Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/YjHZVJXAnKr8xh5R9wmBVaYEgXg.roa
File:                     YjHZVJXAnKr8xh5R9wmBVaYEgXg.roa (raw, json)
Hash identifier:          kSLUkCF1fVqfg2Z9iMd8kS34Maa3MeKt4Z6zguLvO/o=
Subject key identifier:   62:31:D9:54:95:C0:9C:AA:FC:C6:1E:51:F7:09:81:55:A6:04:81:78
Certificate issuer:       /CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
Certificate serial:       019500281A043AA5C47976F0B7EEBDBEE99A
Authority key identifier: A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/YjHZVJXAnKr8xh5R9wmBVaYEgXg.roa
Signing time:             Thu 13 Feb 2025 16:33:02 +0000
ROA not before:           Thu 13 Feb 2025 16:33:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41334
IP address blocks:        91.88.0.0/16 maxlen: 16
                          2a00:d780::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:00:28:1a:04:3a:a5:c4:79:76:f0:b7:ee:bd:be:e9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0ef5fbbfca7a93cfee965eeb6bdee6fb43c403e
        Validity
            Not Before: Feb 13 16:33:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6231d95495c09caafcc61e51f7098155a6048178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e2:18:c1:d6:34:a0:63:bd:22:29:c3:e0:ea:
                    91:c8:80:7b:42:7f:d6:d7:84:f7:7b:af:35:2e:ac:
                    60:c1:7f:cc:a4:75:d9:c2:4d:a9:41:61:ef:2f:81:
                    02:44:0d:71:f0:fa:e2:d5:05:06:65:ca:45:98:03:
                    52:47:f6:0d:71:3a:b1:a9:2a:95:71:eb:59:64:61:
                    64:fe:18:f1:da:4a:97:db:72:f4:04:c7:fc:2d:17:
                    ae:4b:ac:ae:91:99:f3:02:f0:0f:3b:de:be:c0:0a:
                    5a:a6:c2:75:1b:6d:b4:7b:73:e1:21:ec:67:b3:2f:
                    41:4f:b5:2b:01:75:cd:99:c6:1f:04:e1:fb:61:11:
                    9d:98:65:b1:83:5f:a3:6a:94:20:35:5b:07:30:b8:
                    71:42:17:92:78:86:44:9e:13:c6:11:c9:5d:14:97:
                    1e:e2:e0:3e:d4:40:c5:9a:c1:55:30:a4:ee:49:1f:
                    fe:9d:6f:72:3d:11:b7:26:bb:b9:eb:d3:60:f4:99:
                    24:13:85:e2:ea:09:d7:26:77:40:c8:6a:5f:7c:ec:
                    41:94:38:b0:63:ed:f8:c6:ff:78:02:e0:38:63:9e:
                    32:34:92:d6:f6:12:9f:20:44:c5:4d:c3:d1:d1:31:
                    53:0d:57:87:08:b5:11:a6:9f:51:42:85:3e:e9:ff:
                    0b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:31:D9:54:95:C0:9C:AA:FC:C6:1E:51:F7:09:81:55:A6:04:81:78
            X509v3 Authority Key Identifier:
                keyid:A0:EF:5F:BB:FC:A7:A9:3C:FE:E9:65:EE:B6:BD:EE:6F:B4:3C:40:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oO9fu_ynqTz-6WXutr3ub7Q8QD4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/YjHZVJXAnKr8xh5R9wmBVaYEgXg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/fe915c-bf70-4602-8a3c-0292b020150a/1/oO9fu_ynqTz-6WXutr3ub7Q8QD4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.88.0.0/16
