Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/AQ_KjEtM_pqJ2AYXfIwtthZXFag.roa
File:                     AQ_KjEtM_pqJ2AYXfIwtthZXFag.roa (raw, json)
Hash identifier:          VJrFhJzxBkfwN4h9sElSbF2uvONObcMYUZAqNMaGbcA=
Subject key identifier:   01:0F:CA:8C:4B:4C:FE:9A:89:D8:06:17:7C:8C:2D:B6:16:57:15:A8
Certificate issuer:       /CN=42dbcf9b8eb036043bb7f7b8d3386bce24d5dd6e
Certificate serial:       018CC9BCF9C329BBB5E3035891B9703669AC
Authority key identifier: 42:DB:CF:9B:8E:B0:36:04:3B:B7:F7:B8:D3:38:6B:CE:24:D5:DD:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QtvPm46wNgQ7t_e40zhrziTV3W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/AQ_KjEtM_pqJ2AYXfIwtthZXFag.roa
Signing time:             Tue 02 Jan 2024 10:34:14 +0000
ROA not before:           Tue 02 Jan 2024 10:34:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212151
IP address blocks:        91.213.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/QtvPm46wNgQ7t_e40zhrziTV3W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/QtvPm46wNgQ7t_e40zhrziTV3W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QtvPm46wNgQ7t_e40zhrziTV3W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 04:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:f9:c3:29:bb:b5:e3:03:58:91:b9:70:36:69:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42dbcf9b8eb036043bb7f7b8d3386bce24d5dd6e
        Validity
            Not Before: Jan  2 10:34:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=010fca8c4b4cfe9a89d806177c8c2db6165715a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ca:3f:f9:f8:d9:72:3d:28:ad:b8:cb:30:6d:
                    b6:e4:24:c6:4c:3b:3f:01:c7:8d:39:2e:08:35:a8:
                    db:51:30:2b:08:4f:a9:f7:a6:a0:f7:ad:76:eb:39:
                    e8:37:f1:76:73:dd:7f:fc:5a:e4:7c:9f:e9:ee:b8:
                    c9:37:2c:f0:f7:43:08:68:6f:87:81:df:08:af:2c:
                    4c:b0:bc:69:78:91:54:8d:3b:3a:46:07:6d:f0:fd:
                    00:81:6d:4d:fb:14:e4:9f:95:a8:bf:a9:2e:e4:19:
                    9a:67:1e:b7:e0:30:92:20:8c:83:16:e3:ca:3c:60:
                    31:36:11:3d:ae:61:4f:f7:0f:49:f5:1c:e3:67:e4:
                    a4:f0:8c:3d:ca:46:1b:6f:8e:1b:a4:fb:33:64:fd:
                    18:f5:3c:7d:d2:a9:3d:f4:ef:cf:e2:72:2d:68:fc:
                    1d:7f:d5:ef:08:c9:5b:43:02:8f:5a:f5:01:b4:b6:
                    6f:b1:60:d2:e0:38:a3:1d:0e:59:3e:8c:3c:65:39:
                    66:a2:eb:35:0e:79:42:b8:30:04:c3:5a:de:5b:69:
                    d9:46:d2:8f:c5:74:5a:4c:de:c6:ae:a4:a6:89:88:
                    a4:29:da:58:7b:02:9c:54:2b:73:38:67:4b:f5:e9:
                    82:76:d0:54:bd:b8:59:95:ad:7b:9d:b4:98:53:79:
                    54:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:0F:CA:8C:4B:4C:FE:9A:89:D8:06:17:7C:8C:2D:B6:16:57:15:A8
            X509v3 Authority Key Identifier:
