Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/fad672-e93a-4dd5-8893-efc175029740/1/HpFnJRgfsAOyrTqeLs8eo-g69ro.roa
File:                     HpFnJRgfsAOyrTqeLs8eo-g69ro.roa (raw, json)
Hash identifier:          J1KtXJzzKcy+lZa+G0mBDKjPPemff/M6vpOlwWEgP+4=
Subject key identifier:   1E:91:67:25:18:1F:B0:03:B2:AD:3A:9E:2E:CF:1E:A3:E8:3A:F6:BA
Certificate issuer:       /CN=053f8469ec62520987896d8926c17228a7bcfb3d
Certificate serial:       01942521D974EA81267B0F4F0E7EAE9187C4
Authority key identifier: 05:3F:84:69:EC:62:52:09:87:89:6D:89:26:C1:72:28:A7:BC:FB:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BT-EaexiUgmHiW2JJsFyKKe8-z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/fad672-e93a-4dd5-8893-efc175029740/1/HpFnJRgfsAOyrTqeLs8eo-g69ro.roa
Signing time:             Thu 02 Jan 2025 03:49:22 +0000
ROA not before:           Thu 02 Jan 2025 03:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196629
IP address blocks:        91.207.218.0/24 maxlen: 24
                          91.207.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/fad672-e93a-4dd5-8893-efc175029740/1/BT-EaexiUgmHiW2JJsFyKKe8-z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/fad672-e93a-4dd5-8893-efc175029740/1/BT-EaexiUgmHiW2JJsFyKKe8-z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BT-EaexiUgmHiW2JJsFyKKe8-z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:d9:74:ea:81:26:7b:0f:4f:0e:7e:ae:91:87:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=053f8469ec62520987896d8926c17228a7bcfb3d
        Validity
            Not Before: Jan  2 03:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e916725181fb003b2ad3a9e2ecf1ea3e83af6ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4c:eb:d5:ea:63:e2:aa:f0:ed:62:bb:2c:8d:
                    0f:78:fa:8c:12:ff:4b:91:77:66:5f:48:cb:19:8f:
                    ef:d4:63:b2:ee:e4:b5:5d:b3:b6:d5:45:cb:1c:7b:
                    b5:1c:d5:64:91:ce:c9:dd:d8:ed:97:aa:fa:48:cf:
                    63:81:4d:cd:03:49:e6:1c:a6:4b:59:62:1e:42:7f:
                    fd:e2:d3:69:76:90:a3:ee:46:56:6f:ee:17:33:93:
                    18:69:0c:67:35:38:a1:d0:79:90:bc:50:95:cd:7b:
                    b4:5d:84:2a:21:21:22:58:76:ee:29:cf:5e:b7:5c:
                    91:41:ef:57:5f:b5:e9:1b:79:7a:d8:0e:32:38:8b:
                    20:21:6d:a8:2c:c9:e0:7a:ca:97:76:e7:cb:dc:29:
                    bf:01:26:4c:a4:30:68:06:9d:14:24:52:83:68:fc:
                    cb:77:49:7a:65:ff:d9:a6:7d:42:e7:ca:3a:d6:31:
                    91:e9:6e:91:38:05:aa:d2:75:8a:3e:95:f5:9e:70:
                    2d:47:13:0e:8a:83:1c:6a:5b:a7:f8:70:57:b2:51:
                    d2:45:8e:1e:05:e4:7f:f6:45:9a:00:51:c9:db:df:
                    d2:2b:00:fe:ab:92:f2:52:f9:d6:77:22:9b:82:20:
                    58:e3:7b:40:cb:15:1e:aa:dc:47:a4:53:4a:be:d0:
                    f5:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:91:67:25:18:1F:B0:03:B2:AD:3A:9E:2E:CF:1E:A3:E8:3A:F6:BA
            X509v3 Authority Key Identifier:
