Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/yFPiywRMEHaITt3TRPzJux8bzAU.roa
File:                     yFPiywRMEHaITt3TRPzJux8bzAU.roa (raw, json)
Hash identifier:          WnTskmfJ1KLR7sA0SYoAyMqXx6u45IJAhh3f7ztydOk=
Subject key identifier:   C8:53:E2:CB:04:4C:10:76:88:4E:DD:D3:44:FC:C9:BB:1F:1B:CC:05
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       0194244516BE1D92567DF9BE7C2A1CCEB646
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/yFPiywRMEHaITt3TRPzJux8bzAU.roa
Signing time:             Wed 01 Jan 2025 23:48:15 +0000
ROA not before:           Wed 01 Jan 2025 23:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30731
IP address blocks:        91.236.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 17:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:16:be:1d:92:56:7d:f9:be:7c:2a:1c:ce:b6:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Jan  1 23:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c853e2cb044c1076884eddd344fcc9bb1f1bcc05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:12:28:aa:0f:ba:e3:41:5e:bf:09:84:73:15:
                    d0:b1:c1:43:8a:ea:0f:58:bd:9d:78:e8:c8:93:a0:
                    45:d7:85:ae:ef:72:e5:a2:48:86:81:47:82:2f:59:
                    e5:93:db:9f:35:20:82:2b:05:9f:26:f2:56:1c:13:
                    43:c0:31:aa:be:93:ac:f0:b0:96:17:b9:1f:51:29:
                    f4:8c:31:92:8a:f1:86:68:91:9b:5f:51:39:fe:60:
                    e0:ac:c6:e4:64:b3:7d:ac:ab:de:24:e9:70:a6:18:
                    84:c8:93:d1:4d:99:e9:3a:22:16:29:8f:43:08:f8:
                    dd:78:af:67:dd:83:1a:7b:ef:fd:82:7f:d9:14:87:
                    ab:dc:44:35:e0:7b:1d:a8:2f:62:b3:d8:10:df:d5:
                    9b:62:0e:82:34:f4:c5:c8:15:49:62:d6:1c:cf:ae:
                    44:59:ec:f5:6c:38:aa:b1:b8:68:bf:78:84:36:6d:
                    9d:54:6a:ff:d8:a1:65:12:21:d4:01:3a:f8:0b:73:
                    37:80:9c:90:4e:b2:14:16:a6:8e:a4:65:84:cc:39:
                    a6:b0:cd:3b:99:a2:ee:82:11:b4:af:27:2c:6b:d8:
                    9f:29:63:f6:f3:94:de:ff:f5:e6:b9:66:ac:49:c4:
                    54:a5:d1:7b:50:00:76:0b:f8:98:5d:b8:7a:a5:5e:
                    99:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:53:E2:CB:04:4C:10:76:88:4E:DD:D3:44:FC:C9:BB:1F:1B:CC:05
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/yFPiywRMEHaITt3TRPzJux8bzAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:f8:4d:b4:b7:35:98:4b:dd:fe:b7:f0:97:8a:72:9d:fb:5f:
         d4:e0:23:6a:6b:ca:f2:b9:05:0d:84:19:90:55:25:eb:f9:70:
         53:cf:df:75:ce:60:89:d0:2c:0f:90:a6:d1:ee:47:96:45:1e:
         4c:a3:ac:11:28:c4:64:29:71:ff:a6:6e:a7:84:c5:13:95:90:
         9c:ab:bb:20:8d:f9:ab:ea:5b:0a:00:56:aa:dc:e9:e7:5f:94:
         28:ba:34:5c:0d:bc:a7:ad:4c:db:67:cf:94:5b:54:ac:9f:dc:
         00:e0:6f:02:3d:ff:34:d6:6e:c3:75:f5:9e:52:ee:5c:9f:b9:
         38:28:c9:68:aa:07:f3:77:a6:b0:ac:f3:73:b6:4b:eb:d4:7a:
         2a:51:dd:e5:84:02:45:38:dc:19:a9:2a:79:3a:a1:74:c7:ae:
         31:be:0b:a8:47:ae:17:a5:d6:da:c4:0d:5e:2c:2b:5f:32:59:
         bc:14:35:f0:c6:19:b7:78:1c:ba:f6:57:07:73:b9:bf:f9:75:
         d5:c1:d7:b3:89:78:4b:c5:a4:a8:c9:59:2f:1e:4c:55:28:3d:
         2a:8f:6f:c2:c3:c6:dc:ea:9f:4d:ca:d4:10:c4:b4:00:1a:4a:
         a6:1b:9b:8f:a6:a8:7d:dd:7c:11:7d:33:93:05:af:a5:c8:11:
         8e:fc:9c:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRa+HZJWffm+fCoczrZGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjUwMTAxMjM0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODUzZTJjYjA0NGMxMDc2ODg0ZWRkZDM0NGZjYzliYjFmMWJjYzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRIoqg+640FevwmEcxXQscFDiuoP
WL2deOjIk6BF14Wu73LlokiGgUeCL1nlk9ufNSCCKwWfJvJWHBNDwDGqvpOs8LCW
F7kfUSn0jDGSivGGaJGbX1E5/mDgrMbkZLN9rKveJOlwphiEyJPRTZnpOiIWKY9D
CPjdeK9n3YMae+/9gn/ZFIer3EQ14HsdqC9is9gQ39WbYg6CNPTFyBVJYtYcz65E
Wez1bDiqsbhov3iENm2dVGr/2KFlEiHUATr4C3M3gJyQTrIUFqaOpGWEzDmmsM07
maLughG0rycsa9ifKWP285Te//XmuWasScRUpdF7UAB2C/iYXbh6pV6ZZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhT4ssETBB2iE7d00T8ybsfG8wFMB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEveUZQaXl3Uk1FSGFJVHQzVFJQekp1eDhiekFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+yCMA0G
CSqGSIb3DQEBCwUAA4IBAQBa+E20tzWYS93+t/CXinKd+1/U4CNqa8ryuQUNhBmQ
VSXr+XBTz991zmCJ0CwPkKbR7keWRR5Mo6wRKMRkKXH/pm6nhMUTlZCcq7sgjfmr
6lsKAFaq3OnnX5QoujRcDbynrUzbZ8+UW1Ssn9wA4G8CPf801m7DdfWeUu5cn7k4
KMloqgfzd6awrPNztkvr1HoqUd3lhAJFONwZqSp5OqF0x64xvguoR64XpdbaxA1e
LCtfMlm8FDXwxhm3eBy69lcHc7m/+XXVwdeziXhLxaSoyVkvHkxVKD0qj2/Cw8bc
6p9NytQQxLQAGkqmG5uPpqh93XwRfTOTBa+lyBGO/Jyg
-----END CERTIFICATE-----