Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/b1e0ff-9696-4b61-bd5e-7f6e4930f25a/1/Y7rbDno7w__NNU8_Y1vybLh8QhU.roa
File:                     Y7rbDno7w__NNU8_Y1vybLh8QhU.roa (raw, json)
Hash identifier:          JcJWoK6XwWQ+PAZZ9rS/dpHArel2kscu87IT6w7P4BM=
Subject key identifier:   63:BA:DB:0E:7A:3B:C3:FF:CD:35:4F:3F:63:5B:F2:6C:B8:7C:42:15
Certificate issuer:       /CN=b542bc0d8cc28f558615ed3fae53cace4a6ef081
Certificate serial:       019420D61D4F38E0D9C47045CE968DD164C3
Authority key identifier: B5:42:BC:0D:8C:C2:8F:55:86:15:ED:3F:AE:53:CA:CE:4A:6E:F0:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUK8DYzCj1WGFe0_rlPKzkpu8IE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/b1e0ff-9696-4b61-bd5e-7f6e4930f25a/1/Y7rbDno7w__NNU8_Y1vybLh8QhU.roa
Signing time:             Wed 01 Jan 2025 07:48:10 +0000
ROA not before:           Wed 01 Jan 2025 07:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204054
IP address blocks:        91.216.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/b1e0ff-9696-4b61-bd5e-7f6e4930f25a/1/tUK8DYzCj1WGFe0_rlPKzkpu8IE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/b1e0ff-9696-4b61-bd5e-7f6e4930f25a/1/tUK8DYzCj1WGFe0_rlPKzkpu8IE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUK8DYzCj1WGFe0_rlPKzkpu8IE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:1d:4f:38:e0:d9:c4:70:45:ce:96:8d:d1:64:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b542bc0d8cc28f558615ed3fae53cace4a6ef081
        Validity
            Not Before: Jan  1 07:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63badb0e7a3bc3ffcd354f3f635bf26cb87c4215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:d2:a9:9f:db:9d:59:90:bd:c5:0a:b0:d2:ca:
                    b7:05:15:24:05:76:d8:85:0b:2a:70:80:b3:0b:8f:
                    18:c4:5c:0e:0f:2c:88:b2:d7:bc:69:36:83:b1:1e:
                    67:c6:54:37:fe:26:88:94:6c:64:6a:cc:49:e2:86:
                    9e:6e:3a:f3:1e:15:e0:e9:a2:3d:31:d4:67:cb:8e:
                    61:92:24:f9:78:4f:07:de:79:b2:3f:db:66:d4:fc:
                    fe:2b:98:ed:e7:45:54:4f:41:f5:e7:bd:42:cd:2b:
                    d8:8c:65:a2:8e:08:43:e4:f3:35:9b:57:a9:4f:72:
                    8b:d1:5a:3e:7b:1a:93:55:aa:1d:70:06:3d:d0:52:
                    9e:69:c8:d8:81:0f:9a:2e:eb:3d:64:6f:17:e4:ed:
                    d7:46:0c:06:2f:1b:8b:6c:3f:c3:c5:1d:66:80:b0:
                    81:a1:5e:e7:fc:50:e8:3b:9f:a2:5c:53:62:53:06:
                    f7:e0:03:38:27:c6:07:3a:06:b0:d7:25:65:a9:73:
                    af:2f:61:90:12:23:72:00:62:f5:fb:17:42:bf:d9:
                    39:d2:6b:79:9e:d7:91:62:09:93:f9:1d:35:e5:62:
                    40:ff:73:07:a1:cb:1d:16:f7:f3:bd:36:ee:89:1b:
                    93:62:6b:8b:00:38:a4:aa:53:e0:7a:c2:96:08:c7:
                    32:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:BA:DB:0E:7A:3B:C3:FF:CD:35:4F:3F:63:5B:F2:6C:B8:7C:42:15
            X509v3 Authority Key Identifier:
                keyid:B5:42:BC:0D:8C:C2:8F:55:86:15:ED:3F:AE:53:CA:CE:4A:6E:F0:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUK8DYzCj1WGFe0_rlPKzkpu8IE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b1e0ff-9696-4b61-bd5e-7f6e4930f25a/1/Y7rbDno7w__NNU8_Y1vybLh8QhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/b1e0ff-9696-4b61-bd5e-7f6e4930f25a/1/tUK8DYzCj1WGFe0_rlPKzkpu8IE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:f5:60:7d:72:c1:bc:45:b1:84:5b:2d:7f:fd:43:05:5d:4d:
         84:f1:db:08:c0:29:28:40:03:67:ec:7a:94:b2:29:5c:d8:93:
         33:ce:61:17:39:d2:87:89:c5:53:3c:1f:3c:a0:a8:38:d2:de:
         42:1a:2b:7d:a1:7b:96:a4:d6:51:43:5d:14:17:bf:ff:15:51:
         9d:8e:f7:2f:44:65:b7:0d:a4:b3:4f:08:1a:01:c1:ad:08:71:
         bb:03:7c:e4:c5:b6:a2:a2:82:cf:33:1e:7d:80:41:7d:9a:d6:
         d4:1c:93:85:86:5a:8f:bf:e2:fc:e9:2e:a8:95:99:f1:dc:76:
         d4:27:2f:bf:03:93:59:88:e1:bb:35:b7:fa:b9:5a:fc:d0:5f:
         f7:14:24:28:e9:6b:f4:3d:64:3b:d3:52:16:45:f2:7d:fd:ca:
         98:76:49:51:36:5a:67:79:e0:4f:cd:1b:67:de:99:92:4c:a1:
         30:06:08:05:9e:28:83:e8:57:22:94:7d:3e:8b:da:c6:69:a4:
         bf:45:59:38:a7:fc:cf:1a:d3:ef:79:42:3e:fb:2b:1b:45:52:
         89:ed:85:af:56:a6:07:92:c5:0a:1a:b1:34:d8:b1:fd:7e:da:
         a1:7d:bc:66:96:da:09:23:e6:62:f8:bf:cc:8d:a4:87:82:64:
         ce:da:08:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1h1POODZxHBFzpaN0WTDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDJiYzBkOGNjMjhmNTU4NjE1ZWQzZmFlNTNjYWNlNGE2
ZWYwODEwHhcNMjUwMTAxMDc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2JhZGIwZTdhM2JjM2ZmY2QzNTRmM2Y2MzViZjI2Y2I4N2M0MjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgtKpn9udWZC9xQqw0sq3BRUkBXbY
hQsqcICzC48YxFwODyyIste8aTaDsR5nxlQ3/iaIlGxkasxJ4oaebjrzHhXg6aI9
MdRny45hkiT5eE8H3nmyP9tm1Pz+K5jt50VUT0H1571CzSvYjGWijghD5PM1m1ep
T3KL0Vo+exqTVaodcAY90FKeacjYgQ+aLus9ZG8X5O3XRgwGLxuLbD/DxR1mgLCB
oV7n/FDoO5+iXFNiUwb34AM4J8YHOgaw1yVlqXOvL2GQEiNyAGL1+xdCv9k50mt5
nteRYgmT+R015WJA/3MHocsdFvfzvTbuiRuTYmuLADikqlPgesKWCMcyZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGO62w56O8P/zTVPP2Nb8my4fEIVMB8GA1UdIwQY
MBaAFLVCvA2Mwo9VhhXtP65Tys5KbvCBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVLOERZekNqMVdHRmUwX3JsUEt6a3B1OElFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS9iMWUwZmYtOTY5Ni00YjYxLWJkNWUt
N2Y2ZTQ5MzBmMjVhLzEvWTdyYkRubzd3X19OTlU4X1kxdnliTGg4UWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS9iMWUwZmYtOTY5Ni00YjYxLWJkNWUtN2Y2ZTQ5MzBmMjVh
LzEvdFVLOERZekNqMVdHRmUwX3JsUEt6a3B1OElFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9jfMA0G
CSqGSIb3DQEBCwUAA4IBAQBu9WB9csG8RbGEWy1//UMFXU2E8dsIwCkoQANn7HqU
silc2JMzzmEXOdKHicVTPB88oKg40t5CGit9oXuWpNZRQ10UF7//FVGdjvcvRGW3
DaSzTwgaAcGtCHG7A3zkxbaiooLPMx59gEF9mtbUHJOFhlqPv+L86S6olZnx3HbU
Jy+/A5NZiOG7Nbf6uVr80F/3FCQo6Wv0PWQ701IWRfJ9/cqYdklRNlpneeBPzRtn
3pmSTKEwBggFniiD6FcilH0+i9rGaaS/RVk4p/zPGtPveUI++ysbRVKJ7YWvVqYH
ksUKGrE02LH9ftqhfbxmltoJI+Zi+L/MjaSHgmTO2gig
-----END CERTIFICATE-----