Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e14fe1-62ab-4415-9bce-e40fe0b094b0/1/_aJQ6oyDSsBM9CQBM0bENVTAfYk.roa
File:                     _aJQ6oyDSsBM9CQBM0bENVTAfYk.roa (raw, json)
Hash identifier:          TGsiDKL9QYKUEyLtO8kxrwWDCHZz/h4CK165UgZMbZA=
Subject key identifier:   FD:A2:50:EA:8C:83:4A:C0:4C:F4:24:01:33:46:C4:35:54:C0:7D:89
Certificate issuer:       /CN=a83609c88f38dbb548a1f02f89ff29bb6d18864e
Certificate serial:       019426D99E5860648517222462C2964B1692
Authority key identifier: A8:36:09:C8:8F:38:DB:B5:48:A1:F0:2F:89:FF:29:BB:6D:18:86:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qDYJyI8427VIofAvif8pu20Yhk4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/e14fe1-62ab-4415-9bce-e40fe0b094b0/1/_aJQ6oyDSsBM9CQBM0bENVTAfYk.roa
Signing time:             Thu 02 Jan 2025 11:49:43 +0000
ROA not before:           Thu 02 Jan 2025 11:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210474
IP address blocks:        91.199.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/e14fe1-62ab-4415-9bce-e40fe0b094b0/1/qDYJyI8427VIofAvif8pu20Yhk4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/e14fe1-62ab-4415-9bce-e40fe0b094b0/1/qDYJyI8427VIofAvif8pu20Yhk4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qDYJyI8427VIofAvif8pu20Yhk4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 22:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:9e:58:60:64:85:17:22:24:62:c2:96:4b:16:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83609c88f38dbb548a1f02f89ff29bb6d18864e
        Validity
            Not Before: Jan  2 11:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fda250ea8c834ac04cf424013346c43554c07d89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:60:23:b2:8f:37:ea:07:48:78:33:be:7d:1c:
                    ed:ea:70:10:5f:7d:9d:41:9d:38:02:0b:63:10:31:
                    c8:0d:52:bd:b8:a1:2d:e2:ac:58:2b:d5:b4:0b:d7:
                    8a:e1:e1:66:ce:2a:2c:43:29:76:b8:0e:62:e0:dc:
                    f2:fa:d1:6b:2f:e0:98:ed:89:83:a1:a7:9c:0f:18:
                    9e:19:da:0f:ff:b2:ea:3a:87:b4:22:4a:d2:29:67:
                    32:30:40:04:b2:4d:b7:4e:e2:23:d0:15:4a:0d:ba:
                    e6:e5:cf:ab:9b:1e:9a:b1:f7:8c:37:8b:26:62:ae:
                    31:6e:ce:18:d2:33:76:7b:45:c0:94:41:c6:af:ca:
                    e6:98:c1:93:69:1c:fb:3f:ce:bf:12:33:58:ee:2d:
                    bd:72:fc:e5:8c:a4:d7:9e:86:52:54:d0:6a:1f:30:
                    c8:3a:93:b0:7b:ea:4c:fa:b0:7c:e2:67:25:11:88:
                    3d:29:24:6c:1a:26:70:45:f6:df:75:67:32:d6:cd:
                    86:29:38:69:76:18:4f:73:78:3d:4f:f8:db:35:18:
                    f7:fe:b2:83:78:f8:aa:47:1d:91:8e:2b:b3:00:54:
                    13:fd:8e:70:79:1f:67:33:be:a0:c9:60:9f:0f:ae:
                    d0:ac:c7:19:ea:c4:30:0e:c5:44:6a:67:13:76:fe:
                    40:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:A2:50:EA:8C:83:4A:C0:4C:F4:24:01:33:46:C4:35:54:C0:7D:89
            X509v3 Authority Key Identifier:
