Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/6e12c8-9dd7-478b-9071-1423e4a07296/1/B9Qe-a97EmtgtD7L4ew2YNRnxiY.roa
File:                     B9Qe-a97EmtgtD7L4ew2YNRnxiY.roa (raw, json)
Hash identifier:          LKrEGclQqljKs0G5CXNtrvGaqywhjyeexRfRhETebgk=
Subject key identifier:   07:D4:1E:F9:AF:7B:12:6B:60:B4:3E:CB:E1:EC:36:60:D4:67:C6:26
Certificate issuer:       /CN=620d0fcb4b94e411a8de26209dc15e32dfa89aa0
Certificate serial:       01918EAD38C95C1B41C061A85B1637826DFB
Authority key identifier: 62:0D:0F:CB:4B:94:E4:11:A8:DE:26:20:9D:C1:5E:32:DF:A8:9A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yg0Py0uU5BGo3iYgncFeMt-omqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/6e12c8-9dd7-478b-9071-1423e4a07296/1/B9Qe-a97EmtgtD7L4ew2YNRnxiY.roa
Signing time:             Mon 26 Aug 2024 12:33:22 +0000
ROA not before:           Mon 26 Aug 2024 12:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215402
IP address blocks:        91.211.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/6e12c8-9dd7-478b-9071-1423e4a07296/1/Yg0Py0uU5BGo3iYgncFeMt-omqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/6e12c8-9dd7-478b-9071-1423e4a07296/1/Yg0Py0uU5BGo3iYgncFeMt-omqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yg0Py0uU5BGo3iYgncFeMt-omqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:ad:38:c9:5c:1b:41:c0:61:a8:5b:16:37:82:6d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=620d0fcb4b94e411a8de26209dc15e32dfa89aa0
        Validity
            Not Before: Aug 26 12:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07d41ef9af7b126b60b43ecbe1ec3660d467c626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:96:f6:f4:69:1b:60:63:3d:ed:1a:1d:27:8b:
                    1d:b2:dd:e4:b8:22:96:d3:de:18:b3:78:52:6a:fc:
                    40:47:0b:eb:29:a4:1b:15:43:a7:08:da:51:e1:9f:
                    b2:8c:5b:df:af:d2:19:3e:6c:e0:49:e6:41:8e:01:
                    1d:23:b5:20:7c:5c:ae:fb:6c:ca:aa:13:a7:d5:7e:
                    de:b0:2d:47:61:34:33:18:ec:fa:97:81:f3:e8:20:
                    1a:aa:2e:29:fa:89:95:70:58:b2:96:1c:7a:00:51:
                    3a:c4:c5:56:b4:9d:ec:a5:d3:cf:d0:0f:50:19:cd:
                    39:2f:61:b9:5f:6d:43:01:ae:2b:25:2c:ad:b3:9f:
                    5d:ec:80:3e:25:b8:fd:0b:2f:28:ed:9a:03:64:ae:
                    af:60:9d:0e:11:9f:e8:48:9b:b0:64:7f:d0:81:9d:
                    18:22:02:33:8f:78:de:14:34:e0:fe:a2:08:93:6a:
                    c0:cc:b4:37:ca:c7:b5:59:70:ad:20:69:e9:cb:8e:
                    d9:e0:70:41:67:a7:f1:ab:60:cd:74:4b:6d:b7:91:
                    ce:01:0d:53:b2:e7:fb:90:01:a2:14:96:da:40:d9:
                    71:f4:64:dc:47:b2:1d:ca:9a:d9:ab:44:7d:8b:78:
                    ce:03:16:af:3e:55:74:f1:34:65:dd:6c:a1:d0:aa:
                    d7:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D4:1E:F9:AF:7B:12:6B:60:B4:3E:CB:E1:EC:36:60:D4:67:C6:26
            X509v3 Authority Key Identifier:
