Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/SKNwRQHq8FB4J3GiSrqdAZqx9XI.roa
File:                     SKNwRQHq8FB4J3GiSrqdAZqx9XI.roa (raw, json)
Hash identifier:          YDB6Pr5yEfHTfF51Rh24jRXxG46u/SVtTDlhp5pda68=
Subject key identifier:   48:A3:70:45:01:EA:F0:50:78:27:71:A2:4A:BA:9D:01:9A:B1:F5:72
Certificate issuer:       /CN=ec2918069b21e165f8cc942a6793fde5b1655be6
Certificate serial:       019421446A0BE3E76BF828C8D981B526B8F6
Authority key identifier: EC:29:18:06:9B:21:E1:65:F8:CC:94:2A:67:93:FD:E5:B1:65:5B:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/SKNwRQHq8FB4J3GiSrqdAZqx9XI.roa
Signing time:             Wed 01 Jan 2025 09:48:39 +0000
ROA not before:           Wed 01 Jan 2025 09:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57063
IP address blocks:        91.236.201.0/24 maxlen: 24
                          213.5.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:6a:0b:e3:e7:6b:f8:28:c8:d9:81:b5:26:b8:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec2918069b21e165f8cc942a6793fde5b1655be6
        Validity
            Not Before: Jan  1 09:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48a3704501eaf050782771a24aba9d019ab1f572
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:fc:09:4a:45:13:2a:8f:e0:0f:7f:ab:8b:1b:
                    cf:b0:1c:74:1e:cb:67:f9:12:9e:d5:f9:2f:93:2c:
                    36:f4:16:45:b7:c1:1a:9a:82:79:e0:e3:fe:1e:61:
                    2f:10:79:c2:69:73:5c:75:f6:93:d5:99:bd:b9:2f:
                    a1:49:4c:89:4c:1e:7e:05:93:b2:41:76:a6:c2:31:
                    97:e3:39:9d:e2:c7:98:2a:92:46:fd:a6:1f:0a:83:
                    5c:6e:53:64:b0:61:33:9e:9e:9c:a9:e9:fb:69:de:
                    03:af:f8:9c:3d:11:59:e7:a1:dc:e4:99:60:a9:5d:
                    99:10:52:25:13:0e:e7:29:29:b0:25:71:8a:ef:ff:
                    7b:5e:2a:39:36:02:96:42:fc:c3:cc:63:81:fb:c9:
                    e9:ca:b1:f7:e8:bf:a1:79:b6:0b:e2:9c:5a:7c:d3:
                    a2:32:e4:48:25:d2:d1:64:a3:ea:3d:fb:0e:3b:a0:
                    15:7b:1f:73:84:81:23:46:82:80:0e:a4:87:af:96:
                    3a:86:5c:ae:a4:7d:19:df:09:98:b0:86:31:40:3e:
                    aa:af:26:7a:0c:80:f1:b7:65:9e:bb:86:43:bb:64:
                    53:06:f3:23:9c:90:fa:31:ff:1a:1c:ab:82:c7:99:
                    b7:4a:fc:9f:52:85:db:0a:ac:a6:92:92:2e:92:30:
                    d0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A3:70:45:01:EA:F0:50:78:27:71:A2:4A:BA:9D:01:9A:B1:F5:72
            X509v3 Authority Key Identifier:
                keyid:EC:29:18:06:9B:21:E1:65:F8:CC:94:2A:67:93:FD:E5:B1:65:5B:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/SKNwRQHq8FB4J3GiSrqdAZqx9XI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/36ccba-85f0-4001-b939-5f6980b8c467/1/7CkYBpsh4WX4zJQqZ5P95bFlW-Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.201.0/24
