Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/IS0smRtY_UHklMsTV-a11MXxvnU.roa
File:                     IS0smRtY_UHklMsTV-a11MXxvnU.roa (raw, json)
Hash identifier:          1NEqhD+uaMSbaGDtUxTmaG/oRgFCvJ6p9cklS658oe4=
Subject key identifier:   21:2D:2C:99:1B:58:FD:41:E4:94:CB:13:57:E6:B5:D4:C5:F1:BE:75
Certificate issuer:       /CN=dac633a14cac7c7a0922ffd980de5f278a3be267
Certificate serial:       01942143ADF27F599F9BF5B5BFFBE3DC384C
Authority key identifier: DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/IS0smRtY_UHklMsTV-a11MXxvnU.roa
Signing time:             Wed 01 Jan 2025 09:47:51 +0000
ROA not before:           Wed 01 Jan 2025 09:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        91.233.61.0/24 maxlen: 24
                          213.5.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 07:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ad:f2:7f:59:9f:9b:f5:b5:bf:fb:e3:dc:38:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac633a14cac7c7a0922ffd980de5f278a3be267
        Validity
            Not Before: Jan  1 09:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=212d2c991b58fd41e494cb1357e6b5d4c5f1be75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:fd:08:24:32:79:97:0e:6b:12:d7:60:1a:8b:
                    08:fa:b3:6b:bd:d6:5a:ad:d2:49:19:65:ad:1d:b3:
                    ae:81:4c:8c:8a:b9:14:6b:18:ca:cf:97:a8:ca:9d:
                    82:e7:a5:e7:6f:a5:59:95:7c:d3:ab:24:36:bf:98:
                    b3:8d:bf:07:38:f3:1f:64:04:b9:33:bf:0f:93:58:
                    35:94:a0:8e:91:50:27:a0:3d:78:42:4f:10:a8:19:
                    fd:71:7c:a3:7e:a8:de:b2:b6:7a:d8:7f:8f:12:c5:
                    d5:49:3f:63:2c:e1:0a:98:dc:e9:7f:ad:51:96:5e:
                    95:fb:2f:1a:2d:12:a2:2d:4a:53:36:f6:ec:82:7a:
                    47:ec:d9:a6:c8:d3:da:1b:fd:39:93:52:80:8c:91:
                    aa:f9:e8:e1:1d:b5:96:21:15:b2:16:ec:2e:de:85:
                    94:93:26:d2:e6:15:c6:4d:70:ff:af:25:a2:cf:fd:
                    54:f9:31:74:61:10:3a:2d:24:20:9f:e6:fd:52:06:
                    6e:c4:b6:d2:f6:fd:dd:a8:b2:10:25:88:9d:3c:32:
                    93:96:2d:98:3c:ba:20:2a:6a:59:bf:af:18:6b:43:
                    1c:3f:da:12:4f:9f:40:81:55:41:11:60:dd:30:2f:
                    db:4d:f6:1e:5e:49:4f:d3:12:b4:2a:18:fb:a1:1e:
                    12:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:2D:2C:99:1B:58:FD:41:E4:94:CB:13:57:E6:B5:D4:C5:F1:BE:75
            X509v3 Authority Key Identifier:
                keyid:DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/IS0smRtY_UHklMsTV-a11MXxvnU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.61.0/24
                  213.5.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:2a:26:50:a0:64:c1:9c:63:8d:0f:c4:99:bc:0d:b1:9a:81:
         7c:11:06:ac:9e:d4:8a:7e:16:f1:4b:bf:92:6d:61:6a:dc:15:
         51:6e:17:1c:ad:20:82:77:da:a1:a4:f9:45:dc:63:49:7e:58:
         69:8f:b7:6e:78:f7:a1:a9:ea:84:bf:c9:2d:87:e5:de:65:23:
         ae:13:0f:96:fa:ad:3b:79:be:49:61:38:d6:d3:f6:2c:57:58:
         19:44:fe:5d:5d:26:3d:6d:d0:29:f6:ac:cf:f6:63:22:ff:e9:
         88:53:be:84:a9:e6:4d:cb:c8:91:4e:f5:63:b8:8a:85:83:2d:
         6d:ae:f7:b5:e9:05:6b:49:8b:e4:e0:49:7a:dc:1f:7c:ca:ac:
         d5:06:09:98:d7:ac:45:e1:66:8b:d4:82:81:93:ad:5d:c2:2f:
         cc:1f:46:8e:34:78:c5:c0:4f:7c:05:78:d0:6a:b1:2a:8c:4b:
         4c:6a:a7:78:b5:ed:19:a2:55:b4:e9:c9:83:c7:75:22:da:68:
         d8:58:a1:46:ab:cd:dd:ad:31:4c:2b:22:9f:df:8a:61:69:fe:
         5d:e8:2e:94:37:a2:20:09:8d:68:b1:aa:da:ad:93:7e:57:9f:
         96:10:12:b5:65:df:a1:9f:ab:13:49:1e:6d:d0:a6:04:59:be:
         ce:cd:68:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ63yf1mfm/W1v/vj3DhMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzYzM2ExNGNhYzdjN2EwOTIyZmZkOTgwZGU1ZjI3OGEz
YmUyNjcwHhcNMjUwMTAxMDk0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTJkMmM5OTFiNThmZDQxZTQ5NGNiMTM1N2U2YjVkNGM1ZjFiZTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv0IJDJ5lw5rEtdgGosI+rNrvdZa
rdJJGWWtHbOugUyMirkUaxjKz5eoyp2C56Xnb6VZlXzTqyQ2v5izjb8HOPMfZAS5
M78Pk1g1lKCOkVAnoD14Qk8QqBn9cXyjfqjesrZ62H+PEsXVST9jLOEKmNzpf61R
ll6V+y8aLRKiLUpTNvbsgnpH7NmmyNPaG/05k1KAjJGq+ejhHbWWIRWyFuwu3oWU
kybS5hXGTXD/ryWiz/1U+TF0YRA6LSQgn+b9UgZuxLbS9v3dqLIQJYidPDKTli2Y
PLogKmpZv68Ya0McP9oST59AgVVBEWDdMC/bTfYeXklP0xK0Khj7oR4SCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCEtLJkbWP1B5JTLE1fmtdTF8b51MB8GA1UdIwQY
MBaAFNrGM6FMrHx6CSL/2YDeXyeKO+JnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWIt
MjQ1MTVhMTRjNDU2LzEvSVMwc21SdFlfVUhrbE1zVFYtYTExTVh4dm5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWItMjQ1MTVhMTRjNDU2
LzEvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+k9AwQA
1QXiMA0GCSqGSIb3DQEBCwUAA4IBAQBjKiZQoGTBnGOND8SZvA2xmoF8EQasntSK
fhbxS7+SbWFq3BVRbhccrSCCd9qhpPlF3GNJflhpj7duePehqeqEv8kth+XeZSOu
Ew+W+q07eb5JYTjW0/YsV1gZRP5dXSY9bdAp9qzP9mMi/+mIU76EqeZNy8iRTvVj
uIqFgy1trve16QVrSYvk4El63B98yqzVBgmY16xF4WaL1IKBk61dwi/MH0aONHjF
wE98BXjQarEqjEtMaqd4te0ZolW06cmDx3Ui2mjYWKFGq83drTFMKyKf34phaf5d
6C6UN6IgCY1osararZN+V5+WEBK1Zd+hn6sTSR5t0KYEWb7OzWgU
-----END CERTIFICATE-----