Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/QFFtcjfxnPP_1XXIvgXoot6FiKA.roa
File:                     QFFtcjfxnPP_1XXIvgXoot6FiKA.roa (raw, json)
Hash identifier:          4PqbTJ7AYXcFn+OxbWA/7PPfn8xU9HDmXHPzQ5+eD5A=
Subject key identifier:   40:51:6D:72:37:F1:9C:F3:FF:D5:75:C8:BE:05:E8:A2:DE:85:88:A0
Certificate issuer:       /CN=0661f20fb8a7e635d7bcc94c00bed7179b7608f6
Certificate serial:       0192D31B07A1921579A0ABAC796E35DF3FFA
Authority key identifier: 06:61:F2:0F:B8:A7:E6:35:D7:BC:C9:4C:00:BE:D7:17:9B:76:08:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BmHyD7in5jXXvMlMAL7XF5t2CPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/QFFtcjfxnPP_1XXIvgXoot6FiKA.roa
Signing time:             Mon 28 Oct 2024 12:30:16 +0000
ROA not before:           Mon 28 Oct 2024 12:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57129
IP address blocks:        91.209.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/BmHyD7in5jXXvMlMAL7XF5t2CPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/BmHyD7in5jXXvMlMAL7XF5t2CPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BmHyD7in5jXXvMlMAL7XF5t2CPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d3:1b:07:a1:92:15:79:a0:ab:ac:79:6e:35:df:3f:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0661f20fb8a7e635d7bcc94c00bed7179b7608f6
        Validity
            Not Before: Oct 28 12:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=40516d7237f19cf3ffd575c8be05e8a2de8588a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f0:8f:9c:74:e9:67:61:e0:30:6c:4e:37:de:
                    7d:6f:cb:76:25:80:1e:b6:0f:a8:59:8e:8c:49:af:
                    33:ee:15:21:98:29:7a:f3:85:fd:e9:f8:cc:7e:10:
                    39:76:cd:b9:83:0d:fc:af:4d:4d:dd:cb:6c:de:ce:
                    dd:b8:15:8c:4d:10:46:61:ae:25:77:d4:c8:11:2d:
                    3a:ff:06:fb:36:e3:54:5e:1d:7f:f6:57:09:ef:20:
                    0f:6f:6a:95:16:cc:75:a8:e1:85:c4:ca:1c:08:ff:
                    eb:cf:ec:81:0b:e1:ad:73:b6:da:cb:95:f3:be:9f:
                    75:02:b2:35:57:47:26:ac:eb:a7:58:6b:1f:d2:8d:
                    92:d6:24:11:e9:92:ac:09:66:c0:5c:d3:77:b3:c1:
                    2b:f2:3a:31:be:c3:7d:e7:e1:8d:68:33:f1:0d:9c:
                    af:16:bb:8a:61:f7:f4:41:72:a5:b3:3a:e7:55:3f:
                    75:ea:e1:c7:da:62:6c:48:02:65:ec:c1:97:50:a0:
                    ca:c7:b2:44:03:f1:95:de:07:6b:2f:dd:3c:86:09:
                    ee:1d:11:2e:a2:dd:03:72:d0:7a:92:f8:33:e6:0b:
                    7a:17:59:ee:4d:65:d3:b3:55:4d:ef:c3:c8:fa:89:
                    59:88:4c:74:6d:de:7a:91:a9:3d:bd:e3:f4:53:54:
                    bf:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:51:6D:72:37:F1:9C:F3:FF:D5:75:C8:BE:05:E8:A2:DE:85:88:A0
            X509v3 Authority Key Identifier:
                keyid:06:61:F2:0F:B8:A7:E6:35:D7:BC:C9:4C:00:BE:D7:17:9B:76:08:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BmHyD7in5jXXvMlMAL7XF5t2CPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/QFFtcjfxnPP_1XXIvgXoot6FiKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6d49b-bc6f-4ce4-9333-ad8edfe5f0f7/1/BmHyD7in5jXXvMlMAL7XF5t2CPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:8b:ec:0d:92:25:c8:80:b4:87:a9:c6:9f:e7:e3:21:9e:70:
         4b:77:c3:52:2a:53:5a:d1:e8:42:c7:2b:f4:9d:74:f4:a7:a4:
         45:b3:4e:51:4f:a9:bc:d8:7c:94:79:be:4e:bd:7d:f2:95:46:
         cc:77:36:bb:48:16:7a:17:eb:e2:e7:f8:b6:10:32:f3:3c:87:
         50:dc:7a:9c:02:bf:a4:87:52:84:e4:23:4e:5e:fa:5d:5b:59:
         ed:49:12:4a:cc:ce:69:e5:5b:73:8e:f6:51:8c:55:ee:7a:80:
         84:29:c6:2c:b2:df:b2:85:b0:c0:5c:34:e3:8d:fc:d3:f8:73:
         d4:b9:61:7e:5f:05:e8:20:d8:14:30:f0:7f:57:93:fb:85:a9:
         8c:73:07:ab:13:88:6d:52:56:8d:48:b1:f2:16:7f:cd:d5:78:
         37:43:58:f8:34:64:61:5e:6b:9b:0d:72:37:00:4d:16:24:be:
         40:77:e3:de:2b:0c:4d:06:e2:42:68:b1:f1:ef:c7:92:0a:87:
         75:fe:c8:99:71:d0:a8:5e:64:19:ba:f4:a0:2c:6d:54:e7:a7:
         4e:51:b9:e9:e1:4b:5a:9d:06:03:e1:5f:9e:03:5b:2e:ed:75:
         38:c0:e9:d1:06:86:a9:2e:d8:c1:60:32:30:94:34:3e:73:00:
         b9:f0:c7:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLTGwehkhV5oKuseW413z/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NjFmMjBmYjhhN2U2MzVkN2JjYzk0YzAwYmVkNzE3OWI3
NjA4ZjYwHhcNMjQxMDI4MTIzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDUxNmQ3MjM3ZjE5Y2YzZmZkNTc1YzhiZTA1ZThhMmRlODU4OGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PCPnHTpZ2HgMGxON959b8t2JYAe
tg+oWY6MSa8z7hUhmCl684X96fjMfhA5ds25gw38r01N3cts3s7duBWMTRBGYa4l
d9TIES06/wb7NuNUXh1/9lcJ7yAPb2qVFsx1qOGFxMocCP/rz+yBC+Gtc7bay5Xz
vp91ArI1V0cmrOunWGsf0o2S1iQR6ZKsCWbAXNN3s8Er8joxvsN95+GNaDPxDZyv
FruKYff0QXKlszrnVT916uHH2mJsSAJl7MGXUKDKx7JEA/GV3gdrL908hgnuHREu
ot0DctB6kvgz5gt6F1nuTWXTs1VN78PI+olZiEx0bd56kak9veP0U1S/DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBRbXI38Zzz/9V1yL4F6KLehYigMB8GA1UdIwQY
MBaAFAZh8g+4p+Y117zJTAC+1xebdgj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm1IeUQ3aW41alhYdk1sTUFMN1hGNXQyQ1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmQ0OWItYmM2Zi00Y2U0LTkzMzMt
YWQ4ZWRmZTVmMGY3LzEvUUZGdGNqZnhuUFBfMVhYSXZnWG9vdDZGaUtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmQ0OWItYmM2Zi00Y2U0LTkzMzMtYWQ4ZWRmZTVmMGY3
LzEvQm1IeUQ3aW41alhYdk1sTUFMN1hGNXQyQ1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9GJMA0G
CSqGSIb3DQEBCwUAA4IBAQCZi+wNkiXIgLSHqcaf5+MhnnBLd8NSKlNa0ehCxyv0
nXT0p6RFs05RT6m82HyUeb5OvX3ylUbMdza7SBZ6F+vi5/i2EDLzPIdQ3HqcAr+k
h1KE5CNOXvpdW1ntSRJKzM5p5VtzjvZRjFXueoCEKcYsst+yhbDAXDTjjfzT+HPU
uWF+XwXoINgUMPB/V5P7hamMcwerE4htUlaNSLHyFn/N1Xg3Q1j4NGRhXmubDXI3
AE0WJL5Ad+PeKwxNBuJCaLHx78eSCod1/siZcdCoXmQZuvSgLG1U56dOUbnp4Uta
nQYD4V+eA1su7XU4wOnRBoapLtjBYDIwlDQ+cwC58Mdg
-----END CERTIFICATE-----