                  213.5.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:e7:49:c7:ad:56:a6:d5:86:8b:b9:d2:3c:b7:1e:f7:39:89:
         ab:06:16:e9:53:98:9e:36:b7:1a:6a:e3:d8:5d:6a:4e:f5:79:
         95:39:96:c6:c3:d1:0d:6b:90:e5:40:42:7c:1e:06:13:f5:54:
         4c:32:64:15:a3:53:48:f0:3f:35:d1:d1:1e:32:f0:21:36:84:
         88:90:be:ae:29:1a:5b:0d:76:f1:d9:d6:d8:8e:e8:b2:b2:74:
         20:91:e3:75:54:87:33:5a:2a:27:fa:64:6e:ce:f6:5c:d0:53:
         d3:59:9b:f2:0f:09:6c:77:c9:14:82:92:8a:ae:8e:e0:3d:fa:
         dc:e1:95:51:36:55:c3:3d:b9:45:00:d5:dc:61:9d:a5:4b:cf:
         56:49:26:93:e1:c5:ea:22:5f:9f:d4:3e:98:04:9f:e1:ee:3f:
         85:c7:c5:d7:1b:30:74:57:f2:e8:da:6a:60:be:5c:96:a2:c7:
         57:45:44:9b:83:c8:ab:20:0f:45:05:b3:73:d6:f9:22:78:ec:
         22:b3:68:c2:27:ca:bf:2c:b5:a5:fe:42:50:53:66:16:7d:ff:
         b4:a4:15:2b:fd:8d:8e:44:01:ce:e2:16:99:65:9c:fa:02:f1:
         2f:45:fa:9b:11:87:24:5d:20:2b:c0:e2:ab:89:50:cb:93:e8:
         9a:e3:a2:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhRGoL4+dr+CjI2YG1Jrj2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjMjkxODA2OWIyMWUxNjVmOGNjOTQyYTY3OTNmZGU1YjE2
NTViZTYwHhcNMjUwMTAxMDk0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGEzNzA0NTAxZWFmMDUwNzgyNzcxYTI0YWJhOWQwMTlhYjFmNTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhfwJSkUTKo/gD3+rixvPsBx0Hstn
+RKe1fkvkyw29BZFt8EamoJ54OP+HmEvEHnCaXNcdfaT1Zm9uS+hSUyJTB5+BZOy
QXamwjGX4zmd4seYKpJG/aYfCoNcblNksGEznp6cqen7ad4Dr/icPRFZ56Hc5Jlg
qV2ZEFIlEw7nKSmwJXGK7/97Xio5NgKWQvzDzGOB+8npyrH36L+hebYL4pxafNOi
MuRIJdLRZKPqPfsOO6AVex9zhIEjRoKADqSHr5Y6hlyupH0Z3wmYsIYxQD6qryZ6
DIDxt2Weu4ZDu2RTBvMjnJD6Mf8aHKuCx5m3SvyfUoXbCqymkpIukjDQtwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEijcEUB6vBQeCdxokq6nQGasfVyMB8GA1UdIwQY
MBaAFOwpGAabIeFl+MyUKmeT/eWxZVvmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0NrWUJwc2g0V1g0ekpRcVo1UDk1YkZsVy1ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi8zNmNjYmEtODVmMC00MDAxLWI5Mzkt
NWY2OTgwYjhjNDY3LzEvU0tOd1JRSHE4RkI0SjNHaVNycWRBWnF4OVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi8zNmNjYmEtODVmMC00MDAxLWI5MzktNWY2OTgwYjhjNDY3
LzEvN0NrWUJwc2g0V1g0ekpRcVo1UDk1YkZsVy1ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+zJAwQA
1QVIMA0GCSqGSIb3DQEBCwUAA4IBAQBL50nHrVam1YaLudI8tx73OYmrBhbpU5ie
NrcaauPYXWpO9XmVOZbGw9ENa5DlQEJ8HgYT9VRMMmQVo1NI8D810dEeMvAhNoSI
kL6uKRpbDXbx2dbYjuiysnQgkeN1VIczWion+mRuzvZc0FPTWZvyDwlsd8kUgpKK
ro7gPfrc4ZVRNlXDPblFANXcYZ2lS89WSSaT4cXqIl+f1D6YBJ/h7j+Fx8XXGzB0
V/Lo2mpgvlyWosdXRUSbg8irIA9FBbNz1vkieOwis2jCJ8q/LLWl/kJQU2YWff+0
pBUr/Y2ORAHO4haZZZz6AvEvRfqbEYckXSArwOKriVDLk+ia46LK
-----END CERTIFICATE-----