Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/6bf54c-d806-463a-af37-59e193262ce4/1/bqDqPRBPFnQ0iuBvOTbQfn6LTaw.roa
File:                     bqDqPRBPFnQ0iuBvOTbQfn6LTaw.roa (raw, json)
Hash identifier:          xUukexmvBcgVlPXbTsXO9o0sOZZdZlg/TOftt6SW0yE=
Subject key identifier:   6E:A0:EA:3D:10:4F:16:74:34:8A:E0:6F:39:36:D0:7E:7E:8B:4D:AC
Certificate issuer:       /CN=fa646a6323b3d6fc34ae49d8be8884f7292bdbf4
Certificate serial:       01946709EDAB8E0DE0FEFBEB062299B6CB6A
Authority key identifier: FA:64:6A:63:23:B3:D6:FC:34:AE:49:D8:BE:88:84:F7:29:2B:DB:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-mRqYyOz1vw0rknYvoiE9ykr2_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/6bf54c-d806-463a-af37-59e193262ce4/1/bqDqPRBPFnQ0iuBvOTbQfn6LTaw.roa
Signing time:             Tue 14 Jan 2025 22:58:11 +0000
ROA not before:           Tue 14 Jan 2025 22:58:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213241
IP address blocks:        91.238.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/6bf54c-d806-463a-af37-59e193262ce4/1/1-mRqYyOz1vw0rknYvoiE9ykr2_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/6bf54c-d806-463a-af37-59e193262ce4/1/1-mRqYyOz1vw0rknYvoiE9ykr2_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-mRqYyOz1vw0rknYvoiE9ykr2_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:67:09:ed:ab:8e:0d:e0:fe:fb:eb:06:22:99:b6:cb:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa646a6323b3d6fc34ae49d8be8884f7292bdbf4
        Validity
            Not Before: Jan 14 22:58:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6ea0ea3d104f1674348ae06f3936d07e7e8b4dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:d5:01:78:fc:f0:e9:7e:fe:a6:fd:38:de:6b:
                    15:0f:5c:ed:26:19:ca:ef:95:2c:50:2e:c9:67:92:
                    7b:fd:b1:69:1a:46:eb:f1:03:a8:c5:2d:d7:9f:87:
                    a8:fb:cb:aa:d6:75:ac:9c:6c:9a:52:dd:d6:81:d7:
                    04:24:ae:7f:d4:17:1c:57:5f:f3:02:f8:04:12:bc:
                    98:42:86:32:9f:4c:bc:8f:e1:45:bc:31:c2:c7:ba:
                    89:ce:ba:5b:1b:03:eb:ed:8c:a8:25:45:c4:b2:e8:
                    89:21:7d:7e:e3:47:ff:90:eb:a4:58:bb:91:fb:bd:
                    0f:ab:12:0b:c1:8a:e4:bf:ab:98:dd:94:15:e4:e8:
                    9e:91:cc:08:3f:80:51:83:f6:d3:37:7a:c2:a0:00:
                    f7:49:bf:d3:7a:c7:76:f5:82:a2:fa:ce:76:78:46:
                    2c:39:e5:9e:56:85:96:da:a0:82:30:4e:ee:e1:09:
                    bf:1a:5f:6d:3b:f8:8f:02:09:9a:58:a9:87:51:65:
                    78:ed:58:1a:53:91:5b:a5:99:7d:3b:85:91:00:96:
                    f3:b1:39:d9:06:6c:62:cc:13:70:b5:03:a7:de:55:
                    a4:42:bd:31:cf:19:d2:27:9f:00:b7:bb:46:05:e3:
                    ba:af:13:ce:ec:02:d6:5a:37:ba:28:02:fa:aa:8d:
                    28:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:A0:EA:3D:10:4F:16:74:34:8A:E0:6F:39:36:D0:7E:7E:8B:4D:AC
            X509v3 Authority Key Identifier:
                keyid:FA:64:6A:63:23:B3:D6:FC:34:AE:49:D8:BE:88:84:F7:29:2B:DB:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-mRqYyOz1vw0rknYvoiE9ykr2_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/6bf54c-d806-463a-af37-59e193262ce4/1/bqDqPRBPFnQ0iuBvOTbQfn6LTaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/6bf54c-d806-463a-af37-59e193262ce4/1/1-mRqYyOz1vw0rknYvoiE9ykr2_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:db:63:50:50:6d:6c:2e:33:76:eb:67:a0:3d:b3:8f:0e:8e:
         9a:33:76:f0:3b:06:c7:e9:51:84:55:a4:89:68:43:e2:2a:93:
         d9:7a:8c:3c:df:7d:3b:fa:91:8e:48:75:46:8e:01:d5:ec:f6:
         7a:14:af:fa:bb:a7:77:96:ed:95:15:0b:07:77:e8:57:a2:d9:
         63:69:a4:50:68:62:d3:c0:d9:e6:f0:c0:af:9d:3a:ae:89:7a:
         04:ba:fe:8c:09:1c:cf:99:2a:44:c8:95:20:f6:43:e7:d0:79:
         58:a0:b0:2f:6f:00:ab:5f:f3:c3:af:a6:69:94:75:5b:60:40:
         e3:36:8b:da:ed:ed:ab:d6:c5:e0:3b:9b:89:4b:bb:80:ec:82:
         d3:a1:bb:ee:a7:4f:2b:ba:c6:b8:17:03:f7:67:34:48:18:81:
         cc:84:ff:0c:1c:61:ac:39:cf:9b:1c:d9:83:fc:86:b4:84:79:
         f2:61:2e:f4:14:87:49:bf:49:a7:0b:eb:4b:d5:98:91:80:50:
         6e:0e:6f:33:90:19:4d:1b:e3:73:5c:3c:ca:26:5b:39:0e:d3:
         2c:b1:a3:db:45:49:fa:e6:3a:1c:95:9e:ea:6d:a1:a5:41:c0:
         60:e9:d0:4d:1e:c4:99:ba:4e:a7:90:7b:37:ee:26:71:8a:32:
         a9:ac:90:17
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZRnCe2rjg3g/vvrBiKZtstqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhNjQ2YTYzMjNiM2Q2ZmMzNGFlNDlkOGJlODg4NGY3Mjky
YmRiZjQwHhcNMjUwMTE0MjI1ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWEwZWEzZDEwNGYxNjc0MzQ4YWUwNmYzOTM2ZDA3ZTdlOGI0ZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4NUBePzw6X7+pv043msVD1ztJhnK
75UsUC7JZ5J7/bFpGkbr8QOoxS3Xn4eo+8uq1nWsnGyaUt3WgdcEJK5/1BccV1/z
AvgEEryYQoYyn0y8j+FFvDHCx7qJzrpbGwPr7YyoJUXEsuiJIX1+40f/kOukWLuR
+70PqxILwYrkv6uY3ZQV5OiekcwIP4BRg/bTN3rCoAD3Sb/Tesd29YKi+s52eEYs
OeWeVoWW2qCCME7u4Qm/Gl9tO/iPAgmaWKmHUWV47VgaU5FbpZl9O4WRAJbzsTnZ
BmxizBNwtQOn3lWkQr0xzxnSJ58At7tGBeO6rxPO7ALWWje6KAL6qo0ofQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG6g6j0QTxZ0NIrgbzk20H5+i02sMB8GA1UdIwQY
MBaAFPpkamMjs9b8NK5J2L6IhPcpK9v0MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1tUnFZeU96MXZ3MHJrbll2b2lFOXlrcjJfUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIvNmJmNTRjLWQ4MDYtNDYzYS1hZjM3
LTU5ZTE5MzI2MmNlNC8xL2JxRHFQUkJQRm5RMGl1QnZPVGJRZm42TFRhdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjIvNmJmNTRjLWQ4MDYtNDYzYS1hZjM3LTU5ZTE5MzI2MmNl
NC8xLzEtbVJxWXlPejF2dzBya25Zdm9pRTl5a3IyX1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb7u0w
DQYJKoZIhvcNAQELBQADggEBADLbY1BQbWwuM3brZ6A9s48OjpozdvA7BsfpUYRV
pIloQ+Iqk9l6jDzffTv6kY5IdUaOAdXs9noUr/q7p3eW7ZUVCwd36Fei2WNppFBo
YtPA2ebwwK+dOq6JegS6/owJHM+ZKkTIlSD2Q+fQeVigsC9vAKtf88OvpmmUdVtg
QOM2i9rt7avWxeA7m4lLu4DsgtOhu+6nTyu6xrgXA/dnNEgYgcyE/wwcYaw5z5sc
2YP8hrSEefJhLvQUh0m/SacL60vVmJGAUG4ObzOQGU0b43NcPMomWzkO0yyxo9tF
SfrmOhyVnuptoaVBwGDp0E0exJm6TqeQezfuJnGKMqmskBc=
-----END CERTIFICATE-----