Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/2qbv-Pz4jvP3wMojh-nzxxXsgEA.roa
File:                     2qbv-Pz4jvP3wMojh-nzxxXsgEA.roa (raw, json)
Hash identifier:          6+tOpgdGlSlIz8zd2wwUoB5CJwy5U+RYKeXiB03sSqI=
Subject key identifier:   DA:A6:EF:F8:FC:F8:8E:F3:F7:C0:CA:23:87:E9:F3:C7:15:EC:80:40
Certificate issuer:       /CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
Certificate serial:       0194282380D6175BB3C41EC89A9D5D6C3169
Authority key identifier: 1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/2qbv-Pz4jvP3wMojh-nzxxXsgEA.roa
Signing time:             Thu 02 Jan 2025 17:50:02 +0000
ROA not before:           Thu 02 Jan 2025 17:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        91.149.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 09:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:80:d6:17:5b:b3:c4:1e:c8:9a:9d:5d:6c:31:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1acb6376a1648d49d55e4d7b01371367b0dc2af9
        Validity
            Not Before: Jan  2 17:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=daa6eff8fcf88ef3f7c0ca2387e9f3c715ec8040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:46:6d:b9:39:b7:94:d8:de:41:91:bd:d3:dc:
                    a0:27:80:b7:13:47:0c:c7:87:36:93:7f:40:d5:a8:
                    8e:97:8f:43:9d:03:36:71:7a:e6:8f:54:d5:1a:0e:
                    02:84:4e:b5:c9:87:10:c0:fc:44:12:aa:1b:bd:57:
                    7b:bf:0e:f5:19:c3:c5:35:c9:bb:04:4c:cd:e2:84:
                    62:c7:b4:c1:ce:e0:5c:31:be:b5:11:eb:8d:5c:cf:
                    91:87:9d:8a:9d:9b:76:1e:fe:47:70:da:e8:49:e7:
                    92:a9:e7:27:f9:28:5c:33:81:5f:ad:1f:d8:3d:53:
                    eb:33:e0:9d:e7:2f:8e:cf:ee:03:f1:ab:d1:df:c0:
                    25:d0:a0:20:ae:44:49:8c:d8:36:ee:6d:e7:1f:75:
                    f8:82:2e:bc:51:cf:52:33:13:83:4a:84:dc:e4:6c:
                    fa:d0:05:79:62:2b:e3:12:9e:1b:98:0c:66:58:69:
                    38:50:33:85:e0:bc:fa:f0:c1:65:50:79:2e:61:47:
                    be:b3:d0:90:fd:02:0e:85:e9:d8:85:99:31:5d:ed:
                    57:5f:bf:5a:d9:27:4c:df:79:4c:fe:bc:16:ca:6d:
                    a4:4b:a0:9f:24:b0:5d:99:a4:38:19:43:3b:b9:a3:
                    25:5d:aa:e3:c2:e4:06:5f:40:8c:59:a6:f6:9d:ca:
                    db:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A6:EF:F8:FC:F8:8E:F3:F7:C0:CA:23:87:E9:F3:C7:15:EC:80:40
            X509v3 Authority Key Identifier:
                keyid:1A:CB:63:76:A1:64:8D:49:D5:5E:4D:7B:01:37:13:67:B0:DC:2A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GstjdqFkjUnVXk17ATcTZ7DcKvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/2qbv-Pz4jvP3wMojh-nzxxXsgEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/7247b0-4989-43ea-9350-7a936751db1b/1/GstjdqFkjUnVXk17ATcTZ7DcKvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.149.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:a0:8a:c4:65:d3:05:c5:1d:ec:71:cb:71:87:8c:fd:36:7e:
         05:0e:51:93:3d:06:02:1f:e7:fd:f9:10:75:90:d4:87:01:97:
         78:4c:81:0e:a6:ca:c5:19:71:ba:26:fe:e1:d5:bf:49:0c:89:
         5d:d4:da:c0:cc:39:d9:5f:29:6d:78:a0:ff:03:41:ac:ef:35:
         e5:24:67:af:d8:df:15:65:0f:19:dc:ac:46:27:0c:46:5c:64:
         ce:a9:b0:bd:df:a9:ac:99:9d:68:d8:ac:da:fe:8c:1f:62:31:
         4d:c2:e6:c0:47:72:06:4c:2d:81:bb:87:a2:b4:25:54:62:65:
         e5:78:4c:36:eb:ca:48:64:f5:42:80:1d:87:ef:03:4a:08:17:
         9d:7c:ce:6b:d4:20:92:02:14:d4:e8:78:2e:74:93:5b:cf:b6:
         83:1b:a4:8c:be:5f:92:3f:85:18:fe:0d:47:8c:45:57:c5:34:
         f1:39:ea:10:6e:4f:73:c5:e0:b1:ac:51:26:67:f8:40:e6:61:
         24:24:4c:11:e3:55:07:01:fe:b6:6b:ee:22:06:7f:f2:c6:b8:
         44:e3:ea:c5:d7:0d:19:31:80:bf:2f:65:d4:fd:b9:d7:e5:56:
         09:48:b9:d3:8e:4d:ff:82:6d:37:d1:23:2a:df:07:1f:68:ba:
         2a:bf:cd:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI4DWF1uzxB7Imp1dbDFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2I2Mzc2YTE2NDhkNDlkNTVlNGQ3YjAxMzcxMzY3YjBk
YzJhZjkwHhcNMjUwMTAyMTc1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWE2ZWZmOGZjZjg4ZWYzZjdjMGNhMjM4N2U5ZjNjNzE1ZWM4MDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA70ZtuTm3lNjeQZG909ygJ4C3E0cM
x4c2k39A1aiOl49DnQM2cXrmj1TVGg4ChE61yYcQwPxEEqobvVd7vw71GcPFNcm7
BEzN4oRix7TBzuBcMb61EeuNXM+Rh52KnZt2Hv5HcNroSeeSqecn+ShcM4FfrR/Y
PVPrM+Cd5y+Oz+4D8avR38Al0KAgrkRJjNg27m3nH3X4gi68Uc9SMxODSoTc5Gz6
0AV5YivjEp4bmAxmWGk4UDOF4Lz68MFlUHkuYUe+s9CQ/QIOhenYhZkxXe1XX79a
2SdM33lM/rwWym2kS6CfJLBdmaQ4GUM7uaMlXarjwuQGX0CMWab2ncrbUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNqm7/j8+I7z98DKI4fp88cV7IBAMB8GA1UdIwQY
MBaAFBrLY3ahZI1J1V5NewE3E2ew3Cr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAt
N2E5MzY3NTFkYjFiLzEvMnFidi1QejRqdlAzd01vamgtbnp4eFhzZ0VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS83MjQ3YjAtNDk4OS00M2VhLTkzNTAtN2E5MzY3NTFkYjFi
LzEvR3N0amRxRmtqVW5WWGsxN0FUY1RaN0RjS3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW5XAMA0G
CSqGSIb3DQEBCwUAA4IBAQAxoIrEZdMFxR3scctxh4z9Nn4FDlGTPQYCH+f9+RB1
kNSHAZd4TIEOpsrFGXG6Jv7h1b9JDIld1NrAzDnZXylteKD/A0Gs7zXlJGev2N8V
ZQ8Z3KxGJwxGXGTOqbC936msmZ1o2Kza/owfYjFNwubAR3IGTC2Bu4eitCVUYmXl
eEw268pIZPVCgB2H7wNKCBedfM5r1CCSAhTU6HgudJNbz7aDG6SMvl+SP4UY/g1H
jEVXxTTxOeoQbk9zxeCxrFEmZ/hA5mEkJEwR41UHAf62a+4iBn/yxrhE4+rF1w0Z
MYC/L2XU/bnX5VYJSLnTjk3/gm030SMq3wcfaLoqv82p
-----END CERTIFICATE-----