Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/dwbiIWEratA3KWkL5imPi021V8I.roa
File:                     dwbiIWEratA3KWkL5imPi021V8I.roa (raw, json)
Hash identifier:          uBYUZ2jEhyVMlLuwkanT9PAiy5t/N1UtpXaLMB0jCDs=
Subject key identifier:   77:06:E2:21:61:2B:6A:D0:37:29:69:0B:E6:29:8F:8B:4D:B5:57:C2
Certificate issuer:       /CN=41d6451b923a07e365b2f190faa55a572dd0fafc
Certificate serial:       01942143ACB690B104F248C2FD6BD319555D
Authority key identifier: 41:D6:45:1B:92:3A:07:E3:65:B2:F1:90:FA:A5:5A:57:2D:D0:FA:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/dwbiIWEratA3KWkL5imPi021V8I.roa
Signing time:             Wed 01 Jan 2025 09:47:50 +0000
ROA not before:           Wed 01 Jan 2025 09:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197883
IP address blocks:        91.217.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ac:b6:90:b1:04:f2:48:c2:fd:6b:d3:19:55:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41d6451b923a07e365b2f190faa55a572dd0fafc
        Validity
            Not Before: Jan  1 09:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7706e221612b6ad03729690be6298f8b4db557c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7e:6d:30:41:24:fe:a7:ef:cf:3d:35:3f:2b:
                    f7:87:a8:6d:1b:2e:05:00:d1:6d:62:9f:2a:71:11:
                    69:95:ef:f7:76:f1:2a:2f:1d:1b:6f:85:cc:97:c6:
                    b4:79:23:16:6a:27:35:3d:0f:ec:3f:58:01:39:a9:
                    bf:bc:56:19:d3:b8:51:3a:d3:44:08:b2:72:cc:89:
                    40:a8:bd:32:80:62:d9:e9:39:39:56:6c:6f:61:f5:
                    a2:95:2c:5b:f2:e4:1a:69:8a:52:d6:1d:2a:5a:77:
                    ed:0e:20:99:62:98:a0:eb:b6:03:0b:da:14:3a:66:
                    2a:62:79:dc:6c:bc:7c:52:63:0b:7a:ba:81:1f:b2:
                    00:a6:df:c7:ab:8d:78:bb:ed:00:4c:a7:5a:6b:47:
                    49:b0:80:4c:e1:6c:7c:5a:32:53:be:5c:d8:46:dd:
                    ed:b2:88:93:b9:17:44:d3:1e:d3:1a:72:b7:da:f6:
                    d7:25:d5:02:61:c7:00:0a:c9:33:90:a4:48:c9:d7:
                    0a:14:eb:e3:11:e8:04:2c:0e:24:0b:69:c9:c0:38:
                    5b:71:db:80:b0:bf:ab:f2:f3:b2:9c:47:a2:55:26:
                    7d:dc:1e:68:44:ee:0d:a2:d1:69:88:b4:a1:f9:88:
                    19:6e:3f:cc:32:57:a0:1f:73:7a:77:a4:b0:b7:14:
                    00:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:06:E2:21:61:2B:6A:D0:37:29:69:0B:E6:29:8F:8B:4D:B5:57:C2
            X509v3 Authority Key Identifier:
                keyid:41:D6:45:1B:92:3A:07:E3:65:B2:F1:90:FA:A5:5A:57:2D:D0:FA:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/dwbiIWEratA3KWkL5imPi021V8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/dee744-0854-4cf1-af6a-f56c84943a7d/1/QdZFG5I6B-NlsvGQ-qVaVy3Q-vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:53:33:d0:be:f0:a9:c2:d1:d2:a5:59:7d:7a:35:cc:c9:cf:
