Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/e5edb3-0ea8-4422-b175-f75345848e3f/1/YiH83ySN13U92VHOYGZ1qNFCvj0.roa
File:                     YiH83ySN13U92VHOYGZ1qNFCvj0.roa (raw, json)
Hash identifier:          B8hbjbe1F86HPut31UQL0FZp1i37mwSF9nd5leIYsNo=
Subject key identifier:   62:21:FC:DF:24:8D:D7:75:3D:D9:51:CE:60:66:75:A8:D1:42:BE:3D
Certificate issuer:       /CN=a8aa7a7576b1b229590c090fd356c382dff315b7
Certificate serial:       019421B21759C304A8D08E7FEB90BC962C82
Authority key identifier: A8:AA:7A:75:76:B1:B2:29:59:0C:09:0F:D3:56:C3:82:DF:F3:15:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qKp6dXaxsilZDAkP01bDgt_zFbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/e5edb3-0ea8-4422-b175-f75345848e3f/1/YiH83ySN13U92VHOYGZ1qNFCvj0.roa
Signing time:             Wed 01 Jan 2025 11:48:27 +0000
ROA not before:           Wed 01 Jan 2025 11:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208072
IP address blocks:        91.221.240.0/23 maxlen: 23
                          91.221.240.0/24 maxlen: 24
                          91.221.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/e5edb3-0ea8-4422-b175-f75345848e3f/1/qKp6dXaxsilZDAkP01bDgt_zFbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/e5edb3-0ea8-4422-b175-f75345848e3f/1/qKp6dXaxsilZDAkP01bDgt_zFbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qKp6dXaxsilZDAkP01bDgt_zFbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:17:59:c3:04:a8:d0:8e:7f:eb:90:bc:96:2c:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8aa7a7576b1b229590c090fd356c382dff315b7
        Validity
            Not Before: Jan  1 11:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6221fcdf248dd7753dd951ce606675a8d142be3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5a:b9:05:c2:13:2d:7b:9a:9b:49:70:65:a5:
                    3d:7a:d5:a6:e1:71:40:d5:e1:ce:e6:84:67:2d:79:
                    a5:8e:48:ae:c3:f6:ed:77:fa:a9:0e:fd:7c:83:45:
                    82:65:46:87:6e:58:ac:d9:cb:3a:8e:e4:65:02:00:
                    51:af:75:79:77:ff:69:e3:0a:bb:fe:0b:d1:c0:13:
                    91:1d:4c:33:43:10:e4:b5:5f:23:14:ac:bc:cd:2c:
                    59:84:67:d1:7c:40:e5:11:11:ef:84:ca:de:d5:46:
                    e1:3b:4b:57:07:10:36:5b:55:70:e5:ef:c9:8e:32:
                    d7:c1:a4:1b:f9:10:46:35:78:04:bd:96:40:96:ac:
                    d5:53:df:f7:e9:ad:11:49:d0:b2:b3:7f:aa:3b:c0:
                    54:e1:1b:a5:d6:e1:87:46:8f:c9:af:36:ac:9f:82:
                    56:95:b0:3f:18:af:d3:2a:11:94:5f:08:ac:cd:dd:
                    05:e8:1e:e9:d4:b7:41:30:15:84:7b:e7:17:bf:74:
                    7b:1e:c2:7b:d4:77:1e:72:7f:72:a5:3c:5f:7d:c1:
                    cb:35:96:c8:09:24:36:99:7b:94:47:28:8e:eb:34:
                    e0:ce:c6:b7:bc:4e:fd:35:52:49:98:18:d7:bc:36:
                    99:ec:13:12:26:d3:9c:dd:fc:93:47:04:0c:d8:be:
                    0c:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:21:FC:DF:24:8D:D7:75:3D:D9:51:CE:60:66:75:A8:D1:42:BE:3D
