Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/nh2jj_LSbHbo6dOlRaW604QLuxE.roa
File:                     nh2jj_LSbHbo6dOlRaW604QLuxE.roa (raw, json)
Hash identifier:          ajpkQ8o6WuSUyO59iQdi5/jQGtK2O9XCwMuhD9aQ4wY=
Subject key identifier:   9E:1D:A3:8F:F2:D2:6C:76:E8:E9:D3:A5:45:A5:BA:D3:84:0B:BB:11
Certificate issuer:       /CN=6611a57d2a03b7065fa8c17b313735bdcda390e9
Certificate serial:       0194258F0C4A0BAD83832D558B1D32731873
Authority key identifier: 66:11:A5:7D:2A:03:B7:06:5F:A8:C1:7B:31:37:35:BD:CD:A3:90:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/nh2jj_LSbHbo6dOlRaW604QLuxE.roa
Signing time:             Thu 02 Jan 2025 05:48:39 +0000
ROA not before:           Thu 02 Jan 2025 05:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31027
IP address blocks:        91.238.206.0/24 maxlen: 24
                          2001:67c:2a78::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:0c:4a:0b:ad:83:83:2d:55:8b:1d:32:73:18:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6611a57d2a03b7065fa8c17b313735bdcda390e9
        Validity
            Not Before: Jan  2 05:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e1da38ff2d26c76e8e9d3a545a5bad3840bbb11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a1:01:7f:42:e0:d2:bc:2c:bd:e1:0f:a3:d8:
                    b6:fa:ec:01:9d:7a:67:82:67:97:84:2e:d2:c1:bb:
                    0a:c1:ae:37:b2:be:87:5b:68:95:a0:3a:ff:85:d8:
                    6f:bf:31:88:e6:86:47:b0:98:24:7a:e1:dd:b5:7c:
                    63:8b:10:b4:8a:d1:9e:9c:53:c8:2f:36:b7:ab:99:
                    b7:0e:d7:0b:e2:90:9d:30:42:dc:6c:72:65:50:f6:
                    1e:10:7b:c3:7f:c3:60:2c:28:7c:c1:6c:d7:32:7b:
                    db:8a:ea:26:5e:de:00:f8:7c:f4:52:5f:d5:11:80:
                    83:d8:7d:24:22:8b:1f:47:53:28:74:27:0b:10:95:
                    8b:5d:68:14:e6:aa:00:d9:2c:db:8c:bd:71:95:04:
                    af:48:e6:f6:64:61:4a:ba:fd:54:83:3d:47:1d:5d:
                    03:b7:2e:99:51:92:08:d5:c3:6f:46:64:09:56:ed:
                    19:cd:2a:26:35:33:56:49:8b:5a:4f:e3:61:53:81:
                    62:07:6b:87:9f:f3:17:1d:bd:43:38:e8:aa:f3:45:
                    f1:59:4e:f3:44:c3:17:05:2e:b3:c5:92:42:00:4e:
                    0c:1d:bd:db:65:84:6a:e4:96:d2:c9:73:c0:ef:51:
                    d5:c6:b2:e6:91:ed:87:e1:87:de:cd:31:f7:45:95:
                    d4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:1D:A3:8F:F2:D2:6C:76:E8:E9:D3:A5:45:A5:BA:D3:84:0B:BB:11
            X509v3 Authority Key Identifier:
                keyid:66:11:A5:7D:2A:03:B7:06:5F:A8:C1:7B:31:37:35:BD:CD:A3:90:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/nh2jj_LSbHbo6dOlRaW604QLuxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/edb208-6fed-44e4-b1ab-df0ca4d41955/1/ZhGlfSoDtwZfqMF7MTc1vc2jkOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.206.0/24
