Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/42252e-0321-4da2-92f4-35a0241a4301/1/aOjeQ_LFlj3ColO7fwm2y03noI8.roa
File:                     aOjeQ_LFlj3ColO7fwm2y03noI8.roa (raw, json)
Hash identifier:          ZPkI6QIM1mrIPNFFrmXcy/CvfmDUl8kYYI0d126tg6Q=
Subject key identifier:   68:E8:DE:43:F2:C5:96:3D:C2:A2:53:BB:7F:09:B6:CB:4D:E7:A0:8F
Certificate issuer:       /CN=3e34b02edc7c2878f94c5104cafa8978afb6752d
Certificate serial:       0194222024DF0EDF2AB16C75BC126CF7D9AB
Authority key identifier: 3E:34:B0:2E:DC:7C:28:78:F9:4C:51:04:CA:FA:89:78:AF:B6:75:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PjSwLtx8KHj5TFEEyvqJeK-2dS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/42252e-0321-4da2-92f4-35a0241a4301/1/aOjeQ_LFlj3ColO7fwm2y03noI8.roa
Signing time:             Wed 01 Jan 2025 13:48:39 +0000
ROA not before:           Wed 01 Jan 2025 13:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55002
IP address blocks:        91.212.110.0/24 maxlen: 24
                          194.102.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/42252e-0321-4da2-92f4-35a0241a4301/1/PjSwLtx8KHj5TFEEyvqJeK-2dS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/42252e-0321-4da2-92f4-35a0241a4301/1/PjSwLtx8KHj5TFEEyvqJeK-2dS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PjSwLtx8KHj5TFEEyvqJeK-2dS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 13:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:24:df:0e:df:2a:b1:6c:75:bc:12:6c:f7:d9:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e34b02edc7c2878f94c5104cafa8978afb6752d
        Validity
            Not Before: Jan  1 13:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68e8de43f2c5963dc2a253bb7f09b6cb4de7a08f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:2f:35:c8:14:34:10:fd:c0:c8:4d:33:cd:0d:
                    40:8a:bd:1e:47:5e:aa:37:58:45:b2:2a:c4:95:9f:
                    58:e9:f6:a5:fc:41:7e:bc:6e:3e:67:53:83:ce:ad:
                    fb:f0:78:5d:ea:3b:8b:cd:b3:db:4e:e9:20:15:2d:
                    bd:d4:97:2f:9c:b1:9c:2d:6d:70:d5:65:78:8e:c4:
                    20:d1:24:ae:86:29:66:66:b7:be:6e:15:b3:93:4e:
                    0c:f3:0a:52:e2:7b:0f:87:fb:ee:ef:96:96:99:04:
                    df:8c:38:ee:1b:35:ab:ca:91:58:e5:ab:bf:7d:75:
                    17:28:ae:2d:fe:12:d7:5d:75:58:58:36:c9:d8:c9:
                    33:4f:4e:d5:d5:5f:b8:30:eb:08:c7:20:06:52:bb:
                    22:75:3b:54:3a:f5:73:b5:7d:28:84:c0:df:02:b4:
                    c6:fc:7a:ac:6e:13:00:f6:fa:d7:c7:49:97:1c:7d:
                    bc:4e:99:d7:75:84:f6:12:00:c7:48:f9:ab:82:5f:
                    04:5a:86:33:02:0e:98:5c:95:a3:0c:5c:34:b1:04:
                    96:c7:ba:17:26:91:f3:31:a1:f2:d1:90:ea:5f:17:
                    85:b6:23:7f:94:f4:4d:d6:b8:8a:93:f8:cd:a8:a4:
                    a3:4a:69:90:0d:ed:11:0e:ac:81:6d:28:a4:90:d4:
                    11:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:E8:DE:43:F2:C5:96:3D:C2:A2:53:BB:7F:09:B6:CB:4D:E7:A0:8F
            X509v3 Authority Key Identifier:
                keyid:3E:34:B0:2E:DC:7C:28:78:F9:4C:51:04:CA:FA:89:78:AF:B6:75:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PjSwLtx8KHj5TFEEyvqJeK-2dS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/42252e-0321-4da2-92f4-35a0241a4301/1/aOjeQ_LFlj3ColO7fwm2y03noI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/42252e-0321-4da2-92f4-35a0241a4301/1/PjSwLtx8KHj5TFEEyvqJeK-2dS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.110.0/24
                  194.102.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:01:0d:fd:04:97:ad:28:7f:b9:3a:7d:dc:4e:ae:a4:02:e3:
         3a:9d:00:21:52:a4:ff:90:c6:97:8b:3e:15:c8:20:17:ec:9e:
         9b:b6:68:27:fd:0f:2a:9f:c9:2d:bb:82:53:52:1d:a7:9e:3b:
         7e:2c:59:7f:36:a4:64:b9:89:41:59:55:24:2a:1b:f6:9e:70:
         1e:c8:92:86:0c:21:f3:c8:a1:3e:7f:43:6e:87:fe:0b:72:39:
         57:a5:b8:9b:fe:c2:1f:c2:09:e7:4e:06:a5:01:09:d0:9d:b2:
         5e:9e:ac:94:c0:a2:97:87:81:db:33:1f:25:cf:78:9e:66:d0:
         85:3d:44:5e:6d:82:f3:c7:59:74:c7:df:b5:5f:12:af:d9:c2:
         1b:6f:ef:8a:ba:3e:46:dc:6e:19:11:53:31:3a:1d:ec:a7:4e:
         2d:c5:a3:ff:cc:50:29:e3:72:90:19:49:ad:30:fc:8f:fb:3e:
         60:a4:35:07:c3:71:db:42:90:21:70:f2:18:76:65:8e:62:90:
         da:56:9c:a3:1a:31:1d:bd:da:38:3e:a5:3c:e0:a7:e1:0a:9b:
         e3:7d:25:23:5a:e6:ed:1a:36:a1:c0:2c:8d:8e:53:d7:3e:c6:
         2f:fb:3a:18:21:14:f9:ad:0c:ae:69:d3:44:2d:20:d8:81:97:
         b2:09:96:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiICTfDt8qsWx1vBJs99mrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMzRiMDJlZGM3YzI4NzhmOTRjNTEwNGNhZmE4OTc4YWZi
Njc1MmQwHhcNMjUwMTAxMTM0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGU4ZGU0M2YyYzU5NjNkYzJhMjUzYmI3ZjA5YjZjYjRkZTdhMDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7C81yBQ0EP3AyE0zzQ1Air0eR16q
N1hFsirElZ9Y6fal/EF+vG4+Z1ODzq378Hhd6juLzbPbTukgFS291JcvnLGcLW1w
1WV4jsQg0SSuhilmZre+bhWzk04M8wpS4nsPh/vu75aWmQTfjDjuGzWrypFY5au/
fXUXKK4t/hLXXXVYWDbJ2MkzT07V1V+4MOsIxyAGUrsidTtUOvVztX0ohMDfArTG
/HqsbhMA9vrXx0mXHH28TpnXdYT2EgDHSPmrgl8EWoYzAg6YXJWjDFw0sQSWx7oX
JpHzMaHy0ZDqXxeFtiN/lPRN1riKk/jNqKSjSmmQDe0RDqyBbSikkNQRLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGjo3kPyxZY9wqJTu38JtstN56CPMB8GA1UdIwQY
MBaAFD40sC7cfCh4+UxRBMr6iXivtnUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGpTd0x0eDhLSGo1VEZFRXl2cUplSy0yZFMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi80MjI1MmUtMDMyMS00ZGEyLTkyZjQt
MzVhMDI0MWE0MzAxLzEvYU9qZVFfTEZsajNDb2xPN2Z3bTJ5MDNub0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi80MjI1MmUtMDMyMS00ZGEyLTkyZjQtMzVhMDI0MWE0MzAx
LzEvUGpTd0x0eDhLSGo1VEZFRXl2cUplSy0yZFMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9RuAwQA
wmbQMA0GCSqGSIb3DQEBCwUAA4IBAQCRAQ39BJetKH+5On3cTq6kAuM6nQAhUqT/
kMaXiz4VyCAX7J6btmgn/Q8qn8ktu4JTUh2nnjt+LFl/NqRkuYlBWVUkKhv2nnAe
yJKGDCHzyKE+f0Nuh/4LcjlXpbib/sIfwgnnTgalAQnQnbJenqyUwKKXh4HbMx8l
z3ieZtCFPURebYLzx1l0x9+1XxKv2cIbb++Kuj5G3G4ZEVMxOh3sp04txaP/zFAp
43KQGUmtMPyP+z5gpDUHw3HbQpAhcPIYdmWOYpDaVpyjGjEdvdo4PqU84KfhCpvj
fSUjWubtGjahwCyNjlPXPsYv+zoYIRT5rQyuadNELSDYgZeyCZaH
-----END CERTIFICATE-----