                keyid:42:DB:CF:9B:8E:B0:36:04:3B:B7:F7:B8:D3:38:6B:CE:24:D5:DD:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QtvPm46wNgQ7t_e40zhrziTV3W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/AQ_KjEtM_pqJ2AYXfIwtthZXFag.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/80841a-88ae-4b0e-8e25-48ae70161e79/1/QtvPm46wNgQ7t_e40zhrziTV3W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:67:36:3b:62:10:5c:83:33:39:84:43:2b:aa:7e:ca:b8:1f:
         51:c5:1a:bf:47:27:78:53:e7:42:9a:c3:0f:6b:30:c1:69:52:
         f7:03:1b:3e:65:24:7f:51:69:4c:26:e1:81:d7:5c:d7:d4:e8:
         2a:8d:c2:9b:fe:41:61:be:ed:69:62:5a:54:a1:ea:ee:42:28:
         42:21:63:33:21:35:1e:3f:df:74:a3:d9:e6:79:9e:56:02:29:
         36:5c:bb:04:e1:29:af:9d:3e:2f:8f:47:a6:ab:8e:52:24:55:
         ca:a2:be:8a:17:80:a5:d2:fa:de:fd:98:4b:82:05:e2:04:37:
         2b:46:1d:84:be:74:43:71:96:84:bb:96:7b:1e:ab:3d:da:18:
         26:0b:9a:a3:91:9d:06:9f:59:2d:09:3e:9d:9c:cc:3e:ef:b3:
         77:50:2c:5e:49:1f:b8:40:69:7a:38:90:a2:2d:a4:67:39:b0:
         6f:54:e8:cc:58:d1:9a:4b:bd:3f:62:30:aa:71:e9:e0:4c:bb:
         8f:7b:50:8f:22:55:a6:53:8a:d3:bd:c5:5d:f6:ab:bd:4b:57:
         27:a7:7b:4b:7b:0f:3f:64:bb:87:b3:6d:6d:40:37:7c:32:92:
         63:42:95:fa:16:33:bc:e2:56:b2:38:b2:3f:6a:23:90:7b:23:
         64:d9:e3:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvPnDKbu14wNYkblwNmmsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyZGJjZjliOGViMDM2MDQzYmI3ZjdiOGQzMzg2YmNlMjRk
NWRkNmUwHhcNMjQwMTAyMTAzNDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTBmY2E4YzRiNGNmZTlhODlkODA2MTc3YzhjMmRiNjE2NTcxNWE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMo/+fjZcj0orbjLMG225CTGTDs/
AceNOS4INajbUTArCE+p96ag96126znoN/F2c91//FrkfJ/p7rjJNyzw90MIaG+H
gd8IryxMsLxpeJFUjTs6Rgdt8P0AgW1N+xTkn5Wov6ku5BmaZx634DCSIIyDFuPK
PGAxNhE9rmFP9w9J9RzjZ+Sk8Iw9ykYbb44bpPszZP0Y9Tx90qk99O/P4nItaPwd
f9XvCMlbQwKPWvUBtLZvsWDS4DijHQ5ZPow8ZTlmous1DnlCuDAEw1reW2nZRtKP
xXRaTN7GrqSmiYikKdpYewKcVCtzOGdL9emCdtBUvbhZla17nbSYU3lUIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAEPyoxLTP6aidgGF3yMLbYWVxWoMB8GA1UdIwQY
MBaAFELbz5uOsDYEO7f3uNM4a84k1d1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXR2UG00NndOZ1E3dF9lNDB6aHJ6aVRWM1c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84MDg0MWEtODhhZS00YjBlLThlMjUt
NDhhZTcwMTYxZTc5LzEvQVFfS2pFdE1fcHFKMkFZWGZJd3R0aFpYRmFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84MDg0MWEtODhhZS00YjBlLThlMjUtNDhhZTcwMTYxZTc5
LzEvUXR2UG00NndOZ1E3dF9lNDB6aHJ6aVRWM1c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9U1MA0G
CSqGSIb3DQEBCwUAA4IBAQB7ZzY7YhBcgzM5hEMrqn7KuB9RxRq/Ryd4U+dCmsMP
azDBaVL3Axs+ZSR/UWlMJuGB11zX1OgqjcKb/kFhvu1pYlpUoeruQihCIWMzITUe
P990o9nmeZ5WAik2XLsE4SmvnT4vj0emq45SJFXKor6KF4Cl0vre/ZhLggXiBDcr
Rh2EvnRDcZaEu5Z7Hqs92hgmC5qjkZ0Gn1ktCT6dnMw+77N3UCxeSR+4QGl6OJCi
LaRnObBvVOjMWNGaS70/YjCqcengTLuPe1CPIlWmU4rTvcVd9qu9S1cnp3tLew8/
ZLuHs21tQDd8MpJjQpX6FjO84layOLI/aiOQeyNk2eOX
-----END CERTIFICATE-----