Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/wXXOQ9H2b6IyrY2B0lg-XuD_B8I.roa
File:                     wXXOQ9H2b6IyrY2B0lg-XuD_B8I.roa (raw, json)
Hash identifier:          cgMdX3AAi5D4nzcU3HSWbT0lY1xCqmK5843fX99UXkY=
Subject key identifier:   C1:75:CE:43:D1:F6:6F:A2:32:AD:8D:81:D2:58:3E:5E:E0:FF:07:C2
Certificate issuer:       /CN=94b1cbff4bd970fa27fdefd4bf68b02d68d2b9dd
Certificate serial:       0194266BA3BBD57B947C87EB8F8D8E4DDE85
Authority key identifier: 94:B1:CB:FF:4B:D9:70:FA:27:FD:EF:D4:BF:68:B0:2D:68:D2:B9:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lLHL_0vZcPon_e_Uv2iwLWjSud0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/wXXOQ9H2b6IyrY2B0lg-XuD_B8I.roa
Signing time:             Thu 02 Jan 2025 09:49:36 +0000
ROA not before:           Thu 02 Jan 2025 09:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20892
IP address blocks:        91.194.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/lLHL_0vZcPon_e_Uv2iwLWjSud0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/lLHL_0vZcPon_e_Uv2iwLWjSud0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lLHL_0vZcPon_e_Uv2iwLWjSud0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:a3:bb:d5:7b:94:7c:87:eb:8f:8d:8e:4d:de:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94b1cbff4bd970fa27fdefd4bf68b02d68d2b9dd
        Validity
            Not Before: Jan  2 09:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c175ce43d1f66fa232ad8d81d2583e5ee0ff07c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:f5:21:2c:be:d1:93:20:6c:e2:92:3d:47:c7:
                    e9:27:64:07:e1:57:a1:a2:98:ad:0b:d3:c5:86:50:
                    88:b8:a1:7e:40:9d:87:6e:b6:68:9a:16:33:4f:27:
                    5a:57:bb:7c:38:f9:3d:2f:9f:25:d8:e8:f2:7b:c2:
                    f2:ce:4d:9b:b3:a0:8e:18:fa:71:b3:2c:a9:13:97:
                    9b:14:9c:16:11:f5:4b:fc:ce:14:12:29:ae:75:7d:
                    58:13:21:ac:6c:d5:58:a0:f7:37:f2:01:bb:e7:b7:
                    0a:59:bb:5b:77:33:74:fa:0f:ee:29:0c:1a:5d:15:
                    28:ff:8a:9c:77:d8:48:88:b3:94:e5:ac:d0:d4:e2:
                    34:77:5a:44:ba:7c:42:82:81:73:a2:9d:37:03:3c:
                    8d:15:1b:88:71:ed:40:c3:18:07:8b:2b:ab:71:13:
                    7b:b1:4d:b4:c8:1a:e0:de:4e:b3:0c:e5:3c:fc:04:
                    c4:62:6a:42:4d:dc:d6:2c:76:82:18:0e:b9:46:da:
                    6e:ff:ff:7f:11:ba:5f:e9:96:0c:fe:ec:ef:7a:06:
                    b3:64:17:d0:2a:17:3a:33:33:76:db:af:20:64:97:
                    d8:91:26:9f:54:ef:23:2f:7a:60:a2:74:b7:4b:7e:
                    38:eb:c8:a5:fc:4a:ab:7b:8c:c4:18:bc:ee:14:25:
                    1f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:75:CE:43:D1:F6:6F:A2:32:AD:8D:81:D2:58:3E:5E:E0:FF:07:C2
            X509v3 Authority Key Identifier:
                keyid:94:B1:CB:FF:4B:D9:70:FA:27:FD:EF:D4:BF:68:B0:2D:68:D2:B9:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lLHL_0vZcPon_e_Uv2iwLWjSud0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/wXXOQ9H2b6IyrY2B0lg-XuD_B8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/063658-8262-4965-9661-0542427b02b9/1/lLHL_0vZcPon_e_Uv2iwLWjSud0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c2:62:e0:71:c8:9b:ae:04:78:fa:06:86:1b:af:0f:d2:08:25:
         58:44:67:e4:e4:c8:39:14:62:1d:8f:9f:d4:dc:3a:d2:09:b4:
         72:aa:81:dc:56:b3:ea:35:d9:b8:0d:27:4e:a4:0f:aa:68:ed:
         a9:5c:8a:cc:96:43:7f:52:d3:0c:67:7f:d3:0f:47:e4:90:b2:
         72:8d:9f:f4:09:4b:15:44:cb:fb:6f:99:8a:54:df:fb:30:b3:
         fa:4d:65:62:ef:af:4c:bb:06:7c:86:29:74:74:18:77:e9:e4:
         66:a0:40:8e:bf:00:ef:35:59:1b:47:c8:b9:9c:fa:27:00:32:
         db:0d:38:9f:cf:e9:b0:2a:2c:0e:be:d8:3e:cb:f6:ce:d4:28:
         b3:a2:70:ab:f1:b6:9f:f1:c2:0d:fe:5a:ff:3f:34:34:b1:36:
         a6:38:fb:c4:5a:15:ce:59:19:cf:13:de:c2:03:8c:1d:20:85:
         fc:5b:ac:a4:0d:4a:c2:b0:44:4b:bc:c0:b4:fc:63:cf:b7:a4:
         cd:51:1b:d0:c2:b7:a8:f8:a5:71:cf:dd:ec:39:f1:a4:03:07:
         87:79:17:9e:7b:e6:06:60:78:6c:03:2f:95:a1:ce:12:51:73:
         f6:f0:41:9d:0a:c7:34:94:43:d9:f3:40:57:f8:08:3d:3e:71:
         64:2a:32:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma6O71XuUfIfrj42OTd6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0YjFjYmZmNGJkOTcwZmEyN2ZkZWZkNGJmNjhiMDJkNjhk
MmI5ZGQwHhcNMjUwMTAyMDk0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTc1Y2U0M2QxZjY2ZmEyMzJhZDhkODFkMjU4M2U1ZWUwZmYwN2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2vUhLL7RkyBs4pI9R8fpJ2QH4Veh
opitC9PFhlCIuKF+QJ2HbrZomhYzTydaV7t8OPk9L58l2Ojye8Lyzk2bs6COGPpx
syypE5ebFJwWEfVL/M4UEimudX1YEyGsbNVYoPc38gG757cKWbtbdzN0+g/uKQwa
XRUo/4qcd9hIiLOU5azQ1OI0d1pEunxCgoFzop03AzyNFRuIce1AwxgHiyurcRN7
sU20yBrg3k6zDOU8/ATEYmpCTdzWLHaCGA65Rtpu//9/Ebpf6ZYM/uzvegazZBfQ
Khc6MzN2268gZJfYkSafVO8jL3pgonS3S34468il/Eqre4zEGLzuFCUf2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMF1zkPR9m+iMq2NgdJYPl7g/wfCMB8GA1UdIwQY
MBaAFJSxy/9L2XD6J/3v1L9osC1o0rndMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbExITF8wdlpjUG9uX2VfVXYyaXdMV2pTdWQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny8wNjM2NTgtODI2Mi00OTY1LTk2NjEt
MDU0MjQyN2IwMmI5LzEvd1hYT1E5SDJiNkl5clkyQjBsZy1YdURfQjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny8wNjM2NTgtODI2Mi00OTY1LTk2NjEtMDU0MjQyN2IwMmI5
LzEvbExITF8wdlpjUG9uX2VfVXYyaXdMV2pTdWQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8LyMA0G
CSqGSIb3DQEBCwUAA4IBAQDCYuBxyJuuBHj6BoYbrw/SCCVYRGfk5Mg5FGIdj5/U
3DrSCbRyqoHcVrPqNdm4DSdOpA+qaO2pXIrMlkN/UtMMZ3/TD0fkkLJyjZ/0CUsV
RMv7b5mKVN/7MLP6TWVi769MuwZ8hil0dBh36eRmoECOvwDvNVkbR8i5nPonADLb
DTifz+mwKiwOvtg+y/bO1CizonCr8baf8cIN/lr/PzQ0sTamOPvEWhXOWRnPE97C
A4wdIIX8W6ykDUrCsERLvMC0/GPPt6TNURvQwreo+KVxz93sOfGkAweHeReee+YG
YHhsAy+Voc4SUXP28EGdCsc0lEPZ80BX+Ag9PnFkKjLA
-----END CERTIFICATE-----