Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/0oGqULcqh7TjR1aiXv8XIf0-NOc.roa
File:                     0oGqULcqh7TjR1aiXv8XIf0-NOc.roa (raw, json)
Hash identifier:          Z5ZVfPbO731TWKbW3nZdYbx/03d2bvLNYy1oWzqtiJI=
Subject key identifier:   D2:81:AA:50:B7:2A:87:B4:E3:47:56:A2:5E:FF:17:21:FD:3E:34:E7
Certificate issuer:       /CN=af413fd2ad9e25c84bc0b59e608a643663e6bb68
Certificate serial:       0194228DD7A7C420458D293AEDB9F3CFB0AA
Authority key identifier: AF:41:3F:D2:AD:9E:25:C8:4B:C0:B5:9E:60:8A:64:36:63:E6:BB:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r0E_0q2eJchLwLWeYIpkNmPmu2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/0oGqULcqh7TjR1aiXv8XIf0-NOc.roa
Signing time:             Wed 01 Jan 2025 15:48:28 +0000
ROA not before:           Wed 01 Jan 2025 15:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216275
IP address blocks:        91.226.144.0/23 maxlen: 23
                          2a13:e740::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/r0E_0q2eJchLwLWeYIpkNmPmu2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/r0E_0q2eJchLwLWeYIpkNmPmu2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r0E_0q2eJchLwLWeYIpkNmPmu2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:d7:a7:c4:20:45:8d:29:3a:ed:b9:f3:cf:b0:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af413fd2ad9e25c84bc0b59e608a643663e6bb68
        Validity
            Not Before: Jan  1 15:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d281aa50b72a87b4e34756a25eff1721fd3e34e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c2:94:96:20:63:ee:88:57:60:61:32:1c:e1:
                    cc:79:ed:84:8c:82:9b:c6:c3:9d:40:22:64:f0:5d:
                    42:87:bc:be:24:17:87:06:3f:5a:93:12:b5:2c:fa:
                    ce:eb:77:c0:5c:ce:74:5b:ed:c4:f8:3c:b2:e1:3e:
                    83:10:2e:d3:29:05:1a:39:9a:80:b3:35:f7:79:8c:
                    fe:25:c8:1e:9c:08:8c:36:97:86:7e:30:c8:44:de:
                    82:51:4f:6b:0f:25:a0:db:13:47:fc:d8:c8:c9:b6:
                    2a:06:84:a6:c0:02:37:8f:0f:cf:bd:5b:65:9f:0e:
                    09:40:36:92:c7:c9:7a:ba:b8:74:89:ee:31:6e:df:
                    d2:9a:07:57:46:2f:f8:53:22:7d:b6:de:0a:a9:e1:
                    84:50:c1:5d:ef:30:a8:3d:51:6c:c8:b0:4e:f7:46:
                    de:83:f1:69:a5:3c:ce:d9:b2:ec:c1:2b:a7:36:2d:
                    08:24:fa:d4:2f:2d:f1:a4:51:6a:39:1d:90:bd:49:
                    68:dd:9a:07:91:e7:1e:e1:9e:36:67:ee:97:89:77:
                    17:2f:8d:40:08:74:85:4d:23:dd:1d:0d:4b:b3:ca:
                    7f:ce:24:93:33:5b:8a:eb:4f:7d:72:1f:b9:f3:2f:
                    8f:69:86:ab:38:0f:70:e0:dc:0f:a9:31:e1:7b:2c:
                    ab:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:81:AA:50:B7:2A:87:B4:E3:47:56:A2:5E:FF:17:21:FD:3E:34:E7
            X509v3 Authority Key Identifier:
