Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/iYe3cHtCPa-5Zy9APiuNZM-wEeI.roa
File:                     iYe3cHtCPa-5Zy9APiuNZM-wEeI.roa (raw, json)
Hash identifier:          zKhjm4JKjS1ClCk2PSwuUlzHFKsWM+0GfuyrfRvIGSI=
Subject key identifier:   89:87:B7:70:7B:42:3D:AF:B9:67:2F:40:3E:2B:8D:64:CF:B0:11:E2
Certificate issuer:       /CN=26ad7d3560134e0a8ae46fc5b32c5acb61dde39c
Certificate serial:       0194221F8EF4F4883DC940A4F119E38C11D0
Authority key identifier: 26:AD:7D:35:60:13:4E:0A:8A:E4:6F:C5:B3:2C:5A:CB:61:DD:E3:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/iYe3cHtCPa-5Zy9APiuNZM-wEeI.roa
Signing time:             Wed 01 Jan 2025 13:48:00 +0000
ROA not before:           Wed 01 Jan 2025 13:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        91.205.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:8e:f4:f4:88:3d:c9:40:a4:f1:19:e3:8c:11:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26ad7d3560134e0a8ae46fc5b32c5acb61dde39c
        Validity
            Not Before: Jan  1 13:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8987b7707b423dafb9672f403e2b8d64cfb011e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:6d:b9:0d:aa:84:50:ae:2a:16:52:e5:94:40:
                    37:0d:0c:20:38:ea:40:c6:0d:9b:28:89:9b:a5:97:
                    b6:db:0f:11:c7:7b:1d:92:c9:e5:3c:e8:0d:37:82:
                    f8:24:06:2a:00:06:e0:2b:b8:29:98:7e:26:19:2a:
                    34:e4:a7:e3:0d:ab:a5:b1:34:dc:2a:d7:c5:72:20:
                    02:fa:bb:4e:70:ae:3d:fb:f4:58:7f:26:98:c5:f7:
                    1e:c4:52:d3:49:55:2a:80:6b:c5:37:0a:92:76:ff:
                    a1:17:80:59:79:46:d1:cd:b9:d4:ff:de:c2:e0:1f:
                    6e:41:01:f4:f6:b1:92:1b:65:e0:57:ee:f9:61:fa:
                    fa:be:1f:4a:2c:41:94:80:1b:30:6d:6a:58:93:86:
                    3a:2d:b1:95:dc:52:20:71:f6:86:c8:15:4e:05:3f:
                    ca:40:0a:b7:1f:0a:eb:1d:27:60:31:35:b0:7f:f0:
                    f7:c6:36:79:39:73:23:7d:ac:14:33:0a:24:07:b1:
                    0e:08:fd:0a:a3:d0:e1:19:68:d6:33:9d:85:05:b7:
                    5a:56:27:75:e5:6c:37:82:25:71:e5:47:36:cd:d1:
                    91:99:85:54:1f:bc:87:ec:1f:d0:02:ea:34:7d:1c:
                    84:f6:0b:83:c6:9f:aa:da:b2:5c:7c:39:c3:cc:7a:
                    08:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:87:B7:70:7B:42:3D:AF:B9:67:2F:40:3E:2B:8D:64:CF:B0:11:E2
            X509v3 Authority Key Identifier:
                keyid:26:AD:7D:35:60:13:4E:0A:8A:E4:6F:C5:B3:2C:5A:CB:61:DD:E3:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/iYe3cHtCPa-5Zy9APiuNZM-wEeI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:04:6e:77:3c:1b:45:14:d9:33:5d:2b:24:2f:b1:0e:7d:b1:
         bb:6a:5e:5c:68:21:6a:1f:af:10:95:c8:5a:7f:54:9b:2f:2c:
         44:6d:72:d3:8c:18:dc:79:85:82:10:63:84:28:30:27:3e:de:
         c2:0f:ee:a2:e5:e4:fc:17:db:a6:14:97:95:d8:d5:d1:36:60:
         59:49:46:ba:c1:28:7a:c7:7a:48:70:4f:22:2d:c6:b4:21:54:
         ef:71:da:35:1c:31:ea:de:7e:16:c2:91:09:46:7b:f8:41:99:
         40:bf:f3:d4:7f:40:15:94:75:b7:c8:a8:b2:6b:b2:3b:29:8e:
         01:72:31:b5:79:57:96:81:ad:95:86:23:85:8c:fd:10:e9:36:
         17:e3:2a:79:19:36:28:ca:51:3d:85:f4:3f:00:31:8e:bd:d3:
         53:4f:0c:7d:a9:d8:3c:93:4b:6f:39:27:69:24:c6:e1:aa:34:
         74:a4:78:ed:74:96:b2:e5:db:24:94:c3:7d:c0:c1:0e:1a:53:
         2b:f4:91:ef:77:a8:d1:e0:91:fa:1b:b6:4c:00:f0:34:bc:01:
         28:ba:85:1e:9c:a9:5e:d1:e1:61:e7:44:61:b1:d9:5e:81:1f:
         cb:4a:4a:6e:bf:b0:0e:9d:71:c8:23:52:8b:fd:ae:f3:7f:27:
         d7:4a:04:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4709Ig9yUCk8RnjjBHQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YWQ3ZDM1NjAxMzRlMGE4YWU0NmZjNWIzMmM1YWNiNjFk
ZGUzOWMwHhcNMjUwMTAxMTM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTg3Yjc3MDdiNDIzZGFmYjk2NzJmNDAzZTJiOGQ2NGNmYjAxMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy225DaqEUK4qFlLllEA3DQwgOOpA
xg2bKImbpZe22w8Rx3sdksnlPOgNN4L4JAYqAAbgK7gpmH4mGSo05KfjDaulsTTc
KtfFciAC+rtOcK49+/RYfyaYxfcexFLTSVUqgGvFNwqSdv+hF4BZeUbRzbnU/97C
4B9uQQH09rGSG2XgV+75Yfr6vh9KLEGUgBswbWpYk4Y6LbGV3FIgcfaGyBVOBT/K
QAq3HwrrHSdgMTWwf/D3xjZ5OXMjfawUMwokB7EOCP0Ko9DhGWjWM52FBbdaVid1
5Ww3giVx5Uc2zdGRmYVUH7yH7B/QAuo0fRyE9guDxp+q2rJcfDnDzHoIwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImHt3B7Qj2vuWcvQD4rjWTPsBHiMB8GA1UdIwQY
MBaAFCatfTVgE04KiuRvxbMsWsth3eOcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnExOU5XQVRUZ3FLNUdfRnN5eGF5MkhkNDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni85OGZjYjUtODdhNy00ZmRlLTk4NDct
NDkwMmE2NmIyZDk1LzEvaVllM2NIdENQYS01Wnk5QVBpdU5aTS13RWVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni85OGZjYjUtODdhNy00ZmRlLTk4NDctNDkwMmE2NmIyZDk1
LzEvSnExOU5XQVRUZ3FLNUdfRnN5eGF5MkhkNDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW80qMA0G
CSqGSIb3DQEBCwUAA4IBAQABBG53PBtFFNkzXSskL7EOfbG7al5caCFqH68Qlcha
f1SbLyxEbXLTjBjceYWCEGOEKDAnPt7CD+6i5eT8F9umFJeV2NXRNmBZSUa6wSh6
x3pIcE8iLca0IVTvcdo1HDHq3n4WwpEJRnv4QZlAv/PUf0AVlHW3yKiya7I7KY4B
cjG1eVeWga2VhiOFjP0Q6TYX4yp5GTYoylE9hfQ/ADGOvdNTTwx9qdg8k0tvOSdp
JMbhqjR0pHjtdJay5dsklMN9wMEOGlMr9JHvd6jR4JH6G7ZMAPA0vAEouoUenKle
0eFh50RhsdlegR/LSkpuv7AOnXHII1KL/a7zfyfXSgQN
-----END CERTIFICATE-----