Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/a0ab51-9dae-410d-8fd9-08fadeb2dbe7/1/ql09cCtxf2iX9P0d2dUBPQ5PKyY.roa
File:                     ql09cCtxf2iX9P0d2dUBPQ5PKyY.roa (raw, json)
Hash identifier:          DXSDjUv3k4luzqmW9TKxBUky0r+na22MITMB3j5FLDE=
Subject key identifier:   AA:5D:3D:70:2B:71:7F:68:97:F4:FD:1D:D9:D5:01:3D:0E:4F:2B:26
Certificate issuer:       /CN=807bd62fd8d35308dbc8b1fd5f1727af57abd220
Certificate serial:       019425FC5A8190CACC2AC71E859F3369E257
Authority key identifier: 80:7B:D6:2F:D8:D3:53:08:DB:C8:B1:FD:5F:17:27:AF:57:AB:D2:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gHvWL9jTUwjbyLH9Xxcnr1er0iA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/a0ab51-9dae-410d-8fd9-08fadeb2dbe7/1/ql09cCtxf2iX9P0d2dUBPQ5PKyY.roa
Signing time:             Thu 02 Jan 2025 07:48:02 +0000
ROA not before:           Thu 02 Jan 2025 07:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48837
IP address blocks:        91.212.66.0/24 maxlen: 24
                          91.236.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/a0ab51-9dae-410d-8fd9-08fadeb2dbe7/1/gHvWL9jTUwjbyLH9Xxcnr1er0iA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/a0ab51-9dae-410d-8fd9-08fadeb2dbe7/1/gHvWL9jTUwjbyLH9Xxcnr1er0iA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gHvWL9jTUwjbyLH9Xxcnr1er0iA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:5a:81:90:ca:cc:2a:c7:1e:85:9f:33:69:e2:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=807bd62fd8d35308dbc8b1fd5f1727af57abd220
        Validity
            Not Before: Jan  2 07:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa5d3d702b717f6897f4fd1dd9d5013d0e4f2b26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:12:14:c8:46:98:f3:c4:13:49:62:43:7b:13:
                    70:6a:a6:10:cb:37:64:44:0b:d7:29:88:dd:62:a6:
                    f0:f2:a9:9d:55:cc:b5:15:40:3a:1b:f9:da:d4:cb:
                    d4:2f:ef:5e:1d:77:76:7d:d8:e6:03:d2:13:61:4e:
                    a4:13:f1:5e:11:17:fd:3f:cf:39:ca:d9:ed:ec:e6:
                    ce:74:53:39:7f:82:78:2d:20:ba:cc:62:5c:0f:06:
                    1b:af:d9:a4:75:0e:87:81:ce:61:c9:e6:0b:9f:67:
                    25:72:31:40:d4:d3:8d:31:01:9b:79:3a:00:27:26:
                    84:e2:2b:a1:82:f5:57:34:c3:25:48:c0:76:19:0f:
                    79:03:60:33:b5:90:86:58:da:eb:5e:f7:4b:42:4a:
                    56:10:2e:42:4e:6f:66:25:c5:b4:ca:cf:d9:0d:0b:
                    30:de:1c:4e:a8:31:5d:48:7b:17:0c:3f:80:af:1d:
                    3e:e9:52:a3:03:29:02:2c:7b:db:4f:32:40:ff:13:
                    dc:25:ad:6b:0b:01:ad:35:01:34:19:45:bc:14:91:
                    a9:df:09:cc:c8:28:f6:4d:ba:64:81:82:1d:e9:c1:
                    5d:1a:a4:75:b0:07:fc:f9:04:ed:92:0f:7f:7d:32:
                    c1:2c:c6:85:9e:f4:f7:93:86:41:bc:cb:b2:86:10:
                    d9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:5D:3D:70:2B:71:7F:68:97:F4:FD:1D:D9:D5:01:3D:0E:4F:2B:26
            X509v3 Authority Key Identifier:
