Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/00248c-3791-4629-a6c6-6d971992c349/1/RNk_0Bt2Bdlaf0Pdd2eUPaMyW8E.roa
File:                     RNk_0Bt2Bdlaf0Pdd2eUPaMyW8E.roa (raw, json)
Hash identifier:          m6J+0888VMRpST0J5iXwVh9t9K8LOLn/EV2xZ10pPjg=
Subject key identifier:   44:D9:3F:D0:1B:76:05:D9:5A:7F:43:DD:77:67:94:3D:A3:32:5B:C1
Certificate issuer:       /CN=0f9a2d2374aa6ac714b5f8a6eddb80dc69679cc6
Certificate serial:       01941F8C8C27049A39CBCE35BE0A35B82F9E
Authority key identifier: 0F:9A:2D:23:74:AA:6A:C7:14:B5:F8:A6:ED:DB:80:DC:69:67:9C:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D5otI3SqascUtfim7duA3GlnnMY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/00248c-3791-4629-a6c6-6d971992c349/1/RNk_0Bt2Bdlaf0Pdd2eUPaMyW8E.roa
Signing time:             Wed 01 Jan 2025 01:48:12 +0000
ROA not before:           Wed 01 Jan 2025 01:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57117
IP address blocks:        91.201.197.0/24 maxlen: 24
                          185.202.105.0/24 maxlen: 24
                          188.95.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/00248c-3791-4629-a6c6-6d971992c349/1/D5otI3SqascUtfim7duA3GlnnMY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/00248c-3791-4629-a6c6-6d971992c349/1/D5otI3SqascUtfim7duA3GlnnMY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D5otI3SqascUtfim7duA3GlnnMY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 14:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:8c:27:04:9a:39:cb:ce:35:be:0a:35:b8:2f:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f9a2d2374aa6ac714b5f8a6eddb80dc69679cc6
        Validity
            Not Before: Jan  1 01:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44d93fd01b7605d95a7f43dd7767943da3325bc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:a0:ff:9a:82:33:54:26:13:92:23:47:83:a5:
                    f9:be:38:fc:2e:75:44:df:de:d4:a4:c0:cc:b1:86:
                    b0:d5:b3:7d:d1:9f:4d:26:88:27:3d:b4:14:8f:da:
                    79:c2:7e:55:34:3a:e7:c6:bc:25:5a:a5:6d:30:c2:
                    98:d8:3c:c4:31:27:81:61:80:62:37:ee:03:9a:66:
                    5e:72:fe:16:9f:7f:1f:5d:66:a5:98:6a:cd:66:4b:
                    8f:d0:64:b7:9a:2a:44:9f:fb:84:06:a9:42:2b:8d:
                    6d:35:c1:33:dc:4b:1f:4d:a6:b2:f6:e4:8d:9e:66:
                    00:d6:4a:c9:8c:a7:cc:06:30:56:9a:80:d7:1d:fd:
                    e8:9d:83:ed:f9:78:17:39:74:df:16:7f:a7:ad:f6:
                    fd:9f:9d:1d:5f:e4:d0:d7:be:9a:c4:32:bb:0c:4f:
                    7b:f7:39:f1:fd:e2:bb:9d:bd:87:62:d1:8d:d9:82:
                    23:21:d9:40:63:be:7d:59:dd:0c:e7:99:10:d5:40:
                    cb:bb:df:28:4e:3c:3e:0a:03:f5:e5:0f:11:81:92:
                    5f:51:6f:d1:45:0a:cf:ed:8f:b2:13:9d:20:7e:58:
                    7a:58:0a:c9:dd:e7:ea:32:68:0e:1b:9d:06:dd:6e:
                    4f:5f:81:d6:06:42:b2:53:0e:e0:6d:18:fb:ac:3e:
                    9e:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D9:3F:D0:1B:76:05:D9:5A:7F:43:DD:77:67:94:3D:A3:32:5B:C1
            X509v3 Authority Key Identifier:
                keyid:0F:9A:2D:23:74:AA:6A:C7:14:B5:F8:A6:ED:DB:80:DC:69:67:9C:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D5otI3SqascUtfim7duA3GlnnMY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/00248c-3791-4629-a6c6-6d971992c349/1/RNk_0Bt2Bdlaf0Pdd2eUPaMyW8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/00248c-3791-4629-a6c6-6d971992c349/1/D5otI3SqascUtfim7duA3GlnnMY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.197.0/24
                  185.202.105.0/24
                  188.95.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:de:4c:ce:87:5e:1b:6d:06:dc:04:21:46:8b:6c:a4:45:86:
         96:f1:c8:15:7f:4b:2a:e3:68:b1:9e:20:0b:16:0a:ef:ef:22:
         62:bd:86:a9:47:f6:58:b5:13:3d:8d:10:f0:a1:98:6a:9a:5d:
         40:41:59:cb:70:ff:18:97:eb:4f:ce:f1:c8:a5:80:f7:03:07:
         22:4a:d7:84:ff:b7:73:85:ec:b6:d7:62:5e:f5:39:b7:0d:73:
         39:c5:47:3f:2b:05:9f:95:2d:ce:80:68:60:41:0d:73:ca:94:
         fb:11:4d:73:8f:4c:e7:79:70:1b:59:49:7f:39:f2:53:f6:c3:
         39:b1:1f:69:e4:6d:a9:21:80:8b:47:51:77:e9:0f:1a:9f:fa:
         fe:3b:16:bf:1a:88:c2:e6:4c:78:70:1e:dd:3e:3a:01:5a:8c:
         3f:18:25:fb:d7:f3:be:66:5d:2b:1d:68:2b:88:1b:d2:85:14:
         27:3a:c5:02:48:e5:22:dc:14:6a:c3:76:de:55:ac:66:e9:83:
         6f:95:40:1c:05:b6:31:6e:05:b5:7c:7e:07:75:9a:5a:2e:90:
         66:1c:45:de:c4:ca:b3:ee:b0:ea:9b:7a:e3:36:77:03:7e:68:
         04:59:22:c4:ab:60:73:2d:7c:05:65:98:b2:1a:15:e0:dd:74:
         1d:78:b5:e5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQfjIwnBJo5y841vgo1uC+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmOWEyZDIzNzRhYTZhYzcxNGI1ZjhhNmVkZGI4MGRjNjk2
NzljYzYwHhcNMjUwMTAxMDE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGQ5M2ZkMDFiNzYwNWQ5NWE3ZjQzZGQ3NzY3OTQzZGEzMzI1YmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5KD/moIzVCYTkiNHg6X5vjj8LnVE
397UpMDMsYaw1bN90Z9NJognPbQUj9p5wn5VNDrnxrwlWqVtMMKY2DzEMSeBYYBi
N+4DmmZecv4Wn38fXWalmGrNZkuP0GS3mipEn/uEBqlCK41tNcEz3EsfTaay9uSN
nmYA1krJjKfMBjBWmoDXHf3onYPt+XgXOXTfFn+nrfb9n50dX+TQ176axDK7DE97
9znx/eK7nb2HYtGN2YIjIdlAY759Wd0M55kQ1UDLu98oTjw+CgP15Q8RgZJfUW/R
RQrP7Y+yE50gflh6WArJ3efqMmgOG50G3W5PX4HWBkKyUw7gbRj7rD6eCQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFETZP9AbdgXZWn9D3XdnlD2jMlvBMB8GA1UdIwQY
MBaAFA+aLSN0qmrHFLX4pu3bgNxpZ5zGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDVvdEkzU3Fhc2NVdGZpbTdkdUEzR2xubk1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8wMDI0OGMtMzc5MS00NjI5LWE2YzYt
NmQ5NzE5OTJjMzQ5LzEvUk5rXzBCdDJCZGxhZjBQZGQyZVVQYU15VzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8wMDI0OGMtMzc5MS00NjI5LWE2YzYtNmQ5NzE5OTJjMzQ5
LzEvRDVvdEkzU3Fhc2NVdGZpbTdkdUEzR2xubk1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8nFAwQA
ucppAwQAvF9AMA0GCSqGSIb3DQEBCwUAA4IBAQAF3kzOh14bbQbcBCFGi2ykRYaW
8cgVf0sq42ixniALFgrv7yJivYapR/ZYtRM9jRDwoZhqml1AQVnLcP8Yl+tPzvHI
pYD3AwciSteE/7dzhey212Je9Tm3DXM5xUc/KwWflS3OgGhgQQ1zypT7EU1zj0zn
eXAbWUl/OfJT9sM5sR9p5G2pIYCLR1F36Q8an/r+Oxa/GojC5kx4cB7dPjoBWow/
GCX71/O+Zl0rHWgriBvShRQnOsUCSOUi3BRqw3beVaxm6YNvlUAcBbYxbgW1fH4H
dZpaLpBmHEXexMqz7rDqm3rjNncDfmgEWSLEq2BzLXwFZZiyGhXg3XQdeLXl
-----END CERTIFICATE-----