Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/YSJsJ7rg7EidMZefY-BszG5mWCo.roa
File:                     YSJsJ7rg7EidMZefY-BszG5mWCo.roa (raw, json)
Hash identifier:          rnkQfmvPebGKW2rcrWX1yzQQ5lUiq5kTupx4euApZqY=
Subject key identifier:   61:22:6C:27:BA:E0:EC:48:9D:31:97:9F:63:E0:6C:CC:6E:66:58:2A
Certificate issuer:       /CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
Certificate serial:       0196E93A3DD99BC44703E9BF645FA511BA0B
Authority key identifier: FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/YSJsJ7rg7EidMZefY-BszG5mWCo.roa
Signing time:             Mon 19 May 2025 15:47:10 +0000
ROA not before:           Mon 19 May 2025 15:47:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6698
IP address blocks:        91.239.78.0/23 maxlen: 23
                          213.111.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e9:3a:3d:d9:9b:c4:47:03:e9:bf:64:5f:a5:11:ba:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
        Validity
            Not Before: May 19 15:47:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61226c27bae0ec489d31979f63e06ccc6e66582a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b4:88:26:7f:b7:97:ba:a7:10:00:9d:1c:72:
                    35:66:26:1d:2f:b7:7e:01:3f:6f:f1:b0:ee:a5:b5:
                    c1:01:d6:cf:d6:e5:2c:74:10:0f:e5:91:84:18:d4:
                    ac:50:0e:7b:32:a0:0f:ee:d2:bb:8d:b7:ed:66:85:
                    74:10:cd:2e:08:c3:a8:a9:6b:b1:9d:75:f2:0b:a6:
                    56:f3:c8:e9:f8:81:86:cf:47:e2:35:8b:e0:5c:be:
                    34:cb:0c:bf:fd:ae:47:86:81:74:de:bf:2d:dd:93:
                    87:5f:9c:78:f1:d5:3a:c8:9d:ca:b8:4c:c5:a4:b1:
                    d0:87:0b:12:24:c6:06:5f:89:a9:32:77:0d:51:dc:
                    e4:75:72:b8:b3:bb:ae:18:1a:01:23:ad:a2:8a:64:
                    32:d0:52:5d:a1:3f:54:3d:c4:3b:9b:46:b6:55:35:
                    8b:02:00:e8:0e:da:f3:ca:c9:50:0f:ba:07:1c:54:
                    2d:fa:b7:b8:7e:40:78:89:a1:e8:87:57:35:37:32:
                    ac:15:fe:8a:79:b2:d0:c8:f5:47:80:3a:a2:be:49:
                    30:8a:a1:7d:03:2a:f6:0b:a0:c0:78:91:20:a7:cc:
                    68:fb:e5:a2:fd:f9:76:fa:9c:f3:70:fa:41:40:bc:
                    a4:80:e3:7d:7d:dd:fc:14:82:86:79:bf:3f:5d:4c:
                    40:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:22:6C:27:BA:E0:EC:48:9D:31:97:9F:63:E0:6C:CC:6E:66:58:2A
            X509v3 Authority Key Identifier:
                keyid:FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/YSJsJ7rg7EidMZefY-BszG5mWCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.78.0/23
                  213.111.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:07:92:6e:e7:a3:c3:ff:12:b5:27:e8:31:9d:6c:21:ec:9f:
         75:7f:f1:b7:bf:92:a4:68:81:c6:c8:14:3a:17:2f:17:7c:88:
         0e:04:b7:38:3c:60:bf:46:03:bd:da:c4:07:62:8b:bc:8b:13:
         10:53:78:bd:27:11:b1:9c:7b:37:d1:f5:bc:28:d8:55:fc:93:
         f0:82:d5:1e:99:e7:ab:d5:80:e5:dd:84:7b:94:65:84:9f:fd:
         e5:6e:bb:20:50:06:58:4d:8d:3c:8c:23:7b:d4:ca:d8:df:11:
         5a:bb:01:fa:29:b3:f5:a0:02:9c:c2:c6:0e:7b:28:06:9e:59:
         28:55:ba:d4:e8:70:e0:ef:e1:c3:2f:1f:8c:55:6c:72:1c:86:
         96:38:67:30:1b:f1:02:d8:a7:cb:da:04:82:69:b4:3a:77:22:
         e2:6f:bd:78:4c:9f:04:34:46:ed:e0:13:b5:41:d6:f1:ab:db:
         f2:01:52:02:7e:4c:a2:4d:66:18:d0:3c:b6:4b:64:7a:99:78:
         42:c1:45:67:5d:dd:dd:bd:94:4e:ec:c0:b1:70:ed:e1:47:4e:
         7f:29:6e:ac:3d:cd:37:33:b5:5d:06:b6:42:7d:33:63:74:d3:
         d7:ce:9a:06:2c:28:88:12:e0:c0:e4:be:67:61:81:6a:e3:f5:
         fc:9d:83:17
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbpOj3Zm8RHA+m/ZF+lEboLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmN2Q4YTc5YmFkNGY5ODNkMGM0OTg5NWFmNTBlYThhMDNl
YmM3MGQwHhcNMjUwNTE5MTU0NzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTIyNmMyN2JhZTBlYzQ4OWQzMTk3OWY2M2UwNmNjYzZlNjY1ODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrSIJn+3l7qnEACdHHI1ZiYdL7d+
AT9v8bDupbXBAdbP1uUsdBAP5ZGEGNSsUA57MqAP7tK7jbftZoV0EM0uCMOoqWux
nXXyC6ZW88jp+IGGz0fiNYvgXL40ywy//a5HhoF03r8t3ZOHX5x48dU6yJ3KuEzF
pLHQhwsSJMYGX4mpMncNUdzkdXK4s7uuGBoBI62iimQy0FJdoT9UPcQ7m0a2VTWL
AgDoDtrzyslQD7oHHFQt+re4fkB4iaHoh1c1NzKsFf6KebLQyPVHgDqivkkwiqF9
Ayr2C6DAeJEgp8xo++Wi/fl2+pzzcPpBQLykgON9fd38FIKGeb8/XUxAWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGEibCe64OxInTGXn2PgbMxuZlgqMB8GA1UdIwQY
MBaAFP99inm61PmD0MSYla9Q6ooD68cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2Mt
MDg3M2UzOTk0ZDBlLzEvWVNKc0o3cmc3RWlkTVplZlktQnN6RzVtV0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2MtMDg3M2UzOTk0ZDBl
LzEvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+9OAwQA
1W+UMA0GCSqGSIb3DQEBCwUAA4IBAQAGB5Ju56PD/xK1J+gxnWwh7J91f/G3v5Kk
aIHGyBQ6Fy8XfIgOBLc4PGC/RgO92sQHYou8ixMQU3i9JxGxnHs30fW8KNhV/JPw
gtUemeer1YDl3YR7lGWEn/3lbrsgUAZYTY08jCN71MrY3xFauwH6KbP1oAKcwsYO
eygGnlkoVbrU6HDg7+HDLx+MVWxyHIaWOGcwG/EC2KfL2gSCabQ6dyLib714TJ8E
NEbt4BO1Qdbxq9vyAVICfkyiTWYY0Dy2S2R6mXhCwUVnXd3dvZRO7MCxcO3hR05/
KW6sPc03M7VdBrZCfTNjdNPXzpoGLCiIEuDA5L5nYYFq4/X8nYMX
-----END CERTIFICATE-----