Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/AFa9BeMRC9KZa5ESZVY3qezRhqo.roa
File:                     AFa9BeMRC9KZa5ESZVY3qezRhqo.roa (raw, json)
Hash identifier:          kFgjZZQAO7DQ4A//2mPuGomN/dVKyDVTDikOVl1cxRM=
Subject key identifier:   00:56:BD:05:E3:11:0B:D2:99:6B:91:12:65:56:37:A9:EC:D1:86:AA
Certificate issuer:       /CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
Certificate serial:       019426D9D83050C3CA7E53360AB0E1AAFEC9
Authority key identifier: DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/AFa9BeMRC9KZa5ESZVY3qezRhqo.roa
Signing time:             Thu 02 Jan 2025 11:49:58 +0000
ROA not before:           Thu 02 Jan 2025 11:49:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41354
IP address blocks:        91.236.67.0/24 maxlen: 24
                          2a10:a700:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:d8:30:50:c3:ca:7e:53:36:0a:b0:e1:aa:fe:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcfae7d4e69d42e4f4c95d99f482b9a944dbefc8
        Validity
            Not Before: Jan  2 11:49:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0056bd05e3110bd2996b9112655637a9ecd186aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:08:4d:b8:74:cc:d4:b2:f1:08:a6:1d:b5:71:
                    da:22:0a:05:72:fc:19:fc:36:2c:49:78:d5:e0:86:
                    36:53:ef:30:a9:71:21:b7:df:e0:37:c6:78:75:e2:
                    1b:c4:93:ce:c4:99:4d:df:1f:c7:08:dd:d1:36:34:
                    a8:b3:5f:8f:a3:8a:af:0f:46:ea:f6:64:e8:ab:3e:
                    6f:66:6d:e4:4f:24:d2:01:0b:ab:b0:e4:f2:42:da:
                    cd:8a:b2:0d:f9:c8:71:02:61:75:1e:f4:f6:6d:76:
                    6e:28:21:3d:b9:c9:e0:d0:50:f4:e1:d7:fd:61:e9:
                    db:2c:a9:4b:ea:c6:b0:f4:4a:62:bb:27:cb:7f:09:
                    2b:8e:a1:db:b6:09:c3:34:f6:02:38:9d:a8:34:9e:
                    da:00:ae:9e:c1:1b:28:01:90:37:4f:da:a3:40:94:
                    39:26:1e:1f:41:f0:89:75:44:58:ad:7d:75:0d:89:
                    61:bc:4e:72:85:27:bc:e3:30:a6:43:de:fb:e3:59:
                    73:c2:8a:f8:ac:98:e9:89:3a:1c:b6:df:1f:03:31:
                    0f:7c:3c:13:40:52:92:42:68:b4:52:82:48:4c:2e:
                    76:f3:a7:dc:8e:0c:82:39:f7:00:58:82:b2:8e:4f:
                    80:fb:1f:7d:2b:37:db:b0:2f:fb:12:01:7a:05:b9:
                    47:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:56:BD:05:E3:11:0B:D2:99:6B:91:12:65:56:37:A9:EC:D1:86:AA
            X509v3 Authority Key Identifier:
                keyid:DC:FA:E7:D4:E6:9D:42:E4:F4:C9:5D:99:F4:82:B9:A9:44:DB:EF:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Prn1OadQuT0yV2Z9IK5qUTb78g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/AFa9BeMRC9KZa5ESZVY3qezRhqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/9342f8-df9e-45bb-972f-37273df3901c/1/3Prn1OadQuT0yV2Z9IK5qUTb78g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.67.0/24
