Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/f7761a-fc38-475c-8a11-94c73346c0ea/1/HyKdTkKV5STn1J4Rxe8JxbMCpv4.roa
File:                     HyKdTkKV5STn1J4Rxe8JxbMCpv4.roa (raw, json)
Hash identifier:          6If9g5ZI4fy1JxA85rEnX+2Sovu9Js7JocSs132zGS0=
Subject key identifier:   1F:22:9D:4E:42:95:E5:24:E7:D4:9E:11:C5:EF:09:C5:B3:02:A6:FE
Certificate issuer:       /CN=7b13e05669f556662bec5664e101659f966c826a
Certificate serial:       019424B3C2D56CA2C9E276F2CD2105BDC784
Authority key identifier: 7B:13:E0:56:69:F5:56:66:2B:EC:56:64:E1:01:65:9F:96:6C:82:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/exPgVmn1VmYr7FZk4QFln5Zsgmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/f7761a-fc38-475c-8a11-94c73346c0ea/1/HyKdTkKV5STn1J4Rxe8JxbMCpv4.roa
Signing time:             Thu 02 Jan 2025 01:49:08 +0000
ROA not before:           Thu 02 Jan 2025 01:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3303
IP address blocks:        91.223.121.0/24 maxlen: 24
                          2001:67c:2f70::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/f7761a-fc38-475c-8a11-94c73346c0ea/1/exPgVmn1VmYr7FZk4QFln5Zsgmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/f7761a-fc38-475c-8a11-94c73346c0ea/1/exPgVmn1VmYr7FZk4QFln5Zsgmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/exPgVmn1VmYr7FZk4QFln5Zsgmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:c2:d5:6c:a2:c9:e2:76:f2:cd:21:05:bd:c7:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b13e05669f556662bec5664e101659f966c826a
        Validity
            Not Before: Jan  2 01:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f229d4e4295e524e7d49e11c5ef09c5b302a6fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:31:2f:91:42:31:7e:76:54:64:36:c6:42:85:
                    82:49:2e:3f:ab:c7:97:78:44:c6:ff:f6:a2:cd:be:
                    29:db:f1:10:92:a2:54:0f:a3:c2:f1:c9:8f:25:e5:
                    f2:68:9f:dd:56:0d:6c:6f:97:ef:54:07:c1:bf:4a:
                    b7:15:8d:5a:35:76:fb:8e:65:5f:26:24:8b:71:de:
                    88:8b:10:10:d3:54:d4:f5:50:af:27:cf:90:4a:c5:
                    6c:42:a2:04:d5:d5:5e:72:4e:49:83:75:a0:6d:30:
                    fa:a2:35:c2:cc:25:a8:1b:d8:af:75:46:36:d5:02:
                    97:f5:a0:7a:66:0e:08:9f:e3:ca:67:33:c2:26:0f:
                    01:94:c4:0d:ef:99:47:79:1e:f5:6a:73:d0:f1:e9:
                    70:3a:2f:e3:cd:a5:50:49:ec:b0:bb:de:ec:b2:55:
                    db:f7:4e:98:eb:8e:3e:52:7d:3b:ba:99:e4:e1:84:
                    f3:27:87:aa:a4:22:7e:c0:23:eb:cc:ee:18:86:77:
                    47:d9:e6:12:ca:59:63:23:90:74:84:b2:32:0f:f2:
                    60:fd:67:75:7e:85:ac:53:d2:7c:c5:48:27:de:3c:
                    8f:7e:0c:b8:95:e4:04:c9:ff:cd:86:1f:cf:e8:08:
                    c9:a0:4e:cd:0c:f3:c0:5d:35:4e:f6:20:66:33:c3:
                    f5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:22:9D:4E:42:95:E5:24:E7:D4:9E:11:C5:EF:09:C5:B3:02:A6:FE
            X509v3 Authority Key Identifier:
                keyid:7B:13:E0:56:69:F5:56:66:2B:EC:56:64:E1:01:65:9F:96:6C:82:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/exPgVmn1VmYr7FZk4QFln5Zsgmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/f7761a-fc38-475c-8a11-94c73346c0ea/1/HyKdTkKV5STn1J4Rxe8JxbMCpv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/f7761a-fc38-475c-8a11-94c73346c0ea/1/exPgVmn1VmYr7FZk4QFln5Zsgmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.121.0/24
                IPv6:
                  2001:67c:2f70::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:5a:ec:e5:34:d0:59:5d:a5:e6:4b:c3:7c:0a:c8:08:28:0a:
         43:84:70:41:84:98:b5:18:b2:b9:4b:c4:08:aa:01:b3:df:33:
         b2:48:69:07:65:34:62:bb:57:03:56:2d:db:30:ca:95:2d:82:
         d5:0c:2d:7f:82:c6:79:52:f1:9e:b8:82:54:aa:ea:73:95:5d:
         35:34:3c:40:21:db:db:6a:f0:53:4e:b5:a2:ed:cc:22:26:7e:
         a9:f2:1f:84:0b:a1:1f:d0:b6:7e:d5:1e:3a:78:68:17:02:90:
         90:03:da:34:5b:e3:f3:71:fe:b8:1d:bf:48:1e:e4:2f:5a:ab:
         31:09:6b:51:17:9d:92:28:98:59:4c:7d:be:ad:97:f8:9c:84:
         e4:e9:04:6a:2d:08:39:48:32:b1:63:62:6d:1b:f9:c9:b3:9c:
         fd:b0:f6:f9:97:c0:df:c1:60:40:2c:c7:32:d5:f8:bd:7c:01:
         13:0e:47:07:5c:a0:5d:4d:6e:51:14:48:a4:6c:74:f3:f9:67:
         2b:56:f5:1c:4a:17:56:cb:34:cc:7a:0f:d7:48:39:37:45:5d:
         7d:1a:6b:17:68:09:57:2e:a8:6e:02:5b:01:d0:ae:6c:3d:47:
         b1:37:a6:93:ff:07:64:54:10:5c:d7:f1:14:17:ff:68:45:63:
         17:c9:bb:19
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQks8LVbKLJ4nbyzSEFvceEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMTNlMDU2NjlmNTU2NjYyYmVjNTY2NGUxMDE2NTlmOTY2
YzgyNmEwHhcNMjUwMTAyMDE0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjIyOWQ0ZTQyOTVlNTI0ZTdkNDllMTFjNWVmMDljNWIzMDJhNmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjEvkUIxfnZUZDbGQoWCSS4/q8eX
eETG//aizb4p2/EQkqJUD6PC8cmPJeXyaJ/dVg1sb5fvVAfBv0q3FY1aNXb7jmVf
JiSLcd6IixAQ01TU9VCvJ8+QSsVsQqIE1dVeck5Jg3WgbTD6ojXCzCWoG9ivdUY2
1QKX9aB6Zg4In+PKZzPCJg8BlMQN75lHeR71anPQ8elwOi/jzaVQSeywu97sslXb
906Y644+Un07upnk4YTzJ4eqpCJ+wCPrzO4YhndH2eYSylljI5B0hLIyD/Jg/Wd1
foWsU9J8xUgn3jyPfgy4leQEyf/Nhh/P6AjJoE7NDPPAXTVO9iBmM8P1TQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFB8inU5CleUk59SeEcXvCcWzAqb+MB8GA1UdIwQY
MBaAFHsT4FZp9VZmK+xWZOEBZZ+WbIJqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXhQZ1ZtbjFWbVlyN0ZaazRRRmxuNVpzZ21vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9mNzc2MWEtZmMzOC00NzVjLThhMTEt
OTRjNzMzNDZjMGVhLzEvSHlLZFRrS1Y1U1RuMUo0UnhlOEp4Yk1DcHY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9mNzc2MWEtZmMzOC00NzVjLThhMTEtOTRjNzMzNDZjMGVh
LzEvZXhQZ1ZtbjFWbVlyN0ZaazRRRmxuNVpzZ21vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW995MA8E
AgACMAkDBwAgAQZ8L3AwDQYJKoZIhvcNAQELBQADggEBAANa7OU00FldpeZLw3wK
yAgoCkOEcEGEmLUYsrlLxAiqAbPfM7JIaQdlNGK7VwNWLdswypUtgtUMLX+CxnlS
8Z64glSq6nOVXTU0PEAh29tq8FNOtaLtzCImfqnyH4QLoR/Qtn7VHjp4aBcCkJAD
2jRb4/Nx/rgdv0ge5C9aqzEJa1EXnZIomFlMfb6tl/ichOTpBGotCDlIMrFjYm0b
+cmznP2w9vmXwN/BYEAsxzLV+L18ARMORwdcoF1NblEUSKRsdPP5ZytW9RxKF1bL
NMx6D9dIOTdFXX0aaxdoCVcuqG4CWwHQrmw9R7E3ppP/B2RUEFzX8RQX/2hFYxfJ
uxk=
-----END CERTIFICATE-----