Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/241b4b-fed6-45e9-b6ec-751c74e67d38/1/zpBMm6HxMUHmJwqr2rmSKoKB2bg.roa
File:                     zpBMm6HxMUHmJwqr2rmSKoKB2bg.roa (raw, json)
Hash identifier:          FLvqa8zzZ3ZZAEci8ilv1vdBvy58LVCZTsnN+c5v/BA=
Subject key identifier:   CE:90:4C:9B:A1:F1:31:41:E6:27:0A:AB:DA:B9:92:2A:82:81:D9:B8
Certificate issuer:       /CN=bb2cf1ed105c5c1dc527bcd0f149fe9449ebd326
Certificate serial:       0194266BB978E44ECBA718F3DA0A46766327
Authority key identifier: BB:2C:F1:ED:10:5C:5C:1D:C5:27:BC:D0:F1:49:FE:94:49:EB:D3:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uyzx7RBcXB3FJ7zQ8Un-lEnr0yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/241b4b-fed6-45e9-b6ec-751c74e67d38/1/zpBMm6HxMUHmJwqr2rmSKoKB2bg.roa
Signing time:             Thu 02 Jan 2025 09:49:41 +0000
ROA not before:           Thu 02 Jan 2025 09:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        91.209.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/241b4b-fed6-45e9-b6ec-751c74e67d38/1/uyzx7RBcXB3FJ7zQ8Un-lEnr0yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/241b4b-fed6-45e9-b6ec-751c74e67d38/1/uyzx7RBcXB3FJ7zQ8Un-lEnr0yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uyzx7RBcXB3FJ7zQ8Un-lEnr0yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:b9:78:e4:4e:cb:a7:18:f3:da:0a:46:76:63:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bb2cf1ed105c5c1dc527bcd0f149fe9449ebd326
        Validity
            Not Before: Jan  2 09:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce904c9ba1f13141e6270aabdab9922a8281d9b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c7:05:09:bf:0a:4b:70:02:5a:30:ae:17:1f:
                    d3:88:07:4e:dc:e3:78:94:2a:b3:ff:f6:fd:30:ae:
                    63:a6:a9:d6:fe:6e:fa:e3:8a:7a:38:42:ff:a0:df:
                    42:d0:9e:08:71:1b:87:6b:b1:50:b4:be:e6:82:a9:
                    ca:47:04:74:6a:1e:76:64:fb:66:95:5d:0e:b9:79:
                    4d:27:ed:31:5e:41:27:ed:36:64:18:92:ed:27:98:
                    00:26:8c:06:4a:de:db:0e:b3:a2:f8:42:45:30:d8:
                    e7:34:f0:61:27:15:53:f6:ae:04:9a:21:39:b6:af:
                    ab:7c:6f:77:91:f4:3f:51:b2:dd:3e:10:e6:dd:ab:
                    eb:27:ae:5f:dd:0f:19:ce:57:22:c6:b7:5c:9e:b9:
                    cb:04:d6:41:61:d6:a0:68:46:f7:6d:42:c3:40:84:
                    98:8c:8b:2d:ec:85:3f:ea:e2:7b:f4:b2:c5:a6:ca:
                    28:51:04:ec:4a:69:19:3c:87:c3:86:6b:a4:61:73:
                    fc:ab:d5:16:11:9c:23:95:4d:aa:63:30:5b:cf:c4:
                    c4:ed:d4:63:3f:2a:a6:b0:f5:00:64:bf:f4:ae:8c:
                    e5:ae:66:a2:4c:ba:e6:2d:ce:af:04:05:f2:35:5b:
                    ac:ff:44:7d:88:35:61:9e:a8:92:2c:6c:bc:18:66:
                    57:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:90:4C:9B:A1:F1:31:41:E6:27:0A:AB:DA:B9:92:2A:82:81:D9:B8
            X509v3 Authority Key Identifier:
                keyid:BB:2C:F1:ED:10:5C:5C:1D:C5:27:BC:D0:F1:49:FE:94:49:EB:D3:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uyzx7RBcXB3FJ7zQ8Un-lEnr0yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/241b4b-fed6-45e9-b6ec-751c74e67d38/1/zpBMm6HxMUHmJwqr2rmSKoKB2bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/241b4b-fed6-45e9-b6ec-751c74e67d38/1/uyzx7RBcXB3FJ7zQ8Un-lEnr0yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:1c:b2:d3:ee:76:38:7a:54:00:17:3c:ac:57:6d:a3:f8:bf:
         fd:ed:e1:79:1a:47:27:b3:29:5c:4a:bc:6b:96:86:79:d8:30:
         1e:ac:21:95:2b:45:67:10:eb:93:b4:cf:20:f4:9a:d1:fd:61:
         1f:61:5d:ac:3c:a3:d8:b9:a0:e8:3b:3d:42:0d:2f:f5:2f:5d:
         af:e6:79:65:40:12:f4:36:6d:1f:61:46:dc:14:74:09:e1:88:
         3f:ba:b2:67:c1:17:dd:25:5f:dc:39:c1:31:30:ca:0c:76:6e:
         95:59:f4:8e:67:14:5b:93:f0:8e:0a:a8:2b:b9:86:d6:f4:82:
         e1:20:ea:f0:c0:3d:8f:81:08:64:60:18:66:8f:ee:f0:a4:76:
         81:5a:77:bc:f4:42:8c:3c:7b:b6:37:f7:35:28:49:50:c4:67:
         26:d5:1f:9e:0c:56:d1:30:44:ad:c2:1e:68:c6:a5:61:2e:b0:
         c6:15:b6:79:e1:32:ba:7d:50:95:58:e1:8f:90:69:1a:e3:d4:
         4b:78:f1:6d:ca:2c:ec:d7:e3:c9:0f:a4:18:d9:66:8d:c5:4a:
         97:25:d0:dc:18:74:3f:64:c9:fb:bb:e8:6f:8c:20:7c:93:ce:
         0e:e6:78:9d:d0:2a:15:50:c9:a5:e3:fc:9d:48:61:60:20:eb:
         ff:e0:11:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma7l45E7Lpxjz2gpGdmMnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiMmNmMWVkMTA1YzVjMWRjNTI3YmNkMGYxNDlmZTk0NDll
YmQzMjYwHhcNMjUwMTAyMDk0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTkwNGM5YmExZjEzMTQxZTYyNzBhYWJkYWI5OTIyYTgyODFkOWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0scFCb8KS3ACWjCuFx/TiAdO3ON4
lCqz//b9MK5jpqnW/m7644p6OEL/oN9C0J4IcRuHa7FQtL7mgqnKRwR0ah52ZPtm
lV0OuXlNJ+0xXkEn7TZkGJLtJ5gAJowGSt7bDrOi+EJFMNjnNPBhJxVT9q4EmiE5
tq+rfG93kfQ/UbLdPhDm3avrJ65f3Q8ZzlcixrdcnrnLBNZBYdagaEb3bULDQISY
jIst7IU/6uJ79LLFpsooUQTsSmkZPIfDhmukYXP8q9UWEZwjlU2qYzBbz8TE7dRj
PyqmsPUAZL/0rozlrmaiTLrmLc6vBAXyNVus/0R9iDVhnqiSLGy8GGZXgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM6QTJuh8TFB5icKq9q5kiqCgdm4MB8GA1UdIwQY
MBaAFLss8e0QXFwdxSe80PFJ/pRJ69MmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXl6eDdSQmNYQjNGSjd6UThVbi1sRW5yMHlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS8yNDFiNGItZmVkNi00NWU5LWI2ZWMt
NzUxYzc0ZTY3ZDM4LzEvenBCTW02SHhNVUhtSndxcjJybVNLb0tCMmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS8yNDFiNGItZmVkNi00NWU5LWI2ZWMtNzUxYzc0ZTY3ZDM4
LzEvdXl6eDdSQmNYQjNGSjd6UThVbi1sRW5yMHlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GeMA0G
CSqGSIb3DQEBCwUAA4IBAQCKHLLT7nY4elQAFzysV22j+L/97eF5GkcnsylcSrxr
loZ52DAerCGVK0VnEOuTtM8g9JrR/WEfYV2sPKPYuaDoOz1CDS/1L12v5nllQBL0
Nm0fYUbcFHQJ4Yg/urJnwRfdJV/cOcExMMoMdm6VWfSOZxRbk/COCqgruYbW9ILh
IOrwwD2PgQhkYBhmj+7wpHaBWne89EKMPHu2N/c1KElQxGcm1R+eDFbRMEStwh5o
xqVhLrDGFbZ54TK6fVCVWOGPkGka49RLePFtyizs1+PJD6QY2WaNxUqXJdDcGHQ/
ZMn7u+hvjCB8k84O5nid0CoVUMml4/ydSGFgIOv/4BEL
-----END CERTIFICATE-----