Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/jAQvRieRHpKKkjGe64CNxUPvYbk.roa
File:                     jAQvRieRHpKKkjGe64CNxUPvYbk.roa (raw, json)
Hash identifier:          PMyEFynYeCxi/eWEtMPHh64XLB427usSjnQuhMiP8MA=
Subject key identifier:   8C:04:2F:46:27:91:1E:92:8A:92:31:9E:EB:80:8D:C5:43:EF:61:B9
Certificate issuer:       /CN=41741c05d4ad7ed690e571ef5ed0f87522da47d7
Certificate serial:       01964DA17AB8DDF5D29B4CB871E7F05192F7
Authority key identifier: 41:74:1C:05:D4:AD:7E:D6:90:E5:71:EF:5E:D0:F8:75:22:DA:47:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QXQcBdStftaQ5XHvXtD4dSLaR9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/jAQvRieRHpKKkjGe64CNxUPvYbk.roa
Signing time:             Sat 19 Apr 2025 10:39:10 +0000
ROA not before:           Sat 19 Apr 2025 10:39:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21500
IP address blocks:        91.211.12.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/QXQcBdStftaQ5XHvXtD4dSLaR9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/QXQcBdStftaQ5XHvXtD4dSLaR9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QXQcBdStftaQ5XHvXtD4dSLaR9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 04:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4d:a1:7a:b8:dd:f5:d2:9b:4c:b8:71:e7:f0:51:92:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41741c05d4ad7ed690e571ef5ed0f87522da47d7
        Validity
            Not Before: Apr 19 10:39:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8c042f4627911e928a92319eeb808dc543ef61b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2d:37:29:2e:f2:e3:d1:c4:1d:f1:14:ed:af:
                    76:9d:63:d2:80:77:dd:e5:b8:08:1e:69:81:82:18:
                    1e:65:5e:5c:78:b6:f9:a1:cb:79:16:be:0c:69:ba:
                    d6:8d:0c:22:73:49:df:53:77:80:20:05:6f:62:0f:
                    e3:5f:cf:0a:9e:81:c5:c9:cf:ec:84:dc:9d:e2:fc:
                    23:a5:aa:b3:af:ec:90:f4:52:67:eb:cb:ef:a5:8a:
                    7a:f9:fe:41:79:f7:b3:50:d1:bb:be:e8:f5:36:0a:
                    9e:dc:7a:33:bd:56:14:0a:5d:8b:fd:30:0d:24:1c:
                    47:99:fa:34:18:50:8f:59:9a:d9:26:be:ca:21:72:
                    5a:c1:7c:fd:4e:10:0c:41:54:fc:ff:1d:bd:3d:f5:
                    67:3d:3b:c5:c1:28:b4:78:d0:10:df:0b:e7:b0:19:
                    03:ef:c7:10:24:6a:91:bc:8e:a6:1f:3d:fe:8c:60:
                    1f:37:22:00:e2:d9:ed:c2:b7:02:48:fe:f0:cf:b7:
                    ac:e5:f4:61:51:3d:c0:aa:4b:f0:a0:91:44:d2:e5:
                    27:63:f1:72:17:ae:d9:8c:3c:8f:d5:2c:54:51:08:
                    44:58:26:27:50:d6:76:68:52:31:10:e8:bd:74:9f:
                    41:ce:77:b0:cf:f0:bb:79:63:ef:5a:ed:2b:df:82:
                    ae:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:04:2F:46:27:91:1E:92:8A:92:31:9E:EB:80:8D:C5:43:EF:61:B9
            X509v3 Authority Key Identifier:
                keyid:41:74:1C:05:D4:AD:7E:D6:90:E5:71:EF:5E:D0:F8:75:22:DA:47:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXQcBdStftaQ5XHvXtD4dSLaR9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/jAQvRieRHpKKkjGe64CNxUPvYbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/QXQcBdStftaQ5XHvXtD4dSLaR9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:f0:5b:59:cb:87:16:51:a6:d4:d7:8a:86:d4:c4:94:bb:30:
         92:4e:59:43:ca:1d:4e:f7:f4:16:e9:30:f5:ee:26:4e:86:5e:
         7f:c1:d5:c1:71:51:80:3e:a5:f7:e0:f1:52:54:67:4c:a3:15:
         96:8e:7e:5c:b1:e9:f4:98:d3:c3:51:48:fe:69:4e:34:57:26:
         9b:a1:c7:47:01:a3:88:16:2c:b6:fe:77:76:d6:85:7b:4f:e2:
         73:a0:87:c9:ec:2d:ac:f4:1c:e8:9a:5e:25:79:49:88:fb:a4:
         29:cb:dd:08:e2:31:f0:a4:09:d7:bf:77:de:e8:53:83:f4:b3:
         9a:1c:53:53:dd:cc:43:40:fa:4c:f6:41:90:59:2f:42:21:e9:
         6c:53:1e:50:8f:36:a5:52:84:2f:1d:9a:d0:ae:37:90:0e:be:
         b9:3c:2e:ef:28:bc:ac:3a:7c:f6:09:46:1d:44:e4:b5:e1:55:
         49:a6:fc:be:36:e6:03:19:a7:21:db:51:f9:a1:fc:d5:1b:05:
         22:10:9d:7c:1d:f8:8a:30:e9:8d:f4:bf:a8:6e:28:fb:d3:95:
         c3:94:77:fd:74:c1:ef:8c:79:d0:91:f5:b4:80:97:9c:18:d5:
         79:95:42:cb:09:91:67:8d:0c:b0:c1:51:fa:94:05:3f:a9:db:
         4a:c0:80:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZNoXq43fXSm0y4cefwUZL3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzQxYzA1ZDRhZDdlZDY5MGU1NzFlZjVlZDBmODc1MjJk
YTQ3ZDcwHhcNMjUwNDE5MTAzOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzA0MmY0NjI3OTExZTkyOGE5MjMxOWVlYjgwOGRjNTQzZWY2MWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyi03KS7y49HEHfEU7a92nWPSgHfd
5bgIHmmBghgeZV5ceLb5oct5Fr4MabrWjQwic0nfU3eAIAVvYg/jX88KnoHFyc/s
hNyd4vwjpaqzr+yQ9FJn68vvpYp6+f5BefezUNG7vuj1Ngqe3HozvVYUCl2L/TAN
JBxHmfo0GFCPWZrZJr7KIXJawXz9ThAMQVT8/x29PfVnPTvFwSi0eNAQ3wvnsBkD
78cQJGqRvI6mHz3+jGAfNyIA4tntwrcCSP7wz7es5fRhUT3AqkvwoJFE0uUnY/Fy
F67ZjDyP1SxUUQhEWCYnUNZ2aFIxEOi9dJ9Bznewz/C7eWPvWu0r34KukwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwEL0YnkR6SipIxnuuAjcVD72G5MB8GA1UdIwQY
MBaAFEF0HAXUrX7WkOVx717Q+HUi2kfXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhRY0JkU3RmdGFRNVhIdlh0RDRkU0xhUjljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9hMzExZWEtMzFiMy00YmE0LWI1MzMt
NDEwMzIyYzcwMmZmLzEvakFRdlJpZVJIcEtLa2pHZTY0Q054VVB2WWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9hMzExZWEtMzFiMy00YmE0LWI1MzMtNDEwMzIyYzcwMmZm
LzEvUVhRY0JkU3RmdGFRNVhIdlh0RDRkU0xhUjljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9MMMA0G
CSqGSIb3DQEBCwUAA4IBAQA48FtZy4cWUabU14qG1MSUuzCSTllDyh1O9/QW6TD1
7iZOhl5/wdXBcVGAPqX34PFSVGdMoxWWjn5csen0mNPDUUj+aU40VyabocdHAaOI
Fiy2/nd21oV7T+JzoIfJ7C2s9Bzoml4leUmI+6Qpy90I4jHwpAnXv3fe6FOD9LOa
HFNT3cxDQPpM9kGQWS9CIelsUx5QjzalUoQvHZrQrjeQDr65PC7vKLysOnz2CUYd
ROS14VVJpvy+NuYDGach21H5ofzVGwUiEJ18HfiKMOmN9L+obij705XDlHf9dMHv
jHnQkfW0gJecGNV5lULLCZFnjQywwVH6lAU/qdtKwIAZ
-----END CERTIFICATE-----