Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/QWifAQ3dSu8nhEAeOh_F1BphWro.roa
File:                     QWifAQ3dSu8nhEAeOh_F1BphWro.roa (raw, json)
Hash identifier:          itO7AV5EF/O+Sl0fYRa8cl6eA4q/nRa0iBG6sGElFQI=
Subject key identifier:   41:68:9F:01:0D:DD:4A:EF:27:84:40:1E:3A:1F:C5:D4:1A:61:5A:BA
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019421B257F02167752B9C50742A4EC2523F
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/QWifAQ3dSu8nhEAeOh_F1BphWro.roa
Signing time:             Wed 01 Jan 2025 11:48:43 +0000
ROA not before:           Wed 01 Jan 2025 11:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17018
IP address blocks:        91.221.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:57:f0:21:67:75:2b:9c:50:74:2a:4e:c2:52:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  1 11:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41689f010ddd4aef2784401e3a1fc5d41a615aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:89:b7:f0:f2:c5:d2:53:3a:ea:43:d2:d8:d9:
                    e9:6d:09:b9:ed:fb:96:ec:fe:3a:86:aa:55:97:5c:
                    43:80:5f:8d:e4:31:ff:6e:c7:1c:10:94:aa:d0:1d:
                    6a:68:77:9a:e0:41:71:99:b2:81:3d:d7:5c:6a:2d:
                    85:da:3a:a6:5e:27:dd:8a:e9:17:50:2a:44:de:12:
                    19:ae:12:57:80:71:8b:33:bf:73:a3:c3:57:6f:97:
                    bf:65:80:89:48:92:f5:a6:32:45:1d:ee:74:2d:a9:
                    75:9c:88:1c:43:e5:84:26:ea:f2:aa:25:2f:0e:fe:
                    d5:9c:85:8f:0e:7d:4b:15:fe:7a:f8:88:70:73:17:
                    5d:f5:69:72:0b:1e:15:e0:8f:ee:09:ef:2a:81:0d:
                    c5:47:5a:3e:56:32:f3:18:58:ef:20:60:95:49:af:
                    c1:b4:46:d2:c6:7c:f0:f6:ee:dd:fc:05:b0:00:e2:
                    33:29:13:da:1b:89:a3:91:a9:b4:c0:01:32:84:f2:
                    fc:33:80:aa:75:e6:74:91:96:37:76:7a:70:03:74:
                    17:0c:96:43:77:87:4e:b0:32:43:8e:d8:89:2a:1e:
                    b5:a0:91:75:49:0a:50:30:47:9b:6b:b2:d4:fb:81:
                    14:b5:2c:92:41:d4:e0:f8:b4:0e:0c:6d:2f:b7:8d:
                    f2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:68:9F:01:0D:DD:4A:EF:27:84:40:1E:3A:1F:C5:D4:1A:61:5A:BA
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/QWifAQ3dSu8nhEAeOh_F1BphWro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:29:09:7c:f9:00:22:78:a1:27:a4:81:b5:e4:ed:b1:47:d6:
         96:1a:1c:cd:25:f0:ab:94:c2:13:88:52:e0:17:a5:e1:cc:13:
         9d:92:c1:c7:87:9e:b1:7a:e7:e8:ce:bb:44:84:bd:01:a5:de:
         8a:87:d7:ec:0f:5d:9e:48:0c:3c:81:53:28:bf:14:d6:1b:75:
         1d:ad:93:6b:e9:06:c4:3f:5d:dc:2b:76:dd:e3:4e:19:3b:e6:
         59:c5:6b:4e:81:33:32:f0:92:41:19:a0:e3:90:3c:8b:6d:7a:
         6b:24:07:50:15:44:b1:d6:d3:6f:5b:46:62:06:c9:8f:a5:76:
         b8:61:1f:dc:9a:22:78:ea:15:6a:95:3d:da:9d:0e:0b:1c:02:
         73:60:66:a1:a8:02:b6:99:0c:40:2b:01:a9:e9:6a:76:e3:90:
         2a:6e:7c:b4:0c:b9:b3:93:cd:97:c9:86:0e:c8:62:97:f6:c2:
         35:f6:3f:a1:4e:32:50:f8:e3:f9:24:52:1d:54:a2:66:fa:6c:
         6f:8f:2e:e8:d0:71:79:e8:db:80:3b:d6:40:dd:bf:b2:e3:62:
         fa:88:aa:a2:b9:e8:9b:b7:ff:cd:d9:f8:cd:17:a8:d1:75:e6:
         68:b7:da:15:1a:69:a4:fa:a3:22:1d:14:10:e9:e4:77:bf:54:
         d0:6d:b9:49
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhslfwIWd1K5xQdCpOwlI/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjUwMTAxMTE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MTY4OWYwMTBkZGQ0YWVmMjc4NDQwMWUzYTFmYzVkNDFhNjE1YWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4m38PLF0lM66kPS2NnpbQm57fuW
7P46hqpVl1xDgF+N5DH/bsccEJSq0B1qaHea4EFxmbKBPddcai2F2jqmXifdiukX
UCpE3hIZrhJXgHGLM79zo8NXb5e/ZYCJSJL1pjJFHe50Lal1nIgcQ+WEJuryqiUv
Dv7VnIWPDn1LFf56+Ihwcxdd9WlyCx4V4I/uCe8qgQ3FR1o+VjLzGFjvIGCVSa/B
tEbSxnzw9u7d/AWwAOIzKRPaG4mjkam0wAEyhPL8M4CqdeZ0kZY3dnpwA3QXDJZD
d4dOsDJDjtiJKh61oJF1SQpQMEeba7LU+4EUtSySQdTg+LQODG0vt43ynQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEFonwEN3UrvJ4RAHjofxdQaYVq6MB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvUVdpZkFRM2RTdThuaEVBZU9oX0YxQnBoV3JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW93pMA0G
CSqGSIb3DQEBCwUAA4IBAQBlKQl8+QAieKEnpIG15O2xR9aWGhzNJfCrlMITiFLg
F6XhzBOdksHHh56xeufozrtEhL0Bpd6Kh9fsD12eSAw8gVMovxTWG3UdrZNr6QbE
P13cK3bd404ZO+ZZxWtOgTMy8JJBGaDjkDyLbXprJAdQFUSx1tNvW0ZiBsmPpXa4
YR/cmiJ46hVqlT3anQ4LHAJzYGahqAK2mQxAKwGp6Wp245Aqbny0DLmzk82XyYYO
yGKX9sI19j+hTjJQ+OP5JFIdVKJm+mxvjy7o0HF56NuAO9ZA3b+y42L6iKqiueib
t//N2fjNF6jRdeZot9oVGmmk+qMiHRQQ6eR3v1TQbblJ
-----END CERTIFICATE-----