Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/J7ETPWoz6PcKZiDENKdc7eg0G3E.roa
File:                     J7ETPWoz6PcKZiDENKdc7eg0G3E.roa (raw, json)
Hash identifier:          pWE9GZh1hbb+a6dmiouPzsW10XU9kJ/ykBSv44CMcgY=
Subject key identifier:   27:B1:13:3D:6A:33:E8:F7:0A:66:20:C4:34:A7:5C:ED:E8:34:1B:71
Certificate issuer:       /CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
Certificate serial:       01942067BABCBB9C60D0BCE23CEAA220BDED
Authority key identifier: 8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/J7ETPWoz6PcKZiDENKdc7eg0G3E.roa
Signing time:             Wed 01 Jan 2025 05:47:36 +0000
ROA not before:           Wed 01 Jan 2025 05:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     967
IP address blocks:        91.217.160.0/24 maxlen: 24
                          2a06:5040:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:ba:bc:bb:9c:60:d0:bc:e2:3c:ea:a2:20:bd:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b37183341a2ab6df3c59ec827ed71200b5a6244
        Validity
            Not Before: Jan  1 05:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27b1133d6a33e8f70a6620c434a75cede8341b71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:63:16:d8:be:5d:93:ff:24:82:36:a5:20:d7:
                    8f:24:40:bc:e6:8a:2a:52:21:0d:98:ac:ae:b9:16:
                    46:d8:bb:4d:c5:72:2d:a2:4a:f1:7e:7b:03:4c:a3:
                    b1:5e:65:90:4d:1d:7d:e8:9f:c2:32:c7:0e:d2:89:
                    98:30:92:c0:c3:92:4c:32:c7:e9:61:d3:e5:23:d4:
                    72:34:1b:6c:6c:0a:fc:2e:96:be:ce:1e:ee:2b:df:
                    3b:05:db:cf:55:6d:14:36:d4:7b:e1:c6:0f:cf:78:
                    35:a6:20:ec:35:80:81:90:04:92:b3:d9:e6:82:9f:
                    91:e1:fa:af:a2:eb:ad:38:a2:2f:af:3a:c3:cc:5d:
                    3b:3c:1c:9b:84:f3:fd:2d:d7:29:bc:16:39:04:a9:
                    02:33:d7:39:ec:92:9a:59:ba:6d:a9:3c:38:ee:06:
                    0d:02:08:36:cd:30:a2:ca:12:82:27:02:40:bf:41:
                    eb:ee:cb:16:ef:d5:dc:9d:46:73:68:b3:66:c3:e1:
                    0b:36:ae:37:04:87:a2:e6:95:34:71:3f:db:15:06:
                    8a:aa:52:67:02:19:13:15:ec:f2:16:82:80:fd:6d:
                    28:01:7e:13:76:40:4a:70:80:12:27:f6:5e:e7:38:
                    1b:18:24:60:fd:f7:4c:5b:b2:a5:81:a9:be:9e:69:
                    e1:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:B1:13:3D:6A:33:E8:F7:0A:66:20:C4:34:A7:5C:ED:E8:34:1B:71
            X509v3 Authority Key Identifier:
                keyid:8B:37:18:33:41:A2:AB:6D:F3:C5:9E:C8:27:ED:71:20:0B:5A:62:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/J7ETPWoz6PcKZiDENKdc7eg0G3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/1c78e3-67d6-4e90-aeb5-0852cb353293/1/izcYM0Giq23zxZ7IJ-1xIAtaYkQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.160.0/24
