Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/JoXkjArh1eQOEzJmDg5eyKhlAZU.roa
File:                     JoXkjArh1eQOEzJmDg5eyKhlAZU.roa (raw, json)
Hash identifier:          IpnTumi25Jm35YnmbE0mTeFwDsMDbPll4BvRMHinz6I=
Subject key identifier:   26:85:E4:8C:0A:E1:D5:E4:0E:13:32:66:0E:0E:5E:C8:A8:65:01:95
Certificate issuer:       /CN=bf982def77a26d7cc19473b3a4064dcc5217e471
Certificate serial:       019424454BC91BD1435F4E0220C2AF475317
Authority key identifier: BF:98:2D:EF:77:A2:6D:7C:C1:94:73:B3:A4:06:4D:CC:52:17:E4:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v5gt73eibXzBlHOzpAZNzFIX5HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/JoXkjArh1eQOEzJmDg5eyKhlAZU.roa
Signing time:             Wed 01 Jan 2025 23:48:28 +0000
ROA not before:           Wed 01 Jan 2025 23:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198710
IP address blocks:        91.217.174.0/24 maxlen: 24
                          2a05:e700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/v5gt73eibXzBlHOzpAZNzFIX5HE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/v5gt73eibXzBlHOzpAZNzFIX5HE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v5gt73eibXzBlHOzpAZNzFIX5HE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4b:c9:1b:d1:43:5f:4e:02:20:c2:af:47:53:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf982def77a26d7cc19473b3a4064dcc5217e471
        Validity
            Not Before: Jan  1 23:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2685e48c0ae1d5e40e1332660e0e5ec8a8650195
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:7d:3b:ef:75:d0:58:8a:f8:b7:38:79:13:64:
                    a6:8c:68:4f:d4:23:e4:da:70:97:52:42:5e:ab:97:
                    02:3d:5c:e1:c7:b4:4f:7e:1d:9d:aa:41:85:07:a4:
                    e3:ca:b3:c5:06:ae:00:49:62:ec:8a:54:2f:5c:c4:
                    0e:de:bc:f3:52:ad:96:2f:73:29:f3:73:3a:55:a1:
                    c2:9f:dc:6e:ea:8b:d1:d2:18:b5:11:e5:9c:b3:26:
                    2d:00:68:46:23:20:ce:1d:21:56:09:e5:31:83:b8:
                    72:e3:94:0f:3c:fe:40:ab:4f:ab:fd:a3:31:c0:e9:
                    9a:ee:ac:40:9f:69:4f:16:41:98:c7:73:85:58:5b:
                    59:11:c8:17:57:b3:9a:d3:bc:1a:a4:ac:4f:5a:a3:
                    03:12:35:3d:2e:39:0e:a0:c4:f1:ea:7f:fc:82:75:
                    4a:2b:2b:71:40:c8:76:4c:6b:1a:ce:0d:9b:c6:d2:
                    b8:9c:47:41:88:e1:ef:d8:c6:24:b2:8a:3a:83:02:
                    94:ec:b7:22:c2:a4:94:ea:52:a1:10:57:e1:eb:30:
                    11:8b:73:74:af:4f:ea:8a:4c:f7:7a:f8:92:65:bf:
                    f1:76:c1:2f:2a:ba:3f:ad:57:f5:38:54:63:2f:71:
                    6c:fe:2d:25:8c:f3:c8:50:a4:00:5b:77:82:ed:9b:
                    19:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:85:E4:8C:0A:E1:D5:E4:0E:13:32:66:0E:0E:5E:C8:A8:65:01:95
            X509v3 Authority Key Identifier:
                keyid:BF:98:2D:EF:77:A2:6D:7C:C1:94:73:B3:A4:06:4D:CC:52:17:E4:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v5gt73eibXzBlHOzpAZNzFIX5HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/JoXkjArh1eQOEzJmDg5eyKhlAZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/afa091-b16f-4527-8b00-1ddac2b08404/1/v5gt73eibXzBlHOzpAZNzFIX5HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.174.0/24
                IPv6:
                  2a05:e700::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:32:9a:34:bb:88:46:e9:f4:1e:60:04:87:fa:19:fd:63:f2:
         0b:f7:ae:77:e5:d2:4f:64:02:83:c1:90:c1:00:79:2a:34:df:
         0e:dd:dc:df:cb:30:89:ef:ff:0d:cf:a6:90:55:af:31:5d:08:
         1d:23:58:3f:af:15:a6:66:8c:ae:4b:8e:a1:a1:f7:05:02:20:
         da:1e:7b:3d:a5:86:6c:a9:46:11:66:62:a2:89:69:46:1f:19:
         86:e1:ab:54:9f:97:0c:27:2f:23:fe:cf:d1:90:6a:cf:7c:14:
         a9:5f:e0:4a:de:bb:b3:b6:b0:d9:b5:e6:64:68:23:93:98:cb:
         e3:5e:44:c9:2b:72:4c:b9:19:f1:11:01:54:0e:25:84:2a:a5:
         38:24:ba:d8:20:3e:09:a6:12:b2:5c:6f:d5:14:21:38:a3:dd:
         f6:81:f1:c4:db:11:8e:be:98:d2:ac:7f:9a:4d:ca:26:89:bc:
         7d:cb:1b:3b:d3:24:fb:32:91:d3:e1:b5:ba:37:57:21:7d:0f:
         05:18:4d:c8:c3:e0:25:1b:47:21:89:5a:32:6a:6e:92:f3:03:
         f1:7c:02:54:40:14:6c:86:a6:70:9b:17:90:18:fd:ab:32:68:
         d3:8d:5f:20:69:c7:ad:1a:ca:8b:4b:0f:6e:6f:3a:cd:b4:34:
         03:af:9a:d3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRUvJG9FDX04CIMKvR1MXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmOTgyZGVmNzdhMjZkN2NjMTk0NzNiM2E0MDY0ZGNjNTIx
N2U0NzEwHhcNMjUwMTAxMjM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjg1ZTQ4YzBhZTFkNWU0MGUxMzMyNjYwZTBlNWVjOGE4NjUwMTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6H0773XQWIr4tzh5E2SmjGhP1CPk
2nCXUkJeq5cCPVzhx7RPfh2dqkGFB6TjyrPFBq4ASWLsilQvXMQO3rzzUq2WL3Mp
83M6VaHCn9xu6ovR0hi1EeWcsyYtAGhGIyDOHSFWCeUxg7hy45QPPP5Aq0+r/aMx
wOma7qxAn2lPFkGYx3OFWFtZEcgXV7Oa07wapKxPWqMDEjU9LjkOoMTx6n/8gnVK
KytxQMh2TGsazg2bxtK4nEdBiOHv2MYksoo6gwKU7LciwqSU6lKhEFfh6zARi3N0
r0/qikz3eviSZb/xdsEvKro/rVf1OFRjL3Fs/i0ljPPIUKQAW3eC7ZsZlwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCaF5IwK4dXkDhMyZg4OXsioZQGVMB8GA1UdIwQY
MBaAFL+YLe93om18wZRzs6QGTcxSF+RxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjVndDczZWliWHpCbEhPenBBWk56RklYNUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi9hZmEwOTEtYjE2Zi00NTI3LThiMDAt
MWRkYWMyYjA4NDA0LzEvSm9Ya2pBcmgxZVFPRXpKbURnNWV5S2hsQVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi9hZmEwOTEtYjE2Zi00NTI3LThiMDAtMWRkYWMyYjA4NDA0
LzEvdjVndDczZWliWHpCbEhPenBBWk56RklYNUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9muMA0E
AgACMAcDBQMqBecAMA0GCSqGSIb3DQEBCwUAA4IBAQBzMpo0u4hG6fQeYASH+hn9
Y/IL96535dJPZAKDwZDBAHkqNN8O3dzfyzCJ7/8Nz6aQVa8xXQgdI1g/rxWmZoyu
S46hofcFAiDaHns9pYZsqUYRZmKiiWlGHxmG4atUn5cMJy8j/s/RkGrPfBSpX+BK
3ruztrDZteZkaCOTmMvjXkTJK3JMuRnxEQFUDiWEKqU4JLrYID4JphKyXG/VFCE4
o932gfHE2xGOvpjSrH+aTcomibx9yxs70yT7MpHT4bW6N1chfQ8FGE3Iw+AlG0ch
iVoyam6S8wPxfAJUQBRshqZwmxeQGP2rMmjTjV8gacetGsqLSw9ubzrNtDQDr5rT
-----END CERTIFICATE-----