         9b:e7:6c:94:bb:ed:14:e3:e3:b9:7f:cd:ae:d2:7b:a6:00:38:
         76:6e:84:a5:07:06:4a:e4:77:07:8e:ef:eb:34:dc:1c:4d:85:
         f5:28:89:76:3b:30:fa:00:b2:06:02:a4:35:56:e3:4b:b4:83:
         a0:fa:72:fd:9e:2c:5a:7f:8a:3f:fd:8d:e9:1a:d6:8f:c9:c0:
         d7:6c:e6:0f:c8:bb:ec:f5:26:f0:00:89:d3:3a:7b:87:6c:a4:
         8c:98:bd:71:f8:21:30:c0:76:3e:cf:1e:98:d6:b1:a3:75:20:
         e0:07:61:e7:30:47:e5:06:be:9e:a3:8f:ff:72:6c:a8:a8:08:
         33:60:7d:f3:04:21:f2:19:79:8b:43:e8:cb:1a:28:e7:7d:4f:
         8d:76:c4:2c:de:11:47:de:18:32:cf:4b:e5:66:53:e9:ad:e9:
         01:4e:d9:bc:01:9c:94:26:fd:a3:1f:e3:a8:20:44:f7:06:4b:
         cd:bf:5b:c1:75:9b:7b:a7:23:5b:f3:1a:3e:d4:17:ea:a7:d1:
         70:0b:48:01:7b:39:cc:db:8b:7a:a7:66:49:27:52:b0:2a:94:
         b3:ad:e5:7e:fd:b9:e9:63:27:ac:4a:7e:d3:7c:50:25:53:8d:
         52:c2:d0:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ6y2kLEE8kjC/WvTGVVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZDY0NTFiOTIzYTA3ZTM2NWIyZjE5MGZhYTU1YTU3MmRk
MGZhZmMwHhcNMjUwMTAxMDk0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzA2ZTIyMTYxMmI2YWQwMzcyOTY5MGJlNjI5OGY4YjRkYjU1N2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyH5tMEEk/qfvzz01Pyv3h6htGy4F
ANFtYp8qcRFple/3dvEqLx0bb4XMl8a0eSMWaic1PQ/sP1gBOam/vFYZ07hROtNE
CLJyzIlAqL0ygGLZ6Tk5VmxvYfWilSxb8uQaaYpS1h0qWnftDiCZYpig67YDC9oU
OmYqYnncbLx8UmMLerqBH7IApt/Hq414u+0ATKdaa0dJsIBM4Wx8WjJTvlzYRt3t
soiTuRdE0x7TGnK32vbXJdUCYccACskzkKRIydcKFOvjEegELA4kC2nJwDhbcduA
sL+r8vOynEeiVSZ93B5oRO4NotFpiLSh+YgZbj/MMlegH3N6d6SwtxQAPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHcG4iFhK2rQNylpC+Ypj4tNtVfCMB8GA1UdIwQY
MBaAFEHWRRuSOgfjZbLxkPqlWlct0Pr8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWRaRkc1STZCLU5sc3ZHUS1xVmFWeTNRLXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9kZWU3NDQtMDg1NC00Y2YxLWFmNmEt
ZjU2Yzg0OTQzYTdkLzEvZHdiaUlXRXJhdEEzS1drTDVpbVBpMDIxVjhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9kZWU3NDQtMDg1NC00Y2YxLWFmNmEtZjU2Yzg0OTQzYTdk
LzEvUWRaRkc1STZCLU5sc3ZHUS1xVmFWeTNRLXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9l2MA0G
CSqGSIb3DQEBCwUAA4IBAQBmUzPQvvCpwtHSpVl9ejXMyc+b52yUu+0U4+O5f82u
0numADh2boSlBwZK5HcHju/rNNwcTYX1KIl2OzD6ALIGAqQ1VuNLtIOg+nL9nixa
f4o//Y3pGtaPycDXbOYPyLvs9SbwAInTOnuHbKSMmL1x+CEwwHY+zx6Y1rGjdSDg
B2HnMEflBr6eo4//cmyoqAgzYH3zBCHyGXmLQ+jLGijnfU+NdsQs3hFH3hgyz0vl
ZlPprekBTtm8AZyUJv2jH+OoIET3BkvNv1vBdZt7pyNb8xo+1Bfqp9FwC0gBeznM
24t6p2ZJJ1KwKpSzreV+/bnpYyesSn7TfFAlU41SwtB7
-----END CERTIFICATE-----