Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/pZ2-rl1wvNOlZXWq6r9tiMcpCLE.roa
File:                     pZ2-rl1wvNOlZXWq6r9tiMcpCLE.roa (raw, json)
Hash identifier:          UTgRZg+3/3Y1WSaSgU/Ax1MIkqu5a18zaZd2IsaahgY=
Subject key identifier:   A5:9D:BE:AE:5D:70:BC:D3:A5:65:75:AA:EA:BF:6D:88:C7:29:08:B1
Certificate issuer:       /CN=cf6843ce15229a8023d97fa27a37e59278b2bfd7
Certificate serial:       019426D9260D361B3611D66E6611E8C2D0C6
Authority key identifier: CF:68:43:CE:15:22:9A:80:23:D9:7F:A2:7A:37:E5:92:78:B2:BF:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z2hDzhUimoAj2X-iejflkniyv9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/pZ2-rl1wvNOlZXWq6r9tiMcpCLE.roa
Signing time:             Thu 02 Jan 2025 11:49:12 +0000
ROA not before:           Thu 02 Jan 2025 11:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197944
IP address blocks:        91.230.90.0/24 maxlen: 24
                          2001:67c:24dc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/z2hDzhUimoAj2X-iejflkniyv9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/z2hDzhUimoAj2X-iejflkniyv9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z2hDzhUimoAj2X-iejflkniyv9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:26:0d:36:1b:36:11:d6:6e:66:11:e8:c2:d0:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf6843ce15229a8023d97fa27a37e59278b2bfd7
        Validity
            Not Before: Jan  2 11:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a59dbeae5d70bcd3a56575aaeabf6d88c72908b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f7:5b:d9:19:c5:09:69:7b:f3:29:29:53:2c:
                    b0:24:7b:43:ae:da:80:70:40:e9:5c:d3:42:3d:f6:
                    99:02:ce:fe:25:30:90:3f:11:1d:13:43:48:ab:0f:
                    1b:13:e3:61:4b:2a:60:c2:c2:d0:e8:14:bb:5b:a9:
                    d1:fe:49:92:32:97:56:a6:87:90:0d:3a:b6:fc:88:
                    22:4c:25:47:b1:f9:18:86:1b:9c:90:7e:3d:a7:fc:
                    9e:8f:25:5c:c3:91:5f:a1:24:35:67:84:77:3c:78:
                    ce:10:2b:1d:91:86:5a:4d:cf:34:f0:f6:80:d1:48:
                    7d:5d:12:44:f4:05:91:7a:25:07:9e:5d:70:6a:6d:
                    01:98:3d:46:05:69:6f:0c:09:00:4a:fc:1a:23:97:
                    b3:98:c5:d0:3e:ee:dc:f5:66:8f:48:97:74:d6:92:
                    36:45:60:29:51:3c:a1:76:58:2e:42:8f:92:5a:82:
                    05:77:3d:83:b4:3c:b1:ec:30:1d:de:db:a5:3a:db:
                    68:a5:b7:23:36:9d:0b:35:09:86:9c:a5:49:e2:21:
                    2c:b5:e2:e7:d2:ca:49:a5:cc:91:8e:50:9f:05:de:
                    6f:99:77:24:6b:87:63:47:4c:0e:03:3c:6f:a8:c4:
                    b1:04:89:c1:e9:65:ed:44:fe:93:8d:65:1d:41:5a:
                    3e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:9D:BE:AE:5D:70:BC:D3:A5:65:75:AA:EA:BF:6D:88:C7:29:08:B1
            X509v3 Authority Key Identifier:
                keyid:CF:68:43:CE:15:22:9A:80:23:D9:7F:A2:7A:37:E5:92:78:B2:BF:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z2hDzhUimoAj2X-iejflkniyv9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/pZ2-rl1wvNOlZXWq6r9tiMcpCLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/761b48-69ea-40e4-8d7c-64cd194f7f4f/1/z2hDzhUimoAj2X-iejflkniyv9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.90.0/24
                IPv6:
                  2001:67c:24dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:1a:58:46:91:78:84:c4:a3:d3:2e:0f:18:2f:e0:cd:6d:a1:
         d6:c6:1c:4d:01:46:f9:24:c1:fb:3c:9d:a8:b2:17:10:9c:34:
         d3:2d:39:8f:0e:f5:b0:9c:7b:05:a3:e2:0c:d4:3a:ec:76:a6:
         1d:68:62:58:a6:00:c4:ee:27:98:c3:60:10:0d:63:4b:29:ac:
         8f:21:0e:92:bc:47:87:29:78:bd:c7:20:6f:37:ce:7a:9f:48:
         a5:16:ea:79:7f:38:12:4d:ae:0d:89:11:98:f5:73:43:69:3e:
         2f:43:fe:dd:b3:a8:76:d4:70:39:b6:11:88:71:a3:61:c6:99:
         b5:e8:b4:dd:43:ea:4a:53:37:99:f6:77:e5:0d:73:ac:e4:a6:
         80:f6:71:66:4a:37:87:76:05:06:7a:94:45:96:28:54:b9:14:
         c5:4f:dc:89:a1:89:4b:59:a7:81:95:f3:15:f6:87:8a:9c:11:
         e3:d7:d4:27:ba:54:4b:5d:82:7c:ce:7a:60:c3:9a:ee:4c:4d:
         f1:df:1c:1d:38:90:c7:a7:a8:f7:a8:0d:5f:a0:36:4e:7f:9a:
         bd:44:42:0e:02:8c:45:e1:1a:63:55:69:d7:42:f7:f3:5c:26:
         80:cc:40:29:db:d6:32:3e:49:29:ee:8c:ec:72:ac:6d:ca:dc:
         5e:71:59:6f
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQm2SYNNhs2EdZuZhHowtDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNjg0M2NlMTUyMjlhODAyM2Q5N2ZhMjdhMzdlNTkyNzhi
MmJmZDcwHhcNMjUwMTAyMTE0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTlkYmVhZTVkNzBiY2QzYTU2NTc1YWFlYWJmNmQ4OGM3MjkwOGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/db2RnFCWl78ykpUyywJHtDrtqA
cEDpXNNCPfaZAs7+JTCQPxEdE0NIqw8bE+NhSypgwsLQ6BS7W6nR/kmSMpdWpoeQ
DTq2/IgiTCVHsfkYhhuckH49p/yejyVcw5FfoSQ1Z4R3PHjOECsdkYZaTc808PaA
0Uh9XRJE9AWReiUHnl1wam0BmD1GBWlvDAkASvwaI5ezmMXQPu7c9WaPSJd01pI2
RWApUTyhdlguQo+SWoIFdz2DtDyx7DAd3tulOttopbcjNp0LNQmGnKVJ4iEsteLn
0spJpcyRjlCfBd5vmXcka4djR0wOAzxvqMSxBInB6WXtRP6TjWUdQVo+uQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKWdvq5dcLzTpWV1quq/bYjHKQixMB8GA1UdIwQY
MBaAFM9oQ84VIpqAI9l/ono35ZJ4sr/XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejJoRHpoVWltb0FqMlgtaWVqZmxrbml5djljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy83NjFiNDgtNjllYS00MGU0LThkN2Mt
NjRjZDE5NGY3ZjRmLzEvcFoyLXJsMXd2Tk9sWlhXcTZyOXRpTWNwQ0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy83NjFiNDgtNjllYS00MGU0LThkN2MtNjRjZDE5NGY3ZjRm
LzEvejJoRHpoVWltb0FqMlgtaWVqZmxrbml5djljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+ZaMA8E
AgACMAkDBwAgAQZ8JNwwDQYJKoZIhvcNAQELBQADggEBADQaWEaReITEo9MuDxgv
4M1todbGHE0BRvkkwfs8naiyFxCcNNMtOY8O9bCcewWj4gzUOux2ph1oYlimAMTu
J5jDYBANY0sprI8hDpK8R4cpeL3HIG83znqfSKUW6nl/OBJNrg2JEZj1c0NpPi9D
/t2zqHbUcDm2EYhxo2HGmbXotN1D6kpTN5n2d+UNc6zkpoD2cWZKN4d2BQZ6lEWW
KFS5FMVP3ImhiUtZp4GV8xX2h4qcEePX1Ce6VEtdgnzOemDDmu5MTfHfHB04kMen
qPeoDV+gNk5/mr1EQg4CjEXhGmNVaddC9/NcJoDMQCnb1jI+SSnujOxyrG3K3F5x
WW8=
-----END CERTIFICATE-----