Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/n0AXPwRf-K9EtXP4CXMMlBMF6Bk.roa
File:                     n0AXPwRf-K9EtXP4CXMMlBMF6Bk.roa (raw, json)
Hash identifier:          7TR2iYrwp41DPDqkwdlRqLbA+06InGzZQMMITyfkpPo=
Subject key identifier:   9F:40:17:3F:04:5F:F8:AF:44:B5:73:F8:09:73:0C:94:13:05:E8:19
Certificate issuer:       /CN=346474a33c051d17152b21322ccf4ff3808b4270
Certificate serial:       0194228E2DBE2DFC264178D6D4D5DD38F028
Authority key identifier: 34:64:74:A3:3C:05:1D:17:15:2B:21:32:2C:CF:4F:F3:80:8B:42:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NGR0ozwFHRcVKyEyLM9P84CLQnA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/n0AXPwRf-K9EtXP4CXMMlBMF6Bk.roa
Signing time:             Wed 01 Jan 2025 15:48:50 +0000
ROA not before:           Wed 01 Jan 2025 15:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215307
IP address blocks:        91.234.11.0/24 maxlen: 24
                          2a14:1f40::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/NGR0ozwFHRcVKyEyLM9P84CLQnA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/NGR0ozwFHRcVKyEyLM9P84CLQnA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NGR0ozwFHRcVKyEyLM9P84CLQnA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 06:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:2d:be:2d:fc:26:41:78:d6:d4:d5:dd:38:f0:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=346474a33c051d17152b21322ccf4ff3808b4270
        Validity
            Not Before: Jan  1 15:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f40173f045ff8af44b573f809730c941305e819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1f:77:18:90:0d:c4:48:d9:73:25:7d:06:11:
                    e1:4d:b3:29:db:33:fd:ab:93:23:7a:a7:76:1f:67:
                    61:e7:b6:ff:e9:10:2f:86:f4:5e:1e:d3:21:25:79:
                    84:67:c6:e8:a8:9a:62:25:9f:60:05:a8:7a:09:25:
                    87:45:21:c4:04:6e:73:ac:39:aa:5d:32:dc:24:23:
                    0b:d4:df:7b:6c:2c:e6:3e:de:97:f3:17:23:0f:cc:
                    21:a9:f3:03:08:49:98:76:f3:bd:b8:4e:65:cc:2a:
                    4e:2c:9d:cf:0f:b3:fb:50:02:ef:54:99:00:13:0c:
                    99:e5:6b:0b:a0:e9:a9:6e:16:38:39:1e:b5:f2:91:
                    66:1a:0c:68:23:1a:96:58:0e:08:9e:2d:02:03:18:
                    ef:09:b5:1b:ae:bb:3f:d8:cd:4a:99:a4:f5:7e:36:
                    b2:64:6d:38:f7:84:d3:ef:12:c8:0f:8d:3d:0a:27:
                    bf:fc:c9:05:0d:37:ae:94:e8:66:f0:64:0a:f1:ef:
                    10:ae:98:7e:74:39:22:e6:20:21:26:0c:62:f3:4f:
                    44:11:fb:94:bd:cb:e5:48:59:e6:c9:eb:ee:d2:3d:
                    d1:39:69:37:d1:f7:73:0a:38:2b:84:20:b8:85:c7:
                    78:5a:b4:79:ff:70:56:ed:47:fb:81:da:8b:32:ee:
                    fe:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:40:17:3F:04:5F:F8:AF:44:B5:73:F8:09:73:0C:94:13:05:E8:19
            X509v3 Authority Key Identifier:
                keyid:34:64:74:A3:3C:05:1D:17:15:2B:21:32:2C:CF:4F:F3:80:8B:42:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NGR0ozwFHRcVKyEyLM9P84CLQnA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/n0AXPwRf-K9EtXP4CXMMlBMF6Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/2b9a72-6186-4154-ae3b-01521e658e99/1/NGR0ozwFHRcVKyEyLM9P84CLQnA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.11.0/24
                IPv6:
                  2a14:1f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:bd:cd:30:93:74:08:ed:46:ae:4f:36:2a:5c:0f:a0:4c:e5:
         a9:bb:6d:4b:9f:f5:a7:36:5b:62:e9:c6:7b:4b:40:c9:53:21:
         fe:68:91:51:d9:43:a5:fd:8a:a7:f6:8c:da:e9:c3:06:61:a0:
         87:82:10:cf:39:7b:cf:98:07:a9:1a:00:fd:86:96:38:d9:63:
         40:d1:37:cb:3c:4b:02:7c:ec:b2:66:0c:97:16:4a:1c:ce:60:
         26:ce:64:43:8d:29:33:6a:57:ea:1e:2c:3a:4d:c1:1c:f4:8f:
         a5:1f:64:87:09:f5:0d:af:84:8c:6f:4b:e1:2d:f5:06:d1:9e:
         4a:f6:10:a5:a1:ea:51:dd:26:52:5c:c7:8a:96:14:df:34:db:
         ae:87:cf:51:b6:01:5c:3b:97:46:d9:39:95:ae:09:62:4d:7c:
         9b:55:c2:a0:d3:b1:3d:13:f9:b7:b0:31:01:ca:eb:20:c0:6c:
         dd:f2:9b:af:f3:94:3b:ce:e1:c5:e4:13:e2:65:78:c8:ac:db:
         3b:3d:c5:69:7b:0e:a0:87:6d:85:2c:7b:aa:fa:07:38:53:82:
         97:8a:9b:bb:13:3c:66:72:21:7a:af:3b:59:9e:ae:80:19:5b:
         be:2c:81:be:ba:f7:86:d1:8a:40:e9:0c:09:2b:e4:53:b1:2e:
         52:a3:66:4e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiji2+LfwmQXjW1NXdOPAoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0NjQ3NGEzM2MwNTFkMTcxNTJiMjEzMjJjY2Y0ZmYzODA4
YjQyNzAwHhcNMjUwMTAxMTU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjQwMTczZjA0NWZmOGFmNDRiNTczZjgwOTczMGM5NDEzMDVlODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxh93GJANxEjZcyV9BhHhTbMp2zP9
q5Mjeqd2H2dh57b/6RAvhvReHtMhJXmEZ8boqJpiJZ9gBah6CSWHRSHEBG5zrDmq
XTLcJCML1N97bCzmPt6X8xcjD8whqfMDCEmYdvO9uE5lzCpOLJ3PD7P7UALvVJkA
EwyZ5WsLoOmpbhY4OR618pFmGgxoIxqWWA4Ini0CAxjvCbUbrrs/2M1KmaT1fjay
ZG0494TT7xLID409Cie//MkFDTeulOhm8GQK8e8Qrph+dDki5iAhJgxi809EEfuU
vcvlSFnmyevu0j3ROWk30fdzCjgrhCC4hcd4WrR5/3BW7Uf7gdqLMu7+tQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJ9AFz8EX/ivRLVz+AlzDJQTBegZMB8GA1UdIwQY
MBaAFDRkdKM8BR0XFSshMizPT/OAi0JwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkdSMG96d0ZIUmNWS3lFeUxNOVA4NENMUW5BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8yYjlhNzItNjE4Ni00MTU0LWFlM2It
MDE1MjFlNjU4ZTk5LzEvbjBBWFB3UmYtSzlFdFhQNENYTU1sQk1GNkJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8yYjlhNzItNjE4Ni00MTU0LWFlM2ItMDE1MjFlNjU4ZTk5
LzEvTkdSMG96d0ZIUmNWS3lFeUxNOVA4NENMUW5BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+oLMA0E
AgACMAcDBQAqFB9AMA0GCSqGSIb3DQEBCwUAA4IBAQAJvc0wk3QI7UauTzYqXA+g
TOWpu21Ln/WnNlti6cZ7S0DJUyH+aJFR2UOl/Yqn9oza6cMGYaCHghDPOXvPmAep
GgD9hpY42WNA0TfLPEsCfOyyZgyXFkoczmAmzmRDjSkzalfqHiw6TcEc9I+lH2SH
CfUNr4SMb0vhLfUG0Z5K9hCloepR3SZSXMeKlhTfNNuuh89RtgFcO5dG2TmVrgli
TXybVcKg07E9E/m3sDEByusgwGzd8puv85Q7zuHF5BPiZXjIrNs7PcVpew6gh22F
LHuq+gc4U4KXipu7EzxmciF6rztZnq6AGVu+LIG+uveG0YpA6QwJK+RTsS5So2ZO
-----END CERTIFICATE-----