Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/oOM7QrbyKmK3sX9tSspvcF4LQYc.roa
File:                     oOM7QrbyKmK3sX9tSspvcF4LQYc.roa (raw, json)
Hash identifier:          FI0q4cfrXLcPzOiQWzP6cR+1RIpvdT5irQXBJq3jipE=
Subject key identifier:   A0:E3:3B:42:B6:F2:2A:62:B7:B1:7F:6D:4A:CA:6F:70:5E:0B:41:87
Certificate issuer:       /CN=2bc8695772f0e64f3b9a1621733cc02506f74702
Certificate serial:       0194258FA688336EC66C5B074BE290AAFDB9
Authority key identifier: 2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/oOM7QrbyKmK3sX9tSspvcF4LQYc.roa
Signing time:             Thu 02 Jan 2025 05:49:18 +0000
ROA not before:           Thu 02 Jan 2025 05:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202987
IP address blocks:        91.188.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:a6:88:33:6e:c6:6c:5b:07:4b:e2:90:aa:fd:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bc8695772f0e64f3b9a1621733cc02506f74702
        Validity
            Not Before: Jan  2 05:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0e33b42b6f22a62b7b17f6d4aca6f705e0b4187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:15:12:d5:ee:42:8d:09:f9:c2:6c:c3:05:1c:
                    e8:41:f7:84:ec:01:f0:fa:e5:5c:c6:1e:f6:d2:6f:
                    33:af:2c:d2:2b:be:8a:1f:2b:f3:ee:e0:06:c8:8d:
                    3f:26:7d:a3:d8:d3:b6:b6:3a:94:41:5f:84:99:70:
                    48:cf:d8:4e:85:3d:d3:4d:92:5a:cf:b1:55:1c:17:
                    71:4d:7f:2c:1a:74:f3:05:bd:ca:e7:06:c4:3f:fa:
                    cf:64:20:11:f2:15:0c:52:91:d2:12:44:7e:5a:8c:
                    b2:55:d3:18:55:0c:aa:5c:7b:4a:04:c1:b4:8f:d5:
                    6c:6c:62:43:dc:a1:a8:69:d7:f1:fb:5a:8e:88:61:
                    db:e3:4b:70:78:14:2a:32:be:14:b2:63:db:18:09:
                    09:ab:60:78:b1:a4:53:97:ab:ef:b7:fd:11:1c:86:
                    8f:79:ec:72:92:6f:14:b6:ae:08:ef:7b:72:27:b1:
                    eb:38:c4:e0:58:37:a0:f8:58:8d:60:06:b9:88:22:
                    ae:68:34:99:f7:4f:64:93:44:5d:7f:08:25:29:73:
                    fc:2c:b8:9d:7a:c8:83:fc:ac:41:54:08:be:e9:19:
                    a9:e2:1a:43:35:e1:51:4a:37:7f:19:c4:e9:9e:5f:
                    86:12:de:8f:24:f4:33:cc:bb:26:a2:d5:03:ff:45:
                    31:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:E3:3B:42:B6:F2:2A:62:B7:B1:7F:6D:4A:CA:6F:70:5E:0B:41:87
            X509v3 Authority Key Identifier:
                keyid:2B:C8:69:57:72:F0:E6:4F:3B:9A:16:21:73:3C:C0:25:06:F7:47:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K8hpV3Lw5k87mhYhczzAJQb3RwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/oOM7QrbyKmK3sX9tSspvcF4LQYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/cbfa9b-0291-48e3-805c-43d66a0331ec/1/K8hpV3Lw5k87mhYhczzAJQb3RwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.188.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:3c:73:9f:bc:0b:41:b4:4d:eb:0e:ee:09:90:f1:51:94:12:
         e4:1d:3f:5d:f0:75:32:b2:de:ef:06:6f:6c:5c:f1:d1:86:08:
         4e:2a:5c:d2:aa:41:dd:91:a6:a4:48:8f:c8:9d:c1:ce:55:59:
         30:91:a9:1b:30:94:b4:4c:dc:6a:1b:02:ce:79:6c:07:6d:ae:
         2b:00:cb:4c:56:c9:91:d0:1a:60:f1:00:83:b2:5f:7e:4d:91:
         14:26:fe:f5:37:c9:8a:f5:3e:58:60:4c:0b:31:d8:43:11:7f:
         17:ff:67:bd:6f:86:b9:c1:8c:b2:f8:f9:8d:6a:77:59:a4:bd:
         0e:62:c4:e3:f4:b3:94:28:5b:52:ed:5b:77:0e:1c:f2:a8:a9:
         f4:e7:80:d3:bb:e5:c4:12:fd:1d:78:96:45:2e:80:34:63:33:
         fa:7a:6e:18:da:16:68:ea:45:01:fa:e7:ec:d2:c9:5f:bb:8c:
         b5:1b:fb:a9:03:7f:dd:2c:6a:69:f4:32:7f:51:0f:c6:e9:33:
         87:e2:a0:c0:31:16:54:ce:45:01:d1:8e:18:ed:81:dd:e0:4f:
         a6:a0:7b:b2:41:e0:1c:d7:6e:34:87:15:bc:37:6a:4c:57:d5:
         a0:df:33:e1:be:d8:c6:15:6a:a9:30:3d:2e:47:02:1b:af:cc:
         e4:43:f6:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj6aIM27GbFsHS+KQqv25MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiYzg2OTU3NzJmMGU2NGYzYjlhMTYyMTczM2NjMDI1MDZm
NzQ3MDIwHhcNMjUwMTAyMDU0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGUzM2I0MmI2ZjIyYTYyYjdiMTdmNmQ0YWNhNmY3MDVlMGI0MTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBUS1e5CjQn5wmzDBRzoQfeE7AHw
+uVcxh720m8zryzSK76KHyvz7uAGyI0/Jn2j2NO2tjqUQV+EmXBIz9hOhT3TTZJa
z7FVHBdxTX8sGnTzBb3K5wbEP/rPZCAR8hUMUpHSEkR+WoyyVdMYVQyqXHtKBMG0
j9VsbGJD3KGoadfx+1qOiGHb40tweBQqMr4UsmPbGAkJq2B4saRTl6vvt/0RHIaP
eexykm8Utq4I73tyJ7HrOMTgWDeg+FiNYAa5iCKuaDSZ909kk0RdfwglKXP8LLid
esiD/KxBVAi+6Rmp4hpDNeFRSjd/GcTpnl+GEt6PJPQzzLsmotUD/0UxBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDjO0K28ipit7F/bUrKb3BeC0GHMB8GA1UdIwQY
MBaAFCvIaVdy8OZPO5oWIXM8wCUG90cCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzhocFYzTHc1azg3bWhZaGN6ekFKUWIzUndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9jYmZhOWItMDI5MS00OGUzLTgwNWMt
NDNkNjZhMDMzMWVjLzEvb09NN1FyYnlLbUszc1g5dFNzcHZjRjRMUVljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9jYmZhOWItMDI5MS00OGUzLTgwNWMtNDNkNjZhMDMzMWVj
LzEvSzhocFYzTHc1azg3bWhZaGN6ekFKUWIzUndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7zRMA0G
CSqGSIb3DQEBCwUAA4IBAQCbPHOfvAtBtE3rDu4JkPFRlBLkHT9d8HUyst7vBm9s
XPHRhghOKlzSqkHdkaakSI/IncHOVVkwkakbMJS0TNxqGwLOeWwHba4rAMtMVsmR
0Bpg8QCDsl9+TZEUJv71N8mK9T5YYEwLMdhDEX8X/2e9b4a5wYyy+PmNandZpL0O
YsTj9LOUKFtS7Vt3DhzyqKn054DTu+XEEv0deJZFLoA0YzP6em4Y2hZo6kUB+ufs
0slfu4y1G/upA3/dLGpp9DJ/UQ/G6TOH4qDAMRZUzkUB0Y4Y7YHd4E+moHuyQeAc
1240hxW8N2pMV9Wg3zPhvtjGFWqpMD0uRwIbr8zkQ/YT
-----END CERTIFICATE-----