Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/2e18f7-09c7-45b1-bcb7-9f6686e42800/1/xnuUEnVXaSzz9cF5USCrsyD97so.roa
File:                     xnuUEnVXaSzz9cF5USCrsyD97so.roa (raw, json)
Hash identifier:          j10VBwI4MUaDD8l8nXJ3vdwJpNrClSEXJCQ84BCSTro=
Subject key identifier:   C6:7B:94:12:75:57:69:2C:F3:F5:C1:79:51:20:AB:B3:20:FD:EE:CA
Certificate issuer:       /CN=0a06b65cbb97667abdff9b861a22f9d01d1d46cb
Certificate serial:       0194282697812ED94718D34340AFC6C37D64
Authority key identifier: 0A:06:B6:5C:BB:97:66:7A:BD:FF:9B:86:1A:22:F9:D0:1D:1D:46:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Cga2XLuXZnq9_5uGGiL50B0dRss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/2e18f7-09c7-45b1-bcb7-9f6686e42800/1/xnuUEnVXaSzz9cF5USCrsyD97so.roa
Signing time:             Thu 02 Jan 2025 17:53:25 +0000
ROA not before:           Thu 02 Jan 2025 17:53:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209615
IP address blocks:        91.132.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/2e18f7-09c7-45b1-bcb7-9f6686e42800/1/Cga2XLuXZnq9_5uGGiL50B0dRss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/2e18f7-09c7-45b1-bcb7-9f6686e42800/1/Cga2XLuXZnq9_5uGGiL50B0dRss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Cga2XLuXZnq9_5uGGiL50B0dRss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:97:81:2e:d9:47:18:d3:43:40:af:c6:c3:7d:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a06b65cbb97667abdff9b861a22f9d01d1d46cb
        Validity
            Not Before: Jan  2 17:53:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c67b94127557692cf3f5c1795120abb320fdeeca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:64:13:d1:3e:f8:47:cc:30:0c:ee:78:f1:c8:
                    b9:84:95:f1:61:ba:fe:04:9a:44:97:78:5c:3c:98:
                    7f:9d:aa:cd:19:7a:2b:3e:83:ce:40:52:8c:f8:29:
                    5e:1b:61:43:e9:6e:76:78:16:6a:eb:ad:04:6b:4c:
                    06:45:0c:12:0b:20:4d:b5:20:59:45:8b:c1:af:f3:
                    3b:52:5a:15:df:71:a1:df:53:3f:c4:2f:bc:51:68:
                    25:61:7a:24:0d:cf:9b:4f:a8:ba:bc:91:35:c5:71:
                    b5:02:d3:8a:c0:e6:49:87:87:bc:eb:27:bf:a2:ec:
                    24:f7:17:65:17:3c:d2:f5:5a:b6:47:6e:e5:57:d7:
                    6b:80:9f:eb:64:81:a9:e6:60:68:7a:09:24:6d:23:
                    e8:75:d2:00:d8:3c:ff:49:08:3f:1f:3a:8c:ed:56:
                    3d:45:f5:68:7b:b6:4e:b4:48:9d:17:b4:36:b5:27:
                    47:0e:37:a0:01:08:38:5b:96:f5:bc:90:73:5a:4b:
                    d9:f8:31:3f:12:a8:f8:11:1f:9e:a5:ae:ae:60:bd:
                    cc:69:ae:71:2c:f2:1a:78:62:0c:ea:a5:03:6e:2d:
                    0e:83:4f:00:0d:d5:02:4f:bf:8e:f1:38:2d:87:89:
                    34:db:6a:0b:14:ef:43:43:72:50:57:29:d6:2d:69:
                    15:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:7B:94:12:75:57:69:2C:F3:F5:C1:79:51:20:AB:B3:20:FD:EE:CA
            X509v3 Authority Key Identifier:
                keyid:0A:06:B6:5C:BB:97:66:7A:BD:FF:9B:86:1A:22:F9:D0:1D:1D:46:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Cga2XLuXZnq9_5uGGiL50B0dRss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2e18f7-09c7-45b1-bcb7-9f6686e42800/1/xnuUEnVXaSzz9cF5USCrsyD97so.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/2e18f7-09c7-45b1-bcb7-9f6686e42800/1/Cga2XLuXZnq9_5uGGiL50B0dRss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:6d:ca:ea:7f:55:12:1b:e4:35:1a:64:00:5b:97:19:30:ef:
         66:c7:4a:28:8a:72:6a:45:46:4f:c3:79:0b:d3:ef:f8:6f:3c:
         22:db:5c:75:ee:9d:b1:bd:ef:f8:c2:37:e3:8d:6f:71:1b:77:
         c7:d6:87:35:3c:f8:25:3c:b0:4d:1e:cf:0b:2a:a6:a2:18:8f:
         2f:af:1c:60:c7:a2:ca:f8:ca:25:bc:8e:5a:b1:f5:81:45:0c:
         40:3f:ee:17:3a:90:f6:43:46:83:61:d2:38:14:0d:33:61:1f:
         4d:7d:12:a6:c6:ba:e2:65:b0:ef:89:c0:e3:06:a5:3c:20:d8:
         10:a6:97:66:01:2e:1d:de:4e:b8:95:3f:cc:d7:7e:54:21:56:
         e7:87:d2:36:56:dd:cd:43:df:b7:c0:9f:4a:a1:90:84:de:db:
         1c:f1:42:6a:58:c6:bd:e4:b7:6b:f9:00:7d:6f:70:b7:a7:55:
         9d:5f:7f:cf:7a:87:86:f5:3f:7d:41:1a:ad:b8:8c:13:0e:27:
         ad:37:12:b6:45:6a:cb:71:80:bb:b7:2f:b5:83:93:2b:d2:93:
         1b:52:6f:a7:fc:64:f5:25:cb:6c:b4:ba:f8:23:c5:0e:9c:de:
         71:7b:75:1b:c8:20:c8:ef:60:de:21:2a:37:96:93:76:4f:4e:
         9a:24:73:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJpeBLtlHGNNDQK/Gw31kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMDZiNjVjYmI5NzY2N2FiZGZmOWI4NjFhMjJmOWQwMWQx
ZDQ2Y2IwHhcNMjUwMTAyMTc1MzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjdiOTQxMjc1NTc2OTJjZjNmNWMxNzk1MTIwYWJiMzIwZmRlZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmQT0T74R8wwDO548ci5hJXxYbr+
BJpEl3hcPJh/narNGXorPoPOQFKM+CleG2FD6W52eBZq660Ea0wGRQwSCyBNtSBZ
RYvBr/M7UloV33Gh31M/xC+8UWglYXokDc+bT6i6vJE1xXG1AtOKwOZJh4e86ye/
ouwk9xdlFzzS9Vq2R27lV9drgJ/rZIGp5mBoegkkbSPoddIA2Dz/SQg/HzqM7VY9
RfVoe7ZOtEidF7Q2tSdHDjegAQg4W5b1vJBzWkvZ+DE/Eqj4ER+epa6uYL3Maa5x
LPIaeGIM6qUDbi0Og08ADdUCT7+O8Tgth4k022oLFO9DQ3JQVynWLWkV3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMZ7lBJ1V2ks8/XBeVEgq7Mg/e7KMB8GA1UdIwQY
MBaAFAoGtly7l2Z6vf+bhhoi+dAdHUbLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2dhMlhMdVhabnE5XzV1R0dpTDUwQjBkUnNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC8yZTE4ZjctMDljNy00NWIxLWJjYjct
OWY2Njg2ZTQyODAwLzEveG51VUVuVlhhU3p6OWNGNVVTQ3JzeUQ5N3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC8yZTE4ZjctMDljNy00NWIxLWJjYjctOWY2Njg2ZTQyODAw
LzEvQ2dhMlhMdVhabnE5XzV1R0dpTDUwQjBkUnNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW4TsMA0G
CSqGSIb3DQEBCwUAA4IBAQAPbcrqf1USG+Q1GmQAW5cZMO9mx0ooinJqRUZPw3kL
0+/4bzwi21x17p2xve/4wjfjjW9xG3fH1oc1PPglPLBNHs8LKqaiGI8vrxxgx6LK
+MolvI5asfWBRQxAP+4XOpD2Q0aDYdI4FA0zYR9NfRKmxrriZbDvicDjBqU8INgQ
ppdmAS4d3k64lT/M135UIVbnh9I2Vt3NQ9+3wJ9KoZCE3tsc8UJqWMa95Ldr+QB9
b3C3p1WdX3/PeoeG9T99QRqtuIwTDietNxK2RWrLcYC7ty+1g5Mr0pMbUm+n/GT1
JctstLr4I8UOnN5xe3UbyCDI72DeISo3lpN2T06aJHOb
-----END CERTIFICATE-----