                IPv6:
                  2001:67c:2a78::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:b3:f1:f5:77:d9:30:28:25:a2:82:0c:4c:3c:9f:9f:d0:ac:
         07:9a:f3:08:d7:ae:bf:d9:3e:9e:10:2f:ec:cf:50:b8:c9:86:
         a0:9f:b9:17:39:4a:a2:12:0b:38:17:61:52:5f:4a:d1:11:c3:
         e9:8e:c6:e2:06:0e:c5:49:aa:74:70:e3:ae:1b:34:73:b1:57:
         8d:4f:22:8b:5a:7b:45:ea:d2:07:00:8d:08:a6:6f:8f:2d:b5:
         83:fa:68:8e:75:fa:2d:0f:7c:5a:f6:92:21:5d:e4:ef:3b:a3:
         13:9c:35:b1:37:6a:22:51:e9:95:79:2c:62:3c:65:78:a9:52:
         a4:40:cb:cc:c9:aa:c0:93:6c:22:69:47:fd:75:df:92:2e:43:
         b5:66:a4:9f:cd:5b:5a:13:1a:33:ec:eb:8f:3a:f1:d2:5b:f0:
         2e:1b:70:4d:92:2e:cd:9e:44:82:eb:85:9d:01:8e:54:48:84:
         62:86:cd:45:c7:a7:26:69:8f:88:1a:88:cb:48:86:2f:57:7d:
         b5:46:f2:51:45:b0:9d:c9:44:94:aa:14:7b:bb:92:3e:0e:95:
         ae:2b:60:f4:71:e9:b2:d6:4d:19:66:d1:1c:84:47:9b:43:30:
         ca:db:40:13:f4:9a:96:d0:1b:6b:cd:85:59:0d:05:d4:27:d2:
         94:f7:17:9b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQljwxKC62Dgy1Vix0ycxhzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2MTFhNTdkMmEwM2I3MDY1ZmE4YzE3YjMxMzczNWJkY2Rh
MzkwZTkwHhcNMjUwMTAyMDU0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTFkYTM4ZmYyZDI2Yzc2ZThlOWQzYTU0NWE1YmFkMzg0MGJiYjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqEBf0Lg0rwsveEPo9i2+uwBnXpn
gmeXhC7SwbsKwa43sr6HW2iVoDr/hdhvvzGI5oZHsJgkeuHdtXxjixC0itGenFPI
Lza3q5m3DtcL4pCdMELcbHJlUPYeEHvDf8NgLCh8wWzXMnvbiuomXt4A+Hz0Ul/V
EYCD2H0kIosfR1ModCcLEJWLXWgU5qoA2SzbjL1xlQSvSOb2ZGFKuv1Ugz1HHV0D
ty6ZUZII1cNvRmQJVu0ZzSomNTNWSYtaT+NhU4FiB2uHn/MXHb1DOOiq80XxWU7z
RMMXBS6zxZJCAE4MHb3bZYRq5JbSyXPA71HVxrLmke2H4YfezTH3RZXUiwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJ4do4/y0mx26OnTpUWlutOEC7sRMB8GA1UdIwQY
MBaAFGYRpX0qA7cGX6jBezE3Nb3No5DpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmhHbGZTb0R0d1pmcU1GN01UYzF2YzJqa09rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS9lZGIyMDgtNmZlZC00NGU0LWIxYWIt
ZGYwY2E0ZDQxOTU1LzEvbmgyampfTFNiSGJvNmRPbFJhVzYwNFFMdXhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS9lZGIyMDgtNmZlZC00NGU0LWIxYWItZGYwY2E0ZDQxOTU1
LzEvWmhHbGZTb0R0d1pmcU1GN01UYzF2YzJqa09rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+7OMA8E
AgACMAkDBwAgAQZ8KngwDQYJKoZIhvcNAQELBQADggEBAEKz8fV32TAoJaKCDEw8
n5/QrAea8wjXrr/ZPp4QL+zPULjJhqCfuRc5SqISCzgXYVJfStERw+mOxuIGDsVJ
qnRw464bNHOxV41PIotae0Xq0gcAjQimb48ttYP6aI51+i0PfFr2kiFd5O87oxOc
NbE3aiJR6ZV5LGI8ZXipUqRAy8zJqsCTbCJpR/1135IuQ7VmpJ/NW1oTGjPs6486
8dJb8C4bcE2SLs2eRILrhZ0BjlRIhGKGzUXHpyZpj4gaiMtIhi9XfbVG8lFFsJ3J
RJSqFHu7kj4Ola4rYPRx6bLWTRlm0RyER5tDMMrbQBP0mpbQG2vNhVkNBdQn0pT3
F5s=
-----END CERTIFICATE-----