Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/PnGxbbyenKRUkbRi2afvxfE-S9E.roa
File:                     PnGxbbyenKRUkbRi2afvxfE-S9E.roa (raw, json)
Hash identifier:          JW3Jf++XQ8LN1xPVRRNLBe2ZMK/kXqbkLdynsPQmUsw=
Subject key identifier:   3E:71:B1:6D:BC:9E:9C:A4:54:91:B4:62:D9:A7:EF:C5:F1:3E:4B:D1
Certificate issuer:       /CN=22689d0f913d29cc63d6c926cb462cb27f184408
Certificate serial:       01942369126B103E99FF47DA30BBEDB4EE1D
Authority key identifier: 22:68:9D:0F:91:3D:29:CC:63:D6:C9:26:CB:46:2C:B2:7F:18:44:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ImidD5E9Kcxj1skmy0Yssn8YRAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/PnGxbbyenKRUkbRi2afvxfE-S9E.roa
Signing time:             Wed 01 Jan 2025 19:47:56 +0000
ROA not before:           Wed 01 Jan 2025 19:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210126
IP address blocks:        91.234.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/ImidD5E9Kcxj1skmy0Yssn8YRAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/ImidD5E9Kcxj1skmy0Yssn8YRAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ImidD5E9Kcxj1skmy0Yssn8YRAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 13:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:12:6b:10:3e:99:ff:47:da:30:bb:ed:b4:ee:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22689d0f913d29cc63d6c926cb462cb27f184408
        Validity
            Not Before: Jan  1 19:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3e71b16dbc9e9ca45491b462d9a7efc5f13e4bd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0b:de:fa:00:a3:70:17:a1:37:b6:4f:cb:af:
                    08:0a:33:b8:ff:57:13:ac:90:e9:82:46:68:09:6f:
                    82:e6:f6:87:c2:4f:e4:ce:eb:0e:2e:81:e8:42:0c:
                    45:11:3e:85:50:e7:cf:7f:9b:2d:49:66:6b:cf:e2:
                    21:16:4e:43:2d:a2:64:ff:76:82:9b:a5:93:de:64:
                    cd:10:3d:10:dc:00:ee:13:87:d5:b0:1b:9b:75:f6:
                    6e:e2:11:34:7b:3d:ca:fc:21:58:1d:91:dd:c7:ab:
                    dc:db:57:0a:08:90:74:c4:a5:58:cd:4e:57:22:47:
                    5d:40:ee:ee:3d:8a:26:7e:5d:16:f0:eb:36:32:63:
                    d6:7c:82:fd:26:11:3b:ff:b2:0a:ac:38:0d:3e:b4:
                    62:f1:d0:72:04:a7:19:32:02:3a:98:ae:c0:99:8f:
                    ac:a4:a8:b5:56:58:f7:37:08:e8:e0:17:e7:eb:50:
                    10:54:65:4b:03:74:f8:1e:dc:1c:39:0f:d6:00:92:
                    6b:4c:8b:58:d3:3c:81:ab:b8:1f:a4:80:99:7b:42:
                    77:fa:8f:b6:08:1f:f0:87:d6:d3:44:30:ce:ba:d1:
                    8b:56:41:87:ea:66:ab:79:b9:6c:b4:39:f0:9b:8a:
                    91:69:2f:98:ef:d0:06:e2:b7:eb:b0:5b:dc:4c:3a:
                    a4:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:71:B1:6D:BC:9E:9C:A4:54:91:B4:62:D9:A7:EF:C5:F1:3E:4B:D1
            X509v3 Authority Key Identifier:
                keyid:22:68:9D:0F:91:3D:29:CC:63:D6:C9:26:CB:46:2C:B2:7F:18:44:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ImidD5E9Kcxj1skmy0Yssn8YRAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/PnGxbbyenKRUkbRi2afvxfE-S9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/ImidD5E9Kcxj1skmy0Yssn8YRAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:dc:38:60:c6:ad:12:40:ab:db:91:80:c1:e8:40:2b:fa:94:
         72:e4:1e:30:c2:52:5d:c1:7b:c8:e7:d4:2c:15:e0:32:29:e8:
         ef:e9:fb:8e:66:5e:fb:22:3b:92:be:45:46:54:da:7e:5d:a9:
         58:5d:c0:3a:b6:fd:b6:d6:6b:11:81:3a:4a:55:f8:aa:b2:8f:
         f9:bd:0d:ae:93:97:c0:d7:7b:b5:32:45:14:a8:f9:ce:bf:b1:
         81:18:b1:bb:d9:f4:2c:ef:c9:bb:fe:cb:63:9a:d0:eb:05:bc:
         ac:76:6c:3f:bd:24:3a:44:d5:0e:49:ae:47:2e:80:71:37:b2:
         0b:82:b1:5c:3d:45:64:a9:5a:e3:26:4d:a1:61:d2:e8:34:39:
         0f:0e:77:83:e5:61:0e:dd:e0:e2:78:a7:84:3b:73:51:d9:7d:
         77:3e:91:22:02:c8:6a:3e:e4:2b:aa:f0:57:ab:b6:8c:6d:89:
         6b:c5:28:1a:02:64:ce:2b:02:ec:bb:b4:53:c7:2b:17:3c:24:
         82:27:04:45:5d:54:1a:78:3b:d4:72:fb:79:50:5e:53:6b:1a:
         73:7d:e6:6f:ca:b5:c7:44:dd:f7:47:2c:07:09:ec:bf:b0:b0:
         44:85:c3:1b:5b:19:5f:c7:9e:b3:ca:43:72:8f:fb:2b:5c:fa:
         02:b5:40:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaRJrED6Z/0faMLvttO4dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyNjg5ZDBmOTEzZDI5Y2M2M2Q2YzkyNmNiNDYyY2IyN2Yx
ODQ0MDgwHhcNMjUwMTAxMTk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTcxYjE2ZGJjOWU5Y2E0NTQ5MWI0NjJkOWE3ZWZjNWYxM2U0YmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgve+gCjcBehN7ZPy68ICjO4/1cT
rJDpgkZoCW+C5vaHwk/kzusOLoHoQgxFET6FUOfPf5stSWZrz+IhFk5DLaJk/3aC
m6WT3mTNED0Q3ADuE4fVsBubdfZu4hE0ez3K/CFYHZHdx6vc21cKCJB0xKVYzU5X
IkddQO7uPYomfl0W8Os2MmPWfIL9JhE7/7IKrDgNPrRi8dByBKcZMgI6mK7AmY+s
pKi1Vlj3Nwjo4Bfn61AQVGVLA3T4HtwcOQ/WAJJrTItY0zyBq7gfpICZe0J3+o+2
CB/wh9bTRDDOutGLVkGH6mareblstDnwm4qRaS+Y79AG4rfrsFvcTDqkHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD5xsW28npykVJG0Ytmn78XxPkvRMB8GA1UdIwQY
MBaAFCJonQ+RPSnMY9bJJstGLLJ/GEQIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW1pZEQ1RTlLY3hqMXNrbXkwWXNzbjhZUkFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8wNDNlZWUtMzE5OS00ZjhlLWIwYTkt
NGFkODUyYTEyY2Q2LzEvUG5HeGJieWVuS1JVa2JSaTJhZnZ4ZkUtUzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8wNDNlZWUtMzE5OS00ZjhlLWIwYTktNGFkODUyYTEyY2Q2
LzEvSW1pZEQ1RTlLY3hqMXNrbXkwWXNzbjhZUkFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rIMA0G
CSqGSIb3DQEBCwUAA4IBAQBa3Dhgxq0SQKvbkYDB6EAr+pRy5B4wwlJdwXvI59Qs
FeAyKejv6fuOZl77IjuSvkVGVNp+XalYXcA6tv221msRgTpKVfiqso/5vQ2uk5fA
13u1MkUUqPnOv7GBGLG72fQs78m7/stjmtDrBbysdmw/vSQ6RNUOSa5HLoBxN7IL
grFcPUVkqVrjJk2hYdLoNDkPDneD5WEO3eDieKeEO3NR2X13PpEiAshqPuQrqvBX
q7aMbYlrxSgaAmTOKwLsu7RTxysXPCSCJwRFXVQaeDvUcvt5UF5TaxpzfeZvyrXH
RN33RywHCey/sLBEhcMbWxlfx56zykNyj/srXPoCtUBf
-----END CERTIFICATE-----