                IPv6:
                  2a06:5040:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         67:d6:94:6e:9e:7f:89:14:e1:13:50:7e:be:a3:b0:dc:5a:a2:
         5c:38:78:9d:e1:15:3d:45:ee:aa:a6:b3:20:96:16:e1:ef:bf:
         a9:4a:84:d3:c7:b7:75:ce:5a:68:b4:83:70:f9:d4:38:70:41:
         f4:d5:82:37:af:01:12:05:99:48:dd:16:18:95:fd:a3:41:01:
         8b:73:4a:5f:2f:f9:f2:4f:f3:0a:d3:a3:90:51:0d:d6:ca:1d:
         43:55:f6:36:64:53:6a:03:1c:1f:43:63:82:9c:07:1e:3f:ee:
         72:5f:49:ff:86:65:74:86:c2:2a:b3:d8:69:d8:92:c1:8d:fe:
         fd:fc:9a:67:85:ca:ce:46:6d:27:17:84:2c:30:e1:85:b4:a8:
         31:ac:5b:5f:dd:82:d2:41:32:1f:ad:5f:1b:f3:85:eb:db:6a:
         65:16:de:85:ba:12:c6:fa:a8:50:e2:69:57:35:c1:b8:2f:c5:
         6e:64:08:2d:07:1f:83:41:0d:0f:f8:07:dd:54:66:e9:2e:3e:
         08:2d:b0:91:e4:83:2d:43:e2:7d:30:5b:f7:c7:25:c5:d1:04:
         ff:6b:49:e6:0e:bc:d8:b1:c2:ed:f5:1d:ec:0b:ca:17:fa:c0:
         8a:7c:94:e5:1e:de:88:d2:24:2d:6a:5e:e0:ef:b0:eb:7e:f6:
         0d:3c:05:b3
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQgZ7q8u5xg0LziPOqiIL3tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiMzcxODMzNDFhMmFiNmRmM2M1OWVjODI3ZWQ3MTIwMGI1
YTYyNDQwHhcNMjUwMTAxMDU0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2IxMTMzZDZhMzNlOGY3MGE2NjIwYzQzNGE3NWNlZGU4MzQxYjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2MW2L5dk/8kgjalINePJEC85ooq
UiENmKyuuRZG2LtNxXItokrxfnsDTKOxXmWQTR196J/CMscO0omYMJLAw5JMMsfp
YdPlI9RyNBtsbAr8Lpa+zh7uK987BdvPVW0UNtR74cYPz3g1piDsNYCBkASSs9nm
gp+R4fqvouutOKIvrzrDzF07PBybhPP9LdcpvBY5BKkCM9c57JKaWbptqTw47gYN
Agg2zTCiyhKCJwJAv0Hr7ssW79XcnUZzaLNmw+ELNq43BIei5pU0cT/bFQaKqlJn
AhkTFezyFoKA/W0oAX4TdkBKcIASJ/Ze5zgbGCRg/fdMW7Klgam+nmnhEQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFCexEz1qM+j3CmYgxDSnXO3oNBtxMB8GA1UdIwQY
MBaAFIs3GDNBoqtt88WeyCftcSALWmJEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUt
MDg1MmNiMzUzMjkzLzEvSjdFVFBXb3o2UGNLWmlERU5LZGM3ZWcwRzNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi8xYzc4ZTMtNjdkNi00ZTkwLWFlYjUtMDg1MmNiMzUzMjkz
LzEvaXpjWU0wR2lxMjN6eFo3SUotMXhJQXRhWWtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAW9mgMA4E
AgACMAgDBgQqBlBAIDANBgkqhkiG9w0BAQsFAAOCAQEAZ9aUbp5/iRThE1B+vqOw
3FqiXDh4neEVPUXuqqazIJYW4e+/qUqE08e3dc5aaLSDcPnUOHBB9NWCN68BEgWZ
SN0WGJX9o0EBi3NKXy/58k/zCtOjkFEN1sodQ1X2NmRTagMcH0NjgpwHHj/ucl9J
/4ZldIbCKrPYadiSwY3+/fyaZ4XKzkZtJxeELDDhhbSoMaxbX92C0kEyH61fG/OF
69tqZRbehboSxvqoUOJpVzXBuC/FbmQILQcfg0END/gH3VRm6S4+CC2wkeSDLUPi
fTBb98clxdEE/2tJ5g682LHC7fUd7AvKF/rAinyU5R7eiNIkLWpe4O+w6372DTwF
sw==
-----END CERTIFICATE-----