Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/q0S2JKhPWU0nKYQYQ4aLM1sQrQI.roa
File:                     q0S2JKhPWU0nKYQYQ4aLM1sQrQI.roa (raw, json)
Hash identifier:          PNBzPS9/9e99UCzcF1j/kcGteP3girm7x054QUNP620=
Subject key identifier:   AB:44:B6:24:A8:4F:59:4D:27:29:84:18:43:86:8B:33:5B:10:AD:02
Certificate issuer:       /CN=2f6f07cead06a4f811547600bac02faf0cc084c9
Certificate serial:       018CC4254CFAADDD077BF15E875CFF561F89
Authority key identifier: 2F:6F:07:CE:AD:06:A4:F8:11:54:76:00:BA:C0:2F:AF:0C:C0:84:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L28Hzq0GpPgRVHYAusAvrwzAhMk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/q0S2JKhPWU0nKYQYQ4aLM1sQrQI.roa
Signing time:             Mon 01 Jan 2024 08:30:27 +0000
ROA not before:           Mon 01 Jan 2024 08:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209497
IP address blocks:        149.3.172.0/24 maxlen: 24
                          149.3.174.0/24 maxlen: 24
                          149.3.175.0/24 maxlen: 24
                          149.3.173.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/L28Hzq0GpPgRVHYAusAvrwzAhMk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/L28Hzq0GpPgRVHYAusAvrwzAhMk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L28Hzq0GpPgRVHYAusAvrwzAhMk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:4c:fa:ad:dd:07:7b:f1:5e:87:5c:ff:56:1f:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f6f07cead06a4f811547600bac02faf0cc084c9
        Validity
            Not Before: Jan  1 08:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ab44b624a84f594d2729841843868b335b10ad02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:98:7e:f3:d5:f1:c9:a5:cb:c1:37:26:0c:7d:
                    35:d1:66:2a:fc:f8:8e:ec:bd:39:b9:79:bf:30:cc:
                    e3:2b:2f:9a:d4:f6:c4:d7:f4:67:ee:ec:a6:95:61:
                    7a:41:16:78:33:e8:7c:54:77:23:6a:65:11:01:7c:
                    5a:98:de:5c:cb:be:27:98:db:f4:6c:41:95:25:f0:
                    7b:1c:f9:5b:11:96:f8:fa:3a:3e:60:fe:41:b7:94:
                    46:dd:b7:36:1c:da:e2:9e:15:a0:ea:97:92:db:c8:
                    20:ea:54:e9:6a:bc:be:ab:08:7d:e6:1d:9d:5c:af:
                    18:d8:72:94:ad:41:6a:68:4a:a7:60:68:86:a9:b2:
                    73:70:ee:5f:05:2f:b8:8f:be:97:ae:b3:cf:fb:8d:
                    05:cb:28:8a:61:f7:0f:02:d0:d6:2d:97:2f:66:6b:
                    74:47:f4:2d:1d:1a:e3:1f:3d:3e:ca:00:5b:cc:07:
                    64:70:6a:a7:2f:b9:0b:03:97:84:7d:e9:80:3e:44:
                    dd:c0:ac:f9:8b:a3:a3:70:15:e8:6d:64:f7:bb:e6:
                    16:cd:07:d6:a0:98:1c:48:3b:b3:2f:7a:f5:59:80:
                    96:68:35:76:6a:5e:d4:b8:22:07:04:73:3b:54:3b:
                    ea:5e:c3:c5:80:a5:a5:88:1f:8d:7d:b6:30:6b:fe:
                    32:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:44:B6:24:A8:4F:59:4D:27:29:84:18:43:86:8B:33:5B:10:AD:02
            X509v3 Authority Key Identifier:
                keyid:2F:6F:07:CE:AD:06:A4:F8:11:54:76:00:BA:C0:2F:AF:0C:C0:84:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L28Hzq0GpPgRVHYAusAvrwzAhMk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/q0S2JKhPWU0nKYQYQ4aLM1sQrQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/ead6c4-9fe1-4fee-9760-047cbc310ccb/1/L28Hzq0GpPgRVHYAusAvrwzAhMk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.3.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         79:17:9d:dd:14:e0:b0:dc:b1:7b:52:35:8c:15:0b:64:bd:9f:
         e3:99:4b:53:ed:a6:8e:00:a6:63:3d:c0:29:2d:31:23:ac:fa:
         71:99:4c:b8:0a:11:d0:58:b7:9f:0a:dd:bd:c2:83:d8:24:ec:
         f6:60:83:1d:63:8b:71:56:54:8d:2e:56:9d:ed:c1:45:eb:c4:
         f8:73:59:28:04:6d:16:0e:29:a6:47:b2:cd:29:0a:e8:93:0a:
         c2:d0:87:5e:d2:8d:d4:45:5f:13:f1:b5:18:ff:4e:06:91:bf:
         0a:51:06:b6:e9:27:92:f8:b9:0c:df:78:a7:cd:65:f2:41:ac:
         7e:00:3d:1e:f0:41:60:6b:48:23:aa:7e:db:a7:2e:6d:2e:b2:
         34:4b:b9:58:b2:ff:b9:a2:a8:6c:ab:75:d7:4c:8c:b1:25:86:
         23:99:17:30:1b:7a:61:f2:6a:63:d6:b7:41:a1:0d:0d:46:9d:
         d9:f6:f0:4d:c0:57:df:5a:75:2b:82:36:ed:e6:d7:77:6d:b8:
         92:6b:cc:ad:fb:04:06:6f:ed:1c:b0:18:43:09:2a:1b:16:b1:
         60:b3:cb:8e:76:32:d7:1f:1e:01:d8:fb:32:6b:fb:ea:ea:0f:
         49:4c:01:43:32:ce:01:bd:03:08:89:ef:63:ea:1e:5c:30:bc:
         82:fe:ac:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUz6rd0He/Feh1z/Vh+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmNmYwN2NlYWQwNmE0ZjgxMTU0NzYwMGJhYzAyZmFmMGNj
MDg0YzkwHhcNMjQwMTAxMDgzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjQ0YjYyNGE4NGY1OTRkMjcyOTg0MTg0Mzg2OGIzMzViMTBhZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJh+89XxyaXLwTcmDH010WYq/PiO
7L05uXm/MMzjKy+a1PbE1/Rn7uymlWF6QRZ4M+h8VHcjamURAXxamN5cy74nmNv0
bEGVJfB7HPlbEZb4+jo+YP5Bt5RG3bc2HNrinhWg6peS28gg6lTpary+qwh95h2d
XK8Y2HKUrUFqaEqnYGiGqbJzcO5fBS+4j76XrrPP+40FyyiKYfcPAtDWLZcvZmt0
R/QtHRrjHz0+ygBbzAdkcGqnL7kLA5eEfemAPkTdwKz5i6OjcBXobWT3u+YWzQfW
oJgcSDuzL3r1WYCWaDV2al7UuCIHBHM7VDvqXsPFgKWliB+NfbYwa/4y8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKtEtiSoT1lNJymEGEOGizNbEK0CMB8GA1UdIwQY
MBaAFC9vB86tBqT4EVR2ALrAL68MwITJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDI4SHpxMEdwUGdSVkhZQXVzQXZyd3pBaE1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9lYWQ2YzQtOWZlMS00ZmVlLTk3NjAt
MDQ3Y2JjMzEwY2NiLzEvcTBTMkpLaFBXVTBuS1lRWVE0YUxNMXNRclFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9lYWQ2YzQtOWZlMS00ZmVlLTk3NjAtMDQ3Y2JjMzEwY2Ni
LzEvTDI4SHpxMEdwUGdSVkhZQXVzQXZyd3pBaE1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQClQOsMA0G
CSqGSIb3DQEBCwUAA4IBAQB5F53dFOCw3LF7UjWMFQtkvZ/jmUtT7aaOAKZjPcAp
LTEjrPpxmUy4ChHQWLefCt29woPYJOz2YIMdY4txVlSNLlad7cFF68T4c1koBG0W
DimmR7LNKQrokwrC0Ide0o3URV8T8bUY/04Gkb8KUQa26SeS+LkM33inzWXyQax+
AD0e8EFga0gjqn7bpy5tLrI0S7lYsv+5oqhsq3XXTIyxJYYjmRcwG3ph8mpj1rdB
oQ0NRp3Z9vBNwFffWnUrgjbt5td3bbiSa8yt+wQGb+0csBhDCSobFrFgs8uOdjLX
Hx4B2Psya/vq6g9JTAFDMs4BvQMIie9j6h5cMLyC/qxs
-----END CERTIFICATE-----