                keyid:80:7B:D6:2F:D8:D3:53:08:DB:C8:B1:FD:5F:17:27:AF:57:AB:D2:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gHvWL9jTUwjbyLH9Xxcnr1er0iA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/a0ab51-9dae-410d-8fd9-08fadeb2dbe7/1/ql09cCtxf2iX9P0d2dUBPQ5PKyY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/a0ab51-9dae-410d-8fd9-08fadeb2dbe7/1/gHvWL9jTUwjbyLH9Xxcnr1er0iA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.66.0/24
                  91.236.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:fd:4d:7a:25:69:71:0b:ba:c8:da:07:d2:e6:9a:20:3f:06:
         d7:e3:b7:e0:64:59:90:c2:b2:a2:ca:b2:d5:7d:0d:8e:2b:5e:
         70:b1:30:33:26:99:a8:ae:85:57:71:9b:9e:fd:a3:30:fc:3f:
         e7:9c:6a:0c:02:dc:73:1f:bd:15:92:b4:2b:24:95:15:fa:f1:
         8a:14:c4:24:6c:ea:f7:0d:a3:45:e0:78:aa:bc:88:39:9b:43:
         f6:c6:d0:11:96:56:b6:f7:c4:ad:b3:af:93:77:bc:9b:16:4f:
         7b:92:bf:5f:85:8d:6b:39:24:a2:02:42:12:a9:b7:6f:c6:32:
         dc:59:b3:42:9c:93:87:ed:aa:32:a8:ed:20:58:9f:12:27:19:
         47:d2:1f:94:58:31:2d:38:4b:1c:c4:9c:38:45:88:e7:bf:25:
         84:b0:d8:2d:59:3b:41:d5:38:f4:ee:0f:9f:04:bc:e1:ad:b7:
         27:b0:8f:25:52:83:87:63:16:9a:ef:12:81:16:34:3d:b0:d8:
         e5:70:12:81:03:b5:a3:c9:ee:03:54:af:1b:ae:90:a8:7f:9b:
         f3:34:f1:c4:ef:88:62:0f:04:5c:b8:94:b6:d6:64:bd:d7:3f:
         a8:d5:0b:8e:cb:15:b2:47:cc:63:2f:c9:2f:2c:16:46:44:4b:
         f9:76:0d:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/FqBkMrMKscehZ8zaeJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwN2JkNjJmZDhkMzUzMDhkYmM4YjFmZDVmMTcyN2FmNTdh
YmQyMjAwHhcNMjUwMTAyMDc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTVkM2Q3MDJiNzE3ZjY4OTdmNGZkMWRkOWQ1MDEzZDBlNGYyYjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8hIUyEaY88QTSWJDexNwaqYQyzdk
RAvXKYjdYqbw8qmdVcy1FUA6G/na1MvUL+9eHXd2fdjmA9ITYU6kE/FeERf9P885
ytnt7ObOdFM5f4J4LSC6zGJcDwYbr9mkdQ6Hgc5hyeYLn2clcjFA1NONMQGbeToA
JyaE4iuhgvVXNMMlSMB2GQ95A2AztZCGWNrrXvdLQkpWEC5CTm9mJcW0ys/ZDQsw
3hxOqDFdSHsXDD+Arx0+6VKjAykCLHvbTzJA/xPcJa1rCwGtNQE0GUW8FJGp3wnM
yCj2TbpkgYId6cFdGqR1sAf8+QTtkg9/fTLBLMaFnvT3k4ZBvMuyhhDZKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKpdPXArcX9ol/T9HdnVAT0OTysmMB8GA1UdIwQY
MBaAFIB71i/Y01MI28ix/V8XJ69Xq9IgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0h2V0w5alRVd2pieUxIOVh4Y25yMWVyMGlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9hMGFiNTEtOWRhZS00MTBkLThmZDkt
MDhmYWRlYjJkYmU3LzEvcWwwOWNDdHhmMmlYOVAwZDJkVUJQUTVQS3lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9hMGFiNTEtOWRhZS00MTBkLThmZDktMDhmYWRlYjJkYmU3
LzEvZ0h2V0w5alRVd2pieUxIOVh4Y25yMWVyMGlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9RCAwQA
W+w6MA0GCSqGSIb3DQEBCwUAA4IBAQDP/U16JWlxC7rI2gfS5pogPwbX47fgZFmQ
wrKiyrLVfQ2OK15wsTAzJpmoroVXcZue/aMw/D/nnGoMAtxzH70VkrQrJJUV+vGK
FMQkbOr3DaNF4HiqvIg5m0P2xtARlla298Sts6+Td7ybFk97kr9fhY1rOSSiAkIS
qbdvxjLcWbNCnJOH7aoyqO0gWJ8SJxlH0h+UWDEtOEscxJw4RYjnvyWEsNgtWTtB
1Tj07g+fBLzhrbcnsI8lUoOHYxaa7xKBFjQ9sNjlcBKBA7Wjye4DVK8brpCof5vz
NPHE74hiDwRcuJS21mS91z+o1QuOyxWyR8xjL8kvLBZGREv5dg07
-----END CERTIFICATE-----