Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/Hd2tJFK8FHI5IxfZApcFzOSYT3E.roa
File:                     Hd2tJFK8FHI5IxfZApcFzOSYT3E.roa (raw, json)
Hash identifier:          M8+A1yW8hq7cWzg9bjqGF7iG0x4F0G6mxL/iqnm6fL0=
Subject key identifier:   1D:DD:AD:24:52:BC:14:72:39:23:17:D9:02:97:05:CC:E4:98:4F:71
Certificate issuer:       /CN=bbf4e1fdb424a9120223b3a75c6ccc31b6f6224a
Certificate serial:       019427B5FD2A7B59C4A40A30DCEE900205C3
Authority key identifier: BB:F4:E1:FD:B4:24:A9:12:02:23:B3:A7:5C:6C:CC:31:B6:F6:22:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/Hd2tJFK8FHI5IxfZApcFzOSYT3E.roa
Signing time:             Thu 02 Jan 2025 15:50:25 +0000
ROA not before:           Thu 02 Jan 2025 15:50:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197561
IP address blocks:        91.223.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:fd:2a:7b:59:c4:a4:0a:30:dc:ee:90:02:05:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbf4e1fdb424a9120223b3a75c6ccc31b6f6224a
        Validity
            Not Before: Jan  2 15:50:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1dddad2452bc1472392317d9029705cce4984f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ac:dc:4c:e5:da:67:61:73:24:b6:57:8b:94:
                    40:fe:ca:3e:c7:67:00:0a:dc:1b:f8:a2:ed:1f:72:
                    b7:b7:9d:45:22:25:7b:5b:c2:e9:2c:64:49:a9:6a:
                    a3:c2:b9:f5:00:c5:1a:33:15:44:49:0f:55:ba:2c:
                    00:fd:d5:70:55:2f:dd:01:75:08:3d:a6:21:f3:6e:
                    a2:b0:ed:14:97:13:7d:c2:2d:b6:db:7f:38:00:f6:
                    0c:0d:f5:c8:b8:a9:c4:b3:fc:e3:3e:5d:31:37:87:
                    9d:55:8f:87:28:d0:90:0a:d2:85:71:2e:49:41:68:
                    c3:8d:be:cc:c2:3b:3c:3b:36:b0:04:5c:44:d9:6c:
                    36:61:f0:4f:c0:e3:4c:f0:a4:fe:e2:ac:7d:74:45:
                    e9:9f:a8:fc:ea:ab:fb:b8:f2:c3:17:1c:67:51:9c:
                    e4:9b:c2:12:88:ac:89:e3:19:6b:9a:b7:ac:82:b0:
                    bc:85:f4:f8:56:1b:00:cc:18:11:98:0a:22:83:29:
                    5a:06:ea:78:f6:19:f9:b3:a6:f4:b9:a6:a5:d6:64:
                    f2:1b:9b:82:07:95:05:b2:ce:8c:a1:7e:d2:4f:16:
                    cd:09:93:d5:12:77:f3:a3:df:e0:87:f4:5f:fe:0f:
                    ab:b7:7a:3c:0d:37:f1:6c:91:36:22:da:93:02:ff:
                    10:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:DD:AD:24:52:BC:14:72:39:23:17:D9:02:97:05:CC:E4:98:4F:71
            X509v3 Authority Key Identifier:
                keyid:BB:F4:E1:FD:B4:24:A9:12:02:23:B3:A7:5C:6C:CC:31:B6:F6:22:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u_Th_bQkqRICI7OnXGzMMbb2Iko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/Hd2tJFK8FHI5IxfZApcFzOSYT3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/11cd10-3ef7-4105-8248-ba51323db4e5/1/u_Th_bQkqRICI7OnXGzMMbb2Iko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:0d:f6:48:bb:10:3d:32:37:63:85:65:fd:c5:6a:d1:2f:f9:
