Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/xrYuISZPXsfUJNQJ4kDhhz6K2mg.roa
File:                     xrYuISZPXsfUJNQJ4kDhhz6K2mg.roa (raw, json)
Hash identifier:          dNEbwviUDMNx68A7V0awTkBqP4bdjh2R6eIHvgwTs4Q=
Subject key identifier:   C6:B6:2E:21:26:4F:5E:C7:D4:24:D4:09:E2:40:E1:87:3E:8A:DA:68
Certificate issuer:       /CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
Certificate serial:       0196EDCB5F069206FF5826D8DAE35B3B7ACF
Authority key identifier: 2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/xrYuISZPXsfUJNQJ4kDhhz6K2mg.roa
Signing time:             Tue 20 May 2025 13:04:10 +0000
ROA not before:           Tue 20 May 2025 13:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207456
IP address blocks:        91.197.32.0/22 maxlen: 22
                          193.108.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 07:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:cb:5f:06:92:06:ff:58:26:d8:da:e3:5b:3b:7a:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
        Validity
            Not Before: May 20 13:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c6b62e21264f5ec7d424d409e240e1873e8ada68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:56:e7:10:c0:2c:5f:92:c7:34:09:74:00:16:
                    f4:be:80:51:f4:0a:e4:11:1d:d6:e7:9e:5d:6c:5e:
                    75:a4:38:bf:82:d6:70:8e:d3:c9:f6:ea:f5:fa:ae:
                    1a:27:9f:60:b1:7d:c2:86:bb:fc:f4:38:57:dd:da:
                    bd:a5:30:db:a9:9a:af:1f:18:6c:30:11:3a:9a:2d:
                    2d:b0:61:c6:2b:55:57:85:d3:ca:2c:e0:22:5c:94:
                    3b:b4:81:b7:93:1f:65:5f:87:e5:49:9f:e3:46:30:
                    f7:6c:80:70:0b:8c:d1:e2:dc:f1:f8:f4:64:c6:a8:
                    f5:09:c0:bb:8e:cb:68:82:54:c9:ef:d1:d2:cc:8d:
                    7b:a4:c3:02:74:30:32:6a:33:76:ef:3f:75:93:43:
                    55:b1:37:cb:08:5a:96:24:49:c2:57:41:26:ff:2d:
                    95:3e:24:38:e3:61:42:ae:78:9c:65:01:d9:8d:1a:
                    41:c0:6b:1e:63:46:f6:27:e8:2f:cf:f3:0e:ce:ec:
                    d5:af:d5:9d:a8:74:77:b2:5c:df:55:fc:e9:6c:51:
                    f4:73:50:48:a2:7c:91:d1:5c:4e:f7:3d:95:dc:f1:
                    7d:a8:e9:56:51:d9:12:f7:31:31:95:f4:e7:48:e7:
                    5b:41:08:3e:bc:52:8c:76:99:17:77:e8:db:b0:31:
                    c1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B6:2E:21:26:4F:5E:C7:D4:24:D4:09:E2:40:E1:87:3E:8A:DA:68
            X509v3 Authority Key Identifier:
                keyid:2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/xrYuISZPXsfUJNQJ4kDhhz6K2mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.32.0/22
                  193.108.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:97:09:27:6d:48:6b:2c:a4:62:6b:f5:6b:d9:bf:84:23:58:
         88:54:2a:c8:a2:59:0b:9d:0e:82:0a:80:07:0a:56:bd:9e:0a:
         48:9d:46:6c:ec:8e:80:60:8f:4d:fe:c7:27:29:9e:ca:f6:30:
         98:0b:cb:c3:5d:79:25:fe:e4:e5:12:15:0a:c2:6d:98:88:2e:
         9a:d4:68:90:a8:9e:93:a6:ac:7a:5a:7b:2a:a1:1f:c5:16:fc:
         16:16:be:20:4d:8c:ea:19:eb:e5:cc:63:03:95:51:39:52:58:
         46:81:aa:a6:6b:38:29:13:68:d9:ba:35:de:ca:f2:41:ce:e1:
         b4:6e:b4:e4:07:18:43:e1:c9:bd:80:1f:f1:77:38:9a:b4:6c:
         3e:24:ca:e2:ca:e3:fe:e6:4e:54:af:c9:a4:72:d0:c1:74:bb:
         de:eb:75:68:3c:b9:79:e4:9e:44:2a:27:36:57:28:6d:bc:f2:
         4a:1b:84:ae:46:41:35:c7:01:73:29:bd:9b:a2:71:a8:1b:14:
         8c:3c:59:8c:a1:e2:5c:02:31:7c:1f:b7:ae:54:fc:ec:bf:de:
         a2:c0:a0:97:67:7e:6c:09:d2:75:6b:aa:ec:73:dd:6d:d8:7f:
         07:f4:ac:c0:aa:16:ce:82:b1:06:d5:66:78:19:74:b7:24:bc:
         c9:2c:3a:7f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbty18Gkgb/WCbY2uNbO3rPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMmEwZmEyMDM4MzMzMmEzZjQxNGYwNTQ3NTNhMGI2MGIy
NWJhMTAwHhcNMjUwNTIwMTMwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmI2MmUyMTI2NGY1ZWM3ZDQyNGQ0MDllMjQwZTE4NzNlOGFkYTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11bnEMAsX5LHNAl0ABb0voBR9Ark
ER3W555dbF51pDi/gtZwjtPJ9ur1+q4aJ59gsX3Chrv89DhX3dq9pTDbqZqvHxhs
MBE6mi0tsGHGK1VXhdPKLOAiXJQ7tIG3kx9lX4flSZ/jRjD3bIBwC4zR4tzx+PRk
xqj1CcC7jstoglTJ79HSzI17pMMCdDAyajN27z91k0NVsTfLCFqWJEnCV0Em/y2V
PiQ442FCrnicZQHZjRpBwGseY0b2J+gvz/MOzuzVr9WdqHR3slzfVfzpbFH0c1BI
onyR0VxO9z2V3PF9qOlWUdkS9zExlfTnSOdbQQg+vFKMdpkXd+jbsDHBawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMa2LiEmT17H1CTUCeJA4Yc+itpoMB8GA1UdIwQY
MBaAFC8qD6IDgzMqP0FPBUdToLYLJboQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMt
NTVhOTMwZmMwYzcxLzEveHJZdUlTWlBYc2ZVSk5RSjRrRGhoejZLMm1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMtNTVhOTMwZmMwYzcx
LzEvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8UgAwQC
wWxUMA0GCSqGSIb3DQEBCwUAA4IBAQBTlwknbUhrLKRia/Vr2b+EI1iIVCrIolkL
nQ6CCoAHCla9ngpInUZs7I6AYI9N/scnKZ7K9jCYC8vDXXkl/uTlEhUKwm2YiC6a
1GiQqJ6Tpqx6WnsqoR/FFvwWFr4gTYzqGevlzGMDlVE5UlhGgaqmazgpE2jZujXe
yvJBzuG0brTkBxhD4cm9gB/xdziatGw+JMriyuP+5k5Ur8mkctDBdLve63VoPLl5
5J5EKic2VyhtvPJKG4SuRkE1xwFzKb2bonGoGxSMPFmMoeJcAjF8H7euVPzsv96i
wKCXZ35sCdJ1a6rsc91t2H8H9KzAqhbOgrEG1WZ4GXS3JLzJLDp/
-----END CERTIFICATE-----