                keyid:05:3F:84:69:EC:62:52:09:87:89:6D:89:26:C1:72:28:A7:BC:FB:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BT-EaexiUgmHiW2JJsFyKKe8-z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/fad672-e93a-4dd5-8893-efc175029740/1/HpFnJRgfsAOyrTqeLs8eo-g69ro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/fad672-e93a-4dd5-8893-efc175029740/1/BT-EaexiUgmHiW2JJsFyKKe8-z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:54:4c:46:1c:63:74:ef:33:77:74:9c:b4:ec:53:9b:bf:30:
         17:b8:62:50:b0:59:ef:7c:23:7c:4e:bb:86:38:89:d4:a4:63:
         b4:33:7b:27:0d:c1:f5:dd:bb:89:be:87:23:35:7a:88:c4:ef:
         0e:f5:93:e0:aa:0b:7e:d1:54:3b:52:3c:03:02:6f:5c:df:56:
         0a:c1:ca:93:f1:ec:d4:53:61:29:48:f2:f8:23:ad:19:8b:19:
         21:f7:30:2e:74:29:4a:d8:8d:bd:7d:fa:67:b2:0f:e0:7f:ac:
         a2:ea:ba:f5:16:25:f7:4e:6f:b1:ac:2e:1c:e2:07:fc:f1:e8:
         32:e4:73:bf:40:b0:4d:fb:b9:00:a5:06:9b:dd:57:bd:9a:e3:
         b3:0e:b5:8e:d1:ce:b7:3b:f1:a1:91:57:40:62:98:0b:96:33:
         3c:3e:58:8a:05:9e:4c:5d:dc:4b:e6:69:db:5f:0c:cc:c2:ea:
         f6:12:47:4e:d6:36:0f:92:20:fd:b9:d2:60:96:68:4e:09:8c:
         38:33:0f:88:fc:1d:f9:2d:33:ac:69:f2:32:88:1d:d1:78:5b:
         4a:80:d3:0a:fb:b9:41:3f:84:a6:f7:1f:dc:97:7e:ee:30:99:
         2c:b4:dc:e1:48:3f:db:29:31:e4:73:90:fa:b1:4f:06:f9:07:
         5e:f5:8d:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIdl06oEmew9PDn6ukYfEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1M2Y4NDY5ZWM2MjUyMDk4Nzg5NmQ4OTI2YzE3MjI4YTdi
Y2ZiM2QwHhcNMjUwMTAyMDM0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTkxNjcyNTE4MWZiMDAzYjJhZDNhOWUyZWNmMWVhM2U4M2FmNmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0zr1epj4qrw7WK7LI0PePqMEv9L
kXdmX0jLGY/v1GOy7uS1XbO21UXLHHu1HNVkkc7J3djtl6r6SM9jgU3NA0nmHKZL
WWIeQn/94tNpdpCj7kZWb+4XM5MYaQxnNTih0HmQvFCVzXu0XYQqISEiWHbuKc9e
t1yRQe9XX7XpG3l62A4yOIsgIW2oLMngesqXdufL3Cm/ASZMpDBoBp0UJFKDaPzL
d0l6Zf/Zpn1C58o61jGR6W6ROAWq0nWKPpX1nnAtRxMOioMcalun+HBXslHSRY4e
BeR/9kWaAFHJ29/SKwD+q5LyUvnWdyKbgiBY43tAyxUeqtxHpFNKvtD1+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6RZyUYH7ADsq06ni7PHqPoOva6MB8GA1UdIwQY
MBaAFAU/hGnsYlIJh4ltiSbBciinvPs9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlQtRWFleGlVZ21IaVcySkpzRnlLS2U4LXowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi9mYWQ2NzItZTkzYS00ZGQ1LTg4OTMt
ZWZjMTc1MDI5NzQwLzEvSHBGbkpSZ2ZzQU95clRxZUxzOGVvLWc2OXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi9mYWQ2NzItZTkzYS00ZGQ1LTg4OTMtZWZjMTc1MDI5NzQw
LzEvQlQtRWFleGlVZ21IaVcySkpzRnlLS2U4LXowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8/aMA0G
CSqGSIb3DQEBCwUAA4IBAQAWVExGHGN07zN3dJy07FObvzAXuGJQsFnvfCN8TruG
OInUpGO0M3snDcH13buJvocjNXqIxO8O9ZPgqgt+0VQ7UjwDAm9c31YKwcqT8ezU
U2EpSPL4I60Zixkh9zAudClK2I29ffpnsg/gf6yi6rr1FiX3Tm+xrC4c4gf88egy
5HO/QLBN+7kApQab3Ve9muOzDrWO0c63O/GhkVdAYpgLljM8PliKBZ5MXdxL5mnb
XwzMwur2EkdO1jYPkiD9udJglmhOCYw4Mw+I/B35LTOsafIyiB3ReFtKgNMK+7lB
P4Sm9x/cl37uMJkstNzhSD/bKTHkc5D6sU8G+Qde9Y2w
-----END CERTIFICATE-----