Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/968d41-4d77-42be-80b1-beafe0efc09c/1/o0fIx97OGcsRRnK7KSw7A2DAbfQ.roa
File:                     o0fIx97OGcsRRnK7KSw7A2DAbfQ.roa (raw, json)
Hash identifier:          jueR7BseKB+mo6nBgD9zHG3rXsmYJFkETDCtwwn00LE=
Subject key identifier:   A3:47:C8:C7:DE:CE:19:CB:11:46:72:BB:29:2C:3B:03:60:C0:6D:F4
Certificate issuer:       /CN=9757052075961e9d90c27d07125a4b446cafd790
Certificate serial:       01942747DF0456675EC3360D302F905E73B3
Authority key identifier: 97:57:05:20:75:96:1E:9D:90:C2:7D:07:12:5A:4B:44:6C:AF:D7:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l1cFIHWWHp2Qwn0HElpLRGyv15A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/968d41-4d77-42be-80b1-beafe0efc09c/1/o0fIx97OGcsRRnK7KSw7A2DAbfQ.roa
Signing time:             Thu 02 Jan 2025 13:50:09 +0000
ROA not before:           Thu 02 Jan 2025 13:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49957
IP address blocks:        91.207.250.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/968d41-4d77-42be-80b1-beafe0efc09c/1/l1cFIHWWHp2Qwn0HElpLRGyv15A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/968d41-4d77-42be-80b1-beafe0efc09c/1/l1cFIHWWHp2Qwn0HElpLRGyv15A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l1cFIHWWHp2Qwn0HElpLRGyv15A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:df:04:56:67:5e:c3:36:0d:30:2f:90:5e:73:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9757052075961e9d90c27d07125a4b446cafd790
        Validity
            Not Before: Jan  2 13:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a347c8c7dece19cb114672bb292c3b0360c06df4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0f:ab:23:6e:59:3f:2f:53:33:7d:23:09:fe:
                    a8:e2:4d:4a:ac:1a:2e:cc:04:f4:fb:eb:c4:93:56:
                    73:da:1c:d0:99:b4:38:d4:cd:48:43:92:65:0b:e4:
                    17:1c:29:23:05:d9:ac:95:31:48:50:f9:8d:1d:af:
                    e5:ba:1f:9d:d2:0a:78:89:b7:66:28:af:44:de:aa:
                    d5:a5:95:72:19:a4:11:62:b9:15:6e:00:40:7f:d1:
                    e2:25:89:4b:10:45:dc:ac:a2:89:05:60:77:65:6d:
                    9c:51:0c:98:cd:e8:ac:6c:77:27:36:3c:bc:35:04:
                    52:ae:37:2c:19:0e:32:b1:98:a8:b4:db:94:7e:97:
                    1a:eb:61:2d:e7:cd:b8:dc:0c:a5:1c:28:36:30:c3:
                    a3:ed:cc:36:0c:71:47:6b:b8:89:e7:b4:ae:3e:f9:
                    a3:b4:04:6d:1c:08:df:8a:5c:d7:10:9b:cd:40:e1:
                    e5:b4:0d:d5:55:21:81:39:c4:91:9d:50:ab:55:3c:
                    9c:ad:cd:70:e0:30:18:95:46:d3:47:2e:1a:b3:85:
                    a1:83:32:a0:c1:ab:9e:45:5a:4d:69:a1:ea:08:dc:
                    55:67:11:d5:c6:be:53:22:ac:cf:72:3a:ba:72:2f:
                    e3:0b:55:6a:12:70:62:73:a5:ce:0d:c0:61:13:f1:
                    29:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:47:C8:C7:DE:CE:19:CB:11:46:72:BB:29:2C:3B:03:60:C0:6D:F4
            X509v3 Authority Key Identifier:
