Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/wQpXfE9JEQ0xae3JNQ5WII9BPtg.roa
File:                     wQpXfE9JEQ0xae3JNQ5WII9BPtg.roa (raw, json)
Hash identifier:          Wc6T5r1GtvbV1icqr7Rl021bCXOyiaZtPpB0GH2eHqw=
Subject key identifier:   C1:0A:57:7C:4F:49:11:0D:31:69:ED:C9:35:0E:56:20:8F:41:3E:D8
Certificate issuer:       /CN=1aae75a26ccf8621222816a471ccb7c0d5e716e2
Certificate serial:       0194258F6682F4D3C545C09FACD05B76B33F
Authority key identifier: 1A:AE:75:A2:6C:CF:86:21:22:28:16:A4:71:CC:B7:C0:D5:E7:16:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gq51omzPhiEiKBakccy3wNXnFuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/wQpXfE9JEQ0xae3JNQ5WII9BPtg.roa
Signing time:             Thu 02 Jan 2025 05:49:01 +0000
ROA not before:           Thu 02 Jan 2025 05:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211691
IP address blocks:        91.195.22.0/24 maxlen: 24
                          91.195.23.0/24 maxlen: 24
                          2001:67c:2fe4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/Gq51omzPhiEiKBakccy3wNXnFuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/Gq51omzPhiEiKBakccy3wNXnFuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gq51omzPhiEiKBakccy3wNXnFuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:66:82:f4:d3:c5:45:c0:9f:ac:d0:5b:76:b3:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aae75a26ccf8621222816a471ccb7c0d5e716e2
        Validity
            Not Before: Jan  2 05:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c10a577c4f49110d3169edc9350e56208f413ed8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:f4:97:c6:ea:74:ba:68:aa:b0:6a:a5:b1:b1:
                    56:23:27:05:2a:4c:80:02:76:43:4c:91:78:6f:4d:
                    aa:95:65:c8:ee:90:59:fb:c8:bd:91:b5:c1:95:68:
                    3a:02:c3:76:d2:b1:56:d5:99:c9:89:9c:85:2e:ea:
                    d1:5e:8c:26:03:07:56:11:79:17:1c:29:ff:ac:79:
                    63:6f:2b:a1:f0:ad:ce:df:ae:04:d1:f8:68:a3:68:
                    94:a6:c7:f1:7d:57:33:47:98:40:3c:81:cf:7d:47:
                    fd:97:f9:1f:86:7d:1a:d4:b3:ee:6a:4e:84:10:bd:
                    cc:4a:37:d5:49:38:be:8d:44:fb:fb:e7:9e:02:69:
                    15:fb:22:50:be:a0:26:07:4e:6c:ed:b4:e7:4b:06:
                    08:f3:3a:b3:ab:08:dc:cc:b4:5c:a4:6b:f7:ae:ac:
                    b6:b5:65:98:6d:65:8f:1d:e1:ac:4f:10:27:09:ca:
                    34:cf:46:1a:b8:8b:b7:35:8a:e1:13:3a:1a:24:f8:
                    f4:54:52:32:1b:ad:a5:a5:f1:3b:8c:0b:17:ad:8d:
                    93:65:42:5e:eb:99:4e:e2:34:6c:ff:d3:02:38:6a:
                    c8:37:d7:ee:af:20:75:69:95:26:4f:17:7d:7e:16:
                    90:bc:6e:09:02:cb:79:8f:17:eb:29:e4:e0:6c:9a:
                    bc:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:0A:57:7C:4F:49:11:0D:31:69:ED:C9:35:0E:56:20:8F:41:3E:D8
            X509v3 Authority Key Identifier:
                keyid:1A:AE:75:A2:6C:CF:86:21:22:28:16:A4:71:CC:B7:C0:D5:E7:16:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gq51omzPhiEiKBakccy3wNXnFuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/wQpXfE9JEQ0xae3JNQ5WII9BPtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/8e7054-fd50-4f91-9cc7-264f0cc5ff80/1/Gq51omzPhiEiKBakccy3wNXnFuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.22.0/23
                IPv6:
                  2001:67c:2fe4::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:7a:c1:b2:2b:83:ab:35:02:af:a9:40:19:63:87:55:29:83:
         d0:fa:16:a3:f4:be:90:5d:a4:d0:de:bf:f1:45:31:42:e9:8f:
         97:f5:82:91:3d:50:7e:f5:7a:65:81:7f:e1:1b:cb:f0:c6:07:
         5e:66:7d:52:12:3f:af:ed:f8:ee:4c:52:f9:80:ee:2e:64:b1:
         ca:d3:ca:4d:7a:96:18:9b:83:b6:1b:98:23:dd:01:15:04:70:
         60:f4:25:f7:19:f5:77:76:e5:a2:f4:0c:77:8f:8b:7c:e9:df:
         d2:c8:bd:9c:a7:a7:03:19:cb:54:41:3c:62:4c:cf:b1:2a:9c:
         0b:46:2e:db:48:0c:c7:94:ca:aa:e5:58:84:3f:b2:e0:29:5b:
         8e:c2:2d:03:26:1c:c1:75:fe:2c:89:31:94:66:81:ed:bc:81:
         1d:a4:f8:44:c7:d2:a5:27:fe:d7:bb:34:98:27:ae:5f:54:8e:
         4d:99:71:f0:dc:ac:39:d3:55:7d:0b:74:de:aa:04:4b:d0:c4:
         0d:47:f2:78:34:ba:c7:73:00:a5:39:99:d2:f7:93:ea:3e:e8:
         7a:f9:36:7a:bd:5d:ad:ac:9f:f5:fa:97:a7:05:e6:ca:81:e1:
         3b:7f:f2:ab:b4:dc:83:d3:8c:24:a7:d9:36:82:61:da:19:a3:
         00:66:77:f8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlj2aC9NPFRcCfrNBbdrM/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhYWU3NWEyNmNjZjg2MjEyMjI4MTZhNDcxY2NiN2MwZDVl
NzE2ZTIwHhcNMjUwMTAyMDU0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTBhNTc3YzRmNDkxMTBkMzE2OWVkYzkzNTBlNTYyMDhmNDEzZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/SXxup0umiqsGqlsbFWIycFKkyA
AnZDTJF4b02qlWXI7pBZ+8i9kbXBlWg6AsN20rFW1ZnJiZyFLurRXowmAwdWEXkX
HCn/rHljbyuh8K3O364E0fhoo2iUpsfxfVczR5hAPIHPfUf9l/kfhn0a1LPuak6E
EL3MSjfVSTi+jUT7++eeAmkV+yJQvqAmB05s7bTnSwYI8zqzqwjczLRcpGv3rqy2
tWWYbWWPHeGsTxAnCco0z0YauIu3NYrhEzoaJPj0VFIyG62lpfE7jAsXrY2TZUJe
65lO4jRs/9MCOGrIN9furyB1aZUmTxd9fhaQvG4JAst5jxfrKeTgbJq8EQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFMEKV3xPSRENMWntyTUOViCPQT7YMB8GA1UdIwQY
MBaAFBqudaJsz4YhIigWpHHMt8DV5xbiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3E1MW9telBoaUVpS0Jha2NjeTN3TlhuRnVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy84ZTcwNTQtZmQ1MC00ZjkxLTljYzct
MjY0ZjBjYzVmZjgwLzEvd1FwWGZFOUpFUTB4YWUzSk5RNVdJSTlCUHRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy84ZTcwNTQtZmQ1MC00ZjkxLTljYzctMjY0ZjBjYzVmZjgw
LzEvR3E1MW9telBoaUVpS0Jha2NjeTN3TlhuRnVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW8MWMA8E
AgACMAkDBwAgAQZ8L+QwDQYJKoZIhvcNAQELBQADggEBACd6wbIrg6s1Aq+pQBlj
h1Upg9D6FqP0vpBdpNDev/FFMULpj5f1gpE9UH71emWBf+Eby/DGB15mfVISP6/t
+O5MUvmA7i5kscrTyk16lhibg7YbmCPdARUEcGD0JfcZ9Xd25aL0DHePi3zp39LI
vZynpwMZy1RBPGJMz7EqnAtGLttIDMeUyqrlWIQ/suApW47CLQMmHMF1/iyJMZRm
ge28gR2k+ETH0qUn/te7NJgnrl9Ujk2ZcfDcrDnTVX0LdN6qBEvQxA1H8ng0usdz
AKU5mdL3k+o+6Hr5Nnq9Xa2sn/X6l6cF5sqB4Tt/8qu03IPTjCSn2TaCYdoZowBm
d/g=
-----END CERTIFICATE-----