         1f:cc:f0:73:89:de:86:3f:f1:86:24:24:58:ed:1b:e1:d6:5a:
         16:a0:60:4a:83:a6:06:22:2f:3c:50:8e:f5:91:52:15:22:a8:
         af:df:d6:93:e9:4a:cd:a1:61:3b:93:83:68:a1:ec:2b:e6:e2:
         78:96:c0:b1:d8:c1:0e:ef:ff:b3:45:e8:ff:96:60:8e:5c:22:
         48:8e:58:3f:aa:66:be:1d:fa:1a:0a:95:7a:00:5c:cd:1f:03:
         6e:d6:21:41:6a:b7:a8:58:fa:2f:40:a5:08:4a:78:56:79:01:
         48:7b:ed:20:ce:aa:01:7f:4c:50:3f:4a:6d:9e:31:b2:ad:58:
         b8:a2:26:34:bf:d4:26:76:5e:7f:75:64:f6:25:4f:19:f2:67:
         e5:a0:24:d6:0f:5b:d5:12:0b:d6:ea:c9:f4:c6:3a:59:91:07:
         85:47:42:c8:e2:5c:0d:a6:4f:91:3a:98:c3:b9:ab:0b:81:b2:
         3d:4c:42:f3:31:9a:71:94:e8:b2:3b:7d:21:5e:f4:ca:43:cd:
         37:1c:05:2b:31:58:48:de:1d:99:c6:28:29:22:1a:06:93:8d:
         90:d4:88:be:9e:6d:2c:f5:bb:21:86:fc:38:ca:ee:48:c3:fb:
         64:80:e0:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntf0qe1nEpAow3O6QAgXDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZjRlMWZkYjQyNGE5MTIwMjIzYjNhNzVjNmNjYzMxYjZm
NjIyNGEwHhcNMjUwMTAyMTU1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGRkYWQyNDUyYmMxNDcyMzkyMzE3ZDkwMjk3MDVjY2U0OTg0ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqzcTOXaZ2FzJLZXi5RA/so+x2cA
Ctwb+KLtH3K3t51FIiV7W8LpLGRJqWqjwrn1AMUaMxVESQ9VuiwA/dVwVS/dAXUI
PaYh826isO0UlxN9wi222384APYMDfXIuKnEs/zjPl0xN4edVY+HKNCQCtKFcS5J
QWjDjb7Mwjs8OzawBFxE2Ww2YfBPwONM8KT+4qx9dEXpn6j86qv7uPLDFxxnUZzk
m8ISiKyJ4xlrmresgrC8hfT4VhsAzBgRmAoigylaBup49hn5s6b0uaal1mTyG5uC
B5UFss6MoX7STxbNCZPVEnfzo9/gh/Rf/g+rt3o8DTfxbJE2ItqTAv8QQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB3drSRSvBRyOSMX2QKXBczkmE9xMB8GA1UdIwQY
MBaAFLv04f20JKkSAiOzp1xszDG29iJKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdV9UaF9iUWtxUklDSTdPblhHek1NYmIySWtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xMWNkMTAtM2VmNy00MTA1LTgyNDgt
YmE1MTMyM2RiNGU1LzEvSGQydEpGSzhGSEk1SXhmWkFwY0Z6T1NZVDNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xMWNkMTAtM2VmNy00MTA1LTgyNDgtYmE1MTMyM2RiNGU1
LzEvdV9UaF9iUWtxUklDSTdPblhHek1NYmIySWtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99nMA0G
CSqGSIb3DQEBCwUAA4IBAQBmDfZIuxA9MjdjhWX9xWrRL/kfzPBzid6GP/GGJCRY
7Rvh1loWoGBKg6YGIi88UI71kVIVIqiv39aT6UrNoWE7k4Nooewr5uJ4lsCx2MEO
7/+zRej/lmCOXCJIjlg/qma+HfoaCpV6AFzNHwNu1iFBareoWPovQKUISnhWeQFI
e+0gzqoBf0xQP0ptnjGyrVi4oiY0v9Qmdl5/dWT2JU8Z8mfloCTWD1vVEgvW6sn0
xjpZkQeFR0LI4lwNpk+ROpjDuasLgbI9TELzMZpxlOiyO30hXvTKQ803HAUrMVhI
3h2ZxigpIhoGk42Q1Ii+nm0s9bshhvw4yu5Iw/tkgOD1
-----END CERTIFICATE-----