Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/As6vwkWGZxruqh4uQQnrE0_5Wkc.roa
File:                     As6vwkWGZxruqh4uQQnrE0_5Wkc.roa (raw, json)
Hash identifier:          +uKniDECqLf36Ns+Ibc2IgSroQKNM4uwIuCwreWx2Qo=
Subject key identifier:   02:CE:AF:C2:45:86:67:1A:EE:AA:1E:2E:41:09:EB:13:4F:F9:5A:47
Certificate issuer:       /CN=2410e4d1182515c47df36a1001b7f681e2dcf414
Certificate serial:       019424B2B83D8630C992061197D07365E05E
Authority key identifier: 24:10:E4:D1:18:25:15:C4:7D:F3:6A:10:01:B7:F6:81:E2:DC:F4:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBDk0RglFcR982oQAbf2geLc9BQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/As6vwkWGZxruqh4uQQnrE0_5Wkc.roa
Signing time:             Thu 02 Jan 2025 01:47:59 +0000
ROA not before:           Thu 02 Jan 2025 01:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49591
IP address blocks:        91.213.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/JBDk0RglFcR982oQAbf2geLc9BQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/JBDk0RglFcR982oQAbf2geLc9BQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBDk0RglFcR982oQAbf2geLc9BQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:b8:3d:86:30:c9:92:06:11:97:d0:73:65:e0:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2410e4d1182515c47df36a1001b7f681e2dcf414
        Validity
            Not Before: Jan  2 01:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=02ceafc24586671aeeaa1e2e4109eb134ff95a47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:8d:48:3b:73:29:3f:4f:86:0b:1f:27:ce:f8:
                    62:72:45:09:eb:0c:1b:26:a1:62:1c:c5:a1:fe:b2:
                    ce:d4:b2:4f:7d:cf:a4:d1:22:c7:63:88:ad:89:d9:
                    78:c3:a8:97:0d:a8:dc:49:8a:49:dc:80:43:f1:d1:
                    a9:17:df:a3:49:e6:96:09:f3:ad:0e:29:d0:1c:90:
                    b4:9a:f7:68:44:49:b3:64:82:1e:5c:66:37:58:85:
                    93:03:70:6e:11:f5:dc:dd:dd:e4:17:5b:dc:8b:57:
                    5e:87:81:25:58:0b:d5:62:80:29:95:b5:4d:64:d3:
                    45:69:61:c5:2e:94:88:25:0a:3b:ec:fb:19:86:d3:
                    0b:d4:46:f5:c2:a7:00:aa:b6:49:8b:01:74:eb:d3:
                    5f:4d:23:eb:29:d0:4d:d4:73:ee:9c:34:8b:88:08:
                    b4:55:9a:ad:cd:92:23:49:48:2c:04:56:f9:23:57:
                    83:5a:0a:ce:f4:6d:47:75:e9:df:4f:fc:7b:e6:5c:
                    4a:b5:7e:bf:1a:1e:f9:ce:cf:69:9f:6f:0d:8a:b1:
                    34:6e:70:3a:ca:1e:e7:d4:ae:0a:6a:c8:53:3c:30:
                    4b:89:0e:35:14:5e:ec:4d:f9:1c:7a:a5:c7:b2:26:
                    d2:1b:59:61:c0:f2:26:5a:f3:aa:ef:c3:01:05:27:
                    bc:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:CE:AF:C2:45:86:67:1A:EE:AA:1E:2E:41:09:EB:13:4F:F9:5A:47
            X509v3 Authority Key Identifier:
                keyid:24:10:E4:D1:18:25:15:C4:7D:F3:6A:10:01:B7:F6:81:E2:DC:F4:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBDk0RglFcR982oQAbf2geLc9BQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/As6vwkWGZxruqh4uQQnrE0_5Wkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/JBDk0RglFcR982oQAbf2geLc9BQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:75:67:91:63:e6:5b:01:69:71:9a:0a:81:cc:fd:69:c6:16:
         91:3b:d4:b2:56:9f:b9:ad:cc:29:b3:a7:90:ed:88:08:dd:9f:
         71:23:59:d7:84:81:e1:60:2e:3f:67:f0:1b:fb:63:b9:15:e7:
         a6:7e:39:36:c3:f5:cb:5e:19:f2:11:46:b0:31:9d:6b:6b:8e:
         75:79:c2:23:b3:a2:6e:0c:64:84:a6:63:e9:60:13:50:75:d8:
         23:6f:65:5f:1d:9d:76:c8:07:a1:bc:84:4d:20:cf:99:07:23:
         01:b2:0a:0a:0b:59:c5:df:2f:17:bc:d2:0e:53:cb:c9:14:28:
         21:30:35:22:af:7d:34:f0:68:77:85:19:d5:4f:8e:9b:f7:5f:
         d0:ea:3b:89:61:f4:45:f2:5d:38:f2:1e:18:51:b5:5f:5a:c0:
         25:16:e4:4b:c2:0c:74:17:82:fa:99:5e:37:74:6d:77:c1:29:
         d6:96:9b:69:0e:86:96:d4:93:51:dc:7d:cf:b1:42:c4:eb:d3:
         6f:32:06:f7:be:48:5b:55:7e:a4:ca:68:62:d7:c7:c8:06:9c:
         80:66:c5:b2:cc:55:90:f9:f1:01:b5:15:54:66:bb:18:0e:4d:
         28:40:71:ad:c3:f7:e6:e4:cd:51:cb:eb:a5:25:60:30:62:49:
         b4:3e:dd:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksrg9hjDJkgYRl9BzZeBeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTBlNGQxMTgyNTE1YzQ3ZGYzNmExMDAxYjdmNjgxZTJk
Y2Y0MTQwHhcNMjUwMTAyMDE0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmNlYWZjMjQ1ODY2NzFhZWVhYTFlMmU0MTA5ZWIxMzRmZjk1YTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAno1IO3MpP0+GCx8nzvhickUJ6wwb
JqFiHMWh/rLO1LJPfc+k0SLHY4itidl4w6iXDajcSYpJ3IBD8dGpF9+jSeaWCfOt
DinQHJC0mvdoREmzZIIeXGY3WIWTA3BuEfXc3d3kF1vci1deh4ElWAvVYoAplbVN
ZNNFaWHFLpSIJQo77PsZhtML1Eb1wqcAqrZJiwF069NfTSPrKdBN1HPunDSLiAi0
VZqtzZIjSUgsBFb5I1eDWgrO9G1HdenfT/x75lxKtX6/Gh75zs9pn28NirE0bnA6
yh7n1K4KashTPDBLiQ41FF7sTfkceqXHsibSG1lhwPImWvOq78MBBSe8EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFALOr8JFhmca7qoeLkEJ6xNP+VpHMB8GA1UdIwQY
MBaAFCQQ5NEYJRXEffNqEAG39oHi3PQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJEazBSZ2xGY1I5ODJvUUFiZjJnZUxjOUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy85NmE2YTgtZmI4MS00YTBmLWFiODMt
YTI5OWIwMjJkODRlLzEvQXM2dndrV0daeHJ1cWg0dVFRbnJFMF81V2tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy85NmE2YTgtZmI4MS00YTBmLWFiODMtYTI5OWIwMjJkODRl
LzEvSkJEazBSZ2xGY1I5ODJvUUFiZjJnZUxjOUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9U3MA0G
CSqGSIb3DQEBCwUAA4IBAQC4dWeRY+ZbAWlxmgqBzP1pxhaRO9SyVp+5rcwps6eQ
7YgI3Z9xI1nXhIHhYC4/Z/Ab+2O5Feemfjk2w/XLXhnyEUawMZ1ra451ecIjs6Ju
DGSEpmPpYBNQddgjb2VfHZ12yAehvIRNIM+ZByMBsgoKC1nF3y8XvNIOU8vJFCgh
MDUir3008Gh3hRnVT46b91/Q6juJYfRF8l048h4YUbVfWsAlFuRLwgx0F4L6mV43
dG13wSnWlptpDoaW1JNR3H3PsULE69NvMgb3vkhbVX6kymhi18fIBpyAZsWyzFWQ
+fEBtRVUZrsYDk0oQHGtw/fm5M1Ry+ulJWAwYkm0Pt1u
-----END CERTIFICATE-----