Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/JsiUY4utQyGLQkMCxP2vm1DnYkM.roa
File:                     JsiUY4utQyGLQkMCxP2vm1DnYkM.roa (raw, json)
Hash identifier:          t9dxvm0FP5XnZVQ8+CoMdOpLdpUdElKJXDgxciqeHNU=
Subject key identifier:   26:C8:94:63:8B:AD:43:21:8B:42:43:02:C4:FD:AF:9B:50:E7:62:43
Certificate issuer:       /CN=731535a2eaebc68c1657aafcf5a788c8751d9b62
Certificate serial:       0194252140B573371496499BCA431987681F
Authority key identifier: 73:15:35:A2:EA:EB:C6:8C:16:57:AA:FC:F5:A7:88:C8:75:1D:9B:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cxU1ourrxowWV6r89aeIyHUdm2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/JsiUY4utQyGLQkMCxP2vm1DnYkM.roa
Signing time:             Thu 02 Jan 2025 03:48:43 +0000
ROA not before:           Thu 02 Jan 2025 03:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        91.218.37.0/24 maxlen: 24
                          2a02:ef80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/cxU1ourrxowWV6r89aeIyHUdm2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/cxU1ourrxowWV6r89aeIyHUdm2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cxU1ourrxowWV6r89aeIyHUdm2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:40:b5:73:37:14:96:49:9b:ca:43:19:87:68:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=731535a2eaebc68c1657aafcf5a788c8751d9b62
        Validity
            Not Before: Jan  2 03:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26c894638bad43218b424302c4fdaf9b50e76243
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f9:d9:22:ee:75:0a:54:d3:91:73:8c:4b:99:
                    cf:27:8b:e5:18:8a:1b:78:a3:72:dd:26:d9:30:58:
                    b8:41:b4:37:a0:e3:8e:55:8b:29:5f:27:e9:af:02:
                    7e:f1:39:b8:9e:f3:59:03:d0:6e:4f:31:fc:22:30:
                    b2:8e:be:59:93:ee:1a:08:52:1c:92:15:f2:a4:3c:
                    c2:8b:8a:64:7d:5c:f4:f9:c8:f2:30:0d:c7:30:b3:
                    2c:47:15:54:8b:43:43:4f:bd:77:ab:e6:c0:7e:b9:
                    76:61:31:55:40:fe:24:17:c5:a0:70:98:17:ad:f7:
                    8d:c3:86:a7:03:5b:0a:ed:cc:2b:be:6f:da:98:12:
                    cf:04:aa:62:00:db:a0:29:ab:18:6e:4d:90:27:44:
                    5b:77:c6:97:ea:90:a4:b7:ee:b9:ab:c4:2a:ee:5a:
                    4a:ce:8d:c6:c7:92:5d:84:3d:96:13:17:6e:6e:e8:
                    e5:03:85:73:28:81:c7:bf:c4:86:9e:98:e8:6f:c1:
                    8c:64:1b:6e:a2:6f:f8:3b:ba:7e:25:37:39:b7:7c:
                    2e:fa:18:2b:54:26:91:0a:5f:f9:e7:79:af:ca:0e:
                    93:56:e6:70:cb:dc:84:2b:c2:ec:78:e7:8e:eb:b4:
                    68:09:fc:63:f9:8c:17:cb:5c:d1:c0:32:ac:dc:d4:
                    1f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:C8:94:63:8B:AD:43:21:8B:42:43:02:C4:FD:AF:9B:50:E7:62:43
            X509v3 Authority Key Identifier:
