Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/t2PGeeCo7mF1ctL4Nu9cgVbzp6Y.roa
File:                     t2PGeeCo7mF1ctL4Nu9cgVbzp6Y.roa (raw, json)
Hash identifier:          f2iZgKG8JEdhhQV/+xEiP1qqmhAY8aZtPYiInNIe6E4=
Subject key identifier:   B7:63:C6:79:E0:A8:EE:61:75:72:D2:F8:36:EF:5C:81:56:F3:A7:A6
Certificate issuer:       /CN=43a5ca15bc23c325f1341e9889d858b8ed76d74e
Certificate serial:       0193ADCC879C53752EC46F73D085CBD3B53D
Authority key identifier: 43:A5:CA:15:BC:23:C3:25:F1:34:1E:98:89:D8:58:B8:ED:76:D7:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q6XKFbwjwyXxNB6YidhYuO12104.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/t2PGeeCo7mF1ctL4Nu9cgVbzp6Y.roa
Signing time:             Mon 09 Dec 2024 23:41:22 +0000
ROA not before:           Mon 09 Dec 2024 23:41:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201661
IP address blocks:        91.198.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/Q6XKFbwjwyXxNB6YidhYuO12104.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/Q6XKFbwjwyXxNB6YidhYuO12104.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q6XKFbwjwyXxNB6YidhYuO12104.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Dec 2024 02:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:ad:cc:87:9c:53:75:2e:c4:6f:73:d0:85:cb:d3:b5:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43a5ca15bc23c325f1341e9889d858b8ed76d74e
        Validity
            Not Before: Dec  9 23:41:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b763c679e0a8ee617572d2f836ef5c8156f3a7a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:b3:9f:b3:4f:da:55:76:e9:d3:8a:c1:4d:f9:
                    21:6e:b1:a9:5a:2a:cd:0e:a1:92:2f:79:a7:5e:69:
                    91:64:41:77:4e:a9:c8:c1:36:f2:eb:f2:b6:aa:d2:
                    3d:d1:b0:47:cb:a8:1b:9b:f4:b9:1a:00:27:78:8e:
                    75:72:7f:00:b7:60:9d:a0:98:7f:55:2f:8f:4f:5f:
                    b0:9a:48:73:88:c5:00:5d:48:9b:17:1c:76:2d:b1:
                    ca:2f:53:d4:dd:ac:83:ed:39:e2:19:0b:d8:4b:10:
                    3e:68:60:bb:65:f2:c7:24:44:ec:81:fd:3e:06:22:
                    d2:20:7a:b5:d4:9a:26:2d:e6:f5:b5:40:ce:bf:68:
                    32:30:c5:6b:80:b5:5e:b0:0b:78:66:03:3e:f3:07:
                    67:b7:0b:19:6c:95:cc:63:09:32:9b:68:56:c5:f9:
                    bd:f0:6b:62:63:51:3c:24:c5:48:ce:0a:e6:0a:fc:
                    99:dc:09:b0:08:55:b8:54:ee:f2:24:70:57:2a:57:
                    2b:18:29:d2:7a:9a:79:e5:59:03:1d:e7:a4:19:a2:
                    e1:07:e2:ed:d2:b7:d1:2b:cb:0b:91:eb:d6:bb:26:
                    50:c5:8c:11:7b:c3:9a:97:c0:1e:7a:d2:37:a4:eb:
                    08:d2:30:39:51:b4:76:d6:53:75:7e:60:0d:d6:85:
                    c5:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:63:C6:79:E0:A8:EE:61:75:72:D2:F8:36:EF:5C:81:56:F3:A7:A6
            X509v3 Authority Key Identifier:
                keyid:43:A5:CA:15:BC:23:C3:25:F1:34:1E:98:89:D8:58:B8:ED:76:D7:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q6XKFbwjwyXxNB6YidhYuO12104.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/t2PGeeCo7mF1ctL4Nu9cgVbzp6Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/874bee-e72a-4beb-91e8-a96e26103cee/1/Q6XKFbwjwyXxNB6YidhYuO12104.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:29:f6:12:a0:a6:4a:5d:78:aa:16:a0:1c:d5:44:bb:14:e9:
         01:65:1a:e9:52:a4:bf:17:79:e0:33:c6:4f:b3:06:2f:cb:af:
         48:62:ea:2c:ca:2c:c2:33:d0:bb:3a:7a:bd:a7:9c:1f:61:65:
         3a:11:22:e0:3a:70:dd:af:14:fa:88:98:7a:2d:e2:a6:80:b0:
         b3:ca:ea:f6:14:2e:ab:b3:f2:be:90:2f:41:58:95:b4:a2:d9:
         e0:39:2b:ce:2c:e4:67:85:ea:d6:aa:95:9d:d6:66:9a:0e:97:
         47:44:22:c9:a6:6f:5a:41:51:5e:ec:86:73:ac:c2:02:78:bb:
         63:25:75:7f:6d:7e:be:25:16:d9:a0:81:ea:56:c8:15:ec:d7:
         d6:9b:4d:b2:55:6a:d6:37:2d:e3:ed:c2:07:f4:f9:45:bf:27:
         af:89:04:b3:20:78:58:9a:f6:c9:0e:32:d3:e2:6c:d1:9e:d0:
         9a:26:10:6c:a9:fe:9b:05:5f:28:85:90:8a:41:c7:16:75:50:
         3c:f4:af:83:6e:a8:9b:1a:25:4c:de:17:80:0a:75:29:98:c3:
         0d:82:9d:21:79:61:26:85:9b:aa:81:fb:55:fb:da:bb:58:3a:
         25:f6:0e:e0:c6:50:71:8e:1d:99:f2:71:47:f2:47:cc:e7:d5:
         b8:c7:4f:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZOtzIecU3UuxG9z0IXL07U9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYTVjYTE1YmMyM2MzMjVmMTM0MWU5ODg5ZDg1OGI4ZWQ3
NmQ3NGUwHhcNMjQxMjA5MjM0MTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzYzYzY3OWUwYThlZTYxNzU3MmQyZjgzNmVmNWM4MTU2ZjNhN2E2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLOfs0/aVXbp04rBTfkhbrGpWirN
DqGSL3mnXmmRZEF3TqnIwTby6/K2qtI90bBHy6gbm/S5GgAneI51cn8At2CdoJh/
VS+PT1+wmkhziMUAXUibFxx2LbHKL1PU3ayD7TniGQvYSxA+aGC7ZfLHJETsgf0+
BiLSIHq11JomLeb1tUDOv2gyMMVrgLVesAt4ZgM+8wdntwsZbJXMYwkym2hWxfm9
8GtiY1E8JMVIzgrmCvyZ3AmwCFW4VO7yJHBXKlcrGCnSepp55VkDHeekGaLhB+Lt
0rfRK8sLkevWuyZQxYwRe8Oal8AeetI3pOsI0jA5UbR21lN1fmAN1oXFqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLdjxnngqO5hdXLS+DbvXIFW86emMB8GA1UdIwQY
MBaAFEOlyhW8I8Ml8TQemInYWLjtdtdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTZYS0Zid2p3eVh4TkI2WWlkaFl1TzEyMTA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi84NzRiZWUtZTcyYS00YmViLTkxZTgt
YTk2ZTI2MTAzY2VlLzEvdDJQR2VlQ283bUYxY3RMNE51OWNnVmJ6cDZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi84NzRiZWUtZTcyYS00YmViLTkxZTgtYTk2ZTI2MTAzY2Vl
LzEvUTZYS0Zid2p3eVh4TkI2WWlkaFl1TzEyMTA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZeMA0G
CSqGSIb3DQEBCwUAA4IBAQALKfYSoKZKXXiqFqAc1US7FOkBZRrpUqS/F3ngM8ZP
swYvy69IYuosyizCM9C7Onq9p5wfYWU6ESLgOnDdrxT6iJh6LeKmgLCzyur2FC6r
s/K+kC9BWJW0otngOSvOLORnherWqpWd1maaDpdHRCLJpm9aQVFe7IZzrMICeLtj
JXV/bX6+JRbZoIHqVsgV7NfWm02yVWrWNy3j7cIH9PlFvyeviQSzIHhYmvbJDjLT
4mzRntCaJhBsqf6bBV8ohZCKQccWdVA89K+DbqibGiVM3heACnUpmMMNgp0heWEm
hZuqgftV+9q7WDol9g7gxlBxjh2Z8nFH8kfM59W4x09h
-----END CERTIFICATE-----