Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/b5da70-4210-463e-9dc6-979972a0014d/1/KrtTh6gsfptfdAcGq3CmJjqfV2o.roa
File:                     KrtTh6gsfptfdAcGq3CmJjqfV2o.roa (raw, json)
Hash identifier:          eRRAdGSdFwP7Zvo2rxHWeAe37W0cOjnKNlia+tVBb+M=
Subject key identifier:   2A:BB:53:87:A8:2C:7E:9B:5F:74:07:06:AB:70:A6:26:3A:9F:57:6A
Certificate issuer:       /CN=401d19615ace2bbbcfa09169080808762a64b17e
Certificate serial:       0194266B4CF296578550B463C1D8B0AB9B7B
Authority key identifier: 40:1D:19:61:5A:CE:2B:BB:CF:A0:91:69:08:08:08:76:2A:64:B1:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QB0ZYVrOK7vPoJFpCAgIdipksX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/b5da70-4210-463e-9dc6-979972a0014d/1/KrtTh6gsfptfdAcGq3CmJjqfV2o.roa
Signing time:             Thu 02 Jan 2025 09:49:13 +0000
ROA not before:           Thu 02 Jan 2025 09:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208716
IP address blocks:        91.220.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/b5da70-4210-463e-9dc6-979972a0014d/1/QB0ZYVrOK7vPoJFpCAgIdipksX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/b5da70-4210-463e-9dc6-979972a0014d/1/QB0ZYVrOK7vPoJFpCAgIdipksX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QB0ZYVrOK7vPoJFpCAgIdipksX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:4c:f2:96:57:85:50:b4:63:c1:d8:b0:ab:9b:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=401d19615ace2bbbcfa09169080808762a64b17e
        Validity
            Not Before: Jan  2 09:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2abb5387a82c7e9b5f740706ab70a6263a9f576a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:83:a1:e6:de:6a:de:49:d9:6c:88:7d:57:d1:
                    11:15:7c:64:9b:b3:87:a4:59:3f:f2:9f:c0:c2:70:
                    1f:cc:b1:56:f6:90:30:61:fc:ac:1b:5c:5e:d6:c4:
                    83:6d:db:39:64:1c:9e:f9:0f:0f:75:d3:bd:15:da:
                    3f:ca:16:f7:b0:d7:29:97:8f:16:34:d6:e9:8b:9f:
                    d6:16:96:33:17:0e:3f:88:58:1a:ab:69:e0:28:07:
                    ca:18:0e:09:3f:1a:60:1b:26:b8:0e:f2:2f:4d:e8:
                    00:1b:67:0d:aa:89:4b:f2:1f:25:78:d7:66:53:ef:
                    63:c4:a4:c4:d1:47:ff:7d:18:ad:e7:81:57:7e:f3:
                    4f:be:5e:be:8f:ce:72:9a:91:7c:36:ba:88:9c:65:
                    0a:e2:2f:4c:c1:38:90:94:ce:09:e0:72:ad:47:f1:
                    49:0b:3d:8b:55:31:a0:e9:a7:94:29:77:f4:64:99:
                    ac:54:6e:ea:4a:52:c9:68:84:ba:b6:e1:38:da:5e:
                    e7:a1:1b:2d:c8:6d:06:fe:eb:0c:7a:3e:32:f7:1d:
                    cd:bf:e1:5b:8f:57:b2:96:4b:f0:12:ed:0d:82:18:
                    1b:c6:bb:16:d8:c2:03:25:19:72:25:60:89:1c:cd:
                    c7:fe:24:b8:01:ef:d3:2c:52:e9:3b:27:d6:88:2a:
                    52:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:BB:53:87:A8:2C:7E:9B:5F:74:07:06:AB:70:A6:26:3A:9F:57:6A
            X509v3 Authority Key Identifier:
                keyid:40:1D:19:61:5A:CE:2B:BB:CF:A0:91:69:08:08:08:76:2A:64:B1:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QB0ZYVrOK7vPoJFpCAgIdipksX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b5da70-4210-463e-9dc6-979972a0014d/1/KrtTh6gsfptfdAcGq3CmJjqfV2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/b5da70-4210-463e-9dc6-979972a0014d/1/QB0ZYVrOK7vPoJFpCAgIdipksX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:3d:98:d3:1b:c8:31:9a:12:8c:30:87:e2:0c:78:af:16:ab:
         97:70:5e:45:88:3c:a3:2d:6a:64:54:ab:e8:48:d0:fe:ff:06:
         b5:41:97:22:1c:40:fc:28:dc:ae:c8:33:19:13:8a:40:7d:c2:
         03:02:57:87:64:e2:38:25:37:ef:c5:bb:e3:76:af:19:fd:6f:
         03:23:8e:16:7b:d4:d1:97:5b:e0:18:38:4b:1b:84:b8:c6:26:
         bd:cc:8f:6b:5a:87:3c:aa:48:9e:dc:f4:00:fb:fd:c1:3a:01:
         17:66:9c:d2:e4:21:7f:1a:07:ad:02:6c:27:a4:6e:88:e3:d2:
         e6:db:09:07:26:12:00:da:87:4b:c6:2c:57:4a:38:35:44:49:
         30:94:94:5a:44:63:e7:f4:54:63:c5:a2:21:04:2f:4c:6b:a0:
         6a:9d:c3:4b:4a:c8:a3:25:50:98:c5:b6:c3:81:34:db:df:0c:
         97:ad:6e:c5:8e:53:fb:8e:ac:53:cc:6b:8d:d5:a9:22:8b:ca:
         a4:b9:86:48:05:48:c6:18:1f:a2:3d:4a:4d:8a:0a:8d:67:3b:
         db:a9:ac:29:3c:46:20:2c:fd:a2:3a:d3:4c:67:87:39:80:fd:
         7e:42:2d:2b:bf:82:cd:f0:ca:66:00:83:2a:5e:9c:12:0d:cc:
         ea:c9:16:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma0zylleFULRjwdiwq5t7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwMWQxOTYxNWFjZTJiYmJjZmEwOTE2OTA4MDgwODc2MmE2
NGIxN2UwHhcNMjUwMTAyMDk0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWJiNTM4N2E4MmM3ZTliNWY3NDA3MDZhYjcwYTYyNjNhOWY1NzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4Oh5t5q3knZbIh9V9ERFXxkm7OH
pFk/8p/AwnAfzLFW9pAwYfysG1xe1sSDbds5ZBye+Q8PddO9Fdo/yhb3sNcpl48W
NNbpi5/WFpYzFw4/iFgaq2ngKAfKGA4JPxpgGya4DvIvTegAG2cNqolL8h8leNdm
U+9jxKTE0Uf/fRit54FXfvNPvl6+j85ympF8NrqInGUK4i9MwTiQlM4J4HKtR/FJ
Cz2LVTGg6aeUKXf0ZJmsVG7qSlLJaIS6tuE42l7noRstyG0G/usMej4y9x3Nv+Fb
j1eylkvwEu0NghgbxrsW2MIDJRlyJWCJHM3H/iS4Ae/TLFLpOyfWiCpS8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCq7U4eoLH6bX3QHBqtwpiY6n1dqMB8GA1UdIwQY
MBaAFEAdGWFaziu7z6CRaQgICHYqZLF+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUIwWllWck9LN3ZQb0pGcENBZ0lkaXBrc1g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS9iNWRhNzAtNDIxMC00NjNlLTlkYzYt
OTc5OTcyYTAwMTRkLzEvS3J0VGg2Z3NmcHRmZEFjR3EzQ21KanFmVjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS9iNWRhNzAtNDIxMC00NjNlLTlkYzYtOTc5OTcyYTAwMTRk
LzEvUUIwWllWck9LN3ZQb0pGcENBZ0lkaXBrc1g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9wPMA0G
CSqGSIb3DQEBCwUAA4IBAQBFPZjTG8gxmhKMMIfiDHivFquXcF5FiDyjLWpkVKvo
SND+/wa1QZciHED8KNyuyDMZE4pAfcIDAleHZOI4JTfvxbvjdq8Z/W8DI44We9TR
l1vgGDhLG4S4xia9zI9rWoc8qkie3PQA+/3BOgEXZpzS5CF/GgetAmwnpG6I49Lm
2wkHJhIA2odLxixXSjg1REkwlJRaRGPn9FRjxaIhBC9Ma6BqncNLSsijJVCYxbbD
gTTb3wyXrW7FjlP7jqxTzGuN1akii8qkuYZIBUjGGB+iPUpNigqNZzvbqawpPEYg
LP2iOtNMZ4c5gP1+Qi0rv4LN8MpmAIMqXpwSDczqyRaM
-----END CERTIFICATE-----