Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/lMnxmNh0WyR-ZyXRmR4VxessOW0.roa
File:                     lMnxmNh0WyR-ZyXRmR4VxessOW0.roa (raw, json)
Hash identifier:          d+d+I0SIA2DkllPKcjDwQF5GfnIiXguhQ7tmZZ0v1io=
Subject key identifier:   94:C9:F1:98:D8:74:5B:24:7E:67:25:D1:99:1E:15:C5:EB:2C:39:6D
Certificate issuer:       /CN=7d0213e3e7ebe6170a3600a8e3ae64ed962c0e36
Certificate serial:       019425212309351FCF573FB3E9FF8505028D
Authority key identifier: 7D:02:13:E3:E7:EB:E6:17:0A:36:00:A8:E3:AE:64:ED:96:2C:0E:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/lMnxmNh0WyR-ZyXRmR4VxessOW0.roa
Signing time:             Thu 02 Jan 2025 03:48:36 +0000
ROA not before:           Thu 02 Jan 2025 03:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13026
IP address blocks:        91.222.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:23:09:35:1f:cf:57:3f:b3:e9:ff:85:05:02:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d0213e3e7ebe6170a3600a8e3ae64ed962c0e36
        Validity
            Not Before: Jan  2 03:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=94c9f198d8745b247e6725d1991e15c5eb2c396d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:56:fe:a0:2c:9a:2b:05:ca:2a:84:cf:b5:ba:
                    7a:32:08:6e:d3:92:b9:08:ca:05:5f:7c:c0:6f:2d:
                    da:1c:ea:eb:93:c1:64:ea:50:41:83:0d:e0:d4:61:
                    2d:9a:4f:21:17:93:b6:01:ca:ae:09:be:11:ff:eb:
                    e3:5c:1c:0e:d4:1f:f6:cd:9b:9c:e6:31:ae:f9:22:
                    3c:de:e8:58:a9:ab:e8:7e:72:7b:b9:db:40:d6:93:
                    76:11:0f:8e:2a:7d:4c:39:59:d4:62:dd:5c:c3:11:
                    11:44:5f:cc:d6:df:e5:6d:fa:b4:37:9f:f8:c4:ce:
                    0d:cf:a2:1e:91:76:19:1f:04:4e:cd:34:20:de:c0:
                    29:00:00:6e:c6:a1:56:77:a3:66:8b:3a:79:1b:36:
                    3a:f9:54:f2:f2:93:31:47:2e:df:3b:4a:ad:af:95:
                    12:5f:f0:14:78:fe:67:c5:66:6d:c8:b0:22:47:f9:
                    12:b3:f1:2a:2f:24:e2:08:3a:6f:53:41:fd:e0:bd:
                    7b:97:24:7d:5c:ec:38:61:0f:e8:36:49:75:3a:ac:
                    68:38:a8:d0:35:e3:7a:38:51:2d:e0:ce:57:64:78:
                    8d:c1:cc:14:81:19:aa:4e:95:45:11:28:ce:b9:9d:
                    bd:55:60:ad:0b:dd:a7:f3:b6:e5:34:2b:a8:60:67:
                    66:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:C9:F1:98:D8:74:5B:24:7E:67:25:D1:99:1E:15:C5:EB:2C:39:6D
            X509v3 Authority Key Identifier:
                keyid:7D:02:13:E3:E7:EB:E6:17:0A:36:00:A8:E3:AE:64:ED:96:2C:0E:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQIT4-fr5hcKNgCo465k7ZYsDjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/lMnxmNh0WyR-ZyXRmR4VxessOW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/821dc2-6766-4988-b777-03532140ef52/1/fQIT4-fr5hcKNgCo465k7ZYsDjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:f3:af:a8:cb:29:c6:a2:3d:58:44:1f:3b:e8:a6:3a:f2:22:
         74:92:33:fd:c0:eb:df:01:b1:2f:dc:c0:51:f8:34:79:7c:5d:
         ab:ac:89:f3:e2:0b:0c:55:ae:0e:f7:63:e5:d6:ba:b1:98:eb:
         99:25:16:df:34:61:e2:39:e5:e8:ee:6d:75:6d:91:8d:e1:a5:
         71:48:3e:73:39:3b:08:1a:ab:bf:6e:b7:a1:49:3a:0a:fb:85:
         4b:90:19:79:0c:15:88:c7:bd:9b:dc:42:ad:20:42:b5:c7:24:
         fb:b1:b7:c0:97:64:1a:2a:e3:49:fb:8f:77:0d:80:e6:cd:d8:
         f4:d2:f3:52:af:92:16:1b:45:af:ae:aa:8c:a7:2e:9e:e9:be:
         0c:b1:e5:09:59:99:07:d4:d6:20:49:1c:a2:86:6b:48:00:2c:
         34:ac:a4:e7:ac:01:df:0b:2a:20:c2:4c:b6:79:f9:69:b4:3e:
         5d:ce:df:02:b6:ad:06:9e:03:24:3f:42:80:5d:50:47:78:4c:
         75:37:8d:9a:7f:4f:cb:d9:67:df:b7:8e:5e:8a:ae:b7:e9:d5:
         16:92:ff:1c:1e:52:bf:99:7d:18:fe:50:bb:f8:3d:5f:b8:8f:
         fc:85:36:eb:34:fb:e8:23:cf:e3:c2:24:fa:fa:21:bd:61:93:
         0c:8e:61:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlISMJNR/PVz+z6f+FBQKNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDIxM2UzZTdlYmU2MTcwYTM2MDBhOGUzYWU2NGVkOTYy
YzBlMzYwHhcNMjUwMTAyMDM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGM5ZjE5OGQ4NzQ1YjI0N2U2NzI1ZDE5OTFlMTVjNWViMmMzOTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVb+oCyaKwXKKoTPtbp6Mghu05K5
CMoFX3zAby3aHOrrk8Fk6lBBgw3g1GEtmk8hF5O2AcquCb4R/+vjXBwO1B/2zZuc
5jGu+SI83uhYqavofnJ7udtA1pN2EQ+OKn1MOVnUYt1cwxERRF/M1t/lbfq0N5/4
xM4Nz6IekXYZHwROzTQg3sApAABuxqFWd6Nmizp5GzY6+VTy8pMxRy7fO0qtr5US
X/AUeP5nxWZtyLAiR/kSs/EqLyTiCDpvU0H94L17lyR9XOw4YQ/oNkl1OqxoOKjQ
NeN6OFEt4M5XZHiNwcwUgRmqTpVFESjOuZ29VWCtC92n87blNCuoYGdmhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJTJ8ZjYdFskfmcl0ZkeFcXrLDltMB8GA1UdIwQY
MBaAFH0CE+Pn6+YXCjYAqOOuZO2WLA42MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFJVDQtZnI1aGNLTmdDbzQ2NWs3WllzRGpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84MjFkYzItNjc2Ni00OTg4LWI3Nzct
MDM1MzIxNDBlZjUyLzEvbE1ueG1OaDBXeVItWnlYUm1SNFZ4ZXNzT1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84MjFkYzItNjc2Ni00OTg4LWI3NzctMDM1MzIxNDBlZjUy
LzEvZlFJVDQtZnI1aGNLTmdDbzQ2NWs3WllzRGpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW95cMA0G
CSqGSIb3DQEBCwUAA4IBAQCr86+oyynGoj1YRB876KY68iJ0kjP9wOvfAbEv3MBR
+DR5fF2rrInz4gsMVa4O92Pl1rqxmOuZJRbfNGHiOeXo7m11bZGN4aVxSD5zOTsI
Gqu/brehSToK+4VLkBl5DBWIx72b3EKtIEK1xyT7sbfAl2QaKuNJ+493DYDmzdj0
0vNSr5IWG0WvrqqMpy6e6b4MseUJWZkH1NYgSRyihmtIACw0rKTnrAHfCyogwky2
eflptD5dzt8Ctq0GngMkP0KAXVBHeEx1N42af0/L2Wfft45eiq636dUWkv8cHlK/
mX0Y/lC7+D1fuI/8hTbrNPvoI8/jwiT6+iG9YZMMjmEP
-----END CERTIFICATE-----