Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/14e4c2-8a98-456e-9612-9429da87bd50/1/aRphps94ueev9_cb0Fbr1t6EWos.roa
File:                     aRphps94ueev9_cb0Fbr1t6EWos.roa (raw, json)
Hash identifier:          qY/6yr4D72wfd0je0UgbA5pXBnLSwy4IbEDXkYKHi6c=
Subject key identifier:   69:1A:61:A6:CF:78:B9:E7:AF:F7:F7:1B:D0:56:EB:D6:DE:84:5A:8B
Certificate issuer:       /CN=74ae941a681c1586379e07247dcc19f3f41035d8
Certificate serial:       019424B3710108813B62D80E7DD0B08FF7E9
Authority key identifier: 74:AE:94:1A:68:1C:15:86:37:9E:07:24:7D:CC:19:F3:F4:10:35:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dK6UGmgcFYY3ngckfcwZ8_QQNdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/14e4c2-8a98-456e-9612-9429da87bd50/1/aRphps94ueev9_cb0Fbr1t6EWos.roa
Signing time:             Thu 02 Jan 2025 01:48:47 +0000
ROA not before:           Thu 02 Jan 2025 01:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49552
IP address blocks:        91.213.36.0/24 maxlen: 24
                          2001:67c:24::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/14e4c2-8a98-456e-9612-9429da87bd50/1/dK6UGmgcFYY3ngckfcwZ8_QQNdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/14e4c2-8a98-456e-9612-9429da87bd50/1/dK6UGmgcFYY3ngckfcwZ8_QQNdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dK6UGmgcFYY3ngckfcwZ8_QQNdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 10:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:71:01:08:81:3b:62:d8:0e:7d:d0:b0:8f:f7:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74ae941a681c1586379e07247dcc19f3f41035d8
        Validity
            Not Before: Jan  2 01:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=691a61a6cf78b9e7aff7f71bd056ebd6de845a8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5e:a3:3b:8a:80:f1:66:98:74:68:b9:7b:d5:
                    07:85:99:09:8e:fc:ac:bf:ff:35:7c:dd:70:bb:ab:
                    e9:27:be:cb:59:84:38:64:b7:3c:c4:6b:f9:89:e9:
                    72:da:20:64:75:97:d0:42:25:0a:e5:d5:c2:81:98:
                    3d:39:37:cc:20:4a:44:f7:aa:c5:c9:ee:2c:1b:85:
                    cd:ed:28:ae:0d:4e:1d:e2:b2:e6:be:9c:0b:5d:1e:
                    b8:3b:c9:fd:5f:55:65:74:bf:7d:29:95:b5:ed:0b:
                    91:33:f3:c6:c0:d7:e3:c4:e6:e2:75:bd:64:46:b4:
                    2b:52:3f:6a:ad:99:49:0a:19:e2:94:d3:58:9a:f7:
                    31:25:bd:aa:99:22:c5:63:36:d5:93:3f:1c:b4:35:
                    f4:ad:fd:70:9e:a7:4a:14:a5:0e:82:29:ad:a8:c1:
                    85:04:18:88:d8:90:56:aa:5b:65:c5:4d:ec:7a:92:
                    3c:6a:d0:95:be:ad:1a:d0:bf:dd:15:8f:d2:ee:4b:
                    4e:f8:c0:0a:8e:04:1c:9d:1c:78:09:ae:19:18:a1:
                    9a:77:10:66:79:85:1f:f2:94:7f:90:e9:2b:29:6c:
                    e9:7d:da:f1:c6:7d:ba:03:64:96:88:1d:78:eb:7b:
                    e1:8d:54:69:89:a0:06:be:58:5d:56:c5:ab:cf:c6:
                    a7:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:1A:61:A6:CF:78:B9:E7:AF:F7:F7:1B:D0:56:EB:D6:DE:84:5A:8B
            X509v3 Authority Key Identifier:
                keyid:74:AE:94:1A:68:1C:15:86:37:9E:07:24:7D:CC:19:F3:F4:10:35:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dK6UGmgcFYY3ngckfcwZ8_QQNdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/14e4c2-8a98-456e-9612-9429da87bd50/1/aRphps94ueev9_cb0Fbr1t6EWos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/14e4c2-8a98-456e-9612-9429da87bd50/1/dK6UGmgcFYY3ngckfcwZ8_QQNdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.36.0/24
                IPv6:
                  2001:67c:24::/48

    Signature Algorithm: sha256WithRSAEncryption
         63:66:e3:54:48:ee:01:d4:3c:ac:76:9b:c4:45:b1:d0:b4:d4:
         20:ac:df:25:f8:e6:87:9b:e3:9c:9f:43:6f:99:d1:42:e3:e4:
         1b:fd:a9:cb:f8:2b:03:dc:e3:c1:2c:45:e8:8b:1d:5b:44:ab:
         1c:75:5b:52:e3:cc:58:93:cd:62:c4:63:46:bb:7f:56:09:ec:
         44:d9:af:e7:96:c7:b2:82:fa:d1:6f:4f:a4:ec:51:70:41:29:
         cd:9e:aa:f2:fe:f6:ad:2d:89:50:de:70:35:a6:ce:5c:20:24:
         8b:d0:6b:2c:03:f3:13:2c:50:54:c9:34:e2:ac:36:83:47:4b:
         f6:1f:e7:76:d2:81:da:dd:ad:bb:71:16:f4:59:34:a1:e4:e5:
         c2:96:fa:1e:53:96:04:03:c4:68:b7:67:09:35:8e:51:a6:e3:
         4f:7b:02:66:ea:6e:62:8a:ba:d7:5f:38:a4:e2:bd:d8:29:69:
         1f:6a:40:b3:aa:7b:4f:8e:f1:1f:3d:b6:16:85:70:7a:f2:17:
         b4:db:28:b1:4d:72:b1:fd:a2:fd:27:08:61:fe:08:78:60:be:
         6a:f6:ed:78:fd:84:c3:12:b8:74:9f:ab:d6:9e:99:92:cf:74:
         d4:2e:9a:4e:9f:ba:01:48:cd:34:ec:93:7e:b4:94:68:d9:40:
         bc:e3:5f:05
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQks3EBCIE7YtgOfdCwj/fpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YWU5NDFhNjgxYzE1ODYzNzllMDcyNDdkY2MxOWYzZjQx
MDM1ZDgwHhcNMjUwMTAyMDE0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTFhNjFhNmNmNzhiOWU3YWZmN2Y3MWJkMDU2ZWJkNmRlODQ1YThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqF6jO4qA8WaYdGi5e9UHhZkJjvys
v/81fN1wu6vpJ77LWYQ4ZLc8xGv5iely2iBkdZfQQiUK5dXCgZg9OTfMIEpE96rF
ye4sG4XN7SiuDU4d4rLmvpwLXR64O8n9X1VldL99KZW17QuRM/PGwNfjxObidb1k
RrQrUj9qrZlJChnilNNYmvcxJb2qmSLFYzbVkz8ctDX0rf1wnqdKFKUOgimtqMGF
BBiI2JBWqltlxU3sepI8atCVvq0a0L/dFY/S7ktO+MAKjgQcnRx4Ca4ZGKGadxBm
eYUf8pR/kOkrKWzpfdrxxn26A2SWiB1463vhjVRpiaAGvlhdVsWrz8anPQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGkaYabPeLnnr/f3G9BW69behFqLMB8GA1UdIwQY
MBaAFHSulBpoHBWGN54HJH3MGfP0EDXYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEs2VUdtZ2NGWVkzbmdja2Zjd1o4X1FRTmRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi8xNGU0YzItOGE5OC00NTZlLTk2MTIt
OTQyOWRhODdiZDUwLzEvYVJwaHBzOTR1ZWV2OV9jYjBGYnIxdDZFV29zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi8xNGU0YzItOGE5OC00NTZlLTk2MTItOTQyOWRhODdiZDUw
LzEvZEs2VUdtZ2NGWVkzbmdja2Zjd1o4X1FRTmRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9UkMA8E
AgACMAkDBwAgAQZ8ACQwDQYJKoZIhvcNAQELBQADggEBAGNm41RI7gHUPKx2m8RF
sdC01CCs3yX45oeb45yfQ2+Z0ULj5Bv9qcv4KwPc48EsReiLHVtEqxx1W1LjzFiT
zWLEY0a7f1YJ7ETZr+eWx7KC+tFvT6TsUXBBKc2eqvL+9q0tiVDecDWmzlwgJIvQ
aywD8xMsUFTJNOKsNoNHS/Yf53bSgdrdrbtxFvRZNKHk5cKW+h5TlgQDxGi3Zwk1
jlGm4097AmbqbmKKutdfOKTivdgpaR9qQLOqe0+O8R89thaFcHryF7TbKLFNcrH9
ov0nCGH+CHhgvmr27Xj9hMMSuHSfq9aemZLPdNQumk6fugFIzTTsk360lGjZQLzj
XwU=
-----END CERTIFICATE-----