Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/57b7e1-8a91-4a00-a022-6d345ebc144e/1/cq-t0QmlE96Hc9mEb2iPXLSxbK8.roa
File:                     cq-t0QmlE96Hc9mEb2iPXLSxbK8.roa (raw, json)
Hash identifier:          LXJ5hq3+mqR1VeE8MX4R7OD7d6yebriE36/Lr8GlHIQ=
Subject key identifier:   72:AF:AD:D1:09:A5:13:DE:87:73:D9:84:6F:68:8F:5C:B4:B1:6C:AF
Certificate issuer:       /CN=05ab27bb08417e5e90ae3b4cbbfffbd6cbf040b6
Certificate serial:       018CC5DC29690A9D0D0A8999D6B9E068F798
Authority key identifier: 05:AB:27:BB:08:41:7E:5E:90:AE:3B:4C:BB:FF:FB:D6:CB:F0:40:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BasnuwhBfl6QrjtMu__71svwQLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/57b7e1-8a91-4a00-a022-6d345ebc144e/1/cq-t0QmlE96Hc9mEb2iPXLSxbK8.roa
Signing time:             Mon 01 Jan 2024 16:29:49 +0000
ROA not before:           Mon 01 Jan 2024 16:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201953
IP address blocks:        91.212.25.0/24 maxlen: 24
                          2001:67c:5c8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/57b7e1-8a91-4a00-a022-6d345ebc144e/1/BasnuwhBfl6QrjtMu__71svwQLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/57b7e1-8a91-4a00-a022-6d345ebc144e/1/BasnuwhBfl6QrjtMu__71svwQLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BasnuwhBfl6QrjtMu__71svwQLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:29:69:0a:9d:0d:0a:89:99:d6:b9:e0:68:f7:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05ab27bb08417e5e90ae3b4cbbfffbd6cbf040b6
        Validity
            Not Before: Jan  1 16:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=72afadd109a513de8773d9846f688f5cb4b16caf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:7e:f5:37:eb:94:47:2e:af:af:9f:c4:27:f0:
                    da:1f:3b:82:86:46:22:9c:e2:9e:7a:20:7d:75:4d:
                    f5:b7:31:49:fa:ee:6a:cf:83:51:95:69:01:eb:96:
                    c2:98:74:90:5a:8c:21:05:ad:fe:bc:a8:ab:88:08:
                    fa:c0:fd:0d:29:62:74:70:f0:16:3b:33:ac:62:48:
                    d1:55:aa:f4:8d:50:00:7f:2b:d8:bb:70:3b:fe:31:
                    5b:03:3a:31:32:ab:2b:f5:8a:93:1e:b3:bc:41:ac:
                    c1:41:ef:f0:a3:7d:1a:29:d8:4f:83:74:49:69:22:
                    fe:ac:2a:f3:27:c3:7f:73:d8:a7:cd:a0:51:80:01:
                    cb:06:4b:bb:12:5a:44:c4:2b:c7:9d:3c:6b:66:53:
                    b7:62:8a:73:0e:2c:7d:59:35:81:63:3e:a1:e9:aa:
                    d9:6c:6c:f6:b2:61:8e:55:0b:cf:7b:9f:f6:7e:0e:
                    6d:ce:2a:c5:b6:b7:a6:c5:0b:ab:20:41:e5:db:c0:
                    0b:e3:45:65:68:25:6c:e9:08:d8:48:8b:49:36:3a:
                    5b:7e:83:f3:68:e8:54:e9:92:72:22:5b:04:95:bf:
                    be:d5:05:bf:b7:7c:f6:5c:db:03:2e:18:12:2d:d3:
                    cb:26:94:f6:b2:5a:3c:d9:b5:a2:31:a1:14:0b:fd:
                    a4:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:AF:AD:D1:09:A5:13:DE:87:73:D9:84:6F:68:8F:5C:B4:B1:6C:AF
            X509v3 Authority Key Identifier:
