Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/oQpelOwRJN7JV8ZaLoq_-9fhGcE.roa
File:                     oQpelOwRJN7JV8ZaLoq_-9fhGcE.roa (raw, json)
Hash identifier:          c8pPyPpbJk+uCh3q3ZVx3de5vuSxIMpcGctwmXOZYjA=
Subject key identifier:   A1:0A:5E:94:EC:11:24:DE:C9:57:C6:5A:2E:8A:BF:FB:D7:E1:19:C1
Certificate issuer:       /CN=9c67ea34a011a4773871583ec3954e791d8c028d
Certificate serial:       019006D4E73055074E93184605761A2CB01B
Authority key identifier: 9C:67:EA:34:A0:11:A4:77:38:71:58:3E:C3:95:4E:79:1D:8C:02:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nGfqNKARpHc4cVg-w5VOeR2MAo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/oQpelOwRJN7JV8ZaLoq_-9fhGcE.roa
Signing time:             Tue 11 Jun 2024 10:25:34 +0000
ROA not before:           Tue 11 Jun 2024 10:25:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205314
IP address blocks:        91.224.164.0/24 maxlen: 24
                          185.138.20.0/22 maxlen: 22
                          2a12:ddc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/nGfqNKARpHc4cVg-w5VOeR2MAo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/nGfqNKARpHc4cVg-w5VOeR2MAo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nGfqNKARpHc4cVg-w5VOeR2MAo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 16 Nov 2024 17:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:06:d4:e7:30:55:07:4e:93:18:46:05:76:1a:2c:b0:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c67ea34a011a4773871583ec3954e791d8c028d
        Validity
            Not Before: Jun 11 10:25:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a10a5e94ec1124dec957c65a2e8abffbd7e119c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:e6:77:45:54:7f:31:72:2e:37:48:07:65:4e:
                    1e:78:d2:ae:29:12:c7:d1:c8:3b:dd:70:72:8c:94:
                    f6:b7:66:de:d6:6e:64:35:2b:81:e7:95:59:4a:4d:
                    eb:4b:e1:4b:65:f8:42:29:b4:3d:30:6d:7e:1b:46:
                    c0:10:a0:d8:af:11:ae:d5:a1:68:50:87:04:03:da:
                    68:c9:e0:47:83:d1:33:21:7c:87:57:59:b4:95:c2:
                    e5:c6:02:8a:1f:bf:d8:1c:3e:e0:29:6d:8b:0e:44:
                    95:ae:d2:01:09:03:37:c8:bc:4e:1f:4c:61:6c:fa:
                    ec:4d:b2:dc:a1:5d:fe:07:88:b9:80:8e:24:7c:54:
                    56:0a:03:43:93:b7:20:16:c4:ca:8d:77:37:47:d7:
                    ae:3e:20:f6:c3:8f:eb:e5:22:5e:53:10:89:73:bc:
                    90:52:40:f3:5a:6f:07:cb:73:eb:27:b6:e2:ec:92:
                    82:83:be:b3:54:c4:c2:86:ba:91:79:23:8d:3b:8c:
                    4d:cc:5d:c2:e2:e2:f4:a9:51:50:07:f7:94:c1:25:
                    eb:43:a5:1a:78:e2:dc:8f:85:ad:5b:e5:f5:0f:27:
                    3e:7c:a7:f5:22:56:7b:88:0f:f2:b9:4d:0c:66:c7:
                    c6:35:7e:2e:23:8b:de:ee:6d:be:e8:63:19:3c:14:
                    da:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:0A:5E:94:EC:11:24:DE:C9:57:C6:5A:2E:8A:BF:FB:D7:E1:19:C1
            X509v3 Authority Key Identifier:
                keyid:9C:67:EA:34:A0:11:A4:77:38:71:58:3E:C3:95:4E:79:1D:8C:02:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nGfqNKARpHc4cVg-w5VOeR2MAo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/oQpelOwRJN7JV8ZaLoq_-9fhGcE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/8669d3-76cd-4cb0-8278-82c67c69e923/1/nGfqNKARpHc4cVg-w5VOeR2MAo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.164.0/24
                  185.138.20.0/22
                IPv6:
                  2a12:ddc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         05:1e:15:11:c0:c2:fb:cd:d2:49:2f:96:25:f8:e7:bf:b7:1c:
         57:f4:8e:70:c0:16:31:e5:d0:cd:cb:a8:66:a2:4e:0d:0c:d1:
         6f:89:fb:7f:ab:9c:41:a1:04:46:e7:75:3f:23:76:e9:52:3a:
         74:fc:0e:56:8e:8c:7e:c7:d5:4d:62:ff:d2:f7:33:05:ce:df:
         c4:56:be:69:ff:ec:b1:32:29:27:c4:2e:ca:74:e9:74:75:63:
         72:cc:98:e6:b1:6f:92:63:ce:5d:f3:e7:7b:20:52:f2:90:b3:
         44:a3:27:6d:b2:a0:ce:d4:35:86:91:36:61:00:f2:80:4f:80:
         a5:a1:3e:39:44:51:2f:31:1b:c8:f0:c8:28:38:ef:55:f0:63:
         c3:01:e3:d1:e8:da:19:21:96:ff:a3:71:fa:f8:34:f3:96:da:
         3e:09:0a:e4:81:44:6f:12:4c:c9:68:c5:a0:a6:c5:ab:51:ee:
         72:b7:18:74:8f:50:af:7e:b2:e1:37:17:5a:7b:80:a7:d5:5e:
         65:57:e5:bb:87:77:ec:99:55:fb:09:c0:2e:a3:56:9c:f8:6d:
         f9:46:f2:f1:95:cc:a6:3f:92:6d:84:78:a6:4b:57:0b:9b:87:
         21:35:5f:3d:8b:40:b6:bb:00:66:82:e8:38:21:90:46:9b:68:
         57:16:a5:d3
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZAG1OcwVQdOkxhGBXYaLLAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNjdlYTM0YTAxMWE0NzczODcxNTgzZWMzOTU0ZTc5MWQ4
YzAyOGQwHhcNMjQwNjExMTAyNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTBhNWU5NGVjMTEyNGRlYzk1N2M2NWEyZThhYmZmYmQ3ZTExOWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiOZ3RVR/MXIuN0gHZU4eeNKuKRLH
0cg73XByjJT2t2be1m5kNSuB55VZSk3rS+FLZfhCKbQ9MG1+G0bAEKDYrxGu1aFo
UIcEA9poyeBHg9EzIXyHV1m0lcLlxgKKH7/YHD7gKW2LDkSVrtIBCQM3yLxOH0xh
bPrsTbLcoV3+B4i5gI4kfFRWCgNDk7cgFsTKjXc3R9euPiD2w4/r5SJeUxCJc7yQ
UkDzWm8Hy3PrJ7bi7JKCg76zVMTChrqReSONO4xNzF3C4uL0qVFQB/eUwSXrQ6Ua
eOLcj4WtW+X1Dyc+fKf1IlZ7iA/yuU0MZsfGNX4uI4ve7m2+6GMZPBTaSwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKEKXpTsESTeyVfGWi6Kv/vX4RnBMB8GA1UdIwQY
MBaAFJxn6jSgEaR3OHFYPsOVTnkdjAKNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkdmcU5LQVJwSGM0Y1ZnLXc1Vk9lUjJNQW8wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS84NjY5ZDMtNzZjZC00Y2IwLTgyNzgt
ODJjNjdjNjllOTIzLzEvb1FwZWxPd1JKTjdKVjhaYUxvcV8tOWZoR2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS84NjY5ZDMtNzZjZC00Y2IwLTgyNzgtODJjNjdjNjllOTIz
LzEvbkdmcU5LQVJwSGM0Y1ZnLXc1Vk9lUjJNQW8wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+CkAwQC
uYoUMA0EAgACMAcDBQMqEt3AMA0GCSqGSIb3DQEBCwUAA4IBAQAFHhURwML7zdJJ
L5Yl+Oe/txxX9I5wwBYx5dDNy6hmok4NDNFvift/q5xBoQRG53U/I3bpUjp0/A5W
jox+x9VNYv/S9zMFzt/EVr5p/+yxMiknxC7KdOl0dWNyzJjmsW+SY85d8+d7IFLy
kLNEoydtsqDO1DWGkTZhAPKAT4CloT45RFEvMRvI8MgoOO9V8GPDAePR6NoZIZb/
o3H6+DTzlto+CQrkgURvEkzJaMWgpsWrUe5ytxh0j1CvfrLhNxdae4Cn1V5lV+W7
h3fsmVX7CcAuo1ac+G35RvLxlcymP5JthHimS1cLm4chNV89i0C2uwBmgug4IZBG
m2hXFqXT
-----END CERTIFICATE-----