Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/YVY9twtvMqgJ8wFpvv3lKZVmEkQ.roa
File:                     YVY9twtvMqgJ8wFpvv3lKZVmEkQ.roa (raw, json)
Hash identifier:          17qlPl9D+uyL5rzeTz5pj3TELME7ziHzDZ+/fRR9Vec=
Subject key identifier:   61:56:3D:B7:0B:6F:32:A8:09:F3:01:69:BE:FD:E5:29:95:66:12:44
Certificate issuer:       /CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
Certificate serial:       019423698E147ACFF9BD9B6AD36897861647
Authority key identifier: B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/YVY9twtvMqgJ8wFpvv3lKZVmEkQ.roa
Signing time:             Wed 01 Jan 2025 19:48:27 +0000
ROA not before:           Wed 01 Jan 2025 19:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197265
IP address blocks:        91.217.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:8e:14:7a:cf:f9:bd:9b:6a:d3:68:97:86:16:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4d7ed14b8d51a20baec7b660f08a80cdcf817bf
        Validity
            Not Before: Jan  1 19:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61563db70b6f32a809f30169befde52995661244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:fe:29:ae:13:40:63:fb:d4:cd:86:be:8a:4d:
                    9b:3c:49:a7:25:90:8d:ab:91:e2:3e:9e:04:28:4a:
                    f3:e2:af:90:1d:20:37:36:39:f9:c5:42:3e:4d:9d:
                    b0:90:6a:32:3c:ed:f8:3d:d8:3c:f6:ef:5a:9a:06:
                    5a:30:50:c2:0e:ab:09:79:ab:02:26:88:4e:fd:06:
                    71:66:91:b5:1e:a0:47:9c:7c:02:29:b5:0a:8b:a0:
                    37:71:b3:3a:f4:93:9c:e9:f2:f0:44:c3:44:6d:85:
                    1b:94:89:76:46:8b:af:77:1a:5a:09:bc:2b:61:ab:
                    01:db:1f:c6:fa:be:4d:47:62:19:b5:94:9d:fd:79:
                    89:b2:d9:cc:16:e3:be:1e:86:6c:52:5f:07:9f:f1:
                    c2:38:e7:0f:bd:e0:84:c5:1b:c1:e6:d7:2c:34:40:
                    db:d2:87:52:67:57:66:90:08:a7:81:34:2e:07:75:
                    b4:26:2f:55:8c:58:7f:ef:5b:58:ad:77:ed:7e:7d:
                    4f:d2:a3:69:69:32:d8:e4:eb:c8:87:80:d3:9e:35:
                    37:4b:d0:8a:92:7f:d8:53:44:85:50:23:25:98:6e:
                    e7:5e:6a:ad:bf:51:f0:27:9e:7e:81:5e:c6:3b:d6:
                    42:dc:2b:7a:37:3e:db:39:07:61:fb:19:1b:ed:a4:
                    32:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:56:3D:B7:0B:6F:32:A8:09:F3:01:69:BE:FD:E5:29:95:66:12:44
            X509v3 Authority Key Identifier:
                keyid:B4:D7:ED:14:B8:D5:1A:20:BA:EC:7B:66:0F:08:A8:0C:DC:F8:17:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tNftFLjVGiC67HtmDwioDNz4F78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/YVY9twtvMqgJ8wFpvv3lKZVmEkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/132ba8-7676-49f6-afcc-7d0423bda74c/1/tNftFLjVGiC67HtmDwioDNz4F78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:04:cf:e7:67:41:0c:80:32:d0:48:0d:16:52:82:46:87:76:
         ef:3c:fe:c6:00:ae:c1:e0:9a:01:f3:cc:23:f6:ab:53:02:d2:
         42:56:53:26:39:da:58:27:5f:fb:63:fc:78:63:2d:0e:b5:37:
         6d:86:79:4e:b6:09:dd:a8:b0:5b:92:1b:3a:cf:1c:76:ae:e5:
         74:f5:93:b6:f8:c9:8d:60:c7:eb:cd:ad:42:d3:9c:97:8c:fd:
         e2:72:1c:ff:4d:54:72:a5:ac:56:f4:d8:f4:df:02:e8:f2:7d:
         8c:31:a6:a1:7b:ba:ac:40:39:ab:49:3e:d4:d5:b1:2c:87:2b:
         fd:51:11:3f:31:3d:1f:a6:8d:d8:38:92:84:d4:7f:3b:9b:b4:
         2e:68:6e:e6:7a:a5:98:19:53:3a:c8:65:d0:9b:63:b5:73:f1:
         7b:d8:32:0f:da:47:8c:8f:64:be:86:f7:74:a0:04:db:4d:38:
         c4:d4:cb:d2:06:4a:70:8b:cb:3b:9c:44:1b:c8:f0:c7:76:6c:
         95:d9:08:05:88:62:3c:64:ad:5c:16:13:74:6a:9f:a8:00:6b:
         96:33:34:c1:e4:c6:8c:a0:65:00:99:0f:f5:12:90:6f:6a:21:
         fd:27:af:b5:46:11:83:19:96:39:04:3d:a7:ee:49:e6:6b:f5:
         5e:30:29:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaY4Ues/5vZtq02iXhhZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZDdlZDE0YjhkNTFhMjBiYWVjN2I2NjBmMDhhODBjZGNm
ODE3YmYwHhcNMjUwMTAxMTk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTU2M2RiNzBiNmYzMmE4MDlmMzAxNjliZWZkZTUyOTk1NjYxMjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/4prhNAY/vUzYa+ik2bPEmnJZCN
q5HiPp4EKErz4q+QHSA3Njn5xUI+TZ2wkGoyPO34Pdg89u9amgZaMFDCDqsJeasC
JohO/QZxZpG1HqBHnHwCKbUKi6A3cbM69JOc6fLwRMNEbYUblIl2RouvdxpaCbwr
YasB2x/G+r5NR2IZtZSd/XmJstnMFuO+HoZsUl8Hn/HCOOcPveCExRvB5tcsNEDb
0odSZ1dmkAingTQuB3W0Ji9VjFh/71tYrXftfn1P0qNpaTLY5OvIh4DTnjU3S9CK
kn/YU0SFUCMlmG7nXmqtv1HwJ55+gV7GO9ZC3Ct6Nz7bOQdh+xkb7aQy1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFWPbcLbzKoCfMBab795SmVZhJEMB8GA1UdIwQY
MBaAFLTX7RS41Roguux7Zg8IqAzc+Be/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2Mt
N2QwNDIzYmRhNzRjLzEvWVZZOXR3dHZNcWdKOHdGcHZ2M2xLWlZtRWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8xMzJiYTgtNzY3Ni00OWY2LWFmY2MtN2QwNDIzYmRhNzRj
LzEvdE5mdEZMalZHaUM2N0h0bUR3aW9ETno0Rjc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nMMA0G
CSqGSIb3DQEBCwUAA4IBAQAcBM/nZ0EMgDLQSA0WUoJGh3bvPP7GAK7B4JoB88wj
9qtTAtJCVlMmOdpYJ1/7Y/x4Yy0OtTdthnlOtgndqLBbkhs6zxx2ruV09ZO2+MmN
YMfrza1C05yXjP3ichz/TVRypaxW9Nj03wLo8n2MMaahe7qsQDmrST7U1bEshyv9
URE/MT0fpo3YOJKE1H87m7QuaG7meqWYGVM6yGXQm2O1c/F72DIP2keMj2S+hvd0
oATbTTjE1MvSBkpwi8s7nEQbyPDHdmyV2QgFiGI8ZK1cFhN0ap+oAGuWMzTB5MaM
oGUAmQ/1EpBvaiH9J6+1RhGDGZY5BD2n7knma/VeMCnD
-----END CERTIFICATE-----