                IPv6:
                  2a10:a700:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:0f:22:6d:2d:d7:bf:14:91:84:2e:e3:c8:f1:da:17:4e:68:
         5b:f5:10:ba:94:a2:ff:3f:fc:4e:83:0d:ab:79:2b:72:58:a7:
         df:35:1f:81:cb:c8:83:e4:2c:c7:8d:43:c9:c0:b8:17:5c:de:
         e7:a0:da:3a:d7:13:68:95:1c:f8:54:8a:06:f8:c4:5a:56:ae:
         3b:89:8f:9f:82:54:01:93:ee:1b:69:6d:33:b0:6a:b1:ea:47:
         74:be:0e:d5:69:2a:d7:74:b5:c7:8c:f0:b5:82:cd:45:4c:76:
         d5:43:45:01:b1:2c:c8:19:1c:fd:ca:84:60:fe:c3:53:2f:01:
         8e:0b:df:f8:10:73:03:25:ce:1f:40:89:6f:b6:e8:47:28:46:
         4f:af:67:61:fa:28:59:83:51:06:99:35:ed:6d:55:20:dd:6c:
         70:eb:19:a2:92:42:c2:26:d2:66:f1:b1:52:b0:15:2c:0b:62:
         9a:27:db:a3:88:43:a1:2b:dc:80:76:ce:14:ad:62:3e:0f:17:
         b0:98:a8:87:51:12:2a:a5:71:ec:36:c7:34:b8:ce:8c:06:2e:
         e2:f6:c5:4d:36:de:22:7f:00:de:0d:c4:fc:9e:0d:6d:e9:f8:
         57:de:80:00:28:e0:56:cd:26:c2:72:2a:7b:6b:75:38:d0:4a:
         eb:7b:71:a1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQm2dgwUMPKflM2CrDhqv7JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZmFlN2Q0ZTY5ZDQyZTRmNGM5NWQ5OWY0ODJiOWE5NDRk
YmVmYzgwHhcNMjUwMTAyMTE0OTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDU2YmQwNWUzMTEwYmQyOTk2YjkxMTI2NTU2MzdhOWVjZDE4NmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwhNuHTM1LLxCKYdtXHaIgoFcvwZ
/DYsSXjV4IY2U+8wqXEht9/gN8Z4deIbxJPOxJlN3x/HCN3RNjSos1+Po4qvD0bq
9mToqz5vZm3kTyTSAQursOTyQtrNirIN+chxAmF1HvT2bXZuKCE9ucng0FD04df9
YenbLKlL6saw9EpiuyfLfwkrjqHbtgnDNPYCOJ2oNJ7aAK6ewRsoAZA3T9qjQJQ5
Jh4fQfCJdURYrX11DYlhvE5yhSe84zCmQ97741lzwor4rJjpiToctt8fAzEPfDwT
QFKSQmi0UoJITC5286fcjgyCOfcAWIKyjk+A+x99KzfbsC/7EgF6BblH2wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFABWvQXjEQvSmWuREmVWN6ns0YaqMB8GA1UdIwQY
MBaAFNz659TmnULk9MldmfSCualE2+/IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYt
MzcyNzNkZjM5MDFjLzEvQUZhOUJlTVJDOUtaYTVFU1pWWTNxZXpSaHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85MzQyZjgtZGY5ZS00NWJiLTk3MmYtMzcyNzNkZjM5MDFj
LzEvM1BybjFPYWRRdVQweVYyWjlJSzVxVVRiNzhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW+xDMA8E
AgACMAkDBwAqEKcAAAMwDQYJKoZIhvcNAQELBQADggEBAIsPIm0t178UkYQu48jx
2hdOaFv1ELqUov8//E6DDat5K3JYp981H4HLyIPkLMeNQ8nAuBdc3ueg2jrXE2iV
HPhUigb4xFpWrjuJj5+CVAGT7htpbTOwarHqR3S+DtVpKtd0tceM8LWCzUVMdtVD
RQGxLMgZHP3KhGD+w1MvAY4L3/gQcwMlzh9AiW+26EcoRk+vZ2H6KFmDUQaZNe1t
VSDdbHDrGaKSQsIm0mbxsVKwFSwLYpon26OIQ6Er3IB2zhStYj4PF7CYqIdREiql
cew2xzS4zowGLuL2xU023iJ/AN4NxPyeDW3p+FfegAAo4FbNJsJyKntrdTjQSut7
caE=
-----END CERTIFICATE-----