Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/ga2NxvzjVumF5thvPvomOtqub-A.roa
File:                     ga2NxvzjVumF5thvPvomOtqub-A.roa (raw, json)
Hash identifier:          Fnu74FvZlaTUv1bGjbnayDCXm216CFcy4KRgAcWl9Rk=
Subject key identifier:   81:AD:8D:C6:FC:E3:56:E9:85:E6:D8:6F:3E:FA:26:3A:DA:AE:6F:E0
Certificate issuer:       /CN=576b22f2790597484bf96915a83543c194b3fd1e
Certificate serial:       019427B56CB24E1079E5B5260BEB56570385
Authority key identifier: 57:6B:22:F2:79:05:97:48:4B:F9:69:15:A8:35:43:C1:94:B3:FD:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V2si8nkFl0hL-WkVqDVDwZSz_R4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/ga2NxvzjVumF5thvPvomOtqub-A.roa
Signing time:             Thu 02 Jan 2025 15:49:48 +0000
ROA not before:           Thu 02 Jan 2025 15:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47869
IP address blocks:        91.229.60.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/V2si8nkFl0hL-WkVqDVDwZSz_R4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/V2si8nkFl0hL-WkVqDVDwZSz_R4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V2si8nkFl0hL-WkVqDVDwZSz_R4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:6c:b2:4e:10:79:e5:b5:26:0b:eb:56:57:03:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=576b22f2790597484bf96915a83543c194b3fd1e
        Validity
            Not Before: Jan  2 15:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=81ad8dc6fce356e985e6d86f3efa263adaae6fe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ba:a7:58:3d:e7:1d:59:c3:52:a1:9b:db:d4:
                    bd:ce:59:6f:dc:dc:5a:b5:3e:fc:7b:63:35:6a:f4:
                    89:df:cf:6d:31:df:d9:dd:6b:a7:38:6c:28:14:cd:
                    2e:b2:42:a2:32:96:41:6d:2d:1c:58:34:f7:13:34:
                    f6:f8:c5:63:28:e9:c6:e0:02:74:13:af:3b:08:f8:
                    ae:76:57:dc:bf:5c:e1:50:1d:93:75:a3:52:8f:53:
                    7c:ec:d7:ed:8d:fc:87:02:4b:55:ee:ee:28:fd:9c:
                    3a:68:9d:52:1b:24:0b:ea:16:1a:94:3a:4e:56:fe:
                    86:8b:e1:f6:2f:6b:e8:c2:e4:e1:7a:b5:6a:ba:ff:
                    00:62:a8:98:05:ef:df:03:36:28:29:6d:a9:39:36:
                    fe:20:e3:c6:b5:00:f5:b6:cf:9d:81:e1:af:ba:26:
                    6b:b7:d3:19:18:b6:02:35:c8:aa:16:22:96:2a:fd:
                    c7:61:4d:98:de:04:32:1f:45:67:fb:78:43:48:f4:
                    8c:c2:a5:65:b3:b3:f4:cc:f5:1f:fc:5c:fa:89:1b:
                    f8:30:d9:f6:51:8d:24:7c:04:10:73:87:37:39:f5:
                    c5:52:3f:ba:fa:21:1f:cd:c0:0e:7f:03:e1:21:d2:
                    32:17:5f:51:36:ec:d6:ac:37:4b:cd:54:e5:e0:b2:
                    7b:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:AD:8D:C6:FC:E3:56:E9:85:E6:D8:6F:3E:FA:26:3A:DA:AE:6F:E0
            X509v3 Authority Key Identifier:
                keyid:57:6B:22:F2:79:05:97:48:4B:F9:69:15:A8:35:43:C1:94:B3:FD:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V2si8nkFl0hL-WkVqDVDwZSz_R4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/ga2NxvzjVumF5thvPvomOtqub-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/6efac4-d75a-425d-9157-aee6eb28514d/1/V2si8nkFl0hL-WkVqDVDwZSz_R4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:81:4a:75:9c:57:1f:e4:87:7c:22:1e:27:66:18:f4:ba:e5:
         ec:a7:c3:4c:86:7a:58:4e:1f:ca:c2:ab:7f:cd:a0:78:a2:7d:
         71:59:28:4e:a5:3c:9e:33:c0:9c:52:2e:f9:62:e5:d4:74:0e:
         eb:64:05:31:d9:6a:5b:8c:7b:a7:14:60:b1:a5:dc:a7:04:3f:
         f8:0e:fd:d0:26:f8:af:5a:7d:e2:7d:0a:86:41:23:28:b9:13:
         ba:4f:87:3d:9a:98:2a:06:af:2e:59:e8:34:1b:69:44:b2:61:
         9f:80:f9:d9:f0:b8:ab:d4:e8:1c:c0:01:d0:be:62:a8:21:0c:
         0f:96:9d:1c:3f:1e:c2:58:f1:61:0a:02:27:9d:f9:73:74:cb:
         e1:f1:5c:c8:49:5d:2e:da:06:e4:9f:c1:ce:a0:df:2f:c3:5e:
         93:bb:d7:7b:c6:cb:ea:55:17:51:3b:32:f7:88:f5:a9:eb:3b:
         53:c1:cd:68:83:74:ba:b2:00:b2:83:db:a3:2d:02:17:17:fa:
         83:d3:9a:08:cf:52:02:86:30:58:66:43:41:5b:88:b0:d9:84:
         67:b9:5e:44:f6:f3:55:7d:da:60:d6:63:2b:3b:65:5c:24:f9:
         ea:90:32:bd:6f:ab:8a:ea:b6:52:b9:f7:6b:8b:72:15:c9:fd:
         8b:7c:80:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntWyyThB55bUmC+tWVwOFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NmIyMmYyNzkwNTk3NDg0YmY5NjkxNWE4MzU0M2MxOTRi
M2ZkMWUwHhcNMjUwMTAyMTU0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWFkOGRjNmZjZTM1NmU5ODVlNmQ4NmYzZWZhMjYzYWRhYWU2ZmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA47qnWD3nHVnDUqGb29S9zllv3Nxa
tT78e2M1avSJ389tMd/Z3WunOGwoFM0uskKiMpZBbS0cWDT3EzT2+MVjKOnG4AJ0
E687CPiudlfcv1zhUB2TdaNSj1N87NftjfyHAktV7u4o/Zw6aJ1SGyQL6hYalDpO
Vv6Gi+H2L2vowuTherVquv8AYqiYBe/fAzYoKW2pOTb+IOPGtQD1ts+dgeGvuiZr
t9MZGLYCNciqFiKWKv3HYU2Y3gQyH0Vn+3hDSPSMwqVls7P0zPUf/Fz6iRv4MNn2
UY0kfAQQc4c3OfXFUj+6+iEfzcAOfwPhIdIyF19RNuzWrDdLzVTl4LJ70wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIGtjcb841bphebYbz76Jjrarm/gMB8GA1UdIwQY
MBaAFFdrIvJ5BZdIS/lpFag1Q8GUs/0eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjJzaThua0ZsMGhMLVdrVnFEVkR3WlN6X1I0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS82ZWZhYzQtZDc1YS00MjVkLTkxNTct
YWVlNmViMjg1MTRkLzEvZ2EyTnh2empWdW1GNXRodlB2b21PdHF1Yi1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS82ZWZhYzQtZDc1YS00MjVkLTkxNTctYWVlNmViMjg1MTRk
LzEvVjJzaThua0ZsMGhMLVdrVnFEVkR3WlN6X1I0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+U8MA0G
CSqGSIb3DQEBCwUAA4IBAQAagUp1nFcf5Id8Ih4nZhj0uuXsp8NMhnpYTh/Kwqt/
zaB4on1xWShOpTyeM8CcUi75YuXUdA7rZAUx2WpbjHunFGCxpdynBD/4Dv3QJviv
Wn3ifQqGQSMouRO6T4c9mpgqBq8uWeg0G2lEsmGfgPnZ8Lir1OgcwAHQvmKoIQwP
lp0cPx7CWPFhCgInnflzdMvh8VzISV0u2gbkn8HOoN8vw16Tu9d7xsvqVRdROzL3
iPWp6ztTwc1og3S6sgCyg9ujLQIXF/qD05oIz1IChjBYZkNBW4iw2YRnuV5E9vNV
fdpg1mMrO2VcJPnqkDK9b6uK6rZSufdri3IVyf2LfIA+
-----END CERTIFICATE-----