Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/e4f2db-6f46-4761-adfe-7327df6bdd10/1/CHQq2YDxipt537b311Ui3tG3zOU.roa
File:                     CHQq2YDxipt537b311Ui3tG3zOU.roa (raw, json)
Hash identifier:          Q8vdLMat40/Z7pZgYQmg+RQTQD9awPvQh60JlwKVzLU=
Subject key identifier:   08:74:2A:D9:80:F1:8A:9B:79:DF:B6:F7:D7:55:22:DE:D1:B7:CC:E5
Certificate issuer:       /CN=6e3ee2b8400208a7eea45060f4b7a83c43e8de7c
Certificate serial:       019422FBEAB70A5DCB3D3F059AF74687B484
Authority key identifier: 6E:3E:E2:B8:40:02:08:A7:EE:A4:50:60:F4:B7:A8:3C:43:E8:DE:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bj7iuEACCKfupFBg9LeoPEPo3nw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/e4f2db-6f46-4761-adfe-7327df6bdd10/1/CHQq2YDxipt537b311Ui3tG3zOU.roa
Signing time:             Wed 01 Jan 2025 17:48:42 +0000
ROA not before:           Wed 01 Jan 2025 17:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205234
IP address blocks:        91.201.32.0/24 maxlen: 24
                          91.201.33.0/24 maxlen: 24
                          91.201.34.0/24 maxlen: 24
                          91.201.35.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/e4f2db-6f46-4761-adfe-7327df6bdd10/1/bj7iuEACCKfupFBg9LeoPEPo3nw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/e4f2db-6f46-4761-adfe-7327df6bdd10/1/bj7iuEACCKfupFBg9LeoPEPo3nw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bj7iuEACCKfupFBg9LeoPEPo3nw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ea:b7:0a:5d:cb:3d:3f:05:9a:f7:46:87:b4:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e3ee2b8400208a7eea45060f4b7a83c43e8de7c
        Validity
            Not Before: Jan  1 17:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08742ad980f18a9b79dfb6f7d75522ded1b7cce5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:d1:b8:6b:3d:73:93:38:f0:8c:d3:9c:af:8c:
                    5b:79:2f:73:38:ae:e0:e6:cb:d9:81:3c:ec:76:c5:
                    bb:54:c1:ea:d0:d4:11:30:73:c3:b3:9a:c3:3e:36:
                    fd:03:e7:79:f4:6b:af:62:cc:7b:12:f8:68:ad:e7:
                    1a:a7:97:42:1e:cc:49:43:05:57:93:d6:92:42:34:
                    53:72:fe:17:26:2f:31:6d:06:b2:49:bc:b6:cd:1a:
                    66:99:d2:8f:d1:d1:0d:73:a8:29:65:67:0f:65:b3:
                    ae:a2:56:68:a2:3d:21:64:a1:55:17:42:c7:20:5a:
                    21:b3:7d:86:fe:0d:0a:48:d8:f9:96:5e:75:5f:0f:
                    31:6f:48:8f:18:0b:03:0d:fc:00:e3:e1:52:4b:23:
                    ad:30:b4:3a:99:6a:62:54:7a:b1:1b:74:cd:5e:1a:
                    23:49:cb:eb:2a:fb:2f:8e:5c:f6:51:6d:63:f4:16:
                    1b:b7:a2:c3:1f:eb:20:b6:35:ab:fd:c2:ae:70:49:
                    e6:d6:18:08:43:d6:4d:e7:47:b3:6c:30:4d:4d:34:
                    19:6e:a1:ce:b9:49:13:14:f6:95:80:78:17:3c:79:
                    1c:93:45:23:4d:ea:c2:b9:0c:06:96:3d:8d:8c:43:
                    8a:84:54:0a:7a:b1:0e:2d:26:78:8c:15:7a:97:6e:
                    08:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:74:2A:D9:80:F1:8A:9B:79:DF:B6:F7:D7:55:22:DE:D1:B7:CC:E5
