Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/06803f-dd2e-4fd1-9a7f-bbf826aa67c0/1/Q75VcKpJN1_xp-QM_NM8W4Tp-04.roa
File:                     Q75VcKpJN1_xp-QM_NM8W4Tp-04.roa (raw, json)
Hash identifier:          Wt2+g51E+wWSkSdRcanf7BFfmX/qewZOJ77oXxIMQTM=
Subject key identifier:   43:BE:55:70:AA:49:37:5F:F1:A7:E4:0C:FC:D3:3C:5B:84:E9:FB:4E
Certificate issuer:       /CN=6e7103fa85acec57c4648591cc3e41cdf7fee397
Certificate serial:       019422FC222252E5F5C93337753C7EFF04B3
Authority key identifier: 6E:71:03:FA:85:AC:EC:57:C4:64:85:91:CC:3E:41:CD:F7:FE:E3:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bnED-oWs7FfEZIWRzD5Bzff-45c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/06803f-dd2e-4fd1-9a7f-bbf826aa67c0/1/Q75VcKpJN1_xp-QM_NM8W4Tp-04.roa
Signing time:             Wed 01 Jan 2025 17:48:56 +0000
ROA not before:           Wed 01 Jan 2025 17:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39380
IP address blocks:        91.209.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/06803f-dd2e-4fd1-9a7f-bbf826aa67c0/1/bnED-oWs7FfEZIWRzD5Bzff-45c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/06803f-dd2e-4fd1-9a7f-bbf826aa67c0/1/bnED-oWs7FfEZIWRzD5Bzff-45c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bnED-oWs7FfEZIWRzD5Bzff-45c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:22:22:52:e5:f5:c9:33:37:75:3c:7e:ff:04:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e7103fa85acec57c4648591cc3e41cdf7fee397
        Validity
            Not Before: Jan  1 17:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43be5570aa49375ff1a7e40cfcd33c5b84e9fb4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:92:dc:12:d3:ab:60:44:c0:59:51:b0:ab:33:
                    8c:1c:48:76:1c:74:2b:82:87:b1:95:0d:bd:2d:4e:
                    b5:67:ca:d2:35:47:04:a6:5c:4b:2e:98:61:16:bf:
                    43:0a:bd:13:35:67:e8:39:3b:e9:f5:bc:79:4f:3d:
                    69:11:5a:19:39:ea:1c:76:76:82:53:aa:47:7e:d4:
                    21:a9:c4:0b:89:10:4d:71:77:91:22:2d:56:69:fd:
                    41:4c:b7:f9:5d:64:18:4d:37:46:58:32:ce:d9:93:
                    b3:09:a4:0c:4f:f2:e7:6b:86:6b:63:8e:0d:ad:4c:
                    ef:fb:8f:d7:6a:a0:ba:8c:1f:1a:37:41:1f:95:9d:
                    e1:56:48:b7:62:95:5e:97:ad:b0:ec:f2:ee:20:0f:
                    cf:5f:0d:00:de:7c:05:5b:c1:94:e9:f7:b7:26:78:
                    6e:79:51:72:a1:bb:8c:56:0c:a2:6b:76:41:f8:dd:
                    aa:2e:bd:d7:d7:7c:bb:f5:85:7a:a0:ab:37:ac:aa:
                    1c:7d:a1:67:49:b7:98:a9:fd:a3:72:e2:ec:e0:e7:
                    da:0e:85:53:7b:77:d0:e4:62:c7:09:98:ad:72:4b:
                    02:28:59:c7:95:91:83:ea:b3:98:7c:14:f8:43:65:
                    3d:7f:d6:01:08:75:d7:6b:ba:22:bd:ab:ea:20:15:
                    ba:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:BE:55:70:AA:49:37:5F:F1:A7:E4:0C:FC:D3:3C:5B:84:E9:FB:4E
            X509v3 Authority Key Identifier:
                keyid:6E:71:03:FA:85:AC:EC:57:C4:64:85:91:CC:3E:41:CD:F7:FE:E3:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bnED-oWs7FfEZIWRzD5Bzff-45c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/06803f-dd2e-4fd1-9a7f-bbf826aa67c0/1/Q75VcKpJN1_xp-QM_NM8W4Tp-04.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/06803f-dd2e-4fd1-9a7f-bbf826aa67c0/1/bnED-oWs7FfEZIWRzD5Bzff-45c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:fd:c2:fc:cd:b1:99:36:e3:25:70:ed:b7:09:b7:d0:c0:7c:
         7b:5d:db:a8:5c:d0:2f:97:49:f4:1c:9a:22:3d:2c:21:08:bc:
         92:0b:1b:ee:7e:94:68:e5:87:ea:a0:40:45:83:c2:19:bc:5f:
         52:62:89:4a:fd:24:ac:48:8c:89:40:28:f3:46:ba:be:2d:d0:
         a1:78:ab:e5:e9:2a:b3:4c:bb:d2:e4:54:67:d0:da:6f:05:64:
         6d:74:f6:84:a8:2b:83:aa:9c:27:bd:cc:a6:71:31:0a:15:66:
         4e:da:fc:bc:69:8f:04:a4:3f:8b:5f:7f:68:d0:2a:0e:fa:8e:
         28:b6:e0:eb:87:f7:18:ad:bf:53:d8:ac:08:3d:81:2e:65:99:
         e8:a0:e2:05:ba:99:81:88:36:5f:90:4d:1f:dc:1c:cc:e8:80:
         cd:ae:7f:32:df:c9:38:4d:77:ec:ce:ea:3b:48:d6:ab:e3:f9:
         9c:1c:d0:29:6d:43:92:45:e1:95:ec:86:ea:d4:b2:08:ad:76:
         3b:36:ca:9c:e4:a6:f3:03:b9:29:73:8f:5e:12:94:53:e3:fe:
         98:29:c3:69:81:a8:3c:b8:d7:77:49:cd:e8:b5:f0:d6:2d:0e:
         e2:84:79:a5:7d:83:5b:ce:2a:ce:6b:a7:ab:93:95:64:8e:75:
         e8:b9:fc:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/CIiUuX1yTM3dTx+/wSzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlNzEwM2ZhODVhY2VjNTdjNDY0ODU5MWNjM2U0MWNkZjdm
ZWUzOTcwHhcNMjUwMTAxMTc0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2JlNTU3MGFhNDkzNzVmZjFhN2U0MGNmY2QzM2M1Yjg0ZTlmYjRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJLcEtOrYETAWVGwqzOMHEh2HHQr
goexlQ29LU61Z8rSNUcEplxLLphhFr9DCr0TNWfoOTvp9bx5Tz1pEVoZOeocdnaC
U6pHftQhqcQLiRBNcXeRIi1Waf1BTLf5XWQYTTdGWDLO2ZOzCaQMT/Lna4ZrY44N
rUzv+4/XaqC6jB8aN0EflZ3hVki3YpVel62w7PLuIA/PXw0A3nwFW8GU6fe3Jnhu
eVFyobuMVgyia3ZB+N2qLr3X13y79YV6oKs3rKocfaFnSbeYqf2jcuLs4OfaDoVT
e3fQ5GLHCZitcksCKFnHlZGD6rOYfBT4Q2U9f9YBCHXXa7oivavqIBW6uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEO+VXCqSTdf8afkDPzTPFuE6ftOMB8GA1UdIwQY
MBaAFG5xA/qFrOxXxGSFkcw+Qc33/uOXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm5FRC1vV3M3RmZFWklXUnpENUJ6ZmYtNDVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8wNjgwM2YtZGQyZS00ZmQxLTlhN2Yt
YmJmODI2YWE2N2MwLzEvUTc1VmNLcEpOMV94cC1RTV9OTThXNFRwLTA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8wNjgwM2YtZGQyZS00ZmQxLTlhN2YtYmJmODI2YWE2N2Mw
LzEvYm5FRC1vV3M3RmZFWklXUnpENUJ6ZmYtNDVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9H6MA0G
CSqGSIb3DQEBCwUAA4IBAQAd/cL8zbGZNuMlcO23CbfQwHx7XduoXNAvl0n0HJoi
PSwhCLySCxvufpRo5YfqoEBFg8IZvF9SYolK/SSsSIyJQCjzRrq+LdCheKvl6Sqz
TLvS5FRn0NpvBWRtdPaEqCuDqpwnvcymcTEKFWZO2vy8aY8EpD+LX39o0CoO+o4o
tuDrh/cYrb9T2KwIPYEuZZnooOIFupmBiDZfkE0f3BzM6IDNrn8y38k4TXfszuo7
SNar4/mcHNApbUOSReGV7Ibq1LIIrXY7Nsqc5KbzA7kpc49eEpRT4/6YKcNpgag8
uNd3Sc3otfDWLQ7ihHmlfYNbzirOa6erk5VkjnXoufxg
-----END CERTIFICATE-----