Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/098772-dbb6-4dbb-b595-b26f70e03d76/1/bNv8eusD3Csjo1u3iFVspzQvWAc.roa
File:                     bNv8eusD3Csjo1u3iFVspzQvWAc.roa (raw, json)
Hash identifier:          GAiEsWZddqBZP7L/gvAH0WfEgVNJ0dl2gxsvC2wdCyo=
Subject key identifier:   6C:DB:FC:7A:EB:03:DC:2B:23:A3:5B:B7:88:55:6C:A7:34:2F:58:07
Certificate issuer:       /CN=47684a7ebf9de294831a2c03e1b5a012420acd97
Certificate serial:       019424453F79BF090DAAE0CC7DBE64349D48
Authority key identifier: 47:68:4A:7E:BF:9D:E2:94:83:1A:2C:03:E1:B5:A0:12:42:0A:CD:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R2hKfr-d4pSDGiwD4bWgEkIKzZc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/098772-dbb6-4dbb-b595-b26f70e03d76/1/bNv8eusD3Csjo1u3iFVspzQvWAc.roa
Signing time:             Wed 01 Jan 2025 23:48:25 +0000
ROA not before:           Wed 01 Jan 2025 23:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199532
IP address blocks:        91.217.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/098772-dbb6-4dbb-b595-b26f70e03d76/1/R2hKfr-d4pSDGiwD4bWgEkIKzZc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/098772-dbb6-4dbb-b595-b26f70e03d76/1/R2hKfr-d4pSDGiwD4bWgEkIKzZc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R2hKfr-d4pSDGiwD4bWgEkIKzZc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 14:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:3f:79:bf:09:0d:aa:e0:cc:7d:be:64:34:9d:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47684a7ebf9de294831a2c03e1b5a012420acd97
        Validity
            Not Before: Jan  1 23:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6cdbfc7aeb03dc2b23a35bb788556ca7342f5807
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:dd:74:44:28:99:b3:27:bf:71:67:2a:53:50:
                    91:fe:96:1b:f0:86:6b:b8:6f:0b:90:4d:51:be:5b:
                    05:48:6b:46:97:8c:c5:e9:ac:4c:98:05:8d:f2:81:
                    46:ff:bf:ef:8c:6d:52:c4:7a:a4:86:96:0b:88:b8:
                    56:6a:f5:13:6c:b1:9d:25:6e:13:54:dd:d5:d0:e7:
                    7f:fd:01:f5:c1:b2:1c:08:4f:fd:61:a1:04:d3:02:
                    90:56:08:2f:b1:fa:bc:3c:ca:4c:72:3a:b4:f0:52:
                    7f:f0:85:93:84:61:15:00:74:d5:3d:8c:f3:7c:99:
                    94:5f:b2:bb:9a:01:0a:17:fc:2e:7c:04:2c:72:32:
                    3b:32:2c:0a:9f:05:4f:a5:94:24:ed:0e:70:32:dc:
                    36:47:13:2f:a3:16:93:7a:e6:c1:77:4e:d7:b3:22:
                    66:04:76:96:02:a0:dd:d1:93:91:6c:c1:2a:8d:6d:
                    a2:f8:df:92:36:ff:4f:d2:0b:63:22:f6:4d:1d:a5:
                    04:6e:d9:58:45:8e:7f:93:05:d7:29:4f:8f:24:2a:
                    ba:f3:63:eb:5e:2e:ec:49:43:54:5d:a6:6a:a1:ae:
                    70:50:7d:86:63:c6:47:a9:e8:29:57:a6:ee:c3:87:
                    53:80:bd:94:c0:2b:3b:fa:58:31:5b:18:ce:f7:2b:
                    22:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:DB:FC:7A:EB:03:DC:2B:23:A3:5B:B7:88:55:6C:A7:34:2F:58:07
            X509v3 Authority Key Identifier:
                keyid:47:68:4A:7E:BF:9D:E2:94:83:1A:2C:03:E1:B5:A0:12:42:0A:CD:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R2hKfr-d4pSDGiwD4bWgEkIKzZc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/098772-dbb6-4dbb-b595-b26f70e03d76/1/bNv8eusD3Csjo1u3iFVspzQvWAc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/098772-dbb6-4dbb-b595-b26f70e03d76/1/R2hKfr-d4pSDGiwD4bWgEkIKzZc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:a6:e0:af:94:2a:49:71:fd:05:7e:fe:32:25:a2:1d:b0:44:
         d5:cf:a3:17:37:9a:8c:e6:5a:18:d7:e0:8c:86:0c:30:63:cd:
         b3:79:f9:3a:79:cd:8e:8f:86:76:89:b9:eb:ea:0c:20:20:a3:
         9c:43:1c:e1:8a:51:f6:32:75:39:cc:ed:f6:06:fa:92:83:be:
         7c:f7:20:ff:c9:63:4c:48:54:bb:05:33:ee:85:2b:7b:f2:25:
         7e:2f:98:7e:f5:a1:9c:fc:52:4c:e6:21:e6:ca:3c:34:28:f2:
         5a:75:fb:f4:b6:25:2c:13:56:85:79:8c:00:c3:1b:0c:e0:6d:
         26:f3:6a:ae:fb:26:ef:0e:83:54:4e:e3:42:f8:51:08:a4:9b:
         22:bc:f8:be:a9:22:e1:5a:d8:9d:2d:74:b6:40:88:ab:54:57:
         75:3b:2f:71:bf:44:4c:9e:97:cf:bd:83:77:15:23:8e:d2:0d:
         09:26:e6:00:05:6e:3e:8c:e0:18:22:99:80:7b:09:93:5c:e2:
         98:cd:29:36:52:7d:33:c4:56:59:97:56:b5:c2:05:e3:24:68:
         64:74:4d:fc:83:4a:09:69:41:6a:c4:f8:9d:cf:b2:7f:a9:39:
         68:b7:d2:1a:ce:d9:96:05:c1:29:1b:7b:9c:2b:36:2a:54:71:
         cc:a3:f1:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRT95vwkNquDMfb5kNJ1IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3Njg0YTdlYmY5ZGUyOTQ4MzFhMmMwM2UxYjVhMDEyNDIw
YWNkOTcwHhcNMjUwMTAxMjM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Y2RiZmM3YWViMDNkYzJiMjNhMzViYjc4ODU1NmNhNzM0MmY1ODA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxt10RCiZsye/cWcqU1CR/pYb8IZr
uG8LkE1RvlsFSGtGl4zF6axMmAWN8oFG/7/vjG1SxHqkhpYLiLhWavUTbLGdJW4T
VN3V0Od//QH1wbIcCE/9YaEE0wKQVggvsfq8PMpMcjq08FJ/8IWThGEVAHTVPYzz
fJmUX7K7mgEKF/wufAQscjI7MiwKnwVPpZQk7Q5wMtw2RxMvoxaTeubBd07XsyJm
BHaWAqDd0ZORbMEqjW2i+N+SNv9P0gtjIvZNHaUEbtlYRY5/kwXXKU+PJCq682Pr
Xi7sSUNUXaZqoa5wUH2GY8ZHqegpV6buw4dTgL2UwCs7+lgxWxjO9ysiNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGzb/HrrA9wrI6Nbt4hVbKc0L1gHMB8GA1UdIwQY
MBaAFEdoSn6/neKUgxosA+G1oBJCCs2XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjJoS2ZyLWQ0cFNER2l3RDRiV2dFa0lLelpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy8wOTg3NzItZGJiNi00ZGJiLWI1OTUt
YjI2ZjcwZTAzZDc2LzEvYk52OGV1c0QzQ3NqbzF1M2lGVnNwelF2V0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy8wOTg3NzItZGJiNi00ZGJiLWI1OTUtYjI2ZjcwZTAzZDc2
LzEvUjJoS2ZyLWQ0cFNER2l3RDRiV2dFa0lLelpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nDMA0G
CSqGSIb3DQEBCwUAA4IBAQCYpuCvlCpJcf0Ffv4yJaIdsETVz6MXN5qM5loY1+CM
hgwwY82zefk6ec2Oj4Z2ibnr6gwgIKOcQxzhilH2MnU5zO32BvqSg7589yD/yWNM
SFS7BTPuhSt78iV+L5h+9aGc/FJM5iHmyjw0KPJadfv0tiUsE1aFeYwAwxsM4G0m
82qu+ybvDoNUTuNC+FEIpJsivPi+qSLhWtidLXS2QIirVFd1Oy9xv0RMnpfPvYN3
FSOO0g0JJuYABW4+jOAYIpmAewmTXOKYzSk2Un0zxFZZl1a1wgXjJGhkdE38g0oJ
aUFqxPidz7J/qTlot9IaztmWBcEpG3ucKzYqVHHMo/HU
-----END CERTIFICATE-----