Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/c6859d-6e46-4a66-a7b0-4e3594b2da7f/1/Q_PyNzOCLo2V_8ZRI_IgL5-pqQ0.roa
File:                     Q_PyNzOCLo2V_8ZRI_IgL5-pqQ0.roa (raw, json)
Hash identifier:          xZL3dvgx52JKq0c82ndChebXnYRXvZQcyI/g63uh0f4=
Subject key identifier:   43:F3:F2:37:33:82:2E:8D:95:FF:C6:51:23:F2:20:2F:9F:A9:A9:0D
Certificate issuer:       /CN=84f98bb1a8c7f1d6674248c47e0f04ae049afa51
Certificate serial:       019423D7FC34867C15D43B7DB8B15CF712F7
Authority key identifier: 84:F9:8B:B1:A8:C7:F1:D6:67:42:48:C4:7E:0F:04:AE:04:9A:FA:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hPmLsajH8dZnQkjEfg8ErgSa-lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/c6859d-6e46-4a66-a7b0-4e3594b2da7f/1/Q_PyNzOCLo2V_8ZRI_IgL5-pqQ0.roa
Signing time:             Wed 01 Jan 2025 21:49:04 +0000
ROA not before:           Wed 01 Jan 2025 21:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58204
IP address blocks:        91.239.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/c6859d-6e46-4a66-a7b0-4e3594b2da7f/1/hPmLsajH8dZnQkjEfg8ErgSa-lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/c6859d-6e46-4a66-a7b0-4e3594b2da7f/1/hPmLsajH8dZnQkjEfg8ErgSa-lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hPmLsajH8dZnQkjEfg8ErgSa-lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 12:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:fc:34:86:7c:15:d4:3b:7d:b8:b1:5c:f7:12:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84f98bb1a8c7f1d6674248c47e0f04ae049afa51
        Validity
            Not Before: Jan  1 21:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43f3f23733822e8d95ffc65123f2202f9fa9a90d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d1:31:af:46:fb:43:ce:e3:10:80:87:7c:64:
                    c8:ed:f8:28:11:a0:47:c2:f6:e4:90:ab:64:66:07:
                    3e:fc:ea:e5:74:d0:b7:3b:b5:9d:60:04:ed:93:b7:
                    e5:79:a9:75:d5:7b:7c:83:72:34:9e:33:46:47:24:
                    8a:4c:48:6a:eb:7d:cc:f0:d8:ac:49:84:58:af:af:
                    3f:29:17:b9:f7:b1:b4:25:29:17:55:87:8f:c1:2a:
                    20:f1:7b:12:d6:62:c9:1a:04:5a:78:18:d6:ce:19:
                    b9:84:38:75:c1:f6:0a:95:dc:82:07:83:1d:15:99:
                    4e:ef:91:a5:eb:c3:7d:f3:70:c0:7d:3f:fd:f1:b3:
                    5f:c7:b0:94:4d:54:e4:65:dd:4a:c2:36:ca:61:eb:
                    eb:e4:9b:cd:93:35:68:c1:41:05:96:eb:0d:0b:70:
                    b9:72:4c:d9:1b:a8:48:c0:b5:6d:7e:9c:4f:72:3b:
                    e2:7b:6e:00:62:78:f6:05:47:42:06:5a:70:e4:ae:
                    27:db:91:23:54:61:7b:7d:dd:89:a3:a4:95:e9:1c:
                    f6:66:b6:65:33:d1:11:c3:7c:5f:51:ac:bb:ba:63:
                    98:15:19:d4:c9:0f:1e:0a:ee:02:04:9e:83:6d:31:
                    b8:d8:22:9c:4f:e9:bd:22:49:ef:17:f6:9d:58:d0:
                    f0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:F3:F2:37:33:82:2E:8D:95:FF:C6:51:23:F2:20:2F:9F:A9:A9:0D
            X509v3 Authority Key Identifier:
