Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2bcf31-6277-4e87-a007-bbe2c4d88c2f/1/cp4lFEUau2mk3J8khN5tWSq6-qA.roa
File:                     cp4lFEUau2mk3J8khN5tWSq6-qA.roa (raw, json)
Hash identifier:          D4rIJ31bhlRPk+jgypW/dYYRdpcgCFWhZ+etBWhqECE=
Subject key identifier:   72:9E:25:14:45:1A:BB:69:A4:DC:9F:24:84:DE:6D:59:2A:BA:FA:A0
Certificate issuer:       /CN=2ad59994f2af79599cfb3ff2e3e98e518f914fba
Certificate serial:       019424B307A302A255B224A66CD7F1A49BFD
Authority key identifier: 2A:D5:99:94:F2:AF:79:59:9C:FB:3F:F2:E3:E9:8E:51:8F:91:4F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KtWZlPKveVmc-z_y4-mOUY-RT7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2bcf31-6277-4e87-a007-bbe2c4d88c2f/1/cp4lFEUau2mk3J8khN5tWSq6-qA.roa
Signing time:             Thu 02 Jan 2025 01:48:20 +0000
ROA not before:           Thu 02 Jan 2025 01:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43395
IP address blocks:        91.239.108.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2bcf31-6277-4e87-a007-bbe2c4d88c2f/1/KtWZlPKveVmc-z_y4-mOUY-RT7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2bcf31-6277-4e87-a007-bbe2c4d88c2f/1/KtWZlPKveVmc-z_y4-mOUY-RT7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KtWZlPKveVmc-z_y4-mOUY-RT7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:07:a3:02:a2:55:b2:24:a6:6c:d7:f1:a4:9b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ad59994f2af79599cfb3ff2e3e98e518f914fba
        Validity
            Not Before: Jan  2 01:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=729e2514451abb69a4dc9f2484de6d592abafaa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ee:4d:a0:91:bc:7f:84:2e:f4:f9:e2:48:11:
                    2d:a7:a3:67:59:02:7c:01:2e:a1:80:fc:db:79:fe:
                    8d:e6:f9:79:1e:60:53:86:11:af:f0:63:3d:0f:fa:
                    3d:60:5e:30:ca:48:67:9a:2f:eb:66:e0:b1:0b:f2:
                    83:6d:c6:2b:6b:2d:7b:61:99:02:d5:6e:57:1f:ee:
                    5b:e7:e7:55:80:f2:10:e2:5f:32:bb:ec:83:bb:f1:
                    1b:aa:9c:30:38:cf:6b:36:27:c0:c3:be:54:55:71:
                    b8:19:08:72:a7:4c:d0:84:af:f9:be:73:b7:e0:6f:
                    6b:d8:d2:ad:63:70:d8:37:08:8a:be:d2:1e:d2:c6:
                    76:8c:7a:f4:f1:1e:6a:a2:06:ad:fc:57:e4:3c:fb:
                    d7:bf:6f:4c:6c:11:e5:5d:64:04:95:9f:3e:45:5f:
                    75:e4:7b:8d:1d:5c:f1:31:f6:c0:0b:a7:8f:9a:3d:
                    d6:34:0c:ff:11:80:81:95:4b:45:b2:02:19:96:53:
                    39:a3:e0:92:95:c2:70:f4:24:88:0e:34:e4:4a:7a:
                    0e:fa:c7:13:be:b2:0b:a3:ae:e4:0f:42:a8:9b:dc:
                    10:04:9b:ee:01:67:7a:51:3c:4f:88:7b:ed:0b:e2:
                    3f:9f:81:91:5c:0f:36:89:54:c0:60:8a:d6:f2:00:
                    f8:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:9E:25:14:45:1A:BB:69:A4:DC:9F:24:84:DE:6D:59:2A:BA:FA:A0
            X509v3 Authority Key Identifier:
                keyid:2A:D5:99:94:F2:AF:79:59:9C:FB:3F:F2:E3:E9:8E:51:8F:91:4F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KtWZlPKveVmc-z_y4-mOUY-RT7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2bcf31-6277-4e87-a007-bbe2c4d88c2f/1/cp4lFEUau2mk3J8khN5tWSq6-qA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2bcf31-6277-4e87-a007-bbe2c4d88c2f/1/KtWZlPKveVmc-z_y4-mOUY-RT7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:b8:89:55:00:92:4f:e2:5c:c6:5d:aa:8d:ae:8c:ff:0a:50:
         c4:75:41:1c:7c:b2:c2:73:4a:4a:15:eb:71:89:cc:bb:3b:8f:
         5a:15:d5:38:47:20:9e:9e:68:44:79:5c:f0:3a:1e:c5:5d:2f:
         2a:a1:6a:54:cd:c2:9e:6a:16:e6:66:91:f8:fd:8d:8c:d3:29:
         c5:57:07:66:10:91:10:55:62:22:ff:90:88:de:ca:ca:6e:c4:
         b0:08:a1:85:5e:16:b8:48:8f:dd:ef:c1:da:ae:a8:26:3f:78:
         e8:2d:50:88:4c:41:47:62:e3:35:e0:3f:61:63:a7:c5:52:fe:
         03:7c:dc:24:82:8d:d6:7c:03:ef:41:28:cd:0d:1e:2c:1a:90:
         95:54:f7:cf:2a:72:b2:e7:b7:9f:1b:34:97:e4:2b:3f:b3:08:
         fe:76:a1:20:55:9f:1a:4a:0a:b6:42:0d:8e:c8:14:0f:48:52:
         43:22:99:9e:1e:83:bf:d7:e4:04:50:4d:a3:dc:50:8a:da:41:
         14:e2:db:7a:d1:26:e5:1d:0a:e3:75:13:a9:cf:5d:dc:b4:10:
         34:07:2c:90:20:39:6d:1e:b6:dc:ad:0e:14:b3:6c:37:f0:11:
         e3:e7:f8:a4:57:14:ae:61:9f:e3:4e:da:ce:5e:92:87:15:66:
         18:b9:5d:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkswejAqJVsiSmbNfxpJv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhZDU5OTk0ZjJhZjc5NTk5Y2ZiM2ZmMmUzZTk4ZTUxOGY5
MTRmYmEwHhcNMjUwMTAyMDE0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjllMjUxNDQ1MWFiYjY5YTRkYzlmMjQ4NGRlNmQ1OTJhYmFmYWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO5NoJG8f4Qu9PniSBEtp6NnWQJ8
AS6hgPzbef6N5vl5HmBThhGv8GM9D/o9YF4wykhnmi/rZuCxC/KDbcYray17YZkC
1W5XH+5b5+dVgPIQ4l8yu+yDu/EbqpwwOM9rNifAw75UVXG4GQhyp0zQhK/5vnO3
4G9r2NKtY3DYNwiKvtIe0sZ2jHr08R5qogat/FfkPPvXv29MbBHlXWQElZ8+RV91
5HuNHVzxMfbAC6ePmj3WNAz/EYCBlUtFsgIZllM5o+CSlcJw9CSIDjTkSnoO+scT
vrILo67kD0Kom9wQBJvuAWd6UTxPiHvtC+I/n4GRXA82iVTAYIrW8gD4uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKeJRRFGrtppNyfJITebVkquvqgMB8GA1UdIwQY
MBaAFCrVmZTyr3lZnPs/8uPpjlGPkU+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3RXWmxQS3ZlVm1jLXpfeTQtbU9VWS1SVDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYmNmMzEtNjI3Ny00ZTg3LWEwMDct
YmJlMmM0ZDg4YzJmLzEvY3A0bEZFVWF1Mm1rM0o4a2hONXRXU3E2LXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYmNmMzEtNjI3Ny00ZTg3LWEwMDctYmJlMmM0ZDg4YzJm
LzEvS3RXWmxQS3ZlVm1jLXpfeTQtbU9VWS1SVDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+9sMA0G
CSqGSIb3DQEBCwUAA4IBAQBsuIlVAJJP4lzGXaqNroz/ClDEdUEcfLLCc0pKFetx
icy7O49aFdU4RyCenmhEeVzwOh7FXS8qoWpUzcKeahbmZpH4/Y2M0ynFVwdmEJEQ
VWIi/5CI3srKbsSwCKGFXha4SI/d78HarqgmP3joLVCITEFHYuM14D9hY6fFUv4D
fNwkgo3WfAPvQSjNDR4sGpCVVPfPKnKy57efGzSX5Cs/swj+dqEgVZ8aSgq2Qg2O
yBQPSFJDIpmeHoO/1+QEUE2j3FCK2kEU4tt60SblHQrjdROpz13ctBA0ByyQIDlt
HrbcrQ4Us2w38BHj5/ikVxSuYZ/jTtrOXpKHFWYYuV1T
-----END CERTIFICATE-----