                keyid:62:0D:0F:CB:4B:94:E4:11:A8:DE:26:20:9D:C1:5E:32:DF:A8:9A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yg0Py0uU5BGo3iYgncFeMt-omqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6e12c8-9dd7-478b-9071-1423e4a07296/1/B9Qe-a97EmtgtD7L4ew2YNRnxiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/6e12c8-9dd7-478b-9071-1423e4a07296/1/Yg0Py0uU5BGo3iYgncFeMt-omqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:31:6b:99:8c:6d:40:30:cd:2f:97:de:ad:8d:86:71:3d:1f:
         bd:90:bb:f7:64:88:fb:30:aa:b5:e8:c0:82:84:59:31:12:b3:
         77:77:d6:95:f3:f6:6f:0e:3f:f9:fd:5d:e6:32:44:39:e7:14:
         35:ae:8d:ff:d3:4b:83:0d:bb:c7:de:e6:b4:c7:98:05:6c:f8:
         d0:c0:88:cc:a8:4e:5d:16:65:9a:68:48:6b:24:2a:1d:91:fa:
         67:cc:1b:68:da:a3:af:d7:1a:43:db:06:68:fc:fb:7a:3d:13:
         ed:d4:35:69:3a:7f:aa:d9:3e:50:8c:51:84:63:1d:47:bf:34:
         78:a0:66:5c:b4:cf:77:ad:d1:01:fd:f8:90:b6:1a:1a:8b:83:
         ed:f0:10:31:f1:97:dd:17:09:43:2e:20:92:07:a0:30:e1:a9:
         69:c1:87:b0:07:aa:9a:82:ef:4e:fa:01:19:b8:cb:ce:62:43:
         bc:c9:83:44:f3:52:4b:a4:03:3c:90:51:bf:82:f2:14:d3:1c:
         ef:fa:fe:0d:ea:b9:94:65:5e:7a:60:0d:4f:84:bd:03:32:ae:
         5c:cb:fc:61:69:0c:0a:02:f7:33:35:9d:9b:e2:6e:d4:24:6b:
         7e:c4:b3:bd:b8:ba:6a:f2:84:6a:36:6e:54:4d:45:b8:99:f1:
         3c:09:85:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGOrTjJXBtBwGGoWxY3gm37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMGQwZmNiNGI5NGU0MTFhOGRlMjYyMDlkYzE1ZTMyZGZh
ODlhYTAwHhcNMjQwODI2MTIzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Q0MWVmOWFmN2IxMjZiNjBiNDNlY2JlMWVjMzY2MGQ0NjdjNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZb29GkbYGM97RodJ4sdst3kuCKW
094Ys3hSavxARwvrKaQbFUOnCNpR4Z+yjFvfr9IZPmzgSeZBjgEdI7UgfFyu+2zK
qhOn1X7esC1HYTQzGOz6l4Hz6CAaqi4p+omVcFiylhx6AFE6xMVWtJ3spdPP0A9Q
Gc05L2G5X21DAa4rJSyts59d7IA+Jbj9Cy8o7ZoDZK6vYJ0OEZ/oSJuwZH/QgZ0Y
IgIzj3jeFDTg/qIIk2rAzLQ3yse1WXCtIGnpy47Z4HBBZ6fxq2DNdEttt5HOAQ1T
suf7kAGiFJbaQNlx9GTcR7IdyprZq0R9i3jOAxavPlV08TRl3Wyh0KrXGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfUHvmvexJrYLQ+y+HsNmDUZ8YmMB8GA1UdIwQY
MBaAFGIND8tLlOQRqN4mIJ3BXjLfqJqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWcwUHkwdVU1QkdvM2lZZ25jRmVNdC1vbXFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC82ZTEyYzgtOWRkNy00NzhiLTkwNzEt
MTQyM2U0YTA3Mjk2LzEvQjlRZS1hOTdFbXRndEQ3TDRldzJZTlJueGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC82ZTEyYzgtOWRkNy00NzhiLTkwNzEtMTQyM2U0YTA3Mjk2
LzEvWWcwUHkwdVU1QkdvM2lZZ25jRmVNdC1vbXFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9NyMA0G
CSqGSIb3DQEBCwUAA4IBAQAUMWuZjG1AMM0vl96tjYZxPR+9kLv3ZIj7MKq16MCC
hFkxErN3d9aV8/ZvDj/5/V3mMkQ55xQ1ro3/00uDDbvH3ua0x5gFbPjQwIjMqE5d
FmWaaEhrJCodkfpnzBto2qOv1xpD2wZo/Pt6PRPt1DVpOn+q2T5QjFGEYx1HvzR4
oGZctM93rdEB/fiQthoai4Pt8BAx8ZfdFwlDLiCSB6Aw4alpwYewB6qagu9O+gEZ
uMvOYkO8yYNE81JLpAM8kFG/gvIU0xzv+v4N6rmUZV56YA1PhL0DMq5cy/xhaQwK
AvczNZ2b4m7UJGt+xLO9uLpq8oRqNm5UTUW4mfE8CYX7
-----END CERTIFICATE-----