                keyid:84:F9:8B:B1:A8:C7:F1:D6:67:42:48:C4:7E:0F:04:AE:04:9A:FA:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPmLsajH8dZnQkjEfg8ErgSa-lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c6859d-6e46-4a66-a7b0-4e3594b2da7f/1/Q_PyNzOCLo2V_8ZRI_IgL5-pqQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/c6859d-6e46-4a66-a7b0-4e3594b2da7f/1/hPmLsajH8dZnQkjEfg8ErgSa-lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:1d:b8:30:85:fd:41:6d:ef:11:fe:37:1c:57:f4:8b:08:7d:
         a7:1e:96:5f:2b:e5:90:3c:2e:08:98:1b:4e:41:3c:fe:c9:ab:
         aa:04:c1:f9:4f:41:71:a6:ac:34:2c:f4:6a:2c:cc:f2:52:b8:
         b4:bd:1f:08:87:8e:8a:f5:86:ec:99:c9:54:29:90:7e:5f:db:
         80:c9:66:9b:88:6e:8a:79:c4:df:62:7e:ff:0d:fc:1e:d0:15:
         cf:8b:83:fe:b0:e4:da:b1:1b:d6:34:aa:26:df:2d:91:55:45:
         72:cc:b0:58:6e:98:ed:14:2c:80:97:ca:86:97:43:8e:70:15:
         f0:01:b7:58:22:2b:cb:99:ab:01:66:4c:24:de:17:fb:da:fd:
         96:d7:d1:08:28:04:2b:ce:34:c4:ba:cb:20:cf:45:98:1d:ac:
         83:15:de:d5:44:81:cb:b9:4d:62:b9:b2:25:a4:ab:be:0b:0c:
         2d:55:f3:f8:13:ff:22:0c:1c:88:1b:0a:c7:bb:77:8f:1b:ed:
         b3:3b:4d:0f:29:b6:52:62:9d:9c:1a:ad:59:9f:c1:7a:fd:12:
         30:fd:6f:a9:35:5d:d9:4f:48:90:b2:62:ac:7a:4b:6c:5a:ab:
         42:a9:f0:c6:20:fc:78:45:e3:4e:82:c1:b9:03:27:3f:47:d6:
         26:36:20:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1/w0hnwV1Dt9uLFc9xL3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0Zjk4YmIxYThjN2YxZDY2NzQyNDhjNDdlMGYwNGFlMDQ5
YWZhNTEwHhcNMjUwMTAxMjE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2YzZjIzNzMzODIyZThkOTVmZmM2NTEyM2YyMjAyZjlmYTlhOTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNExr0b7Q87jEICHfGTI7fgoEaBH
wvbkkKtkZgc+/OrldNC3O7WdYATtk7fleal11Xt8g3I0njNGRySKTEhq633M8Nis
SYRYr68/KRe597G0JSkXVYePwSog8XsS1mLJGgRaeBjWzhm5hDh1wfYKldyCB4Md
FZlO75Gl68N983DAfT/98bNfx7CUTVTkZd1KwjbKYevr5JvNkzVowUEFlusNC3C5
ckzZG6hIwLVtfpxPcjvie24AYnj2BUdCBlpw5K4n25EjVGF7fd2Jo6SV6Rz2ZrZl
M9ERw3xfUay7umOYFRnUyQ8eCu4CBJ6DbTG42CKcT+m9IknvF/adWNDwCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEPz8jczgi6Nlf/GUSPyIC+fqakNMB8GA1UdIwQY
MBaAFIT5i7Gox/HWZ0JIxH4PBK4EmvpRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFBtTHNhakg4ZFpuUWtqRWZnOEVyZ1NhLWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jNjg1OWQtNmU0Ni00YTY2LWE3YjAt
NGUzNTk0YjJkYTdmLzEvUV9QeU56T0NMbzJWXzhaUklfSWdMNS1wcVEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jNjg1OWQtNmU0Ni00YTY2LWE3YjAtNGUzNTk0YjJkYTdm
LzEvaFBtTHNhakg4ZFpuUWtqRWZnOEVyZ1NhLWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/CMA0G
CSqGSIb3DQEBCwUAA4IBAQAzHbgwhf1Bbe8R/jccV/SLCH2nHpZfK+WQPC4ImBtO
QTz+yauqBMH5T0Fxpqw0LPRqLMzyUri0vR8Ih46K9YbsmclUKZB+X9uAyWabiG6K
ecTfYn7/Dfwe0BXPi4P+sOTasRvWNKom3y2RVUVyzLBYbpjtFCyAl8qGl0OOcBXw
AbdYIivLmasBZkwk3hf72v2W19EIKAQrzjTEussgz0WYHayDFd7VRIHLuU1iubIl
pKu+CwwtVfP4E/8iDByIGwrHu3ePG+2zO00PKbZSYp2cGq1Zn8F6/RIw/W+pNV3Z
T0iQsmKsektsWqtCqfDGIPx4ReNOgsG5Ayc/R9YmNiAZ
-----END CERTIFICATE-----