Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/u37q8oxj6d2YnoBLY1VE3CqS2g0.roa
File:                     u37q8oxj6d2YnoBLY1VE3CqS2g0.roa (raw, json)
Hash identifier:          QV9HVDjMgl4TBfOFPjFKF+CTfrUEm6XmvkI/fobJGaM=
Subject key identifier:   BB:7E:EA:F2:8C:63:E9:DD:98:9E:80:4B:63:55:44:DC:2A:92:DA:0D
Certificate issuer:       /CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
Certificate serial:       019424457E15C6A657AA1A4A9546DBBF4D51
Authority key identifier: F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/u37q8oxj6d2YnoBLY1VE3CqS2g0.roa
Signing time:             Wed 01 Jan 2025 23:48:41 +0000
ROA not before:           Wed 01 Jan 2025 23:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39342
IP address blocks:        91.245.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:7e:15:c6:a6:57:aa:1a:4a:95:46:db:bf:4d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0521128cf634aa6afa7ef52d531f3fcd55628f9
        Validity
            Not Before: Jan  1 23:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb7eeaf28c63e9dd989e804b635544dc2a92da0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:35:4d:0d:f9:72:90:2d:8f:d0:e3:8e:21:e6:
                    41:0a:bc:08:a5:5d:07:71:80:d6:d5:da:f0:b8:83:
                    ad:74:06:50:7a:c6:01:14:a4:84:c5:7e:0c:84:0d:
                    d3:a3:f4:e6:6f:11:3f:45:78:f6:42:37:f2:a1:04:
                    b0:4a:78:df:52:44:49:48:8d:45:31:11:5f:80:2a:
                    76:c0:6c:76:4f:bb:da:6d:ba:15:ac:89:7b:3a:ff:
                    51:13:ec:0d:c6:72:8d:3d:0d:65:22:8a:5d:24:92:
                    1f:9d:5b:3b:62:e2:ae:2c:11:41:02:33:58:f7:89:
                    a0:b9:8c:0f:84:09:50:39:a4:1b:e3:d7:6b:48:77:
                    66:a1:be:26:0c:1f:cb:4f:99:be:93:15:d4:de:6d:
                    f8:85:78:9f:09:e5:84:d7:a0:7c:dc:10:38:13:17:
                    63:10:30:1e:c5:2e:37:c4:fe:6a:8d:80:ca:ec:9a:
                    35:bb:73:3c:c1:38:fe:19:b8:b9:c9:11:db:ce:1f:
                    4e:d1:75:00:ad:a4:43:b3:0d:37:17:99:30:98:4e:
                    ac:e5:1d:ed:d0:28:03:99:cd:64:74:2b:19:0d:e3:
                    90:cc:96:fd:99:dd:a4:02:8d:df:9d:2f:99:36:4a:
                    12:fd:15:c5:60:e0:20:c1:25:08:69:ea:99:af:4e:
                    d9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:7E:EA:F2:8C:63:E9:DD:98:9E:80:4B:63:55:44:DC:2A:92:DA:0D
            X509v3 Authority Key Identifier:
                keyid:F0:52:11:28:CF:63:4A:A6:AF:A7:EF:52:D5:31:F3:FC:D5:56:28:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FIRKM9jSqavp-9S1THz_NVWKPk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/u37q8oxj6d2YnoBLY1VE3CqS2g0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/b4b150-dbb8-465f-8155-e4419b64212e/1/8FIRKM9jSqavp-9S1THz_NVWKPk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:7a:da:15:e4:73:ec:53:8e:25:03:54:91:ae:1b:1c:c5:6e:
         c5:0c:be:25:7a:95:29:30:d3:c1:00:f2:e2:36:c5:2e:fb:3a:
         8c:11:cd:e2:ab:2b:4c:e2:c3:3f:18:d9:9b:fe:6b:6f:a1:62:
         ef:48:d6:f3:5d:78:66:c8:ea:73:f5:61:ba:c5:64:a0:af:e0:
         8e:80:ce:e8:de:df:c7:bd:43:16:d9:c7:d4:aa:d9:dc:82:59:
         17:13:63:4f:e6:bc:c2:72:dd:e0:29:94:c8:12:cc:f4:5a:f9:
         41:69:b5:e0:cc:42:7d:0c:57:f8:2b:35:bb:0f:1f:aa:c1:9c:
         0e:26:9f:f4:35:08:5b:14:c4:f5:6f:6e:f8:e4:52:b6:ee:ff:
         c1:a8:c4:96:1f:3f:ee:ea:bc:d9:ba:ae:c0:71:61:2b:74:40:
         2e:89:b8:62:07:57:d9:7f:75:75:d4:d2:e1:76:c4:17:c2:22:
         4c:d2:c1:15:10:ca:68:c9:bd:c6:09:c0:e4:64:6d:89:4d:28:
         c4:fb:39:df:22:82:b6:7b:3b:0c:23:ee:97:24:db:61:31:b4:
         d4:dc:75:86:0e:80:20:bb:1c:40:22:1a:f6:24:73:a3:ac:e9:
         0d:2b:f0:05:c2:12:30:d3:ec:02:31:1d:73:a0:be:b2:b3:39:
         8a:e4:ff:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRX4VxqZXqhpKlUbbv01RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTIxMTI4Y2Y2MzRhYTZhZmE3ZWY1MmQ1MzFmM2ZjZDU1
NjI4ZjkwHhcNMjUwMTAxMjM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjdlZWFmMjhjNjNlOWRkOTg5ZTgwNGI2MzU1NDRkYzJhOTJkYTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqDVNDflykC2P0OOOIeZBCrwIpV0H
cYDW1drwuIOtdAZQesYBFKSExX4MhA3To/TmbxE/RXj2QjfyoQSwSnjfUkRJSI1F
MRFfgCp2wGx2T7vabboVrIl7Ov9RE+wNxnKNPQ1lIopdJJIfnVs7YuKuLBFBAjNY
94mguYwPhAlQOaQb49drSHdmob4mDB/LT5m+kxXU3m34hXifCeWE16B83BA4Exdj
EDAexS43xP5qjYDK7Jo1u3M8wTj+Gbi5yRHbzh9O0XUAraRDsw03F5kwmE6s5R3t
0CgDmc1kdCsZDeOQzJb9md2kAo3fnS+ZNkoS/RXFYOAgwSUIaeqZr07ZWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLt+6vKMY+ndmJ6AS2NVRNwqktoNMB8GA1UdIwQY
MBaAFPBSESjPY0qmr6fvUtUx8/zVVij5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUt
ZTQ0MTliNjQyMTJlLzEvdTM3cThveGo2ZDJZbm9CTFkxVkUzQ3FTMmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9iNGIxNTAtZGJiOC00NjVmLTgxNTUtZTQ0MTliNjQyMTJl
LzEvOEZJUktNOWpTcWF2cC05UzFUSHpfTlZXS1BrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/XoMA0G
CSqGSIb3DQEBCwUAA4IBAQAuetoV5HPsU44lA1SRrhscxW7FDL4lepUpMNPBAPLi
NsUu+zqMEc3iqytM4sM/GNmb/mtvoWLvSNbzXXhmyOpz9WG6xWSgr+COgM7o3t/H
vUMW2cfUqtncglkXE2NP5rzCct3gKZTIEsz0WvlBabXgzEJ9DFf4KzW7Dx+qwZwO
Jp/0NQhbFMT1b2745FK27v/BqMSWHz/u6rzZuq7AcWErdEAuibhiB1fZf3V11NLh
dsQXwiJM0sEVEMpoyb3GCcDkZG2JTSjE+znfIoK2ezsMI+6XJNthMbTU3HWGDoAg
uxxAIhr2JHOjrOkNK/AFwhIw0+wCMR1zoL6yszmK5P8h
-----END CERTIFICATE-----