Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/agXt9_lVvCGbqZ8zrKKiS_mUy2E.roa
File:                     agXt9_lVvCGbqZ8zrKKiS_mUy2E.roa (raw, json)
Hash identifier:          3LDkltUt39lyuNt50RL0JrUq8hhCsHNy15R/1YCL/Vw=
Subject key identifier:   6A:05:ED:F7:F9:55:BC:21:9B:A9:9F:33:AC:A2:A2:4B:F9:94:CB:61
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0196245EE0FC677CFB6BA2185140FC5B0030
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/agXt9_lVvCGbqZ8zrKKiS_mUy2E.roa
Signing time:             Fri 11 Apr 2025 10:21:59 +0000
ROA not before:           Fri 11 Apr 2025 10:21:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135402
IP address blocks:        91.109.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 14:24:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:24:5e:e0:fc:67:7c:fb:6b:a2:18:51:40:fc:5b:00:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Apr 11 10:21:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a05edf7f955bc219ba99f33aca2a24bf994cb61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:fb:bd:e4:4b:79:4a:93:32:16:d9:c4:2a:01:
                    bf:63:79:e3:f3:00:a0:49:ca:b5:b2:59:3b:0d:15:
                    73:4d:d7:a3:b1:00:d4:48:27:59:c0:a5:f2:4c:58:
                    11:b3:d1:e4:30:3b:53:e3:70:3d:fa:b5:70:3c:6e:
                    e6:6e:f0:51:42:0a:f1:48:65:ae:c7:2d:a6:d7:11:
                    db:5c:f0:f5:e3:b1:31:24:27:2c:f9:fc:05:dc:0c:
                    bc:a6:de:a2:70:2e:c4:43:9d:5b:22:78:3c:32:8c:
                    30:85:e5:32:85:11:da:1b:0d:07:81:3a:05:09:02:
                    aa:20:ed:48:16:60:2a:49:0d:f6:43:66:19:c5:58:
                    1b:3c:26:0f:90:09:b2:5d:cc:8b:61:6a:52:54:83:
                    28:69:9d:3f:7f:19:3c:30:91:95:19:4e:1c:1c:22:
                    8d:71:24:c7:9b:7e:44:47:8d:c3:06:ba:5a:46:30:
                    95:d6:87:96:f5:91:e9:69:da:0f:2e:22:7b:57:b1:
                    e8:59:15:6b:ab:23:86:69:ff:48:b9:2e:2a:28:b1:
                    3e:69:86:c7:d4:2b:b7:44:1b:86:54:2b:db:91:4d:
                    4e:89:13:1c:c7:eb:33:88:7c:10:36:18:5e:4a:9c:
                    93:aa:23:70:c1:3a:eb:43:37:6e:11:c2:fb:88:66:
                    6c:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:05:ED:F7:F9:55:BC:21:9B:A9:9F:33:AC:A2:A2:4B:F9:94:CB:61
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/agXt9_lVvCGbqZ8zrKKiS_mUy2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:73:fe:75:20:57:25:2d:36:0c:62:0a:34:42:21:60:7f:72:
         1b:8b:14:5f:e0:89:a3:53:0a:fd:bb:5c:46:91:7d:db:92:47:
         c6:58:b3:31:01:af:2d:47:4c:cf:59:73:bf:23:f2:ca:78:8f:
         47:ec:29:d8:44:0d:36:f6:5c:29:74:b0:54:42:10:b5:91:bc:
         47:46:50:61:7e:04:4f:75:4c:df:29:85:cf:39:86:86:2a:a0:
         3d:62:53:0a:67:4e:bc:25:7c:22:64:cf:38:f7:5d:11:a5:f8:
         5d:0c:cf:ac:9c:26:01:95:1c:1b:fd:77:d4:00:54:f0:b9:6d:
         a9:24:4f:36:9c:2a:d5:94:f7:f4:c4:62:52:7d:f2:81:4f:91:
         81:da:8b:b1:28:7c:85:37:aa:e5:b6:f9:1f:1f:38:ba:51:32:
         43:24:8f:0d:a1:c9:d7:ec:90:73:55:67:01:4e:c2:be:61:61:
         1d:e4:12:3d:ad:c1:19:49:10:eb:fa:b5:e4:bc:da:17:42:3e:
         7b:f8:22:8e:47:62:df:f2:00:b8:32:c5:19:e0:80:6b:85:02:
         3e:b4:2b:74:9c:19:1c:7e:15:83:01:47:4c:8c:9b:91:bb:d3:
         c2:4a:d4:02:af:38:39:ef:48:da:3c:3f:5d:13:06:dc:0b:1d:
         19:28:5c:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYkXuD8Z3z7a6IYUUD8WwAwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNDExMTAyMTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTA1ZWRmN2Y5NTViYzIxOWJhOTlmMzNhY2EyYTI0YmY5OTRjYjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/u95Et5SpMyFtnEKgG/Y3nj8wCg
Scq1slk7DRVzTdejsQDUSCdZwKXyTFgRs9HkMDtT43A9+rVwPG7mbvBRQgrxSGWu
xy2m1xHbXPD147ExJCcs+fwF3Ay8pt6icC7EQ51bIng8MowwheUyhRHaGw0HgToF
CQKqIO1IFmAqSQ32Q2YZxVgbPCYPkAmyXcyLYWpSVIMoaZ0/fxk8MJGVGU4cHCKN
cSTHm35ER43DBrpaRjCV1oeW9ZHpadoPLiJ7V7HoWRVrqyOGaf9IuS4qKLE+aYbH
1Cu3RBuGVCvbkU1OiRMcx+sziHwQNhheSpyTqiNwwTrrQzduEcL7iGZsiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGoF7ff5Vbwhm6mfM6yiokv5lMthMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvYWdYdDlfbFZ2Q0dicVo4enJLS2lTX21VeTJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW20sMA0G
CSqGSIb3DQEBCwUAA4IBAQCNc/51IFclLTYMYgo0QiFgf3IbixRf4ImjUwr9u1xG
kX3bkkfGWLMxAa8tR0zPWXO/I/LKeI9H7CnYRA029lwpdLBUQhC1kbxHRlBhfgRP
dUzfKYXPOYaGKqA9YlMKZ068JXwiZM84910RpfhdDM+snCYBlRwb/XfUAFTwuW2p
JE82nCrVlPf0xGJSffKBT5GB2ouxKHyFN6rltvkfHzi6UTJDJI8NocnX7JBzVWcB
TsK+YWEd5BI9rcEZSRDr+rXkvNoXQj57+CKOR2Lf8gC4MsUZ4IBrhQI+tCt0nBkc
fhWDAUdMjJuRu9PCStQCrzg570jaPD9dEwbcCx0ZKFyW
-----END CERTIFICATE-----