Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/70bKU7fAikiPNjflVYIZwIpQJIk.roa
File:                     70bKU7fAikiPNjflVYIZwIpQJIk.roa (raw, json)
Hash identifier:          1xgxY/5Fmt9rylU5aW7pBvf5JSaArLl6xlCoVoRSkg0=
Subject key identifier:   EF:46:CA:53:B7:C0:8A:48:8F:36:37:E5:55:82:19:C0:8A:50:24:89
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019420D5CE5A6A266F9399184F55D980D07E
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/70bKU7fAikiPNjflVYIZwIpQJIk.roa
Signing time:             Wed 01 Jan 2025 07:47:50 +0000
ROA not before:           Wed 01 Jan 2025 07:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49121
IP address blocks:        91.191.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 16:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:ce:5a:6a:26:6f:93:99:18:4f:55:d9:80:d0:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 07:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef46ca53b7c08a488f3637e5558219c08a502489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ac:49:8f:1b:db:68:11:33:7f:e7:23:ef:cb:
                    1f:54:25:45:25:87:dc:02:17:ab:55:04:b5:6b:b4:
                    09:5b:98:ba:69:b8:9b:9c:a6:0a:37:d9:4d:04:f5:
                    98:fa:c8:85:9d:52:4c:ff:05:af:99:72:64:ba:c9:
                    29:cb:c9:fe:a4:dc:5e:73:e2:4e:be:ee:35:e9:a4:
                    61:44:c4:6c:44:0e:13:20:bf:77:2f:03:2f:48:6e:
                    f1:00:3d:01:98:61:69:d0:0f:56:bb:12:e1:49:fb:
                    82:69:23:19:9b:04:74:59:9f:68:31:90:41:cf:9b:
                    a8:12:83:03:e0:26:ed:df:d7:44:49:96:cd:91:27:
                    37:0e:95:08:a8:94:95:f4:46:96:bf:9e:81:38:6c:
                    4d:0a:0a:08:05:e9:da:a8:67:77:1e:1a:60:ea:48:
                    39:c5:ec:a2:c5:21:4e:ee:7d:2c:d6:a8:97:a5:04:
                    ad:b9:58:55:29:36:34:61:0b:e9:c7:1a:bf:9c:5e:
                    22:bf:df:36:b2:ab:56:26:ac:00:8d:b0:4d:07:27:
                    95:d2:c8:0e:05:35:a3:b9:5d:e2:58:76:c8:3f:14:
                    90:05:3a:a3:ca:39:92:06:cc:c3:39:26:c7:fa:0d:
                    9c:0e:d9:4a:a8:65:c3:65:0b:ce:c9:a2:7e:cb:d0:
                    4d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:46:CA:53:B7:C0:8A:48:8F:36:37:E5:55:82:19:C0:8A:50:24:89
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/70bKU7fAikiPNjflVYIZwIpQJIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.191.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:1f:83:1c:d0:9d:e4:ed:2e:81:ac:cf:a9:1f:32:ee:1e:98:
         b1:0f:31:23:07:0d:13:dd:01:28:00:6c:1a:27:fb:a2:79:81:
         cc:b1:d7:bd:4e:b0:e0:b9:67:08:f5:5c:57:e9:d2:c8:62:a4:
         7a:89:7f:75:6e:e6:ca:40:0e:e7:6b:46:c0:0b:60:1c:d3:ab:
         4a:b1:f1:0e:95:fb:76:1e:4f:49:ef:e3:cf:e6:5b:05:1a:d3:
         b4:21:86:fc:55:e1:9b:98:25:04:57:4c:96:d5:f0:47:78:7c:
         d6:7f:f9:d5:93:66:d5:e3:c0:5b:f6:81:23:a8:4f:aa:ef:d7:
         d2:c8:57:c4:e9:59:b6:ea:66:ba:60:0b:db:37:4a:41:32:05:
         96:d9:50:40:f5:f8:bb:82:a7:29:3f:c6:8a:a1:4d:ab:21:f9:
         63:45:04:9e:42:77:03:6f:0a:d3:a8:50:80:c9:e7:ac:23:be:
         ec:fd:5b:7a:42:9a:28:0b:05:45:52:bd:99:cb:44:a4:94:7d:
         22:33:88:02:9c:d7:9d:88:a2:23:fa:da:05:c0:46:39:20:cc:
         5d:0f:1e:9a:0e:74:b8:83:15:ac:78:1a:9b:e6:d1:39:0e:48:
         7b:46:a3:a1:c2:88:91:fc:99:7f:97:84:a6:8b:23:04:5c:e2:
         c1:48:84:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1c5aaiZvk5kYT1XZgNB+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjUwMTAxMDc0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjQ2Y2E1M2I3YzA4YTQ4OGYzNjM3ZTU1NTgyMTljMDhhNTAyNDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaxJjxvbaBEzf+cj78sfVCVFJYfc
AherVQS1a7QJW5i6abibnKYKN9lNBPWY+siFnVJM/wWvmXJkuskpy8n+pNxec+JO
vu416aRhRMRsRA4TIL93LwMvSG7xAD0BmGFp0A9WuxLhSfuCaSMZmwR0WZ9oMZBB
z5uoEoMD4Cbt39dESZbNkSc3DpUIqJSV9EaWv56BOGxNCgoIBenaqGd3Hhpg6kg5
xeyixSFO7n0s1qiXpQStuVhVKTY0YQvpxxq/nF4iv982sqtWJqwAjbBNByeV0sgO
BTWjuV3iWHbIPxSQBTqjyjmSBszDOSbH+g2cDtlKqGXDZQvOyaJ+y9BNWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9GylO3wIpIjzY35VWCGcCKUCSJMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvNzBiS1U3ZkFpa2lQTmpmbFZZSVp3SXBRSklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7+5MA0G
CSqGSIb3DQEBCwUAA4IBAQCRH4Mc0J3k7S6BrM+pHzLuHpixDzEjBw0T3QEoAGwa
J/uieYHMsde9TrDguWcI9VxX6dLIYqR6iX91bubKQA7na0bAC2Ac06tKsfEOlft2
Hk9J7+PP5lsFGtO0IYb8VeGbmCUEV0yW1fBHeHzWf/nVk2bV48Bb9oEjqE+q79fS
yFfE6Vm26ma6YAvbN0pBMgWW2VBA9fi7gqcpP8aKoU2rIfljRQSeQncDbwrTqFCA
yeesI77s/Vt6QpooCwVFUr2Zy0SklH0iM4gCnNediKIj+toFwEY5IMxdDx6aDnS4
gxWseBqb5tE5Dkh7RqOhwoiR/Jl/l4SmiyMEXOLBSIQc
-----END CERTIFICATE-----