Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/03ffd0-7e8b-43fe-8eee-aae638dbb1c1/1/GYb1F3991igV-Xs-ZoTKTm-Vg7M.roa
File:                     GYb1F3991igV-Xs-ZoTKTm-Vg7M.roa (raw, json)
Hash identifier:          oDfsrWpPRTbFkqWOBaawHb+IseXIbMKYHakcvEvzdXQ=
Subject key identifier:   19:86:F5:17:7F:7D:D6:28:15:F9:7B:3E:66:84:CA:4E:6F:95:83:B3
Certificate issuer:       /CN=1f9ffd8ee32b3e357978d9cb99216cce8137a324
Certificate serial:       019422FBD3EC4C8118025F7AF48A9F7CDC5D
Authority key identifier: 1F:9F:FD:8E:E3:2B:3E:35:79:78:D9:CB:99:21:6C:CE:81:37:A3:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H5_9juMrPjV5eNnLmSFszoE3oyQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/03ffd0-7e8b-43fe-8eee-aae638dbb1c1/1/GYb1F3991igV-Xs-ZoTKTm-Vg7M.roa
Signing time:             Wed 01 Jan 2025 17:48:36 +0000
ROA not before:           Wed 01 Jan 2025 17:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25540
IP address blocks:        91.220.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/03ffd0-7e8b-43fe-8eee-aae638dbb1c1/1/H5_9juMrPjV5eNnLmSFszoE3oyQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/03ffd0-7e8b-43fe-8eee-aae638dbb1c1/1/H5_9juMrPjV5eNnLmSFszoE3oyQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H5_9juMrPjV5eNnLmSFszoE3oyQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:d3:ec:4c:81:18:02:5f:7a:f4:8a:9f:7c:dc:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f9ffd8ee32b3e357978d9cb99216cce8137a324
        Validity
            Not Before: Jan  1 17:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1986f5177f7dd62815f97b3e6684ca4e6f9583b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:c4:4e:2a:8e:85:50:65:cc:93:5c:c9:b0:bb:
                    31:e1:8f:ab:ba:40:f2:73:7d:47:e5:d8:70:91:f1:
                    ca:7f:21:c4:2a:7e:4c:a8:df:0e:4f:39:d6:d9:c4:
                    d1:2d:e0:70:da:95:3b:6f:0e:a4:34:c2:91:ae:36:
                    c6:df:1b:ad:6c:8f:d8:dd:83:b4:84:db:3d:26:54:
                    28:74:8d:a9:8b:97:57:de:d0:fc:d5:2b:f7:01:fa:
                    9e:1b:ea:ce:fd:34:73:59:a7:07:fa:d9:b2:40:8a:
                    ca:7c:cc:a2:ce:61:9e:9b:6b:8d:e8:e3:87:21:8f:
                    73:0f:4b:d6:4d:ce:e8:0e:f7:94:2e:f3:1b:53:c6:
                    a6:93:4c:64:5f:42:0b:82:1f:f0:56:7c:96:b1:18:
                    fc:4b:27:8d:a7:76:07:06:99:12:45:b5:a7:29:6e:
                    4a:78:b9:53:6a:6a:76:9f:d7:1b:04:a1:3d:b4:8e:
                    3f:a2:65:bf:95:d7:29:a3:87:95:28:d6:b5:37:40:
                    27:86:4e:8b:7d:01:44:a3:dc:b3:38:1e:d1:26:d8:
                    74:97:e0:37:75:5d:5c:94:3f:31:62:b4:e6:01:bb:
                    9d:bf:b9:7b:50:89:74:58:bd:87:bd:28:0e:a2:b0:
                    65:69:0f:70:10:ac:12:29:68:97:81:1c:9f:3d:ba:
                    35:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:86:F5:17:7F:7D:D6:28:15:F9:7B:3E:66:84:CA:4E:6F:95:83:B3
            X509v3 Authority Key Identifier:
