Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/kBFtrsJPrM_jo-p7iRZbBINVjA0.roa
File:                     kBFtrsJPrM_jo-p7iRZbBINVjA0.roa (raw, json)
Hash identifier:          mJ1KicTl/vvOlA9osD4D6kVHttKTQWza7HFTFyqDuBU=
Subject key identifier:   90:11:6D:AE:C2:4F:AC:CF:E3:A3:EA:7B:89:16:5B:04:83:55:8C:0D
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       0194829E66238EFBA79661F33AA24E567521
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/kBFtrsJPrM_jo-p7iRZbBINVjA0.roa
Signing time:             Mon 20 Jan 2025 07:30:06 +0000
ROA not before:           Mon 20 Jan 2025 07:30:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208615
IP address blocks:        91.219.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:82:9e:66:23:8e:fb:a7:96:61:f3:3a:a2:4e:56:75:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan 20 07:30:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90116daec24faccfe3a3ea7b89165b0483558c0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:77:a7:e6:9e:f0:f5:0e:82:7a:06:ab:15:ad:
                    85:29:79:7d:c3:60:1c:6f:5b:d0:07:30:06:5a:a8:
                    fb:a6:3b:2a:d3:c0:ea:55:12:c1:8b:b1:44:cb:12:
                    78:52:93:1f:00:a7:af:df:68:4b:48:60:3c:9c:9f:
                    14:a5:33:01:17:16:a7:74:bc:b2:1c:22:c3:d7:a4:
                    81:26:0d:b8:f8:91:ee:0b:64:9d:54:9c:50:b7:e0:
                    a4:82:98:64:4a:06:cd:28:94:44:94:65:65:f7:0d:
                    dd:81:61:96:bd:e6:a5:46:78:87:44:26:4b:c5:60:
                    98:b6:db:a7:99:2b:75:3b:31:1a:0b:b7:77:7f:37:
                    67:7e:a2:13:0c:72:f8:cc:24:d0:0c:d6:a9:5e:b4:
                    66:9c:83:6b:df:60:9a:e2:a1:52:b7:ee:e1:cc:5d:
                    5e:2a:3a:17:e4:e6:c9:1d:f5:25:3f:15:11:73:35:
                    24:ad:b4:97:80:71:fa:c1:8f:6b:6d:5d:79:71:aa:
                    55:f2:8c:17:e6:12:99:94:1d:09:17:07:ad:48:f8:
                    8d:6d:f4:cf:e9:4e:fe:5d:17:42:59:a3:da:09:eb:
                    15:74:1d:7f:b1:28:a9:3b:3c:3d:1c:81:b7:02:0b:
                    51:a1:08:1a:f4:52:9a:56:87:73:8e:88:60:fb:cb:
                    6f:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:11:6D:AE:C2:4F:AC:CF:E3:A3:EA:7B:89:16:5B:04:83:55:8C:0D
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/kBFtrsJPrM_jo-p7iRZbBINVjA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:09:59:11:e3:eb:2e:92:a1:90:8e:dc:78:48:67:5c:e2:7e:
         a2:c7:cd:46:46:36:cc:69:d9:7d:20:29:5b:86:55:eb:03:b5:
         cd:a1:51:6e:7c:af:ed:7e:45:04:ed:87:c5:4f:e4:f2:d4:46:
         cf:2f:54:f4:fd:ac:ba:cc:a8:15:68:81:40:cc:21:b1:1d:05:
         ab:be:ad:51:9d:c0:30:04:fb:c0:95:e6:6c:14:c8:47:d2:37:
         ee:ba:dc:6f:7d:76:c8:78:a5:34:f1:b6:40:75:f9:52:93:af:
         5d:1b:66:2e:76:e7:3c:cc:1e:bc:21:52:bd:1a:d1:e2:45:36:
         3c:9d:cd:f2:23:24:23:fc:02:71:bb:c2:2e:9f:5f:ce:d6:fd:
         2e:d8:af:d7:35:59:27:b8:92:eb:2f:d2:b1:5d:b3:b2:92:36:
         0d:36:65:9e:d3:ec:c7:ae:72:71:48:5a:d0:95:6f:30:09:c7:
         43:b1:56:ea:7e:39:c2:4f:38:61:47:f2:d7:b1:fc:f0:bd:d8:
         20:7c:1f:54:ed:b4:1c:b6:20:a7:bc:7f:de:53:0e:4e:0e:78:
         9c:ee:ff:83:36:d8:c9:77:a6:af:c9:ab:ed:ac:17:2f:9f:38:
         a5:76:97:6b:f8:fe:5e:a1:04:32:ec:b8:65:f8:95:ec:4b:54:
         0f:92:7b:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSCnmYjjvunlmHzOqJOVnUhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjUwMTIwMDczMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDExNmRhZWMyNGZhY2NmZTNhM2VhN2I4OTE2NWIwNDgzNTU4YzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHen5p7w9Q6CegarFa2FKXl9w2Ac
b1vQBzAGWqj7pjsq08DqVRLBi7FEyxJ4UpMfAKev32hLSGA8nJ8UpTMBFxandLyy
HCLD16SBJg24+JHuC2SdVJxQt+CkgphkSgbNKJRElGVl9w3dgWGWvealRniHRCZL
xWCYttunmSt1OzEaC7d3fzdnfqITDHL4zCTQDNapXrRmnINr32Ca4qFSt+7hzF1e
KjoX5ObJHfUlPxURczUkrbSXgHH6wY9rbV15capV8owX5hKZlB0JFwetSPiNbfTP
6U7+XRdCWaPaCesVdB1/sSipOzw9HIG3AgtRoQga9FKaVodzjohg+8tvnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJARba7CT6zP46Pqe4kWWwSDVYwNMB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEva0JGdHJzSlByTV9qby1wN2lSWmJCSU5WakEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9u1MA0G
CSqGSIb3DQEBCwUAA4IBAQBgCVkR4+sukqGQjtx4SGdc4n6ix81GRjbMadl9IClb
hlXrA7XNoVFufK/tfkUE7YfFT+Ty1EbPL1T0/ay6zKgVaIFAzCGxHQWrvq1RncAw
BPvAleZsFMhH0jfuutxvfXbIeKU08bZAdflSk69dG2Yuduc8zB68IVK9GtHiRTY8
nc3yIyQj/AJxu8Iun1/O1v0u2K/XNVknuJLrL9KxXbOykjYNNmWe0+zHrnJxSFrQ
lW8wCcdDsVbqfjnCTzhhR/LXsfzwvdggfB9U7bQctiCnvH/eUw5ODnic7v+DNtjJ
d6avyavtrBcvnzildpdr+P5eoQQy7Lhl+JXsS1QPknvE
-----END CERTIFICATE-----