4IBAQAquqOtzBc7VkaBBqB8EuBeH00tB36s2OVaFftaFxxQ
AuYPlIKfld+kOP4Q79Xey8z8AjLEjh/BNs9GcpCLqjjxMonJR8IhYR/DH/+EuaWM
IkPszh9CD+c2p8BK33B7QHuOgn6QDI4MLGGm5CU1cWVfRcAxDSxJpB8X/O0DtdR0
pMmjR6tvMLu+dyBwowqhv+KF3lA6cxtWIks5qRod4qwA4X599SbeTjSgud+i1bri
YGl6OFluDkGujEsMvyUWbyp8ejHGq0l/qo9H1E04zuU7iV+JbuwqQox/3wIDNZ7W
77SWIIUSQBzPCMdB1UjrH4k1c+4whYXzFEkwJ+32M4nJ
-----END CERTIFICATE-----