Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/khxB07onbtl0gHz8-6pLaDUUqYo.roa
File:                     khxB07onbtl0gHz8-6pLaDUUqYo.roa (raw, json)
Hash identifier:          MoQ9KdSAj5hEESTK4yNZR+E8klzqWct22REysr25b/w=
Subject key identifier:   92:1C:41:D3:BA:27:6E:D9:74:80:7C:FC:FB:AA:4B:68:35:14:A9:8A
Certificate issuer:       /CN=4104a40821c4176cc42e255ef6c1727473c3f00a
Certificate serial:       0194221F8C632BFCB19AFC1BF9026E920FC7
Authority key identifier: 41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/khxB07onbtl0gHz8-6pLaDUUqYo.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49704
IP address blocks:        82.119.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8c:63:2b:fc:b1:9a:fc:1b:f9:02:6e:92:0f:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4104a40821c4176cc42e255ef6c1727473c3f00a
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=921c41d3ba276ed974807cfcfbaa4b683514a98a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:59:4c:b4:d1:f8:14:58:f8:f3:72:35:5b:f5:
                    3a:4d:c6:25:14:cc:33:58:f5:bb:30:c5:55:82:23:
                    6f:f7:36:8d:ce:06:f1:3b:dd:bd:ee:04:0c:6f:0e:
                    34:0d:5f:90:66:e0:11:41:b4:8b:50:c5:05:35:80:
                    ce:d0:21:62:40:06:3e:0a:14:49:64:89:2c:4f:ad:
                    dd:dc:7a:70:3b:b7:dd:bc:8d:42:05:98:a1:f1:24:
                    d0:be:57:e1:35:0f:5a:65:8d:16:53:12:ba:54:51:
                    ed:05:97:0a:02:4e:44:d4:9f:ee:98:60:3d:c1:8d:
                    a2:f0:a9:96:87:6d:84:15:a0:dc:61:05:6b:d8:26:
                    2b:5b:56:cf:5a:29:15:ed:41:cc:60:55:ad:d1:5d:
                    71:85:58:2e:c5:ff:58:3e:05:36:a8:80:bf:37:80:
                    82:6b:75:ad:9f:2e:23:5e:a8:c7:4a:f6:c5:34:7e:
                    47:76:6a:3a:63:0a:8e:9a:65:cd:02:31:69:7b:f6:
                    6d:5b:ca:e8:91:95:bb:76:bc:9e:f6:b2:d9:4b:59:
                    f2:01:8d:63:ae:ff:52:52:cd:c7:c1:df:38:b0:2b:
                    59:d9:9b:fa:c0:aa:79:6f:f2:bf:58:33:46:46:d8:
                    4f:70:18:29:c5:8b:6f:a4:3d:05:a1:2c:cc:6d:20:
                    35:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:1C:41:D3:BA:27:6E:D9:74:80:7C:FC:FB:AA:4B:68:35:14:A9:8A
            X509v3 Authority Key Identifier:
                keyid:41:04:A4:08:21:C4:17:6C:C4:2E:25:5E:F6:C1:72:74:73:C3:F0:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QQSkCCHEF2zELiVe9sFydHPD8Ao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/khxB07onbtl0gHz8-6pLaDUUqYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/969962-12d3-41b2-ab43-b27d6e278e18/1/QQSkCCHEF2zELiVe9sFydHPD8Ao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:9b:52:87:4f:e3:ae:5f:30:08:e9:e8:94:a5:95:e7:83:82:
         ab:f4:52:1a:c4:18:dc:61:31:18:1f:d8:53:60:f4:98:b3:ae:
         ba:a8:fb:08:3a:dd:c2:48:ac:7f:f8:f5:2b:fa:bf:c7:16:5c:
         98:7c:7d:3b:31:65:18:5b:d2:4f:51:94:b5:4a:62:71:45:ce:
         f2:d8:b0:1a:f7:8e:31:7b:3d:ec:a9:67:81:51:c0:2e:e8:d0:
         6d:e9:45:59:b6:91:5b:55:58:09:40:22:02:83:3d:7e:ee:a4:
         5a:36:10:94:84:a7:2f:41:7b:a6:f7:f9:aa:58:df:84:f6:9f:
         bb:51:44:4b:7e:58:6b:e4:13:65:fb:d1:af:3a:27:1a:89:8a:
         3f:18:ee:b7:91:fb:ba:7c:70:3e:e2:15:76:40:f2:e6:1c:f2:
         42:b1:3f:b0:d3:53:60:86:6a:0d:6f:02:5c:3c:8f:d0:72:aa:
         fe:75:b6:6c:89:cb:66:05:0b:9d:27:da:24:ac:ec:75:ff:5c:
         16:22:3b:3a:2e:2f:3a:1f:d6:a9:1b:7e:ee:59:57:ac:25:d2:
         5c:f6:ee:ff:f1:8c:e5:35:ee:07:06:80:cc:3a:e3:8e:d1:38:
         b8:9c:1e:5f:dc:2f:4e:ba:a4:6a:da:5b:9b:ef:1c:d2:3d:43:
         15:bb:3e:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4xjK/yxmvwb+QJukg/HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMDRhNDA4MjFjNDE3NmNjNDJlMjU1ZWY2YzE3Mjc0NzNj
M2YwMGEwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjFjNDFkM2JhMjc2ZWQ5NzQ4MDdjZmNmYmFhNGI2ODM1MTRhOThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1lMtNH4FFj483I1W/U6TcYlFMwz
WPW7MMVVgiNv9zaNzgbxO9297gQMbw40DV+QZuARQbSLUMUFNYDO0CFiQAY+ChRJ
ZIksT63d3HpwO7fdvI1CBZih8STQvlfhNQ9aZY0WUxK6VFHtBZcKAk5E1J/umGA9
wY2i8KmWh22EFaDcYQVr2CYrW1bPWikV7UHMYFWt0V1xhVguxf9YPgU2qIC/N4CC
a3Wtny4jXqjHSvbFNH5Hdmo6YwqOmmXNAjFpe/ZtW8rokZW7drye9rLZS1nyAY1j
rv9SUs3Hwd84sCtZ2Zv6wKp5b/K/WDNGRthPcBgpxYtvpD0FoSzMbSA12QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJIcQdO6J27ZdIB8/PuqS2g1FKmKMB8GA1UdIwQY
MBaAFEEEpAghxBdsxC4lXvbBcnRzw/AKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMt
YjI3ZDZlMjc4ZTE4LzEva2h4QjA3b25idGwwZ0h6OC02cExhRFVVcVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS85Njk5NjItMTJkMy00MWIyLWFiNDMtYjI3ZDZlMjc4ZTE4
LzEvUVFTa0NDSEVGMnpFTGlWZTlzRnlkSFBEOEFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUndbMA0G
CSqGSIb3DQEBCwUAA4IBAQBrm1KHT+OuXzAI6eiUpZXng4Kr9FIaxBjcYTEYH9hT
YPSYs666qPsIOt3CSKx/+PUr+r/HFlyYfH07MWUYW9JPUZS1SmJxRc7y2LAa944x
ez3sqWeBUcAu6NBt6UVZtpFbVVgJQCICgz1+7qRaNhCUhKcvQXum9/mqWN+E9p+7
UURLflhr5BNl+9GvOicaiYo/GO63kfu6fHA+4hV2QPLmHPJCsT+w01NghmoNbwJc
PI/Qcqr+dbZsictmBQudJ9okrOx1/1wWIjs6Li86H9apG37uWVesJdJc9u7/8Yzl
Ne4HBoDMOuOO0Ti4nB5f3C9OuqRq2lub7xzSPUMVuz6D
-----END CERTIFICATE-----