            X509v3 Authority Key Identifier:
                keyid:A8:AA:7A:75:76:B1:B2:29:59:0C:09:0F:D3:56:C3:82:DF:F3:15:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qKp6dXaxsilZDAkP01bDgt_zFbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/e5edb3-0ea8-4422-b175-f75345848e3f/1/YiH83ySN13U92VHOYGZ1qNFCvj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/e5edb3-0ea8-4422-b175-f75345848e3f/1/qKp6dXaxsilZDAkP01bDgt_zFbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:9d:47:92:b6:36:d4:86:6d:e4:56:8a:8c:22:e8:d4:59:ba:
         b5:81:55:a8:e8:1a:27:36:04:29:1c:6b:22:e2:cc:94:12:04:
         8c:b2:11:82:cb:32:13:b1:05:f8:d7:04:3c:8f:84:f6:56:a8:
         d6:a4:14:14:86:a1:61:2a:09:54:8a:0e:9c:c2:e4:f7:10:0e:
         cb:dd:3a:09:87:81:5a:7f:22:2a:14:d6:71:27:4a:0d:d6:fc:
         a7:78:c7:7b:a9:42:94:43:94:e9:07:92:21:61:e1:0d:03:b0:
         d9:b3:9e:73:16:d4:e3:20:02:c7:a6:6c:a9:eb:78:e6:3c:83:
         a0:c6:3e:42:ce:b8:96:dd:4d:50:a1:8f:df:ff:b9:56:03:41:
         9b:3c:cf:01:2e:99:55:fb:f5:83:69:56:2b:54:de:43:53:fe:
         ab:68:d2:6c:f9:16:47:a6:2a:a4:bb:97:c1:b8:1e:8a:ac:61:
         42:5b:e6:d0:6e:ca:a4:fc:9c:b4:c8:ba:48:5a:e5:2f:1e:24:
         44:31:73:0f:33:fd:43:0d:7e:6e:8e:21:25:bd:95:c1:ab:07:
         15:5d:8b:3b:c2:09:cc:14:81:63:c5:2d:05:6b:0d:68:c8:ef:
         c4:c2:49:1b:22:7a:2e:74:4f:92:83:c5:7d:b3:bf:6d:a4:99:
         1c:c1:62:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhshdZwwSo0I5/65C8liyCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4YWE3YTc1NzZiMWIyMjk1OTBjMDkwZmQzNTZjMzgyZGZm
MzE1YjcwHhcNMjUwMTAxMTE0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjIxZmNkZjI0OGRkNzc1M2RkOTUxY2U2MDY2NzVhOGQxNDJiZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwFq5BcITLXuam0lwZaU9etWm4XFA
1eHO5oRnLXmljkiuw/btd/qpDv18g0WCZUaHblis2cs6juRlAgBRr3V5d/9p4wq7
/gvRwBORHUwzQxDktV8jFKy8zSxZhGfRfEDlERHvhMre1UbhO0tXBxA2W1Vw5e/J
jjLXwaQb+RBGNXgEvZZAlqzVU9/36a0RSdCys3+qO8BU4Rul1uGHRo/Jrzasn4JW
lbA/GK/TKhGUXwiszd0F6B7p1LdBMBWEe+cXv3R7HsJ71Hcecn9ypTxffcHLNZbI
CSQ2mXuURyiO6zTgzsa3vE79NVJJmBjXvDaZ7BMSJtOc3fyTRwQM2L4MGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGIh/N8kjdd1PdlRzmBmdajRQr49MB8GA1UdIwQY
MBaAFKiqenV2sbIpWQwJD9NWw4Lf8xW3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUtwNmRYYXhzaWxaREFrUDAxYkRndF96RmJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9lNWVkYjMtMGVhOC00NDIyLWIxNzUt
Zjc1MzQ1ODQ4ZTNmLzEvWWlIODN5U04xM1U5MlZIT1lHWjFxTkZDdmowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9lNWVkYjMtMGVhOC00NDIyLWIxNzUtZjc1MzQ1ODQ4ZTNm
LzEvcUtwNmRYYXhzaWxaREFrUDAxYkRndF96RmJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW93wMA0G
CSqGSIb3DQEBCwUAA4IBAQBBnUeStjbUhm3kVoqMIujUWbq1gVWo6BonNgQpHGsi
4syUEgSMshGCyzITsQX41wQ8j4T2VqjWpBQUhqFhKglUig6cwuT3EA7L3ToJh4Fa
fyIqFNZxJ0oN1vyneMd7qUKUQ5TpB5IhYeENA7DZs55zFtTjIALHpmyp63jmPIOg
xj5CzriW3U1QoY/f/7lWA0GbPM8BLplV+/WDaVYrVN5DU/6raNJs+RZHpiqku5fB
uB6KrGFCW+bQbsqk/Jy0yLpIWuUvHiREMXMPM/1DDX5ujiElvZXBqwcVXYs7wgnM
FIFjxS0Faw1oyO/EwkkbInoudE+Sg8V9s79tpJkcwWJ0
-----END CERTIFICATE-----