Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/p1fyn5poKGi3v6udklaZLK6DaPs.roa
File:                     p1fyn5poKGi3v6udklaZLK6DaPs.roa (raw, json)
Hash identifier:          ksuBLRSUua1zFmd4JmcnhcAsP8MWyD8OR/dcK6d/pkM=
Subject key identifier:   A7:57:F2:9F:9A:68:28:68:B7:BF:AB:9D:92:56:99:2C:AE:83:68:FB
Certificate issuer:       /CN=d1a8969d7e32cbf927664b2dc436b96e7149a62b
Certificate serial:       01942445684A0BAB365205EBEE32A642D603
Authority key identifier: D1:A8:96:9D:7E:32:CB:F9:27:66:4B:2D:C4:36:B9:6E:71:49:A6:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0aiWnX4yy_knZkstxDa5bnFJpis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/p1fyn5poKGi3v6udklaZLK6DaPs.roa
Signing time:             Wed 01 Jan 2025 23:48:35 +0000
ROA not before:           Wed 01 Jan 2025 23:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51518
IP address blocks:        91.217.78.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/0aiWnX4yy_knZkstxDa5bnFJpis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/0aiWnX4yy_knZkstxDa5bnFJpis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0aiWnX4yy_knZkstxDa5bnFJpis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:68:4a:0b:ab:36:52:05:eb:ee:32:a6:42:d6:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1a8969d7e32cbf927664b2dc436b96e7149a62b
        Validity
            Not Before: Jan  1 23:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a757f29f9a682868b7bfab9d9256992cae8368fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:db:5d:90:59:64:e8:31:5c:a9:e8:7c:55:77:
                    36:5f:c1:b4:18:85:5d:22:cf:40:bc:a9:dd:54:77:
                    27:53:07:24:72:7b:9a:27:33:cc:a2:70:70:b6:d5:
                    bd:b8:a9:1d:e3:ce:25:8b:5f:a1:d4:f5:a1:de:93:
                    7b:6b:26:f6:77:66:9f:94:5a:a1:e3:e3:e5:e8:ef:
                    0b:0f:03:5f:2c:d9:ca:6f:e9:c8:e4:1f:6c:3b:c3:
                    ce:22:d7:32:ac:ff:ac:78:0b:37:c6:0a:20:88:f5:
                    76:33:7b:c2:46:fd:6f:20:de:31:ef:12:b4:c6:a9:
                    80:76:fc:27:04:08:e9:1c:f0:f8:4d:21:1a:7d:3c:
                    75:1d:a2:cb:58:35:8d:6f:32:95:97:c4:e3:90:b4:
                    e0:36:22:c3:f2:11:25:37:bf:89:b9:0a:8f:96:2f:
                    29:8e:c3:fd:51:76:3d:47:39:64:02:2f:d8:47:1d:
                    95:c7:3f:4e:e0:7e:e8:87:a2:fb:6b:5e:f7:d5:f0:
                    aa:e8:2c:aa:8a:54:92:93:5c:e2:59:58:93:f3:81:
                    ea:fd:3c:20:7e:07:4e:8b:90:42:b7:f8:af:37:4a:
                    8b:a7:69:67:7d:4e:b8:70:09:db:d2:de:6e:ce:77:
                    81:4d:ce:3b:0d:45:6d:e2:87:37:1f:6c:d4:b0:9d:
                    39:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:57:F2:9F:9A:68:28:68:B7:BF:AB:9D:92:56:99:2C:AE:83:68:FB
            X509v3 Authority Key Identifier:
                keyid:D1:A8:96:9D:7E:32:CB:F9:27:66:4B:2D:C4:36:B9:6E:71:49:A6:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0aiWnX4yy_knZkstxDa5bnFJpis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/p1fyn5poKGi3v6udklaZLK6DaPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/27294e-b9e7-4660-932d-21048a734a46/1/0aiWnX4yy_knZkstxDa5bnFJpis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:7c:e5:c0:e1:42:71:e7:87:19:a6:c3:76:26:85:66:61:dd:
         91:90:f9:db:c0:10:be:fc:c8:e0:7e:e6:95:1e:83:4a:f4:0c:
         f7:00:ec:2e:67:9f:b3:55:07:85:37:19:12:07:bd:e6:ef:8a:
         4a:d1:0a:ef:38:1b:74:73:37:60:29:76:9e:78:5c:8c:97:0d:
         11:ed:20:5c:5e:fd:5a:40:cc:b9:46:e9:54:b3:cb:43:43:06:
         04:72:d6:95:a9:0a:fa:41:ab:23:1d:de:94:69:53:fa:46:5b:
         6e:37:56:f8:85:92:87:34:73:8d:dc:44:c4:5a:7d:df:c5:63:
         2f:44:0e:ca:84:db:70:a3:5f:38:ca:fd:5a:60:f6:88:1b:98:
         66:7e:f2:27:e1:77:da:5d:32:21:86:e2:53:da:57:11:29:54:
         d6:7c:69:39:4b:46:41:6d:0a:fa:54:da:df:17:4d:4a:d6:4f:
         9b:0b:ac:3d:83:5a:f5:fe:37:81:fb:0a:25:73:d1:00:29:a1:
         d3:d0:b7:9b:13:bc:af:ff:12:c3:74:23:b8:20:85:11:1a:e3:
         eb:16:3a:0e:ce:56:9b:bf:76:c2:23:6a:74:d6:43:9e:39:0e:
         04:61:fc:2a:6c:99:e7:99:63:d5:29:c4:65:dc:c0:9f:03:69:
         b7:aa:0d:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRWhKC6s2UgXr7jKmQtYDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxYTg5NjlkN2UzMmNiZjkyNzY2NGIyZGM0MzZiOTZlNzE0
OWE2MmIwHhcNMjUwMTAxMjM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzU3ZjI5ZjlhNjgyODY4YjdiZmFiOWQ5MjU2OTkyY2FlODM2OGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9tdkFlk6DFcqeh8VXc2X8G0GIVd
Is9AvKndVHcnUwckcnuaJzPMonBwttW9uKkd484li1+h1PWh3pN7ayb2d2aflFqh
4+Pl6O8LDwNfLNnKb+nI5B9sO8POItcyrP+seAs3xgogiPV2M3vCRv1vIN4x7xK0
xqmAdvwnBAjpHPD4TSEafTx1HaLLWDWNbzKVl8TjkLTgNiLD8hElN7+JuQqPli8p
jsP9UXY9RzlkAi/YRx2Vxz9O4H7oh6L7a1731fCq6CyqilSSk1ziWViT84Hq/Twg
fgdOi5BCt/ivN0qLp2lnfU64cAnb0t5uzneBTc47DUVt4oc3H2zUsJ05vwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdX8p+aaChot7+rnZJWmSyug2j7MB8GA1UdIwQY
MBaAFNGolp1+Msv5J2ZLLcQ2uW5xSaYrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGFpV25YNHl5X2tuWmtzdHhEYTVibkZKcGlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yNzI5NGUtYjllNy00NjYwLTkzMmQt
MjEwNDhhNzM0YTQ2LzEvcDFmeW41cG9LR2kzdjZ1ZGtsYVpMSzZEYVBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yNzI5NGUtYjllNy00NjYwLTkzMmQtMjEwNDhhNzM0YTQ2
LzEvMGFpV25YNHl5X2tuWmtzdHhEYTVibkZKcGlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW9lOMA0G
CSqGSIb3DQEBCwUAA4IBAQChfOXA4UJx54cZpsN2JoVmYd2RkPnbwBC+/MjgfuaV
HoNK9Az3AOwuZ5+zVQeFNxkSB73m74pK0QrvOBt0czdgKXaeeFyMlw0R7SBcXv1a
QMy5RulUs8tDQwYEctaVqQr6QasjHd6UaVP6RltuN1b4hZKHNHON3ETEWn3fxWMv
RA7KhNtwo184yv1aYPaIG5hmfvIn4XfaXTIhhuJT2lcRKVTWfGk5S0ZBbQr6VNrf
F01K1k+bC6w9g1r1/jeB+wolc9EAKaHT0LebE7yv/xLDdCO4IIURGuPrFjoOzlab
v3bCI2p01kOeOQ4EYfwqbJnnmWPVKcRl3MCfA2m3qg1P
-----END CERTIFICATE-----