Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/ee47de-335a-4999-b613-2690b55f50fd/1/42HdpJSIuZQYNL_T503F7T6tVtg.roa
File:                     42HdpJSIuZQYNL_T503F7T6tVtg.roa (raw, json)
Hash identifier:          2oMCOR0uoZknejKNMlu0g0SgSeLr17Imm1o0mXmKjiE=
Subject key identifier:   E3:61:DD:A4:94:88:B9:94:18:34:BF:D3:E7:4D:C5:ED:3E:AD:56:D8
Certificate issuer:       /CN=f960c7ab3c4bcc3fca83e49331677b44bb7a946f
Certificate serial:       0196432D64B7FD835B857AB50AB67B29E1AB
Authority key identifier: F9:60:C7:AB:3C:4B:CC:3F:CA:83:E4:93:31:67:7B:44:BB:7A:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-WDHqzxLzD_Kg-STMWd7RLt6lG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/ee47de-335a-4999-b613-2690b55f50fd/1/42HdpJSIuZQYNL_T503F7T6tVtg.roa
Signing time:             Thu 17 Apr 2025 09:56:10 +0000
ROA not before:           Thu 17 Apr 2025 09:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57122
IP address blocks:        91.230.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/ee47de-335a-4999-b613-2690b55f50fd/1/1-WDHqzxLzD_Kg-STMWd7RLt6lG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/ee47de-335a-4999-b613-2690b55f50fd/1/1-WDHqzxLzD_Kg-STMWd7RLt6lG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-WDHqzxLzD_Kg-STMWd7RLt6lG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 15:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:43:2d:64:b7:fd:83:5b:85:7a:b5:0a:b6:7b:29:e1:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f960c7ab3c4bcc3fca83e49331677b44bb7a946f
        Validity
            Not Before: Apr 17 09:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e361dda49488b9941834bfd3e74dc5ed3ead56d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:c3:1f:e5:16:59:77:39:e8:e1:b0:b1:ef:ae:
                    ba:ba:24:22:36:11:7d:ea:32:11:b8:94:da:1b:7f:
                    a3:79:bf:8d:03:16:73:4a:7e:3e:62:25:eb:09:2d:
                    60:95:9b:af:24:e1:e9:fa:f4:69:57:2b:2f:9d:02:
                    d3:e3:05:09:72:9e:9d:ad:b6:f1:cf:c7:6b:22:82:
                    b1:2d:13:f8:80:6b:26:8a:9a:b8:a2:62:1b:70:8d:
                    32:8c:4d:42:c9:0e:18:00:b6:bd:a0:f8:16:10:07:
                    2c:19:1e:90:e8:e5:12:b5:cb:a6:c8:41:95:c8:d2:
                    1d:31:42:b7:fe:96:e7:68:bf:ee:48:b0:0d:f9:c4:
                    e0:0e:99:69:55:43:48:70:6f:d8:13:d2:41:4c:ff:
                    95:04:b3:29:f8:14:22:52:89:e6:a5:95:c3:18:1c:
                    06:6c:a2:40:c1:18:bc:43:54:fa:4a:a2:a8:a2:9a:
                    06:ef:6d:e6:6f:7c:c2:e6:b2:88:0a:c7:ae:8c:23:
                    ff:8a:27:3a:97:52:9b:39:62:07:fc:b6:cf:3e:44:
                    f1:a2:af:2d:31:e5:bd:d4:10:2f:eb:d8:8a:6f:60:
                    9d:f1:f3:ca:bd:9c:ae:cd:d9:a2:6b:ec:d8:b1:03:
                    70:d5:ff:36:c6:33:f1:be:0b:98:8e:22:2d:70:5d:
                    05:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:61:DD:A4:94:88:B9:94:18:34:BF:D3:E7:4D:C5:ED:3E:AD:56:D8
            X509v3 Authority Key Identifier:
                keyid:F9:60:C7:AB:3C:4B:CC:3F:CA:83:E4:93:31:67:7B:44:BB:7A:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-WDHqzxLzD_Kg-STMWd7RLt6lG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ee47de-335a-4999-b613-2690b55f50fd/1/42HdpJSIuZQYNL_T503F7T6tVtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/ee47de-335a-4999-b613-2690b55f50fd/1/1-WDHqzxLzD_Kg-STMWd7RLt6lG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:21:9b:7f:b3:26:92:7b:12:f6:1a:9b:75:3b:29:1f:b8:a8:
         71:96:38:42:ba:ce:07:47:8e:00:dc:4e:9b:68:5b:b0:0c:81:
         b0:80:d8:e1:be:88:64:39:7c:6c:f5:9d:fd:c8:0c:4a:04:8b:
         88:f7:eb:43:90:f0:bc:a9:44:7f:d5:fb:dd:47:11:44:7e:a1:
         5f:1e:81:52:98:bb:f0:54:4a:a1:be:75:46:8b:1a:40:ad:fb:
         aa:1d:7f:ec:4c:09:8d:ee:ab:0e:ea:c9:da:7d:26:9c:ae:75:
         11:62:1c:65:ad:75:96:18:c8:b4:11:00:f3:02:46:f8:60:03:
         f6:66:28:c7:3c:00:3b:20:ae:87:1d:91:18:73:79:a1:b5:17:
         5a:5e:39:91:51:1f:67:c6:e2:45:02:dd:c7:1e:b7:af:79:f7:
         0f:b2:f6:ce:2a:65:c7:46:cd:68:be:aa:d5:00:1b:03:c2:e5:
         6c:0a:6b:4b:5c:a7:12:95:2b:de:09:d7:b4:91:7b:1e:7b:da:
         e4:86:98:de:fb:19:4f:bb:a9:16:fe:c1:55:ce:22:f5:45:e2:
         c4:86:20:d7:69:ef:41:4c:9e:c7:bf:b8:d7:57:d7:ed:2e:15:
         e8:ed:61:58:a2:ce:11:d6:16:38:d3:c5:64:0c:7e:72:6f:e2:
         c3:21:3c:bb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZZDLWS3/YNbhXq1CrZ7KeGrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5NjBjN2FiM2M0YmNjM2ZjYTgzZTQ5MzMxNjc3YjQ0YmI3
YTk0NmYwHhcNMjUwNDE3MDk1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzYxZGRhNDk0ODhiOTk0MTgzNGJmZDNlNzRkYzVlZDNlYWQ1NmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA58Mf5RZZdzno4bCx7666uiQiNhF9
6jIRuJTaG3+jeb+NAxZzSn4+YiXrCS1glZuvJOHp+vRpVysvnQLT4wUJcp6drbbx
z8drIoKxLRP4gGsmipq4omIbcI0yjE1CyQ4YALa9oPgWEAcsGR6Q6OUStcumyEGV
yNIdMUK3/pbnaL/uSLAN+cTgDplpVUNIcG/YE9JBTP+VBLMp+BQiUonmpZXDGBwG
bKJAwRi8Q1T6SqKoopoG723mb3zC5rKICseujCP/iic6l1KbOWIH/LbPPkTxoq8t
MeW91BAv69iKb2Cd8fPKvZyuzdmia+zYsQNw1f82xjPxvguYjiItcF0FLwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFONh3aSUiLmUGDS/0+dNxe0+rVbYMB8GA1UdIwQY
MBaAFPlgx6s8S8w/yoPkkzFne0S7epRvMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1XREhxenhMekRfS2ctU1RNV2Q3Ukx0NmxHOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIvZWU0N2RlLTMzNWEtNDk5OS1iNjEz
LTI2OTBiNTVmNTBmZC8xLzQySGRwSlNJdVpRWU5MX1Q1MDNGN1Q2dFZ0Zy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvZWU0N2RlLTMzNWEtNDk5OS1iNjEzLTI2OTBiNTVmNTBm
ZC8xLzEtV0RIcXp4THpEX0tnLVNUTVdkN1JMdDZsRzguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb5ucw
DQYJKoZIhvcNAQELBQADggEBAJUhm3+zJpJ7EvYam3U7KR+4qHGWOEK6zgdHjgDc
TptoW7AMgbCA2OG+iGQ5fGz1nf3IDEoEi4j360OQ8LypRH/V+91HEUR+oV8egVKY
u/BUSqG+dUaLGkCt+6odf+xMCY3uqw7qydp9JpyudRFiHGWtdZYYyLQRAPMCRvhg
A/ZmKMc8ADsgrocdkRhzeaG1F1peOZFRH2fG4kUC3ccet6959w+y9s4qZcdGzWi+
qtUAGwPC5WwKa0tcpxKVK94J17SRex572uSGmN77GU+7qRb+wVXOIvVF4sSGINdp
70FMnse/uNdX1+0uFejtYViizhHWFjjTxWQMfnJv4sMhPLs=
-----END CERTIFICATE-----