Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/654433-e320-42ae-bb61-570b14833534/1/mj2SP2YUf8OOW3PWyfsSenlnbcQ.roa
File:                     mj2SP2YUf8OOW3PWyfsSenlnbcQ.roa (raw, json)
Hash identifier:          7rYL22HIBA9YP5PrLL9E5bTyxJEJdAa2DC73cuHwaP4=
Subject key identifier:   9A:3D:92:3F:66:14:7F:C3:8E:5B:73:D6:C9:FB:12:7A:79:67:6D:C4
Certificate issuer:       /CN=cba0171a02d5e4a75fb40635545ae0064c8cccad
Certificate serial:       0194221FF793600F4D9ABC6C05553132190E
Authority key identifier: CB:A0:17:1A:02:D5:E4:A7:5F:B4:06:35:54:5A:E0:06:4C:8C:CC:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/y6AXGgLV5KdftAY1VFrgBkyMzK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/654433-e320-42ae-bb61-570b14833534/1/mj2SP2YUf8OOW3PWyfsSenlnbcQ.roa
Signing time:             Wed 01 Jan 2025 13:48:27 +0000
ROA not before:           Wed 01 Jan 2025 13:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        91.213.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/654433-e320-42ae-bb61-570b14833534/1/y6AXGgLV5KdftAY1VFrgBkyMzK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/654433-e320-42ae-bb61-570b14833534/1/y6AXGgLV5KdftAY1VFrgBkyMzK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/y6AXGgLV5KdftAY1VFrgBkyMzK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f7:93:60:0f:4d:9a:bc:6c:05:55:31:32:19:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cba0171a02d5e4a75fb40635545ae0064c8cccad
        Validity
            Not Before: Jan  1 13:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a3d923f66147fc38e5b73d6c9fb127a79676dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:28:59:80:f1:c7:ad:73:5c:3d:87:47:05:ba:
                    3e:07:03:7b:1b:71:88:c8:05:28:84:ac:2f:69:9d:
                    fe:ac:a4:56:bc:35:13:76:ad:42:06:27:f0:9b:12:
                    e9:c0:4e:6f:14:ae:35:99:6a:c5:88:68:9e:f9:11:
                    e8:57:c3:e6:c7:5a:d4:54:d4:55:96:16:32:e7:97:
                    19:22:98:ed:c3:f9:bd:e5:52:63:eb:42:16:74:a4:
                    98:a1:68:36:1a:d2:3c:1c:03:1d:6c:b1:45:33:29:
                    47:6a:12:45:f7:e9:17:53:30:2f:1e:13:42:79:f1:
                    bf:e6:db:85:a6:fc:a4:f0:71:88:6f:48:bb:3a:94:
                    cc:8d:37:b1:6b:7e:f0:d6:73:e9:9e:0a:e5:8c:9c:
                    2f:f2:4b:b1:e6:85:e4:88:5a:32:29:56:2c:88:5f:
                    cd:84:e2:0f:a2:9c:12:f5:2c:53:55:11:24:fa:52:
                    47:d1:75:46:e0:14:51:eb:35:28:90:1a:10:11:60:
                    e9:99:b7:36:08:c8:f3:7a:09:0a:c8:d7:6f:bc:94:
                    b0:6b:09:89:8d:9f:1c:41:00:39:1c:c2:60:1d:e7:
                    2b:51:1c:1f:79:a9:e6:a0:f1:83:70:d2:06:96:fe:
                    c4:b3:26:a2:25:b8:40:6b:80:80:32:77:09:9d:23:
                    6d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:3D:92:3F:66:14:7F:C3:8E:5B:73:D6:C9:FB:12:7A:79:67:6D:C4
            X509v3 Authority Key Identifier:
                keyid:CB:A0:17:1A:02:D5:E4:A7:5F:B4:06:35:54:5A:E0:06:4C:8C:CC:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y6AXGgLV5KdftAY1VFrgBkyMzK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/654433-e320-42ae-bb61-570b14833534/1/mj2SP2YUf8OOW3PWyfsSenlnbcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/654433-e320-42ae-bb61-570b14833534/1/y6AXGgLV5KdftAY1VFrgBkyMzK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:4a:7c:ba:0e:78:0f:d4:19:2f:ef:ce:8b:34:eb:ef:8f:dc:
         d1:80:a1:98:f5:0c:12:2c:a0:91:96:e0:51:4b:47:c7:1f:d2:
         d1:ce:a0:e6:64:27:a5:f6:39:db:fc:99:3a:fe:b6:84:7c:21:
         53:db:aa:52:34:3b:e3:c5:0d:f4:b9:cf:ad:3f:29:c3:c7:f7:
         3a:5e:70:5c:2f:66:8f:49:9e:11:60:31:99:88:a9:a5:cc:95:
         9b:68:3c:1b:b5:ea:a5:00:83:b4:0a:92:2d:dc:4d:00:15:9c:
         99:c4:95:13:cb:fa:bc:6a:ed:ff:b5:67:a3:d2:a9:ea:62:ed:
         69:7f:91:3b:52:3d:a0:36:ee:70:7c:b6:b4:51:7a:14:3d:4a:
         84:9c:e7:b6:50:6f:e6:d4:2d:fc:b5:8d:9b:cf:7d:ac:46:83:
         12:cd:a4:30:58:72:76:3a:32:ab:5a:82:56:63:07:87:60:2d:
         2a:8e:94:be:8f:69:5f:b2:af:64:bb:07:3a:cf:89:c5:f5:01:
         82:eb:68:36:29:64:9d:33:25:5d:bc:6f:5f:d4:5a:b3:29:11:
         34:80:1c:0d:eb:a1:80:e7:1f:e8:a7:18:7a:ef:5e:02:2c:23:
         fc:7e:4c:07:50:81:ef:a1:cc:60:f9:3c:cc:fd:f3:12:ed:02:
         93:70:6a:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/eTYA9NmrxsBVUxMhkOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiYTAxNzFhMDJkNWU0YTc1ZmI0MDYzNTU0NWFlMDA2NGM4
Y2NjYWQwHhcNMjUwMTAxMTM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTNkOTIzZjY2MTQ3ZmMzOGU1YjczZDZjOWZiMTI3YTc5Njc2ZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgyhZgPHHrXNcPYdHBbo+BwN7G3GI
yAUohKwvaZ3+rKRWvDUTdq1CBifwmxLpwE5vFK41mWrFiGie+RHoV8Pmx1rUVNRV
lhYy55cZIpjtw/m95VJj60IWdKSYoWg2GtI8HAMdbLFFMylHahJF9+kXUzAvHhNC
efG/5tuFpvyk8HGIb0i7OpTMjTexa37w1nPpngrljJwv8kux5oXkiFoyKVYsiF/N
hOIPopwS9SxTVREk+lJH0XVG4BRR6zUokBoQEWDpmbc2CMjzegkKyNdvvJSwawmJ
jZ8cQQA5HMJgHecrURwfeanmoPGDcNIGlv7EsyaiJbhAa4CAMncJnSNtAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJo9kj9mFH/Djltz1sn7Enp5Z23EMB8GA1UdIwQY
MBaAFMugFxoC1eSnX7QGNVRa4AZMjMytMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTZBWEdnTFY1S2RmdEFZMVZGcmdCa3lNekswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC82NTQ0MzMtZTMyMC00MmFlLWJiNjEt
NTcwYjE0ODMzNTM0LzEvbWoyU1AyWVVmOE9PVzNQV3lmc1NlbmxuYmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC82NTQ0MzMtZTMyMC00MmFlLWJiNjEtNTcwYjE0ODMzNTM0
LzEveTZBWEdnTFY1S2RmdEFZMVZGcmdCa3lNekswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9VEMA0G
CSqGSIb3DQEBCwUAA4IBAQCYSny6DngP1Bkv786LNOvvj9zRgKGY9QwSLKCRluBR
S0fHH9LRzqDmZCel9jnb/Jk6/raEfCFT26pSNDvjxQ30uc+tPynDx/c6XnBcL2aP
SZ4RYDGZiKmlzJWbaDwbteqlAIO0CpIt3E0AFZyZxJUTy/q8au3/tWej0qnqYu1p
f5E7Uj2gNu5wfLa0UXoUPUqEnOe2UG/m1C38tY2bz32sRoMSzaQwWHJ2OjKrWoJW
YweHYC0qjpS+j2lfsq9kuwc6z4nF9QGC62g2KWSdMyVdvG9f1FqzKRE0gBwN66GA
5x/opxh6714CLCP8fkwHUIHvocxg+TzM/fMS7QKTcGqf
-----END CERTIFICATE-----