                keyid:97:57:05:20:75:96:1E:9D:90:C2:7D:07:12:5A:4B:44:6C:AF:D7:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l1cFIHWWHp2Qwn0HElpLRGyv15A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/968d41-4d77-42be-80b1-beafe0efc09c/1/o0fIx97OGcsRRnK7KSw7A2DAbfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/968d41-4d77-42be-80b1-beafe0efc09c/1/l1cFIHWWHp2Qwn0HElpLRGyv15A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:ee:8a:f6:44:ad:07:39:34:1a:68:ef:07:0f:83:1d:5c:0e:
         be:60:60:59:f5:c3:c1:86:79:7f:69:39:8a:4d:54:62:4f:e9:
         99:45:b9:33:13:35:44:e2:30:1d:94:2a:9b:57:86:9b:45:97:
         2e:36:26:95:28:71:1e:a3:25:c2:c8:d1:8d:84:5b:98:78:a5:
         45:10:a6:a7:71:69:81:dd:a0:8a:97:31:31:24:36:7f:9d:a7:
         da:21:3b:15:a6:23:eb:30:7d:bc:22:b6:ce:5d:92:36:d2:0d:
         52:25:6d:c7:1f:70:82:4a:f6:e1:68:ae:22:58:7a:13:59:dc:
         97:27:0c:0e:17:c2:af:ca:ed:8a:24:ee:02:be:a5:61:b2:31:
         c6:ab:28:ff:19:1b:92:ef:40:f1:6b:62:b9:ea:70:fc:12:a5:
         6e:54:ae:86:ba:95:46:86:7d:29:37:f8:c3:0a:96:56:eb:70:
         37:cc:20:ff:19:00:d0:cf:e3:11:9a:41:02:83:4d:69:5d:99:
         38:fd:51:12:0d:db:6e:94:8d:5d:a0:73:92:eb:2f:b9:e9:70:
         83:6a:84:91:58:6d:14:8b:1c:17:29:1e:2a:30:a2:47:57:1a:
         15:cf:d4:9f:84:6c:a8:6b:d9:5e:8d:87:bc:9e:b9:91:e0:75:
         6d:47:69:a9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR98EVmdewzYNMC+QXnOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NTcwNTIwNzU5NjFlOWQ5MGMyN2QwNzEyNWE0YjQ0NmNh
ZmQ3OTAwHhcNMjUwMTAyMTM1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzQ3YzhjN2RlY2UxOWNiMTE0NjcyYmIyOTJjM2IwMzYwYzA2ZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg+rI25ZPy9TM30jCf6o4k1KrBou
zAT0++vEk1Zz2hzQmbQ41M1IQ5JlC+QXHCkjBdmslTFIUPmNHa/luh+d0gp4ibdm
KK9E3qrVpZVyGaQRYrkVbgBAf9HiJYlLEEXcrKKJBWB3ZW2cUQyYzeisbHcnNjy8
NQRSrjcsGQ4ysZiotNuUfpca62Et58243AylHCg2MMOj7cw2DHFHa7iJ57SuPvmj
tARtHAjfilzXEJvNQOHltA3VVSGBOcSRnVCrVTycrc1w4DAYlUbTRy4as4WhgzKg
waueRVpNaaHqCNxVZxHVxr5TIqzPcjq6ci/jC1VqEnBic6XODcBhE/EppQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNHyMfezhnLEUZyuyksOwNgwG30MB8GA1UdIwQY
MBaAFJdXBSB1lh6dkMJ9BxJaS0Rsr9eQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDFjRklIV1dIcDJRd24wSEVscExSR3l2MTVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi85NjhkNDEtNGQ3Ny00MmJlLTgwYjEt
YmVhZmUwZWZjMDljLzEvbzBmSXg5N09HY3NSUm5LN0tTdzdBMkRBYmZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi85NjhkNDEtNGQ3Ny00MmJlLTgwYjEtYmVhZmUwZWZjMDlj
LzEvbDFjRklIV1dIcDJRd24wSEVscExSR3l2MTVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8/6MA0G
CSqGSIb3DQEBCwUAA4IBAQB07or2RK0HOTQaaO8HD4MdXA6+YGBZ9cPBhnl/aTmK
TVRiT+mZRbkzEzVE4jAdlCqbV4abRZcuNiaVKHEeoyXCyNGNhFuYeKVFEKancWmB
3aCKlzExJDZ/nafaITsVpiPrMH28IrbOXZI20g1SJW3HH3CCSvbhaK4iWHoTWdyX
JwwOF8Kvyu2KJO4CvqVhsjHGqyj/GRuS70Dxa2K56nD8EqVuVK6GupVGhn0pN/jD
CpZW63A3zCD/GQDQz+MRmkECg01pXZk4/VESDdtulI1doHOS6y+56XCDaoSRWG0U
ixwXKR4qMKJHVxoVz9SfhGyoa9lejYe8nrmR4HVtR2mp
-----END CERTIFICATE-----