                keyid:AF:41:3F:D2:AD:9E:25:C8:4B:C0:B5:9E:60:8A:64:36:63:E6:BB:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r0E_0q2eJchLwLWeYIpkNmPmu2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/0oGqULcqh7TjR1aiXv8XIf0-NOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/9af615-2c4e-4caf-b5af-ebbe1f477f68/1/r0E_0q2eJchLwLWeYIpkNmPmu2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.144.0/23
                IPv6:
                  2a13:e740::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:69:80:28:13:16:7a:f5:c6:db:5b:1a:03:c5:c2:b8:7e:12:
         1a:9b:c5:96:44:32:5d:ba:19:ac:b9:67:95:c8:3c:a6:8f:c4:
         c2:84:4b:d0:d6:13:59:e0:fa:8c:ab:73:e0:1e:a3:45:eb:6d:
         45:4f:ec:04:8d:70:bb:8d:e0:99:e7:52:ce:79:20:38:93:bc:
         9c:5a:e0:d3:7d:87:6e:f9:c9:dd:64:06:2a:88:43:53:e5:f2:
         ba:f4:18:eb:4d:f4:98:ad:1f:e9:47:d3:c4:78:81:9f:fe:d0:
         0d:85:56:cb:45:c4:79:fe:41:26:1f:f4:78:3e:93:9a:a7:b3:
         39:6d:cd:49:c4:28:32:62:3d:0f:51:db:29:12:02:0b:1e:d5:
         67:99:5f:74:3b:f5:04:9d:fb:fb:af:39:7b:73:38:63:f2:5b:
         8c:ab:f4:f3:a8:d3:f1:3d:44:47:f5:ed:35:ac:2b:2d:a6:fd:
         d0:e2:1d:89:0b:19:70:f6:24:db:97:03:cd:bb:b8:11:c2:56:
         72:1b:bf:d9:33:b8:6b:56:09:84:f1:ec:c1:12:6c:12:bc:51:
         5a:94:a9:68:50:4d:70:eb:82:db:2e:30:7b:14:e0:84:16:fa:
         49:30:30:22:52:30:ce:49:3c:ff:8f:3a:dc:61:eb:bb:59:7a:
         ec:f8:55:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijdenxCBFjSk67bnzz7CqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNDEzZmQyYWQ5ZTI1Yzg0YmMwYjU5ZTYwOGE2NDM2NjNl
NmJiNjgwHhcNMjUwMTAxMTU0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjgxYWE1MGI3MmE4N2I0ZTM0NzU2YTI1ZWZmMTcyMWZkM2UzNGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcKUliBj7ohXYGEyHOHMee2EjIKb
xsOdQCJk8F1Ch7y+JBeHBj9akxK1LPrO63fAXM50W+3E+Dyy4T6DEC7TKQUaOZqA
szX3eYz+JcgenAiMNpeGfjDIRN6CUU9rDyWg2xNH/NjIybYqBoSmwAI3jw/PvVtl
nw4JQDaSx8l6urh0ie4xbt/SmgdXRi/4UyJ9tt4KqeGEUMFd7zCoPVFsyLBO90be
g/FppTzO2bLswSunNi0IJPrULy3xpFFqOR2QvUlo3ZoHkece4Z42Z+6XiXcXL41A
CHSFTSPdHQ1Ls8p/ziSTM1uK6099ch+58y+PaYarOA9w4NwPqTHheyyrcQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNKBqlC3Koe040dWol7/FyH9PjTnMB8GA1UdIwQY
MBaAFK9BP9KtniXIS8C1nmCKZDZj5rtoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjBFXzBxMmVKY2hMd0xXZVlJcGtObVBtdTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC85YWY2MTUtMmM0ZS00Y2FmLWI1YWYt
ZWJiZTFmNDc3ZjY4LzEvMG9HcVVMY3FoN1RqUjFhaVh2OFhJZjAtTk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC85YWY2MTUtMmM0ZS00Y2FmLWI1YWYtZWJiZTFmNDc3ZjY4
LzEvcjBFXzBxMmVKY2hMd0xXZVlJcGtObVBtdTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW+KQMA0E
AgACMAcDBQMqE+dAMA0GCSqGSIb3DQEBCwUAA4IBAQBeaYAoExZ69cbbWxoDxcK4
fhIam8WWRDJduhmsuWeVyDymj8TChEvQ1hNZ4PqMq3PgHqNF621FT+wEjXC7jeCZ
51LOeSA4k7ycWuDTfYdu+cndZAYqiENT5fK69BjrTfSYrR/pR9PEeIGf/tANhVbL
RcR5/kEmH/R4PpOap7M5bc1JxCgyYj0PUdspEgILHtVnmV90O/UEnfv7rzl7czhj
8luMq/TzqNPxPURH9e01rCstpv3Q4h2JCxlw9iTblwPNu7gRwlZyG7/ZM7hrVgmE
8ezBEmwSvFFalKloUE1w64LbLjB7FOCEFvpJMDAiUjDOSTz/jzrcYeu7WXrs+FUH
-----END CERTIFICATE-----