                keyid:1F:9F:FD:8E:E3:2B:3E:35:79:78:D9:CB:99:21:6C:CE:81:37:A3:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H5_9juMrPjV5eNnLmSFszoE3oyQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/03ffd0-7e8b-43fe-8eee-aae638dbb1c1/1/GYb1F3991igV-Xs-ZoTKTm-Vg7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/03ffd0-7e8b-43fe-8eee-aae638dbb1c1/1/H5_9juMrPjV5eNnLmSFszoE3oyQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:7c:29:b7:f8:1c:dd:f2:a0:d2:8f:5f:af:18:99:7f:5a:bf:
         cc:ef:b3:4d:e8:8e:8f:81:9c:64:07:4c:98:bd:22:66:d8:c5:
         4b:ae:e2:67:e1:2f:b5:8e:db:e1:fd:21:de:de:18:ed:07:6c:
         71:c0:fb:59:e8:ae:93:bb:af:d0:1e:e8:4d:15:81:3b:7d:2d:
         17:f8:ee:40:06:c0:1d:8b:a0:47:49:ea:60:39:73:eb:e3:45:
         cd:06:5f:96:77:7e:89:7f:08:ee:5e:5b:77:81:93:f7:16:c0:
         6d:c8:83:10:4a:5a:24:f4:7f:4b:0b:83:7c:af:12:86:b5:e4:
         d9:77:a0:1e:43:08:41:99:8c:d1:5f:99:56:5d:97:65:58:b1:
         2a:96:9c:3d:47:6f:84:bb:eb:a4:0c:f9:4a:43:99:2f:4e:50:
         7d:b0:d2:70:c7:ee:98:f7:36:e9:b6:49:9c:b7:c6:e9:71:c8:
         ce:52:e5:9a:8b:93:e1:62:34:0e:98:c6:a0:71:31:5f:92:0b:
         0b:cd:87:81:a3:29:59:92:04:71:43:d4:09:5d:15:5c:00:fe:
         c6:f4:ad:08:a5:51:bb:14:58:8a:3f:0c:1d:23:a2:12:b9:0a:
         88:70:ac:ed:b6:89:89:df:a6:85:f7:8a:1a:28:9e:1d:30:b5:
         91:b1:bc:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+9PsTIEYAl969IqffNxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmOWZmZDhlZTMyYjNlMzU3OTc4ZDljYjk5MjE2Y2NlODEz
N2EzMjQwHhcNMjUwMTAxMTc0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTg2ZjUxNzdmN2RkNjI4MTVmOTdiM2U2Njg0Y2E0ZTZmOTU4M2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsROKo6FUGXMk1zJsLsx4Y+rukDy
c31H5dhwkfHKfyHEKn5MqN8OTznW2cTRLeBw2pU7bw6kNMKRrjbG3xutbI/Y3YO0
hNs9JlQodI2pi5dX3tD81Sv3AfqeG+rO/TRzWacH+tmyQIrKfMyizmGem2uN6OOH
IY9zD0vWTc7oDveULvMbU8amk0xkX0ILgh/wVnyWsRj8SyeNp3YHBpkSRbWnKW5K
eLlTamp2n9cbBKE9tI4/omW/ldcpo4eVKNa1N0Anhk6LfQFEo9yzOB7RJth0l+A3
dV1clD8xYrTmAbudv7l7UIl0WL2HvSgOorBlaQ9wEKwSKWiXgRyfPbo1eQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmG9Rd/fdYoFfl7PmaEyk5vlYOzMB8GA1UdIwQY
MBaAFB+f/Y7jKz41eXjZy5khbM6BN6MkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDVfOWp1TXJQalY1ZU5uTG1TRnN6b0Uzb3lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8wM2ZmZDAtN2U4Yi00M2ZlLThlZWUt
YWFlNjM4ZGJiMWMxLzEvR1liMUYzOTkxaWdWLVhzLVpvVEtUbS1WZzdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8wM2ZmZDAtN2U4Yi00M2ZlLThlZWUtYWFlNjM4ZGJiMWMx
LzEvSDVfOWp1TXJQalY1ZU5uTG1TRnN6b0Uzb3lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9x0MA0G
CSqGSIb3DQEBCwUAA4IBAQAvfCm3+Bzd8qDSj1+vGJl/Wr/M77NN6I6PgZxkB0yY
vSJm2MVLruJn4S+1jtvh/SHe3hjtB2xxwPtZ6K6Tu6/QHuhNFYE7fS0X+O5ABsAd
i6BHSepgOXPr40XNBl+Wd36JfwjuXlt3gZP3FsBtyIMQSlok9H9LC4N8rxKGteTZ
d6AeQwhBmYzRX5lWXZdlWLEqlpw9R2+Eu+ukDPlKQ5kvTlB9sNJwx+6Y9zbptkmc
t8bpccjOUuWai5PhYjQOmMagcTFfkgsLzYeBoylZkgRxQ9QJXRVcAP7G9K0IpVG7
FFiKPwwdI6ISuQqIcKzttomJ36aF94oaKJ4dMLWRsbw8
-----END CERTIFICATE-----