                IPv6:
                  2a00:d780::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:23:54:b0:32:08:41:4d:6e:86:52:d0:78:c1:65:f5:92:6a:
         39:48:5c:42:e7:68:23:99:75:ec:b6:3b:c3:9b:06:2f:16:38:
         b8:dc:58:3a:d9:bf:3c:ff:91:8f:77:97:6c:33:31:65:b6:28:
         e0:84:77:e8:8a:58:3d:ac:c7:da:78:81:ab:24:44:af:99:4c:
         82:03:4b:71:82:99:9b:75:19:f2:a9:63:66:e2:96:c2:df:99:
         92:4e:ba:f5:2a:88:38:88:cb:7a:27:a5:42:4c:3a:0a:27:9f:
         07:3e:54:13:a3:2a:64:09:67:9f:1b:9b:c4:65:e8:53:ca:36:
         5a:6b:44:36:bc:ed:07:b2:db:00:de:1a:12:2f:42:b5:b4:d9:
         46:b1:d3:dd:32:b4:43:64:53:f1:5a:19:7e:29:36:47:1c:95:
         dc:4e:d4:27:d5:ef:cc:71:46:68:c7:7f:f6:c4:0c:92:0a:d7:
         d3:a8:3c:ca:44:d5:ce:ab:91:43:bf:79:81:71:08:54:a7:74:
         ad:c6:c3:73:d1:7e:ad:0c:f5:e5:8c:60:0d:60:03:db:d1:29:
         ec:c8:28:db:79:5a:fd:fb:02:64:69:cd:bb:23:b5:24:ee:d8:
         6d:d6:37:f1:46:96:29:50:37:04:04:3d:46:13:ce:e1:dc:e1:
         37:15:4e:c4
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZUAKBoEOqXEeXbwt+69vumaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZWY1ZmJiZmNhN2E5M2NmZWU5NjVlZWI2YmRlZTZmYjQz
YzQwM2UwHhcNMjUwMjEzMTYzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjMxZDk1NDk1YzA5Y2FhZmNjNjFlNTFmNzA5ODE1NWE2MDQ4MTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+IYwdY0oGO9IinD4OqRyIB7Qn/W
14T3e681LqxgwX/MpHXZwk2pQWHvL4ECRA1x8Pri1QUGZcpFmANSR/YNcTqxqSqV
cetZZGFk/hjx2kqX23L0BMf8LReuS6yukZnzAvAPO96+wApapsJ1G220e3PhIexn
sy9BT7UrAXXNmcYfBOH7YRGdmGWxg1+japQgNVsHMLhxQheSeIZEnhPGEcldFJce
4uA+1EDFmsFVMKTuSR/+nW9yPRG3Jru569Ng9JkkE4Xi6gnXJndAyGpffOxBlDiw
Y+34xv94AuA4Y54yNJLW9hKfIETFTcPR0TFTDVeHCLURpp9RQoU+6f8LawIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGIx2VSVwJyq/MYeUfcJgVWmBIF4MB8GA1UdIwQY
MBaAFKDvX7v8p6k8/ull7ra97m+0PEA+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2Mt
MDI5MmIwMjAxNTBhLzEvWWpIWlZKWEFuS3I4eGg1Ujl3bUJWYVlFZ1hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi9mZTkxNWMtYmY3MC00NjAyLThhM2MtMDI5MmIwMjAxNTBh
LzEvb085ZnVfeW5xVHotNldYdXRyM3ViN1E4UUQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDALBAIAATAFAwMAW1gwDQQC
AAIwBwMFACoA14AwDQYJKoZIhvcNAQELBQADggEBAIYjVLAyCEFNboZS0HjBZfWS
ajlIXELnaCOZdey2O8ObBi8WOLjcWDrZvzz/kY93l2wzMWW2KOCEd+iKWD2sx9p4
gaskRK+ZTIIDS3GCmZt1GfKpY2bilsLfmZJOuvUqiDiIy3onpUJMOgonnwc+VBOj
KmQJZ58bm8Rl6FPKNlprRDa87Qey2wDeGhIvQrW02Uax090ytENkU/FaGX4pNkcc
ldxO1CfV78xxRmjHf/bEDJIK19OoPMpE1c6rkUO/eYFxCFSndK3Gw3PRfq0M9eWM
YA1gA9vRKezIKNt5Wv37AmRpzbsjtSTu2G3WN/FGlilQNwQEPUYTzuHc4TcVTsQ=
-----END CERTIFICATE-----