            X509v3 Authority Key Identifier:
                keyid:6E:3E:E2:B8:40:02:08:A7:EE:A4:50:60:F4:B7:A8:3C:43:E8:DE:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bj7iuEACCKfupFBg9LeoPEPo3nw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/e4f2db-6f46-4761-adfe-7327df6bdd10/1/CHQq2YDxipt537b311Ui3tG3zOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/e4f2db-6f46-4761-adfe-7327df6bdd10/1/bj7iuEACCKfupFBg9LeoPEPo3nw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:4e:bb:83:9f:31:e8:ed:da:bb:d9:75:42:f0:23:01:06:9a:
         63:c5:3c:6b:e0:6a:8a:25:7c:7b:30:d7:bd:c6:a6:9b:b4:b0:
         35:69:6c:04:31:86:63:8d:bf:3c:b2:ae:b6:8c:8e:f0:ce:82:
         45:a8:18:99:d0:47:e2:50:27:32:dc:33:c0:32:79:bf:3b:87:
         58:f7:00:5e:81:4a:50:cd:87:27:d4:fa:3d:9f:75:e9:59:32:
         66:9e:de:fd:62:77:01:a3:00:5c:80:a4:65:40:27:a3:96:b0:
         16:b3:bc:0f:56:4e:42:8d:f7:01:eb:86:b1:0b:a2:45:48:bd:
         d8:87:17:cd:38:08:ba:5e:9d:b5:e3:72:2b:e7:f1:0f:77:42:
         98:38:3e:b4:4d:bb:c0:5d:eb:ca:41:f8:72:9f:f7:f4:da:55:
         9d:8f:64:c5:60:34:35:8a:68:0f:b2:5f:63:07:e0:5f:aa:b4:
         ac:b2:3d:16:5e:10:42:e3:56:e9:bd:24:d3:f3:ec:ca:e2:b5:
         a9:5e:0a:9f:fb:5b:37:a6:94:e7:d5:e3:54:1c:4f:3c:c3:fc:
         09:38:d8:c6:5b:66:eb:76:6f:06:3e:99:90:07:a5:8d:c6:8c:
         48:33:26:74:a1:b4:91:37:cb:14:99:74:7b:bf:ab:0d:f7:12:
         c1:d6:9b:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi++q3Cl3LPT8FmvdGh7SEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlM2VlMmI4NDAwMjA4YTdlZWE0NTA2MGY0YjdhODNjNDNl
OGRlN2MwHhcNMjUwMTAxMTc0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODc0MmFkOTgwZjE4YTliNzlkZmI2ZjdkNzU1MjJkZWQxYjdjY2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNG4az1zkzjwjNOcr4xbeS9zOK7g
5svZgTzsdsW7VMHq0NQRMHPDs5rDPjb9A+d59GuvYsx7Evhorecap5dCHsxJQwVX
k9aSQjRTcv4XJi8xbQaySby2zRpmmdKP0dENc6gpZWcPZbOuolZooj0hZKFVF0LH
IFohs32G/g0KSNj5ll51Xw8xb0iPGAsDDfwA4+FSSyOtMLQ6mWpiVHqxG3TNXhoj
ScvrKvsvjlz2UW1j9BYbt6LDH+sgtjWr/cKucEnm1hgIQ9ZN50ezbDBNTTQZbqHO
uUkTFPaVgHgXPHkck0UjTerCuQwGlj2NjEOKhFQKerEOLSZ4jBV6l24IzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAh0KtmA8Yqbed+299dVIt7Rt8zlMB8GA1UdIwQY
MBaAFG4+4rhAAgin7qRQYPS3qDxD6N58MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmo3aXVFQUNDS2Z1cEZCZzlMZW9QRVBvM253LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9lNGYyZGItNmY0Ni00NzYxLWFkZmUt
NzMyN2RmNmJkZDEwLzEvQ0hRcTJZRHhpcHQ1MzdiMzExVWkzdEczek9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9lNGYyZGItNmY0Ni00NzYxLWFkZmUtNzMyN2RmNmJkZDEw
LzEvYmo3aXVFQUNDS2Z1cEZCZzlMZW9QRVBvM253LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8kgMA0G
CSqGSIb3DQEBCwUAA4IBAQBFTruDnzHo7dq72XVC8CMBBppjxTxr4GqKJXx7MNe9
xqabtLA1aWwEMYZjjb88sq62jI7wzoJFqBiZ0EfiUCcy3DPAMnm/O4dY9wBegUpQ
zYcn1Po9n3XpWTJmnt79YncBowBcgKRlQCejlrAWs7wPVk5CjfcB64axC6JFSL3Y
hxfNOAi6Xp2143Ir5/EPd0KYOD60TbvAXevKQfhyn/f02lWdj2TFYDQ1imgPsl9j
B+BfqrSssj0WXhBC41bpvSTT8+zK4rWpXgqf+1s3ppTn1eNUHE88w/wJONjGW2br
dm8GPpmQB6WNxoxIMyZ0obSRN8sUmXR7v6sN9xLB1puj
-----END CERTIFICATE-----