Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/BIbyN6MobH1STyCEPdXKcXxO-0I.roa
File:                     BIbyN6MobH1STyCEPdXKcXxO-0I.roa (raw, json)
Hash identifier:          Os4l0m9oxr0hmnuszsL7ZwnRaiayTTQWv9r3AFurnXg=
Subject key identifier:   04:86:F2:37:A3:28:6C:7D:52:4F:20:84:3D:D5:CA:71:7C:4E:FB:42
Certificate issuer:       /CN=776fae43f73da35fe1a2e429662ae0b91751e3fb
Certificate serial:       0194282605A8957D1C26FAD7ADC3EF038E01
Authority key identifier: 77:6F:AE:43:F7:3D:A3:5F:E1:A2:E4:29:66:2A:E0:B9:17:51:E3:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d2-uQ_c9o1_houQpZirguRdR4_s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/BIbyN6MobH1STyCEPdXKcXxO-0I.roa
Signing time:             Thu 02 Jan 2025 17:52:47 +0000
ROA not before:           Thu 02 Jan 2025 17:52:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6698
IP address blocks:        91.230.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/d2-uQ_c9o1_houQpZirguRdR4_s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/d2-uQ_c9o1_houQpZirguRdR4_s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d2-uQ_c9o1_houQpZirguRdR4_s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 02:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:05:a8:95:7d:1c:26:fa:d7:ad:c3:ef:03:8e:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=776fae43f73da35fe1a2e429662ae0b91751e3fb
        Validity
            Not Before: Jan  2 17:52:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0486f237a3286c7d524f20843dd5ca717c4efb42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:df:92:23:07:b6:83:f5:ac:08:8c:03:d6:17:
                    7e:17:e2:77:2d:bf:83:ad:49:0e:01:3f:93:9e:41:
                    62:e1:20:24:2a:b9:85:6d:ed:2f:d3:02:c7:fa:b8:
                    78:d0:14:c3:28:8e:e5:1c:d5:64:f6:27:71:29:e0:
                    5e:45:58:03:2a:59:fa:bd:82:e8:c8:d9:ab:5c:34:
                    50:9d:ec:13:e4:0b:1e:c5:80:ca:82:a9:0a:8d:5c:
                    7f:70:50:b1:a4:f0:3e:04:56:47:47:ad:78:a6:08:
                    df:b5:8c:f2:dd:a5:a6:a7:f6:f3:96:28:e8:ee:5c:
                    c0:26:a6:ae:b3:e3:77:f4:b4:19:65:71:9d:41:6f:
                    85:c7:de:d0:03:b7:33:68:01:b4:52:d4:d9:d9:3e:
                    8c:f7:a7:d3:cc:da:a9:f4:c0:6e:02:7a:a1:1d:52:
                    de:33:2a:39:f1:bf:22:ab:3a:e3:9f:07:b2:61:6c:
                    e3:6f:65:71:2e:49:15:43:be:ba:bf:b9:22:05:9f:
                    35:1d:00:d8:72:28:1f:7b:c3:47:c9:2d:3e:46:0f:
                    0d:44:50:58:ef:d0:ff:9d:10:3c:6b:71:25:13:65:
                    ad:aa:23:7a:73:d2:1d:c8:05:8e:04:20:d5:fe:2e:
                    b5:d3:ca:7c:ce:f2:45:3d:7b:15:0d:d8:ee:10:f4:
                    28:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:86:F2:37:A3:28:6C:7D:52:4F:20:84:3D:D5:CA:71:7C:4E:FB:42
            X509v3 Authority Key Identifier:
                keyid:77:6F:AE:43:F7:3D:A3:5F:E1:A2:E4:29:66:2A:E0:B9:17:51:E3:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2-uQ_c9o1_houQpZirguRdR4_s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/BIbyN6MobH1STyCEPdXKcXxO-0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/0acf2d-5d62-43f3-8d14-4e0cc58163b0/1/d2-uQ_c9o1_houQpZirguRdR4_s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:e4:4f:b9:af:e3:b0:0f:46:a4:3a:af:d0:9a:17:13:14:a4:
         f1:41:6b:4e:cf:b7:1e:14:b6:f5:dd:41:5f:1e:8e:10:4c:e2:
         63:ed:6e:be:6f:04:b0:46:e4:cf:f1:d3:a9:51:ee:68:ef:da:
         5d:17:5d:1e:79:62:da:73:5f:7d:c4:2e:78:81:44:6c:08:18:
         9a:3b:98:4a:e7:5f:5a:7d:8c:7e:39:4a:fd:cf:7d:c8:e9:b5:
         5f:5c:41:58:55:68:83:0c:a0:c8:2e:66:0e:e7:ee:31:95:28:
         d8:90:b3:75:44:43:90:e0:3e:9a:ab:02:51:66:a1:66:a2:89:
         39:7e:4b:7d:23:2f:d5:aa:78:4c:69:7a:70:94:4d:ee:54:da:
         69:31:29:10:ba:5d:bb:7b:dd:08:aa:e5:a6:d3:24:e6:6e:07:
         40:a4:3b:c9:fe:56:55:79:b9:83:91:5e:d9:b3:5d:6f:77:51:
         04:d6:3e:b2:4c:7f:77:7f:90:56:9a:79:a9:de:17:eb:72:c7:
         8f:88:70:43:9a:98:5a:a8:45:2b:0f:21:ce:99:0b:d6:24:7e:
         84:41:ff:c6:3e:04:d0:0e:75:28:16:44:1b:e4:59:f2:8e:96:
         29:94:31:b8:49:70:27:aa:29:0d:e2:60:b5:85:f3:bd:b1:a1:
         be:4c:5f:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJgWolX0cJvrXrcPvA44BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NmZhZTQzZjczZGEzNWZlMWEyZTQyOTY2MmFlMGI5MTc1
MWUzZmIwHhcNMjUwMTAyMTc1MjQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDg2ZjIzN2EzMjg2YzdkNTI0ZjIwODQzZGQ1Y2E3MTdjNGVmYjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqd+SIwe2g/WsCIwD1hd+F+J3Lb+D
rUkOAT+TnkFi4SAkKrmFbe0v0wLH+rh40BTDKI7lHNVk9idxKeBeRVgDKln6vYLo
yNmrXDRQnewT5AsexYDKgqkKjVx/cFCxpPA+BFZHR614pgjftYzy3aWmp/bzlijo
7lzAJqaus+N39LQZZXGdQW+Fx97QA7czaAG0UtTZ2T6M96fTzNqp9MBuAnqhHVLe
Myo58b8iqzrjnweyYWzjb2VxLkkVQ766v7kiBZ81HQDYcigfe8NHyS0+Rg8NRFBY
79D/nRA8a3ElE2WtqiN6c9IdyAWOBCDV/i6108p8zvJFPXsVDdjuEPQoLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFASG8jejKGx9Uk8ghD3VynF8TvtCMB8GA1UdIwQY
MBaAFHdvrkP3PaNf4aLkKWYq4LkXUeP7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDItdVFfYzlvMV9ob3VRcFppcmd1UmRSNF9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8wYWNmMmQtNWQ2Mi00M2YzLThkMTQt
NGUwY2M1ODE2M2IwLzEvQklieU42TW9iSDFTVHlDRVBkWEtjWHhPLTBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8wYWNmMmQtNWQ2Mi00M2YzLThkMTQtNGUwY2M1ODE2M2Iw
LzEvZDItdVFfYzlvMV9ob3VRcFppcmd1UmRSNF9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+Z5MA0G
CSqGSIb3DQEBCwUAA4IBAQAr5E+5r+OwD0akOq/QmhcTFKTxQWtOz7ceFLb13UFf
Ho4QTOJj7W6+bwSwRuTP8dOpUe5o79pdF10eeWLac199xC54gURsCBiaO5hK519a
fYx+OUr9z33I6bVfXEFYVWiDDKDILmYO5+4xlSjYkLN1REOQ4D6aqwJRZqFmook5
fkt9Iy/VqnhMaXpwlE3uVNppMSkQul27e90IquWm0yTmbgdApDvJ/lZVebmDkV7Z
s11vd1EE1j6yTH93f5BWmnmp3hfrcsePiHBDmphaqEUrDyHOmQvWJH6EQf/GPgTQ
DnUoFkQb5FnyjpYplDG4SXAnqikN4mC1hfO9saG+TF/K
-----END CERTIFICATE-----