Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/xhqwO8h-NtHmNo7-Qs1PvAeqCns.roa
File:                     xhqwO8h-NtHmNo7-Qs1PvAeqCns.roa (raw, json)
Hash identifier:          euSAJF/P/Pf62S03sCfYP3rS1wT/ay20A2O2n4ybt1I=
Subject key identifier:   C6:1A:B0:3B:C8:7E:36:D1:E6:36:8E:FE:42:CD:4F:BC:07:AA:0A:7B
Certificate issuer:       /CN=2ff6182beb7b82c8573df8b6d51044d6c6724e82
Certificate serial:       019423D6DE190F0E17F247F21C45B070A5CA
Authority key identifier: 2F:F6:18:2B:EB:7B:82:C8:57:3D:F8:B6:D5:10:44:D6:C6:72:4E:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/xhqwO8h-NtHmNo7-Qs1PvAeqCns.roa
Signing time:             Wed 01 Jan 2025 21:47:51 +0000
ROA not before:           Wed 01 Jan 2025 21:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43641
IP address blocks:        91.198.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:de:19:0f:0e:17:f2:47:f2:1c:45:b0:70:a5:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ff6182beb7b82c8573df8b6d51044d6c6724e82
        Validity
            Not Before: Jan  1 21:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c61ab03bc87e36d1e6368efe42cd4fbc07aa0a7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ba:c1:a8:4b:8c:f1:5b:1e:39:59:4e:c7:68:
                    1c:f8:ea:ae:32:e7:71:89:09:d3:d4:0e:a1:29:d3:
                    15:d6:17:d8:cc:5f:74:67:80:00:13:c0:0d:3e:58:
                    87:e1:c0:45:05:99:4e:61:09:83:98:8b:5d:37:90:
                    01:ea:90:d5:9b:eb:fb:89:c6:11:46:c9:53:f9:01:
                    0f:37:ce:44:f4:8d:8b:09:99:bd:88:c4:e8:54:2f:
                    aa:69:51:92:85:07:6d:41:44:e3:d5:c1:6f:b5:cd:
                    83:5d:84:d8:4f:fb:58:e9:31:05:2f:c3:2a:1f:26:
                    78:03:b4:c9:64:f3:c1:07:7c:91:86:17:50:1d:84:
                    74:ca:6e:4a:85:87:dd:ec:7f:2d:d5:7c:88:9c:07:
                    2d:30:c0:e9:55:25:56:4b:ed:37:8d:a3:65:66:17:
                    07:c6:21:06:2a:12:b6:8a:d0:20:6d:3e:17:bd:e5:
                    df:81:db:85:dd:a0:e1:3b:78:f1:dc:dd:a4:79:4d:
                    68:e8:05:21:eb:3e:c4:88:ee:f8:9f:2c:42:84:8c:
                    9f:b1:a9:ef:72:d6:ea:03:7f:c5:8f:2c:be:8c:3a:
                    a1:06:a2:35:81:5b:61:ee:f4:94:a9:07:d5:10:bf:
                    8c:de:cb:2b:6f:d3:20:10:6f:4e:3f:1d:ed:56:5b:
                    7b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:1A:B0:3B:C8:7E:36:D1:E6:36:8E:FE:42:CD:4F:BC:07:AA:0A:7B
            X509v3 Authority Key Identifier:
                keyid:2F:F6:18:2B:EB:7B:82:C8:57:3D:F8:B6:D5:10:44:D6:C6:72:4E:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L_YYK-t7gshXPfi21RBE1sZyToI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/xhqwO8h-NtHmNo7-Qs1PvAeqCns.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/a8ecfb-7355-4cfe-84bf-b776a220456b/1/L_YYK-t7gshXPfi21RBE1sZyToI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:15:c5:93:dd:8b:22:bb:d7:a9:e8:c1:29:63:a3:5a:e5:98:
         de:8b:d8:39:4d:43:3f:64:34:c6:8b:87:1a:c5:0d:f2:16:16:
         2a:b8:a7:80:65:56:4f:6d:e0:86:1c:7c:8f:53:cf:7c:f9:7d:
         98:c0:ae:07:a1:f8:f9:fe:79:30:22:ab:cd:57:6f:d6:bb:60:
         ea:d2:24:28:38:ec:a1:08:50:0e:e3:a4:e6:30:1d:6c:7d:e0:
         99:98:c9:c6:a1:a6:15:be:5e:ff:a1:21:d8:8f:40:ea:b4:d8:
         57:42:2e:99:bc:7c:a5:4b:76:38:8a:7f:42:d9:8c:95:2c:57:
         7e:9d:2d:0f:84:a7:df:41:fc:f0:eb:89:3f:c3:36:1d:ea:fd:
         d2:0f:99:60:d0:83:53:23:88:dd:d5:d9:6e:ec:d5:6e:e8:0d:
         2e:7c:32:d0:26:25:5f:79:9f:87:58:71:6d:7b:be:db:ac:dc:
         e9:79:59:53:26:e0:72:18:4f:d5:45:27:02:07:2d:31:3f:29:
         ab:29:9c:9a:12:87:59:7d:f6:99:4c:b4:4c:29:ae:53:41:60:
         5d:eb:55:d4:24:96:bd:41:af:80:cf:63:71:a3:89:89:36:d2:
         81:29:bf:ce:0c:9a:e8:1e:30:2c:3f:07:df:64:36:1b:00:2d:
         25:4d:18:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1t4ZDw4X8kfyHEWwcKXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmZjYxODJiZWI3YjgyYzg1NzNkZjhiNmQ1MTA0NGQ2YzY3
MjRlODIwHhcNMjUwMTAxMjE0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjFhYjAzYmM4N2UzNmQxZTYzNjhlZmU0MmNkNGZiYzA3YWEwYTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLrBqEuM8VseOVlOx2gc+OquMudx
iQnT1A6hKdMV1hfYzF90Z4AAE8ANPliH4cBFBZlOYQmDmItdN5AB6pDVm+v7icYR
RslT+QEPN85E9I2LCZm9iMToVC+qaVGShQdtQUTj1cFvtc2DXYTYT/tY6TEFL8Mq
HyZ4A7TJZPPBB3yRhhdQHYR0ym5KhYfd7H8t1XyInActMMDpVSVWS+03jaNlZhcH
xiEGKhK2itAgbT4XveXfgduF3aDhO3jx3N2keU1o6AUh6z7EiO74nyxChIyfsanv
ctbqA3/Fjyy+jDqhBqI1gVth7vSUqQfVEL+M3ssrb9MgEG9OPx3tVlt7nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYasDvIfjbR5jaO/kLNT7wHqgp7MB8GA1UdIwQY
MBaAFC/2GCvre4LIVz34ttUQRNbGck6CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTF9ZWUstdDdnc2hYUGZpMjFSQkUxc1p5VG9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9hOGVjZmItNzM1NS00Y2ZlLTg0YmYt
Yjc3NmEyMjA0NTZiLzEveGhxd084aC1OdEhtTm83LVFzMVB2QWVxQ25zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9hOGVjZmItNzM1NS00Y2ZlLTg0YmYtYjc3NmEyMjA0NTZi
LzEvTF9ZWUstdDdnc2hYUGZpMjFSQkUxc1p5VG9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZfMA0G
CSqGSIb3DQEBCwUAA4IBAQCGFcWT3Ysiu9ep6MEpY6Na5Zjei9g5TUM/ZDTGi4ca
xQ3yFhYquKeAZVZPbeCGHHyPU898+X2YwK4Hofj5/nkwIqvNV2/Wu2Dq0iQoOOyh
CFAO46TmMB1sfeCZmMnGoaYVvl7/oSHYj0DqtNhXQi6ZvHylS3Y4in9C2YyVLFd+
nS0PhKffQfzw64k/wzYd6v3SD5lg0INTI4jd1dlu7NVu6A0ufDLQJiVfeZ+HWHFt
e77brNzpeVlTJuByGE/VRScCBy0xPymrKZyaEodZffaZTLRMKa5TQWBd61XUJJa9
Qa+Az2Nxo4mJNtKBKb/ODJroHjAsPwffZDYbAC0lTRj1
-----END CERTIFICATE-----