Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/8964tiUCrci-dSkDlhkG-ckPcFg.roa
File:                     8964tiUCrci-dSkDlhkG-ckPcFg.roa (raw, json)
Hash identifier:          Rx+Y3g/PNyAfTkv/fzvW90GXeVi8TmddmM6ip16OFZg=
Subject key identifier:   F3:DE:B8:B6:25:02:AD:C8:BE:75:29:03:96:19:06:F9:C9:0F:70:58
Certificate issuer:       /CN=2bf2fae380c5d4c1e281810a34db9883c9d9ff2f
Certificate serial:       019426D910A8AAC70A3F9B49998347CC5CFC
Authority key identifier: 2B:F2:FA:E3:80:C5:D4:C1:E2:81:81:0A:34:DB:98:83:C9:D9:FF:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K_L644DF1MHigYEKNNuYg8nZ_y8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/8964tiUCrci-dSkDlhkG-ckPcFg.roa
Signing time:             Thu 02 Jan 2025 11:49:07 +0000
ROA not before:           Thu 02 Jan 2025 11:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        91.223.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/K_L644DF1MHigYEKNNuYg8nZ_y8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/K_L644DF1MHigYEKNNuYg8nZ_y8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K_L644DF1MHigYEKNNuYg8nZ_y8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:10:a8:aa:c7:0a:3f:9b:49:99:83:47:cc:5c:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2bf2fae380c5d4c1e281810a34db9883c9d9ff2f
        Validity
            Not Before: Jan  2 11:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f3deb8b62502adc8be752903961906f9c90f7058
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2d:57:fd:e3:27:d8:0c:e0:99:6d:95:14:1e:
                    11:69:34:99:51:dd:5d:98:32:63:73:79:a0:6d:b8:
                    2b:50:43:ac:5c:5a:83:07:a2:69:88:51:e2:f4:f2:
                    64:e7:8a:70:42:d2:bb:ad:18:4b:46:2c:c1:94:00:
                    17:ab:da:9b:7d:7d:07:62:89:50:27:c8:db:d9:63:
                    fa:a2:7a:ba:16:67:9d:76:9d:fe:44:7e:ae:38:20:
                    1c:e3:db:6e:04:69:92:9c:33:b0:95:c8:a9:97:c0:
                    bd:65:97:e9:51:26:8e:8e:f7:ab:5e:4e:7a:3d:c1:
                    ff:da:45:a2:80:a0:4e:02:97:67:df:f2:3b:07:28:
                    0f:9d:82:20:e6:6b:b6:33:e7:21:18:4f:74:69:66:
                    c0:26:db:2b:42:06:b8:e9:6c:e9:18:33:db:4c:41:
                    6e:6b:5f:2a:d9:79:34:89:20:08:6e:1e:27:64:58:
                    c2:1d:25:d6:21:a8:04:de:dc:ac:9b:60:64:f7:f2:
                    c3:22:14:a4:c1:ee:f3:27:69:e2:ec:8d:b0:dc:c7:
                    3f:7c:80:05:7e:4a:db:a6:b5:61:29:fc:81:50:c7:
                    24:7b:21:a6:41:22:13:5c:24:c5:22:17:a6:15:b3:
                    8a:4d:70:8b:ba:6b:38:81:87:ab:92:b3:5d:f7:d0:
                    86:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:DE:B8:B6:25:02:AD:C8:BE:75:29:03:96:19:06:F9:C9:0F:70:58
            X509v3 Authority Key Identifier:
                keyid:2B:F2:FA:E3:80:C5:D4:C1:E2:81:81:0A:34:DB:98:83:C9:D9:FF:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K_L644DF1MHigYEKNNuYg8nZ_y8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/8964tiUCrci-dSkDlhkG-ckPcFg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/13e1ff-a5d3-44cd-b1be-fbf0ed3f9157/1/K_L644DF1MHigYEKNNuYg8nZ_y8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:89:52:0c:59:56:3a:43:4b:20:78:56:79:b8:f3:f3:7b:36:
         bd:ee:77:72:9c:76:6e:de:08:17:5c:fc:f0:48:1f:f3:ac:dd:
         c2:25:4e:25:33:d4:e5:17:5f:2a:a2:83:ce:bb:67:d4:e3:b1:
         e4:17:3f:8d:7a:90:79:ee:58:3d:5d:97:23:bd:fb:b2:a4:78:
         ac:03:cf:a1:c6:35:e4:47:36:1c:fe:de:4b:16:0c:15:28:75:
         77:de:49:53:9c:70:ad:e2:a7:79:6c:8d:e5:00:13:32:61:68:
         a0:b3:ec:49:c5:17:d7:e5:f4:b1:22:30:7f:13:d0:b9:bb:75:
         a5:1d:97:a7:c1:ec:4a:6f:99:fb:84:3a:3c:3b:3f:ae:ea:49:
         19:b9:0e:db:80:30:65:c8:25:a0:e6:87:ad:0e:e7:e8:ff:01:
         e4:cc:c3:f4:51:b0:ef:31:db:4c:41:b3:81:23:18:10:11:a7:
         ab:0e:ff:0c:ea:7b:e2:b9:3a:e1:af:7f:d9:07:c9:22:49:c2:
         a0:54:a9:c6:53:8c:f8:d2:8e:04:23:d6:87:64:13:9c:b9:b8:
         9a:03:eb:2c:33:ea:0f:e1:92:dd:26:85:9b:ae:80:be:40:d2:
         ef:6d:86:91:a8:57:06:b3:16:e6:59:67:2a:1d:90:f9:f2:f8:
         6e:de:dd:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2RCoqscKP5tJmYNHzFz8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiZjJmYWUzODBjNWQ0YzFlMjgxODEwYTM0ZGI5ODgzYzlk
OWZmMmYwHhcNMjUwMTAyMTE0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2RlYjhiNjI1MDJhZGM4YmU3NTI5MDM5NjE5MDZmOWM5MGY3MDU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApi1X/eMn2AzgmW2VFB4RaTSZUd1d
mDJjc3mgbbgrUEOsXFqDB6JpiFHi9PJk54pwQtK7rRhLRizBlAAXq9qbfX0HYolQ
J8jb2WP6onq6Fmeddp3+RH6uOCAc49tuBGmSnDOwlcipl8C9ZZfpUSaOjverXk56
PcH/2kWigKBOApdn3/I7BygPnYIg5mu2M+chGE90aWbAJtsrQga46WzpGDPbTEFu
a18q2Xk0iSAIbh4nZFjCHSXWIagE3tysm2Bk9/LDIhSkwe7zJ2ni7I2w3Mc/fIAF
fkrbprVhKfyBUMckeyGmQSITXCTFIhemFbOKTXCLums4gYerkrNd99CGgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPeuLYlAq3IvnUpA5YZBvnJD3BYMB8GA1UdIwQY
MBaAFCvy+uOAxdTB4oGBCjTbmIPJ2f8vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS19MNjQ0REYxTUhpZ1lFS05OdVlnOG5aX3k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xM2UxZmYtYTVkMy00NGNkLWIxYmUt
ZmJmMGVkM2Y5MTU3LzEvODk2NHRpVUNyY2ktZFNrRGxoa0ctY2tQY0ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xM2UxZmYtYTVkMy00NGNkLWIxYmUtZmJmMGVkM2Y5MTU3
LzEvS19MNjQ0REYxTUhpZ1lFS05OdVlnOG5aX3k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+7MA0G
CSqGSIb3DQEBCwUAA4IBAQA+iVIMWVY6Q0sgeFZ5uPPzeza97ndynHZu3ggXXPzw
SB/zrN3CJU4lM9TlF18qooPOu2fU47HkFz+NepB57lg9XZcjvfuypHisA8+hxjXk
RzYc/t5LFgwVKHV33klTnHCt4qd5bI3lABMyYWigs+xJxRfX5fSxIjB/E9C5u3Wl
HZenwexKb5n7hDo8Oz+u6kkZuQ7bgDBlyCWg5oetDufo/wHkzMP0UbDvMdtMQbOB
IxgQEaerDv8M6nviuTrhr3/ZB8kiScKgVKnGU4z40o4EI9aHZBOcubiaA+ssM+oP
4ZLdJoWbroC+QNLvbYaRqFcGsxbmWWcqHZD58vhu3t16
-----END CERTIFICATE-----