                keyid:05:AB:27:BB:08:41:7E:5E:90:AE:3B:4C:BB:FF:FB:D6:CB:F0:40:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BasnuwhBfl6QrjtMu__71svwQLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/57b7e1-8a91-4a00-a022-6d345ebc144e/1/cq-t0QmlE96Hc9mEb2iPXLSxbK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/57b7e1-8a91-4a00-a022-6d345ebc144e/1/BasnuwhBfl6QrjtMu__71svwQLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.25.0/24
                IPv6:
                  2001:67c:5c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:a8:56:e7:99:94:65:8e:01:c1:3f:5f:9e:27:0c:b3:b2:71:
         01:26:c2:a1:01:9a:23:c9:e0:5b:a0:33:7f:d9:c0:b8:76:fa:
         f2:9c:91:9d:53:a4:f5:3b:bc:5d:5a:e3:8a:80:65:36:04:cf:
         8f:1b:3d:ec:5b:49:5c:62:35:4a:b7:75:32:2c:bf:77:50:23:
         f2:b6:9c:19:28:af:34:c4:78:7e:16:0f:db:36:d0:e5:da:8f:
         4a:0a:cb:ad:8f:b6:f4:42:61:b0:f4:96:4b:d8:80:2b:cc:2b:
         ea:62:17:af:03:df:37:b9:e0:4c:df:0c:ea:1a:a5:80:89:24:
         7c:17:09:09:47:56:21:c2:4d:33:54:57:79:8b:e7:28:bc:68:
         08:9f:f4:32:d5:de:0e:a3:c9:3a:24:14:6e:0f:75:1f:a0:94:
         35:31:ba:6f:6b:43:75:f2:9b:7e:9d:87:d4:4f:3b:45:98:72:
         dd:64:43:bd:44:02:be:10:5f:73:94:83:fb:61:77:35:26:f7:
         e9:96:10:c9:5c:03:97:6b:34:e5:2e:da:88:d5:c3:f6:34:eb:
         92:9d:c2:3e:c2:4b:a0:cc:4b:b0:46:45:e5:66:11:b5:44:e0:
         c6:dc:07:f8:07:a3:05:f6:db:8c:01:a6:b5:0f:9f:52:c2:0d:
         bd:39:96:bb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzF3ClpCp0NComZ1rngaPeYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YWIyN2JiMDg0MTdlNWU5MGFlM2I0Y2JiZmZmYmQ2Y2Jm
MDQwYjYwHhcNMjQwMTAxMTYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmFmYWRkMTA5YTUxM2RlODc3M2Q5ODQ2ZjY4OGY1Y2I0YjE2Y2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn371N+uURy6vr5/EJ/DaHzuChkYi
nOKeeiB9dU31tzFJ+u5qz4NRlWkB65bCmHSQWowhBa3+vKiriAj6wP0NKWJ0cPAW
OzOsYkjRVar0jVAAfyvYu3A7/jFbAzoxMqsr9YqTHrO8QazBQe/wo30aKdhPg3RJ
aSL+rCrzJ8N/c9inzaBRgAHLBku7ElpExCvHnTxrZlO3YopzDix9WTWBYz6h6arZ
bGz2smGOVQvPe5/2fg5tzirFtremxQurIEHl28AL40VlaCVs6QjYSItJNjpbfoPz
aOhU6ZJyIlsElb++1QW/t3z2XNsDLhgSLdPLJpT2slo82bWiMaEUC/2kWQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHKvrdEJpRPeh3PZhG9oj1y0sWyvMB8GA1UdIwQY
MBaAFAWrJ7sIQX5ekK47TLv/+9bL8EC2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmFzbnV3aEJmbDZRcmp0TXVfXzcxc3Z3UUxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy81N2I3ZTEtOGE5MS00YTAwLWEwMjIt
NmQzNDVlYmMxNDRlLzEvY3EtdDBRbWxFOTZIYzltRWIyaVBYTFN4Yks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy81N2I3ZTEtOGE5MS00YTAwLWEwMjItNmQzNDVlYmMxNDRl
LzEvQmFzbnV3aEJmbDZRcmp0TXVfXzcxc3Z3UUxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9QZMA8E
AgACMAkDBwAgAQZ8BcgwDQYJKoZIhvcNAQELBQADggEBAEeoVueZlGWOAcE/X54n
DLOycQEmwqEBmiPJ4FugM3/ZwLh2+vKckZ1TpPU7vF1a44qAZTYEz48bPexbSVxi
NUq3dTIsv3dQI/K2nBkorzTEeH4WD9s20OXaj0oKy62PtvRCYbD0lkvYgCvMK+pi
F68D3ze54EzfDOoapYCJJHwXCQlHViHCTTNUV3mL5yi8aAif9DLV3g6jyTokFG4P
dR+glDUxum9rQ3Xym36dh9RPO0WYct1kQ71EAr4QX3OUg/thdzUm9+mWEMlcA5dr
NOUu2ojVw/Y065Kdwj7CS6DMS7BGReVmEbVE4MbcB/gHowX224wBprUPn1LCDb05
lrs=
-----END CERTIFICATE-----