Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/GeqUCcFpQ21Ke1I_WIJvk2jePiQ.roa
File:                     GeqUCcFpQ21Ke1I_WIJvk2jePiQ.roa (raw, json)
Hash identifier:          26yR+VCk/Hf4BfoJU9xGk7UFdbLVpFDxyv4u/gu5wGA=
Subject key identifier:   19:EA:94:09:C1:69:43:6D:4A:7B:52:3F:58:82:6F:93:68:DE:3E:24
Certificate issuer:       /CN=ce7180c4bad3cf425a50672e1cb7a9d2ac78e20c
Certificate serial:       019423D751EC797B27729A0D1CB065F1E1FA
Authority key identifier: CE:71:80:C4:BA:D3:CF:42:5A:50:67:2E:1C:B7:A9:D2:AC:78:E2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/znGAxLrTz0JaUGcuHLep0qx44gw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/GeqUCcFpQ21Ke1I_WIJvk2jePiQ.roa
Signing time:             Wed 01 Jan 2025 21:48:21 +0000
ROA not before:           Wed 01 Jan 2025 21:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34177
IP address blocks:        91.234.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/znGAxLrTz0JaUGcuHLep0qx44gw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/znGAxLrTz0JaUGcuHLep0qx44gw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/znGAxLrTz0JaUGcuHLep0qx44gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:51:ec:79:7b:27:72:9a:0d:1c:b0:65:f1:e1:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ce7180c4bad3cf425a50672e1cb7a9d2ac78e20c
        Validity
            Not Before: Jan  1 21:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19ea9409c169436d4a7b523f58826f9368de3e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:af:0e:76:bf:56:2d:96:ef:dd:11:ad:fb:db:
                    d0:87:d8:e7:8d:01:28:1b:1a:c0:5d:02:e3:f7:36:
                    54:ec:1f:4c:0b:0f:d2:fa:f0:76:e7:7c:5a:af:33:
                    d2:11:88:7f:1b:96:2d:f3:05:29:80:b4:35:f3:28:
                    79:c9:50:97:74:71:bd:34:06:08:ac:10:55:f9:5b:
                    8d:ea:58:85:b4:df:d0:7a:45:62:81:99:e9:bb:ab:
                    c5:26:7e:b2:1c:4f:7d:4f:ed:65:61:8a:98:06:21:
                    2f:9a:7e:86:38:bc:9c:43:dd:b6:51:d2:f1:24:02:
                    18:87:8b:86:15:49:29:10:ef:56:7b:71:11:7d:2e:
                    50:ea:7a:d1:d8:37:dd:61:5c:b4:31:10:35:bc:f0:
                    d4:fb:c7:4d:d4:c8:59:ac:78:47:89:ac:f8:8d:97:
                    e6:be:83:0a:8a:4a:ff:d2:3c:e0:50:d6:85:6e:c7:
                    08:7b:c1:05:cc:79:0c:f0:a6:42:8e:b1:f9:19:92:
                    08:85:9d:b6:8b:66:c0:d4:00:6a:5e:f7:b0:40:20:
                    d4:73:78:d4:76:df:d4:df:3a:12:18:07:8b:ff:b7:
                    66:df:b0:08:65:70:d0:3c:5c:2b:a3:14:be:85:f3:
                    37:12:c6:41:3d:99:45:d5:08:a3:fc:28:d4:05:66:
                    a1:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:EA:94:09:C1:69:43:6D:4A:7B:52:3F:58:82:6F:93:68:DE:3E:24
            X509v3 Authority Key Identifier:
                keyid:CE:71:80:C4:BA:D3:CF:42:5A:50:67:2E:1C:B7:A9:D2:AC:78:E2:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/znGAxLrTz0JaUGcuHLep0qx44gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/GeqUCcFpQ21Ke1I_WIJvk2jePiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/d7d5cd-79a9-4c82-8fc4-046d2e2adcd5/1/znGAxLrTz0JaUGcuHLep0qx44gw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:3a:de:98:99:e8:de:b3:87:1e:07:f7:ce:ad:b1:7f:21:20:
         18:23:78:4a:48:eb:87:27:bd:19:3a:e6:8e:e5:5f:5c:e8:d1:
         99:d0:6c:4f:55:9b:03:a9:6b:19:5c:58:55:cf:3d:9a:36:ba:
         a4:9d:2f:6e:19:4b:4f:5f:62:ba:99:0a:32:40:67:a9:16:f4:
         34:da:7b:a6:5f:c2:ec:f9:57:42:6d:83:ba:49:e6:2c:33:46:
         0d:41:e9:15:61:fb:31:47:86:fd:e6:d9:70:1f:37:7e:70:53:
         d7:e6:e3:d6:85:03:77:df:09:6c:e5:5b:86:66:cc:bd:26:f8:
         0f:a6:e9:e9:b9:0b:1d:02:1e:65:84:c8:0f:cf:d5:be:d8:e4:
         ce:f2:0f:be:b9:af:81:eb:fc:36:47:a7:f5:32:1a:26:15:90:
         fb:f5:ce:64:45:37:9f:d4:20:17:af:95:b2:2c:57:59:61:ed:
         29:df:4f:0b:aa:61:a4:08:22:0d:26:0b:bd:3a:20:c2:fd:29:
         f6:51:1d:ab:38:96:8d:6d:ff:5b:07:e4:e5:07:c3:2c:e2:b7:
         78:8e:d3:4f:f3:b9:74:1f:39:4c:e3:33:6a:ec:e4:ed:f7:d2:
         86:73:9f:fe:f3:11:b9:11:d0:a8:76:2d:f8:1f:eb:96:09:46:
         da:c2:fb:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj11HseXsncpoNHLBl8eH6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlNzE4MGM0YmFkM2NmNDI1YTUwNjcyZTFjYjdhOWQyYWM3
OGUyMGMwHhcNMjUwMTAxMjE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWVhOTQwOWMxNjk0MzZkNGE3YjUyM2Y1ODgyNmY5MzY4ZGUzZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy68Odr9WLZbv3RGt+9vQh9jnjQEo
GxrAXQLj9zZU7B9MCw/S+vB253xarzPSEYh/G5Yt8wUpgLQ18yh5yVCXdHG9NAYI
rBBV+VuN6liFtN/QekVigZnpu6vFJn6yHE99T+1lYYqYBiEvmn6GOLycQ922UdLx
JAIYh4uGFUkpEO9We3ERfS5Q6nrR2DfdYVy0MRA1vPDU+8dN1MhZrHhHiaz4jZfm
voMKikr/0jzgUNaFbscIe8EFzHkM8KZCjrH5GZIIhZ22i2bA1ABqXvewQCDUc3jU
dt/U3zoSGAeL/7dm37AIZXDQPFwroxS+hfM3EsZBPZlF1Qij/CjUBWah3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnqlAnBaUNtSntSP1iCb5No3j4kMB8GA1UdIwQY
MBaAFM5xgMS6089CWlBnLhy3qdKseOIMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvem5HQXhMclR6MEphVUdjdUhMZXAwcXg0NGd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9kN2Q1Y2QtNzlhOS00YzgyLThmYzQt
MDQ2ZDJlMmFkY2Q1LzEvR2VxVUNjRnBRMjFLZTFJX1dJSnZrMmplUGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9kN2Q1Y2QtNzlhOS00YzgyLThmYzQtMDQ2ZDJlMmFkY2Q1
LzEvem5HQXhMclR6MEphVUdjdUhMZXAwcXg0NGd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+oJMA0G
CSqGSIb3DQEBCwUAA4IBAQB7Ot6Ymejes4ceB/fOrbF/ISAYI3hKSOuHJ70ZOuaO
5V9c6NGZ0GxPVZsDqWsZXFhVzz2aNrqknS9uGUtPX2K6mQoyQGepFvQ02numX8Ls
+VdCbYO6SeYsM0YNQekVYfsxR4b95tlwHzd+cFPX5uPWhQN33wls5VuGZsy9JvgP
punpuQsdAh5lhMgPz9W+2OTO8g++ua+B6/w2R6f1MhomFZD79c5kRTef1CAXr5Wy
LFdZYe0p308LqmGkCCINJgu9OiDC/Sn2UR2rOJaNbf9bB+TlB8Ms4rd4jtNP87l0
HzlM4zNq7OTt99KGc5/+8xG5EdCodi34H+uWCUbawvvL
-----END CERTIFICATE-----