Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/2Qr4P6TtNG8XIKkXI_c0cLDbaUc.roa
File:                     2Qr4P6TtNG8XIKkXI_c0cLDbaUc.roa (raw, json)
Hash identifier:          MYKMpqtjE4XkNANAGzzsCBedfNhF2YMsBN5+jKHyoYI=
Subject key identifier:   D9:0A:F8:3F:A4:ED:34:6F:17:20:A9:17:23:F7:34:70:B0:DB:69:47
Certificate issuer:       /CN=a4a015b2d3d3e909b602f9fdd4f6f6f618873c58
Certificate serial:       0194258F3B1D0C45D5DEEFA3CCC6BA9F1829
Authority key identifier: A4:A0:15:B2:D3:D3:E9:09:B6:02:F9:FD:D4:F6:F6:F6:18:87:3C:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pKAVstPT6Qm2Avn91Pb29hiHPFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/2Qr4P6TtNG8XIKkXI_c0cLDbaUc.roa
Signing time:             Thu 02 Jan 2025 05:48:51 +0000
ROA not before:           Thu 02 Jan 2025 05:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31424
IP address blocks:        193.17.194.0/24 maxlen: 24
                          195.191.132.0/23 maxlen: 23
                          2001:67c:358::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/pKAVstPT6Qm2Avn91Pb29hiHPFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/pKAVstPT6Qm2Avn91Pb29hiHPFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pKAVstPT6Qm2Avn91Pb29hiHPFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 05:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:3b:1d:0c:45:d5:de:ef:a3:cc:c6:ba:9f:18:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4a015b2d3d3e909b602f9fdd4f6f6f618873c58
        Validity
            Not Before: Jan  2 05:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d90af83fa4ed346f1720a91723f73470b0db6947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:05:1a:5d:9d:b7:77:a2:fe:0d:c8:85:9c:2b:
                    58:5b:93:97:d1:89:53:5a:71:8c:97:c5:f7:73:bf:
                    5a:b1:18:f3:1e:4a:b3:74:71:1c:1c:52:7a:51:a7:
                    ae:3d:e8:87:94:44:0c:ac:3d:c9:da:41:6f:cc:91:
                    64:4f:af:13:37:6e:22:14:96:ee:0c:ac:40:04:30:
                    17:3a:4c:f1:65:30:bd:74:0e:07:9f:47:82:bf:e5:
                    ee:c1:0e:ed:a6:2e:6e:80:e9:81:6a:28:d6:07:bd:
                    45:b3:8f:28:7f:9c:e0:99:b7:56:c3:41:d8:c2:8c:
                    23:4e:28:77:3f:e3:ad:3d:29:40:63:66:b3:73:86:
                    3b:4b:69:c1:cc:26:af:87:26:d7:99:42:fb:4c:b5:
                    be:8c:6b:e2:5e:af:08:54:0e:69:18:bd:6e:0c:c3:
                    d8:a1:ca:05:05:33:b9:6a:63:4f:77:bd:63:80:bb:
                    bd:53:eb:f1:fc:f4:35:28:1a:ca:85:de:79:68:8d:
                    b1:06:fb:ab:91:90:9e:d8:fa:d7:2c:43:2e:47:bd:
                    12:40:df:e8:d8:46:64:6b:a3:64:dc:d9:f0:ef:8f:
                    81:54:68:47:3d:bc:9f:c1:1c:27:cc:74:b6:eb:a6:
                    75:ba:4f:11:7b:95:d0:17:31:f5:bf:77:fa:29:b0:
                    4a:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:0A:F8:3F:A4:ED:34:6F:17:20:A9:17:23:F7:34:70:B0:DB:69:47
            X509v3 Authority Key Identifier:
                keyid:A4:A0:15:B2:D3:D3:E9:09:B6:02:F9:FD:D4:F6:F6:F6:18:87:3C:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pKAVstPT6Qm2Avn91Pb29hiHPFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/2Qr4P6TtNG8XIKkXI_c0cLDbaUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b9bda3-b611-4338-bbe8-a7dd16343297/1/pKAVstPT6Qm2Avn91Pb29hiHPFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.194.0/24
                  195.191.132.0/23
                IPv6:
                  2001:67c:358::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:e2:62:96:33:ea:31:a1:ac:46:d9:0c:ba:bd:0f:fa:1d:3e:
         70:41:bc:77:a7:39:b3:65:34:c6:3e:35:bb:a4:44:e6:ea:d0:
         a3:28:23:0a:9f:1c:d6:bd:f9:9e:1e:0d:5e:d1:a9:5d:42:7f:
         df:3f:7e:01:70:a1:39:3e:26:75:2f:e2:62:c9:7b:10:72:98:
         c5:95:26:c2:09:d1:1a:78:14:bd:c7:c5:72:4f:5e:e1:27:4e:
         91:84:4e:60:d1:fb:e3:bf:53:f6:ce:54:48:a6:0c:8a:4e:a1:
         b9:06:ba:5e:bd:b5:a4:24:fc:4a:94:49:f5:80:d0:e5:91:ef:
         56:12:d3:ad:60:1d:f8:a1:eb:af:59:47:f6:4e:5d:48:22:5d:
         8f:84:45:19:06:f3:f6:e9:a5:ba:e2:14:a3:f0:f2:7e:46:c2:
         62:97:59:c4:ea:32:27:7a:13:7a:38:f9:9e:c4:21:c5:1a:7f:
         f4:00:00:19:95:46:a4:9e:68:17:31:10:54:75:94:70:96:1a:
         51:01:ff:fc:05:a3:79:74:d4:e1:c5:53:5d:a8:b7:c0:38:66:
         47:c0:59:ce:72:d9:30:6c:87:61:e7:0d:26:2e:16:f3:a5:6e:
         1f:90:79:f6:49:09:d9:2e:9c:69:66:27:06:25:bb:7d:e5:17:
         ec:63:c8:bf
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZQljzsdDEXV3u+jzMa6nxgpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YTAxNWIyZDNkM2U5MDliNjAyZjlmZGQ0ZjZmNmY2MTg4
NzNjNTgwHhcNMjUwMTAyMDU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTBhZjgzZmE0ZWQzNDZmMTcyMGE5MTcyM2Y3MzQ3MGIwZGI2OTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwUaXZ23d6L+DciFnCtYW5OX0YlT
WnGMl8X3c79asRjzHkqzdHEcHFJ6UaeuPeiHlEQMrD3J2kFvzJFkT68TN24iFJbu
DKxABDAXOkzxZTC9dA4Hn0eCv+XuwQ7tpi5ugOmBaijWB71Fs48of5zgmbdWw0HY
wowjTih3P+OtPSlAY2azc4Y7S2nBzCavhybXmUL7TLW+jGviXq8IVA5pGL1uDMPY
ocoFBTO5amNPd71jgLu9U+vx/PQ1KBrKhd55aI2xBvurkZCe2PrXLEMuR70SQN/o
2EZka6Nk3Nnw74+BVGhHPbyfwRwnzHS266Z1uk8Re5XQFzH1v3f6KbBK5QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFNkK+D+k7TRvFyCpFyP3NHCw22lHMB8GA1UdIwQY
MBaAFKSgFbLT0+kJtgL5/dT29vYYhzxYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEtBVnN0UFQ2UW0yQXZuOTFQYjI5aGlIUEZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iOWJkYTMtYjYxMS00MzM4LWJiZTgt
YTdkZDE2MzQzMjk3LzEvMlFyNFA2VHRORzhYSUtrWElfYzBjTERiYVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iOWJkYTMtYjYxMS00MzM4LWJiZTgtYTdkZDE2MzQzMjk3
LzEvcEtBVnN0UFQ2UW0yQXZuOTFQYjI5aGlIUEZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwRHCAwQB
w7+EMA8EAgACMAkDBwAgAQZ8A1gwDQYJKoZIhvcNAQELBQADggEBAI7iYpYz6jGh
rEbZDLq9D/odPnBBvHenObNlNMY+NbukRObq0KMoIwqfHNa9+Z4eDV7RqV1Cf98/
fgFwoTk+JnUv4mLJexBymMWVJsIJ0Rp4FL3HxXJPXuEnTpGETmDR++O/U/bOVEim
DIpOobkGul69taQk/EqUSfWA0OWR71YS061gHfih669ZR/ZOXUgiXY+ERRkG8/bp
pbriFKPw8n5GwmKXWcTqMid6E3o4+Z7EIcUaf/QAABmVRqSeaBcxEFR1lHCWGlEB
//wFo3l01OHFU12ot8A4ZkfAWc5y2TBsh2HnDSYuFvOlbh+QefZJCdkunGlmJwYl
u33lF+xjyL8=
-----END CERTIFICATE-----