Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/265e5c-fa46-4b02-ad0a-5b78bf7e9603/1/A2aEJRH2OysusI--1pMLvaZeJXg.roa
File:                     A2aEJRH2OysusI--1pMLvaZeJXg.roa (raw, json)
Hash identifier:          UJ0Zzur/Q3B+wFjnYnVgYftmWJoZDvj+g8RA1NVy3MU=
Subject key identifier:   03:66:84:25:11:F6:3B:2B:2E:B0:8F:BE:D6:93:0B:BD:A6:5E:25:78
Certificate issuer:       /CN=88179ac9052f6941b39535b7fd21e2aab08d5878
Certificate serial:       0190121C79D4A76CB906AFA8E4B5F22B8D5F
Authority key identifier: 88:17:9A:C9:05:2F:69:41:B3:95:35:B7:FD:21:E2:AA:B0:8D:58:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBeayQUvaUGzlTW3_SHiqrCNWHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/265e5c-fa46-4b02-ad0a-5b78bf7e9603/1/A2aEJRH2OysusI--1pMLvaZeJXg.roa
Signing time:             Thu 13 Jun 2024 14:59:34 +0000
ROA not before:           Thu 13 Jun 2024 14:59:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57053
IP address blocks:        91.212.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/265e5c-fa46-4b02-ad0a-5b78bf7e9603/1/iBeayQUvaUGzlTW3_SHiqrCNWHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/265e5c-fa46-4b02-ad0a-5b78bf7e9603/1/iBeayQUvaUGzlTW3_SHiqrCNWHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBeayQUvaUGzlTW3_SHiqrCNWHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:12:1c:79:d4:a7:6c:b9:06:af:a8:e4:b5:f2:2b:8d:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88179ac9052f6941b39535b7fd21e2aab08d5878
        Validity
            Not Before: Jun 13 14:59:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0366842511f63b2b2eb08fbed6930bbda65e2578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:91:5e:b1:4a:83:3b:0c:a5:d8:a2:03:59:ad:
                    63:6c:ea:87:58:f5:57:b2:52:28:78:ac:7d:e0:64:
                    70:47:0c:f7:08:4f:47:cf:b8:63:05:aa:b8:5b:b3:
                    52:e0:ab:cc:71:c3:d0:dd:80:d8:51:4f:86:14:7b:
                    2a:51:de:7c:ca:33:9d:53:c7:3a:bb:68:2c:9d:98:
                    db:5c:8c:bf:ef:13:a2:4c:f5:4f:00:db:0c:14:b2:
                    7f:56:78:84:bc:9b:3e:48:73:f6:9d:14:55:60:5c:
                    39:0c:d9:74:a5:ab:9c:2e:7c:8e:31:ca:aa:13:de:
                    3f:f5:07:88:21:72:ba:af:ba:5b:18:ff:e0:b2:2a:
                    dd:02:43:3f:fb:6d:e8:48:0d:7f:09:44:55:c8:a8:
                    cb:96:5b:b8:ad:fe:0e:d6:0d:98:f2:ec:ac:ff:df:
                    a8:85:10:4c:77:a7:80:3e:25:0a:c5:50:42:21:be:
                    f6:24:85:09:65:d2:20:24:93:08:31:f0:4b:ee:b5:
                    e5:af:ab:f5:ee:7c:80:f7:fa:3d:89:65:e0:26:ea:
                    a9:72:2f:c9:b3:c3:6a:bf:49:71:f6:8d:b6:fe:e0:
                    03:3b:04:9e:a0:72:9d:63:7f:51:23:84:9f:48:a7:
                    12:fc:69:09:13:91:4f:4c:b4:7c:2c:02:7e:02:88:
                    a7:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:66:84:25:11:F6:3B:2B:2E:B0:8F:BE:D6:93:0B:BD:A6:5E:25:78
            X509v3 Authority Key Identifier:
                keyid:88:17:9A:C9:05:2F:69:41:B3:95:35:B7:FD:21:E2:AA:B0:8D:58:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeayQUvaUGzlTW3_SHiqrCNWHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/265e5c-fa46-4b02-ad0a-5b78bf7e9603/1/A2aEJRH2OysusI--1pMLvaZeJXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/265e5c-fa46-4b02-ad0a-5b78bf7e9603/1/iBeayQUvaUGzlTW3_SHiqrCNWHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:e5:99:e3:cb:2f:6d:40:73:17:12:c0:47:1d:cb:9f:93:78:
         1a:b9:f9:83:2b:52:22:d2:b3:b9:18:41:50:08:d5:8d:06:03:
         9f:05:c7:ac:34:e6:ce:af:45:59:f5:73:61:80:52:c7:61:c3:
         3d:30:cb:1c:a2:bd:e6:a8:ab:22:b1:16:27:9b:c5:0b:30:1e:
         1f:f5:54:a8:83:05:89:18:f6:eb:64:8d:d4:79:ee:f0:22:43:
         bd:25:ce:39:61:b6:c4:71:98:32:d8:c1:d9:fc:15:ae:db:3a:
         d3:5f:cd:42:3d:32:5c:8f:9a:fe:b9:a6:69:de:63:a2:e1:2a:
         8a:b1:2b:7d:69:88:bc:a4:a6:5a:a5:98:ce:ab:07:f9:97:d1:
         ec:9c:e4:f2:27:37:3d:7f:72:91:44:f3:15:03:6b:ef:fa:48:
         c4:ff:cb:d4:81:a7:77:8d:a5:fa:44:a8:a3:dd:cb:de:6d:fe:
         09:fc:92:54:39:91:b0:e2:7a:7a:56:7e:57:40:d2:97:ac:04:
         50:92:ad:86:ff:8a:ba:23:54:ac:7d:3d:9c:5b:eb:71:af:77:
         0d:26:93:7f:9e:bc:8a:2b:0d:91:df:46:d4:de:28:18:49:c1:
         1f:a3:79:9b:a8:6e:dd:f6:7b:59:d4:ad:74:d5:09:cb:72:90:
         cf:a0:3c:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZASHHnUp2y5Bq+o5LXyK41fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTc5YWM5MDUyZjY5NDFiMzk1MzViN2ZkMjFlMmFhYjA4
ZDU4NzgwHhcNMjQwNjEzMTQ1OTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzY2ODQyNTExZjYzYjJiMmViMDhmYmVkNjkzMGJiZGE2NWUyNTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JFesUqDOwyl2KIDWa1jbOqHWPVX
slIoeKx94GRwRwz3CE9Hz7hjBaq4W7NS4KvMccPQ3YDYUU+GFHsqUd58yjOdU8c6
u2gsnZjbXIy/7xOiTPVPANsMFLJ/VniEvJs+SHP2nRRVYFw5DNl0paucLnyOMcqq
E94/9QeIIXK6r7pbGP/gsirdAkM/+23oSA1/CURVyKjLllu4rf4O1g2Y8uys/9+o
hRBMd6eAPiUKxVBCIb72JIUJZdIgJJMIMfBL7rXlr6v17nyA9/o9iWXgJuqpci/J
s8Nqv0lx9o22/uADOwSeoHKdY39RI4SfSKcS/GkJE5FPTLR8LAJ+AoiniQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANmhCUR9jsrLrCPvtaTC72mXiV4MB8GA1UdIwQY
MBaAFIgXmskFL2lBs5U1t/0h4qqwjVh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlYXlRVXZhVUd6bFRXM19TSGlxckNOV0hnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8yNjVlNWMtZmE0Ni00YjAyLWFkMGEt
NWI3OGJmN2U5NjAzLzEvQTJhRUpSSDJPeXN1c0ktLTFwTUx2YVplSlhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8yNjVlNWMtZmE0Ni00YjAyLWFkMGEtNWI3OGJmN2U5NjAz
LzEvaUJlYXlRVXZhVUd6bFRXM19TSGlxckNOV0hnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9QIMA0G
CSqGSIb3DQEBCwUAA4IBAQCE5Znjyy9tQHMXEsBHHcufk3gaufmDK1Ii0rO5GEFQ
CNWNBgOfBcesNObOr0VZ9XNhgFLHYcM9MMscor3mqKsisRYnm8ULMB4f9VSogwWJ
GPbrZI3Uee7wIkO9Jc45YbbEcZgy2MHZ/BWu2zrTX81CPTJcj5r+uaZp3mOi4SqK
sSt9aYi8pKZapZjOqwf5l9HsnOTyJzc9f3KRRPMVA2vv+kjE/8vUgad3jaX6RKij
3cvebf4J/JJUOZGw4np6Vn5XQNKXrARQkq2G/4q6I1SsfT2cW+txr3cNJpN/nryK
Kw2R30bU3igYScEfo3mbqG7d9ntZ1K101QnLcpDPoDzJ
-----END CERTIFICATE-----