Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/YqcsRsNWUIAuSWFcG2LkwlaCRpU.roa
File:                     YqcsRsNWUIAuSWFcG2LkwlaCRpU.roa (raw, json)
Hash identifier:          JnjUw+oSYZ7zYyFgVViB1dXlZlt1DLN5IKIef4zg43A=
Subject key identifier:   62:A7:2C:46:C3:56:50:80:2E:49:61:5C:1B:62:E4:C2:56:82:46:95
Certificate issuer:       /CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
Certificate serial:       019423D6D808012AA7954917AE9D639F3035
Authority key identifier: 9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/YqcsRsNWUIAuSWFcG2LkwlaCRpU.roa
Signing time:             Wed 01 Jan 2025 21:47:50 +0000
ROA not before:           Wed 01 Jan 2025 21:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50942
IP address blocks:        91.207.26.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:d8:08:01:2a:a7:95:49:17:ae:9d:63:9f:30:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e8cd7d6a4105750bf8975a7d0b96794c1efe622
        Validity
            Not Before: Jan  1 21:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62a72c46c35650802e49615c1b62e4c256824695
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:f6:fc:32:44:b7:6d:75:e0:3e:0d:75:a9:1d:
                    b4:a7:36:a6:3b:d0:ce:2b:2c:c0:cd:c3:1b:48:ea:
                    db:30:24:ef:ff:9b:9e:fd:ea:82:f7:f6:05:8c:66:
                    e8:4b:12:3a:cc:63:63:ad:28:86:90:50:3c:16:76:
                    d1:30:a9:71:99:26:05:51:15:1f:05:1f:ad:87:e6:
                    0b:df:5c:d1:54:46:75:76:23:33:e5:a6:32:b9:ed:
                    87:6f:11:1f:88:05:49:41:2e:90:4f:29:2c:e8:68:
                    1b:fa:20:31:f0:cb:e2:ee:b5:6c:54:c3:7e:2e:ea:
                    59:fc:cf:4f:37:e0:bd:f4:67:63:44:62:b7:59:16:
                    a8:37:30:dd:35:3c:6f:89:c4:76:f5:ff:e6:8b:dd:
                    1a:07:cb:56:e6:19:c0:e9:db:6c:44:cd:fe:0f:e4:
                    57:e6:b1:95:51:f9:5f:dd:5a:31:d5:2a:ae:4a:95:
                    73:68:87:4f:cb:d0:82:94:c6:e7:ac:79:23:f4:0e:
                    64:aa:cd:88:8a:c0:af:3d:6e:15:46:8d:f0:ea:4a:
                    fa:ae:51:e1:82:65:cf:6c:95:6c:84:62:9e:e7:82:
                    26:e6:08:c8:f3:a9:a4:cb:8d:4c:af:8d:1c:25:36:
                    72:05:28:d0:25:1d:d0:19:70:02:69:28:dd:91:f1:
                    19:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A7:2C:46:C3:56:50:80:2E:49:61:5C:1B:62:E4:C2:56:82:46:95
            X509v3 Authority Key Identifier:
                keyid:9E:8C:D7:D6:A4:10:57:50:BF:89:75:A7:D0:B9:67:94:C1:EF:E6:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nozX1qQQV1C_iXWn0LlnlMHv5iI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/YqcsRsNWUIAuSWFcG2LkwlaCRpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/85c6bd-6a68-4d11-b9cd-8c2df5a5c6d7/1/nozX1qQQV1C_iXWn0LlnlMHv5iI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         14:03:13:35:f1:1a:78:91:9b:8d:bc:e1:51:64:9e:1c:d3:9b:
         e3:1a:64:57:32:60:eb:8e:16:53:ce:23:7e:60:81:59:c0:c9:
         5c:10:f9:a1:f1:52:d1:b1:e0:40:56:76:1d:aa:48:b5:6b:29:
         9b:11:57:eb:62:38:f9:f2:ac:fd:27:55:b2:14:7c:08:36:e9:
         96:45:84:bf:da:e2:50:79:c2:1b:8a:40:a2:1b:86:08:4a:76:
         67:88:78:03:6a:91:9d:6d:8a:49:5f:e9:de:57:c2:82:70:36:
         1b:32:6c:b0:5b:92:12:63:9a:ed:45:2d:1a:82:9c:31:a2:6e:
         84:83:92:0b:0b:a7:5a:ef:40:a0:81:0f:26:c9:11:0a:2f:83:
         22:85:4f:a3:09:77:29:4d:2e:38:b8:e8:cc:10:49:b7:f5:47:
         58:f3:d4:3b:46:01:a4:5b:f2:d1:4f:49:7b:23:65:b9:0d:7f:
         13:67:f9:00:9f:13:8d:90:67:b5:41:b2:d3:f4:45:d5:87:c0:
         a9:b6:67:a4:ed:96:d4:b0:a4:29:63:f8:14:e9:08:90:79:26:
         cd:3c:bf:22:14:88:a1:35:fe:fe:27:ef:23:1c:05:06:91:7d:
         16:76:03:75:49:d0:9e:4d:f3:7c:3c:0f:b9:e9:2c:fb:63:cd:
         3e:29:ab:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1tgIASqnlUkXrp1jnzA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOGNkN2Q2YTQxMDU3NTBiZjg5NzVhN2QwYjk2Nzk0YzFl
ZmU2MjIwHhcNMjUwMTAxMjE0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmE3MmM0NmMzNTY1MDgwMmU0OTYxNWMxYjYyZTRjMjU2ODI0Njk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuPb8MkS3bXXgPg11qR20pzamO9DO
KyzAzcMbSOrbMCTv/5ue/eqC9/YFjGboSxI6zGNjrSiGkFA8FnbRMKlxmSYFURUf
BR+th+YL31zRVEZ1diMz5aYyue2HbxEfiAVJQS6QTyks6Ggb+iAx8Mvi7rVsVMN+
LupZ/M9PN+C99GdjRGK3WRaoNzDdNTxvicR29f/mi90aB8tW5hnA6dtsRM3+D+RX
5rGVUflf3Vox1SquSpVzaIdPy9CClMbnrHkj9A5kqs2IisCvPW4VRo3w6kr6rlHh
gmXPbJVshGKe54Im5gjI86mky41Mr40cJTZyBSjQJR3QGXACaSjdkfEZ6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKnLEbDVlCALklhXBti5MJWgkaVMB8GA1UdIwQY
MBaAFJ6M19akEFdQv4l1p9C5Z5TB7+YiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2Qt
OGMyZGY1YTVjNmQ3LzEvWXFjc1JzTldVSUF1U1dGY0cyTGt3bGFDUnBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi84NWM2YmQtNmE2OC00ZDExLWI5Y2QtOGMyZGY1YTVjNmQ3
LzEvbm96WDFxUVFWMUNfaVhXbjBMbG5sTUh2NWlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW88aMA0G
CSqGSIb3DQEBCwUAA4IBAQAUAxM18Rp4kZuNvOFRZJ4c05vjGmRXMmDrjhZTziN+
YIFZwMlcEPmh8VLRseBAVnYdqki1aymbEVfrYjj58qz9J1WyFHwINumWRYS/2uJQ
ecIbikCiG4YISnZniHgDapGdbYpJX+neV8KCcDYbMmywW5ISY5rtRS0agpwxom6E
g5ILC6da70CggQ8myREKL4MihU+jCXcpTS44uOjMEEm39UdY89Q7RgGkW/LRT0l7
I2W5DX8TZ/kAnxONkGe1QbLT9EXVh8Cptmek7ZbUsKQpY/gU6QiQeSbNPL8iFIih
Nf7+J+8jHAUGkX0WdgN1SdCeTfN8PA+56Sz7Y80+Kavz
-----END CERTIFICATE-----