                keyid:A8:36:09:C8:8F:38:DB:B5:48:A1:F0:2F:89:FF:29:BB:6D:18:86:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qDYJyI8427VIofAvif8pu20Yhk4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e14fe1-62ab-4415-9bce-e40fe0b094b0/1/_aJQ6oyDSsBM9CQBM0bENVTAfYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e14fe1-62ab-4415-9bce-e40fe0b094b0/1/qDYJyI8427VIofAvif8pu20Yhk4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:37:25:3d:f0:2e:75:9f:3e:5e:a2:e8:9e:9b:17:43:41:df:
         88:69:57:f1:97:4a:a1:8a:c0:69:22:9d:26:04:88:96:c7:47:
         66:83:26:ed:4a:64:1f:00:53:e4:d1:c2:5f:cb:56:77:72:c2:
         8b:07:68:4d:f5:6a:0d:a3:0f:03:65:80:f6:16:7f:ee:a1:1d:
         c6:6d:9f:53:a5:58:2e:01:25:c0:92:3d:24:36:d9:cd:d3:bc:
         11:39:e6:f4:75:ac:41:17:33:04:15:bb:0b:e9:e8:0f:bb:7a:
         d4:42:c3:fa:67:1b:83:de:fc:31:ab:ec:4f:03:86:ec:91:f5:
         cb:be:da:66:be:c6:c3:8d:d2:88:82:ec:09:64:f6:60:5e:2d:
         11:4c:91:a5:b7:78:f9:fc:82:fc:07:57:df:55:40:be:a3:97:
         b3:50:96:74:96:80:20:a7:9a:b9:25:b3:41:8d:1a:48:26:4a:
         58:7b:17:cf:57:67:65:5d:b9:17:d3:a4:2d:d7:a0:c8:0f:cc:
         08:6b:21:80:94:2f:43:4c:ac:de:41:12:ea:5c:6d:00:27:51:
         f9:2e:57:d8:a2:e7:ab:21:41:8f:10:3a:57:24:d5:bf:ec:62:
         47:62:65:92:d8:e6:67:76:48:99:77:04:a3:83:1b:21:ff:b2:
         0a:59:d4:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2Z5YYGSFFyIkYsKWSxaSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MzYwOWM4OGYzOGRiYjU0OGExZjAyZjg5ZmYyOWJiNmQx
ODg2NGUwHhcNMjUwMTAyMTE0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGEyNTBlYThjODM0YWMwNGNmNDI0MDEzMzQ2YzQzNTU0YzA3ZDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGAjso836gdIeDO+fRzt6nAQX32d
QZ04AgtjEDHIDVK9uKEt4qxYK9W0C9eK4eFmziosQyl2uA5i4Nzy+tFrL+CY7YmD
oaecDxieGdoP/7LqOoe0IkrSKWcyMEAEsk23TuIj0BVKDbrm5c+rmx6asfeMN4sm
Yq4xbs4Y0jN2e0XAlEHGr8rmmMGTaRz7P86/EjNY7i29cvzljKTXnoZSVNBqHzDI
OpOwe+pM+rB84mclEYg9KSRsGiZwRfbfdWcy1s2GKThpdhhPc3g9T/jbNRj3/rKD
ePiqRx2RjiuzAFQT/Y5weR9nM76gyWCfD67QrMcZ6sQwDsVEamcTdv5AiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP2iUOqMg0rATPQkATNGxDVUwH2JMB8GA1UdIwQY
MBaAFKg2CciPONu1SKHwL4n/KbttGIZOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcURZSnlJODQyN1ZJb2ZBdmlmOHB1MjBZaGs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9lMTRmZTEtNjJhYi00NDE1LTliY2Ut
ZTQwZmUwYjA5NGIwLzEvX2FKUTZveURTc0JNOUNRQk0wYkVOVlRBZllrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9lMTRmZTEtNjJhYi00NDE1LTliY2UtZTQwZmUwYjA5NGIw
LzEvcURZSnlJODQyN1ZJb2ZBdmlmOHB1MjBZaGs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8fXMA0G
CSqGSIb3DQEBCwUAA4IBAQAuNyU98C51nz5eouiemxdDQd+IaVfxl0qhisBpIp0m
BIiWx0dmgybtSmQfAFPk0cJfy1Z3csKLB2hN9WoNow8DZYD2Fn/uoR3GbZ9TpVgu
ASXAkj0kNtnN07wROeb0daxBFzMEFbsL6egPu3rUQsP6ZxuD3vwxq+xPA4bskfXL
vtpmvsbDjdKIguwJZPZgXi0RTJGlt3j5/IL8B1ffVUC+o5ezUJZ0loAgp5q5JbNB
jRpIJkpYexfPV2dlXbkX06Qt16DID8wIayGAlC9DTKzeQRLqXG0AJ1H5LlfYouer
IUGPEDpXJNW/7GJHYmWS2OZndkiZdwSjgxsh/7IKWdSw
-----END CERTIFICATE-----