Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/jP1IuFeYqRVYzU2ZxiYcMgwYBwo.roa
File:                     jP1IuFeYqRVYzU2ZxiYcMgwYBwo.roa (raw, json)
Hash identifier:          8tUnk9Rc0BoFNUvYX8+NZuDnDdmkv70Pafdtm7lPIM0=
Subject key identifier:   8C:FD:48:B8:57:98:A9:15:58:CD:4D:99:C6:26:1C:32:0C:18:07:0A
Certificate issuer:       /CN=61a14553cacf103274d433e6b268066e01541b25
Certificate serial:       019425FDDFFD8DDCB5CBCC6B2CA1249721F8
Authority key identifier: 61:A1:45:53:CA:CF:10:32:74:D4:33:E6:B2:68:06:6E:01:54:1B:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YaFFU8rPEDJ01DPmsmgGbgFUGyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/jP1IuFeYqRVYzU2ZxiYcMgwYBwo.roa
Signing time:             Thu 02 Jan 2025 07:49:42 +0000
ROA not before:           Thu 02 Jan 2025 07:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15576
IP address blocks:        91.198.79.0/24 maxlen: 24
                          94.176.192.0/23 maxlen: 23
                          2a05:9040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/YaFFU8rPEDJ01DPmsmgGbgFUGyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/YaFFU8rPEDJ01DPmsmgGbgFUGyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YaFFU8rPEDJ01DPmsmgGbgFUGyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:df:fd:8d:dc:b5:cb:cc:6b:2c:a1:24:97:21:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61a14553cacf103274d433e6b268066e01541b25
        Validity
            Not Before: Jan  2 07:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8cfd48b85798a91558cd4d99c6261c320c18070a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c7:1f:b2:aa:22:e1:26:8d:b1:10:52:86:56:
                    21:ea:e6:95:8b:cd:8d:37:e3:e2:3b:70:4a:b3:40:
                    7d:cc:b6:77:db:56:47:46:7c:19:5e:cf:ee:ef:da:
                    66:78:06:83:bf:ac:43:df:7b:fe:f4:73:90:24:49:
                    a4:09:4b:88:7b:18:f0:b6:1a:77:13:fc:3c:4e:39:
                    ec:57:55:8c:38:13:73:f4:bb:15:1e:0d:cd:c3:10:
                    c4:6a:65:ec:f0:fd:ac:02:15:cb:4d:93:7c:35:1c:
                    80:56:9f:7a:fb:cb:7a:d3:b8:f4:da:4f:b5:9d:bb:
                    f3:ea:1d:17:bf:9e:5e:15:9d:70:46:02:0d:05:bd:
                    91:40:6a:45:4c:a1:af:0e:6c:88:ec:c5:e1:0e:be:
                    f3:0a:9c:cc:a3:97:86:10:05:00:60:61:8c:13:74:
                    1b:7c:14:04:5c:e4:ac:c4:f7:3d:8e:2c:ef:17:ca:
                    56:ad:72:b4:d6:25:cc:a1:79:bc:c8:c4:55:a7:09:
                    88:4e:9f:1f:38:5a:cb:8b:17:8d:83:54:09:38:30:
                    ac:cf:3c:6c:37:2c:db:ff:74:6a:c8:cd:aa:0a:d6:
                    90:46:92:64:33:7c:36:d2:7f:84:60:a7:26:10:d2:
                    4d:f1:1d:c2:90:ad:94:44:60:0c:80:96:a8:c2:c8:
                    45:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:FD:48:B8:57:98:A9:15:58:CD:4D:99:C6:26:1C:32:0C:18:07:0A
            X509v3 Authority Key Identifier:
                keyid:61:A1:45:53:CA:CF:10:32:74:D4:33:E6:B2:68:06:6E:01:54:1B:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YaFFU8rPEDJ01DPmsmgGbgFUGyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/jP1IuFeYqRVYzU2ZxiYcMgwYBwo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/8dd051-e2e7-496c-a9d0-fa266bb72f73/1/YaFFU8rPEDJ01DPmsmgGbgFUGyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.79.0/24
                  94.176.192.0/23
                IPv6:
                  2a05:9040::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:81:de:21:9f:19:fd:22:af:08:2c:3a:d0:d0:42:a0:62:81:
         bc:2a:d6:81:2b:36:ed:9d:9e:dc:e2:b9:99:76:55:9e:37:c7:
         9a:c3:97:ae:b2:9c:df:e3:82:f6:56:09:76:8d:f8:d3:a8:c9:
         83:da:95:38:59:d0:16:f2:0d:ff:7d:38:6d:c8:04:86:14:2b:
         c3:ee:0c:b4:a1:6e:ad:46:d6:f3:dd:a0:41:39:6a:03:8b:11:
         c2:75:7c:8e:7a:16:fd:72:b5:41:ab:27:15:48:a5:20:bd:07:
         23:80:39:91:ab:bc:03:68:b1:c3:ce:55:29:14:77:b3:20:0a:
         f9:d5:57:e6:a6:7e:7c:3c:bf:7b:b8:91:a0:1e:29:d2:b7:fb:
         1f:9f:82:4a:f6:91:25:74:b7:41:8f:ac:95:2c:9d:79:06:05:
         46:ce:07:5a:34:ad:59:14:73:9a:e9:5f:b5:be:b5:b6:16:6c:
         5b:8f:b8:ba:c7:55:18:fd:56:1a:01:8a:df:9b:28:3d:bb:bf:
         c4:be:a4:ef:d0:4e:50:47:39:87:3e:f2:77:2c:21:5e:e1:c8:
         6c:22:5d:ea:f2:9b:fb:ba:77:91:54:91:48:0b:4f:2f:33:a1:
         6d:37:e5:83:8c:f8:e4:01:12:52:8e:5c:42:8b:f8:43:67:b3:
         c6:c7:3a:ba
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/d/9jdy1y8xrLKEklyH4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxYTE0NTUzY2FjZjEwMzI3NGQ0MzNlNmIyNjgwNjZlMDE1
NDFiMjUwHhcNMjUwMTAyMDc0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2ZkNDhiODU3OThhOTE1NThjZDRkOTljNjI2MWMzMjBjMTgwNzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvscfsqoi4SaNsRBShlYh6uaVi82N
N+PiO3BKs0B9zLZ321ZHRnwZXs/u79pmeAaDv6xD33v+9HOQJEmkCUuIexjwthp3
E/w8TjnsV1WMOBNz9LsVHg3NwxDEamXs8P2sAhXLTZN8NRyAVp96+8t607j02k+1
nbvz6h0Xv55eFZ1wRgINBb2RQGpFTKGvDmyI7MXhDr7zCpzMo5eGEAUAYGGME3Qb
fBQEXOSsxPc9jizvF8pWrXK01iXMoXm8yMRVpwmITp8fOFrLixeNg1QJODCszzxs
Nyzb/3RqyM2qCtaQRpJkM3w20n+EYKcmENJN8R3CkK2URGAMgJaowshFMwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFIz9SLhXmKkVWM1NmcYmHDIMGAcKMB8GA1UdIwQY
MBaAFGGhRVPKzxAydNQz5rJoBm4BVBslMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWFGRlU4clBFREowMURQbXNtZ0diZ0ZVR3lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC84ZGQwNTEtZTJlNy00OTZjLWE5ZDAt
ZmEyNjZiYjcyZjczLzEvalAxSXVGZVlxUlZZelUyWnhpWWNNZ3dZQndvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC84ZGQwNTEtZTJlNy00OTZjLWE5ZDAtZmEyNjZiYjcyZjcz
LzEvWWFGRlU4clBFREowMURQbXNtZ0diZ0ZVR3lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW8ZPAwQB
XrDAMA0EAgACMAcDBQMqBZBAMA0GCSqGSIb3DQEBCwUAA4IBAQCcgd4hnxn9Iq8I
LDrQ0EKgYoG8KtaBKzbtnZ7c4rmZdlWeN8eaw5euspzf44L2Vgl2jfjTqMmD2pU4
WdAW8g3/fThtyASGFCvD7gy0oW6tRtbz3aBBOWoDixHCdXyOehb9crVBqycVSKUg
vQcjgDmRq7wDaLHDzlUpFHezIAr51Vfmpn58PL97uJGgHinSt/sfn4JK9pEldLdB
j6yVLJ15BgVGzgdaNK1ZFHOa6V+1vrW2Fmxbj7i6x1UY/VYaAYrfmyg9u7/EvqTv
0E5QRzmHPvJ3LCFe4chsIl3q8pv7uneRVJFIC08vM6FtN+WDjPjkARJSjlxCi/hD
Z7PGxzq6
-----END CERTIFICATE-----