                keyid:73:15:35:A2:EA:EB:C6:8C:16:57:AA:FC:F5:A7:88:C8:75:1D:9B:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cxU1ourrxowWV6r89aeIyHUdm2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/JsiUY4utQyGLQkMCxP2vm1DnYkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/9620ce-43f0-42bc-af59-435bda5bd048/1/cxU1ourrxowWV6r89aeIyHUdm2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.37.0/24
                IPv6:
                  2a02:ef80::/48

    Signature Algorithm: sha256WithRSAEncryption
         04:5b:d4:08:91:b4:f2:e0:f2:c1:ff:40:c5:c8:5c:a0:9c:c0:
         0e:f1:24:29:65:c3:87:7a:d7:6e:e6:22:02:cf:7c:f9:da:b2:
         fb:4b:24:ef:36:7d:3d:99:d6:89:6c:4b:ab:6e:fd:15:f8:34:
         42:f6:2c:a2:13:9c:87:a5:5b:ed:35:b7:00:8b:ed:62:f3:af:
         ab:13:af:fd:85:3d:39:41:6d:0e:7f:8b:f6:40:f1:7f:3b:81:
         73:69:d2:e6:4c:ff:f1:33:06:6f:a6:d1:77:cd:a8:fa:80:93:
         b3:8f:c8:af:83:56:f9:e8:8d:27:b8:73:c7:29:c1:54:74:57:
         fe:cc:0a:a0:32:28:f3:ca:53:e9:3e:6e:43:38:36:96:b0:50:
         dc:1c:76:14:94:1c:22:ad:05:60:dc:49:7b:3c:f9:17:c4:4d:
         e4:be:bd:2d:1c:ed:a8:b7:22:a7:ec:59:bb:bb:a4:71:77:24:
         66:0b:ad:05:f6:35:fc:07:34:7c:8a:17:bb:38:c8:d5:de:8f:
         1d:2b:6d:49:86:a7:eb:8b:53:3c:4e:6b:dc:eb:5d:a3:95:dc:
         a8:c3:4b:cc:68:6b:fd:75:40:04:fc:bf:ec:0c:17:81:16:de:
         ad:74:21:c9:77:95:41:86:93:bf:f9:eb:fa:d9:c3:60:3f:c7:
         75:e1:44:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlIUC1czcUlkmbykMZh2gfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczMTUzNWEyZWFlYmM2OGMxNjU3YWFmY2Y1YTc4OGM4NzUx
ZDliNjIwHhcNMjUwMTAyMDM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmM4OTQ2MzhiYWQ0MzIxOGI0MjQzMDJjNGZkYWY5YjUwZTc2MjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPnZIu51ClTTkXOMS5nPJ4vlGIob
eKNy3SbZMFi4QbQ3oOOOVYspXyfprwJ+8Tm4nvNZA9BuTzH8IjCyjr5Zk+4aCFIc
khXypDzCi4pkfVz0+cjyMA3HMLMsRxVUi0NDT713q+bAfrl2YTFVQP4kF8WgcJgX
rfeNw4anA1sK7cwrvm/amBLPBKpiANugKasYbk2QJ0Rbd8aX6pCkt+65q8Qq7lpK
zo3Gx5JdhD2WExdubujlA4VzKIHHv8SGnpjob8GMZBtuom/4O7p+JTc5t3wu+hgr
VCaRCl/553mvyg6TVuZwy9yEK8LseOeO67RoCfxj+YwXy1zRwDKs3NQf0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCbIlGOLrUMhi0JDAsT9r5tQ52JDMB8GA1UdIwQY
MBaAFHMVNaLq68aMFleq/PWniMh1HZtiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3hVMW91cnJ4b3dXVjZyODlhZUl5SFVkbTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS85NjIwY2UtNDNmMC00MmJjLWFmNTkt
NDM1YmRhNWJkMDQ4LzEvSnNpVVk0dXRReUdMUWtNQ3hQMnZtMURuWWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS85NjIwY2UtNDNmMC00MmJjLWFmNTktNDM1YmRhNWJkMDQ4
LzEvY3hVMW91cnJ4b3dXVjZyODlhZUl5SFVkbTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9olMA8E
AgACMAkDBwAqAu+AAAAwDQYJKoZIhvcNAQELBQADggEBAARb1AiRtPLg8sH/QMXI
XKCcwA7xJCllw4d6127mIgLPfPnasvtLJO82fT2Z1olsS6tu/RX4NEL2LKITnIel
W+01twCL7WLzr6sTr/2FPTlBbQ5/i/ZA8X87gXNp0uZM//EzBm+m0XfNqPqAk7OP
yK+DVvnojSe4c8cpwVR0V/7MCqAyKPPKU+k+bkM4NpawUNwcdhSUHCKtBWDcSXs8
+RfETeS+vS0c7ai3IqfsWbu7pHF3JGYLrQX2NfwHNHyKF7s4yNXejx0rbUmGp+uL
UzxOa9zrXaOV3KjDS8xoa/11QAT8v+wMF4EW3q10Icl3lUGGk7/56/rZw2A/x3Xh
RIU=
-----END CERTIFICATE-----