Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/Y7rjDq7fdynJflZ1cb7ZNg-KFmg.roa
File:                     Y7rjDq7fdynJflZ1cb7ZNg-KFmg.roa (raw, json)
Hash identifier:          h2vc7Gq/Sd/1Xnjjmm5IRwstIcuks+nnX9YP0dcordQ=
Subject key identifier:   63:BA:E3:0E:AE:DF:77:29:C9:7E:56:75:71:BE:D9:36:0F:8A:16:68
Certificate issuer:       /CN=d57c7db04e78c221f3df2a2af082b518d962a8f0
Certificate serial:       0194266BC2172033B08A4CDF6F59C0255AC6
Authority key identifier: D5:7C:7D:B0:4E:78:C2:21:F3:DF:2A:2A:F0:82:B5:18:D9:62:A8:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/Y7rjDq7fdynJflZ1cb7ZNg-KFmg.roa
Signing time:             Thu 02 Jan 2025 09:49:43 +0000
ROA not before:           Thu 02 Jan 2025 09:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43380
IP address blocks:        91.206.3.0/24 maxlen: 24
                          2a0f:f4c0::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:c2:17:20:33:b0:8a:4c:df:6f:59:c0:25:5a:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d57c7db04e78c221f3df2a2af082b518d962a8f0
        Validity
            Not Before: Jan  2 09:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63bae30eaedf7729c97e567571bed9360f8a1668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ce:31:e7:a4:14:e1:ed:a0:04:1f:8f:50:d8:
                    1e:6a:1a:29:19:34:9c:11:bb:28:57:55:f9:4f:53:
                    c9:94:e3:ce:1a:4a:63:1a:3e:b7:c5:68:57:9a:25:
                    60:85:a5:4e:f4:9a:72:94:c9:92:55:a2:90:8f:11:
                    4f:b4:d7:8a:4e:7c:9b:37:92:ae:12:76:bf:1b:04:
                    22:c6:36:8c:df:ae:2e:af:11:06:15:83:59:04:4c:
                    96:9d:33:68:b3:59:da:b3:6f:44:53:de:6e:fd:9b:
                    0d:c1:3e:96:42:60:76:1d:7f:69:41:e6:03:30:b4:
                    5c:d1:65:c8:9b:4c:bd:91:90:01:d6:ee:82:fb:d8:
                    ae:a4:df:7a:8d:f7:93:ef:7f:07:6f:8f:3b:6d:97:
                    0d:90:46:12:aa:eb:53:d4:c1:52:49:ad:9a:64:43:
                    d9:d8:bb:3f:3b:56:eb:4a:a0:06:0f:9b:9a:e8:6f:
                    75:1d:74:87:3e:21:02:19:2f:d3:98:27:c8:f5:e1:
                    ea:e4:ff:25:79:55:23:2d:d5:04:03:90:8f:30:b4:
                    cf:88:12:b0:33:09:5d:e6:dc:d7:e0:cd:4a:7c:94:
                    66:53:30:2f:27:67:fb:6d:c3:07:e2:e0:95:8d:d6:
                    fd:58:d0:15:0f:d0:fa:a6:07:e8:2c:62:09:aa:b6:
                    7a:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:BA:E3:0E:AE:DF:77:29:C9:7E:56:75:71:BE:D9:36:0F:8A:16:68
            X509v3 Authority Key Identifier:
                keyid:D5:7C:7D:B0:4E:78:C2:21:F3:DF:2A:2A:F0:82:B5:18:D9:62:A8:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Xx9sE54wiHz3yoq8IK1GNliqPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/Y7rjDq7fdynJflZ1cb7ZNg-KFmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/18d059-3cb2-46bf-a588-fe95a9af3adc/1/1Xx9sE54wiHz3yoq8IK1GNliqPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.3.0/24
                IPv6:
                  2a0f:f4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:e3:e0:fe:07:f3:59:94:f5:f1:4e:f2:43:76:84:0a:a4:d9:
         fa:bb:2d:da:2b:a3:3f:42:f7:f6:48:ea:47:97:17:4e:b3:57:
         89:fe:04:cc:d5:b9:6c:6c:0a:90:ca:5f:7d:82:08:ad:e5:78:
         af:bc:fa:b2:b5:34:01:6b:0d:7f:67:b5:f1:18:d0:d9:5b:5a:
         62:a1:77:cc:44:7e:26:aa:f2:b6:01:6e:6d:fe:1d:14:8f:24:
         95:c3:fa:23:57:87:b6:86:68:94:24:b5:2d:5b:69:c6:36:bf:
         ec:f1:d1:6c:76:fe:43:78:3a:ea:50:37:ef:4a:66:bb:38:19:
         74:41:11:c0:32:86:8f:2d:df:71:18:93:11:3d:08:77:bb:de:
         37:f0:c3:47:70:f8:4f:0a:5a:1c:4a:5f:5f:3d:4a:45:23:d8:
         d1:60:18:6f:22:63:26:75:24:d1:a5:93:9a:89:8d:33:67:89:
         55:21:e8:3a:67:2e:71:7b:53:68:46:e0:0b:19:96:0e:1d:71:
         d8:4b:68:13:d4:4a:37:76:5f:90:13:e6:5f:2b:9a:1b:78:f2:
         de:17:88:19:97:af:6c:ec:71:4d:ef:a8:54:77:2f:8a:93:e3:
         bf:4a:93:f5:38:17:dc:29:77:71:61:ad:61:c1:02:80:b8:06:
         67:31:28:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQma8IXIDOwikzfb1nAJVrGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1N2M3ZGIwNGU3OGMyMjFmM2RmMmEyYWYwODJiNTE4ZDk2
MmE4ZjAwHhcNMjUwMTAyMDk0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2JhZTMwZWFlZGY3NzI5Yzk3ZTU2NzU3MWJlZDkzNjBmOGExNjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4M4x56QU4e2gBB+PUNgeahopGTSc
EbsoV1X5T1PJlOPOGkpjGj63xWhXmiVghaVO9JpylMmSVaKQjxFPtNeKTnybN5Ku
Ena/GwQixjaM364urxEGFYNZBEyWnTNos1nas29EU95u/ZsNwT6WQmB2HX9pQeYD
MLRc0WXIm0y9kZAB1u6C+9iupN96jfeT738Hb487bZcNkEYSqutT1MFSSa2aZEPZ
2Ls/O1brSqAGD5ua6G91HXSHPiECGS/TmCfI9eHq5P8leVUjLdUEA5CPMLTPiBKw
Mwld5tzX4M1KfJRmUzAvJ2f7bcMH4uCVjdb9WNAVD9D6pgfoLGIJqrZ6XQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGO64w6u33cpyX5WdXG+2TYPihZoMB8GA1UdIwQY
MBaAFNV8fbBOeMIh898qKvCCtRjZYqjwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVh4OXNFNTR3aUh6M3lvcThJSzFHTmxpcVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8xOGQwNTktM2NiMi00NmJmLWE1ODgt
ZmU5NWE5YWYzYWRjLzEvWTdyakRxN2ZkeW5KZmxaMWNiN1pOZy1LRm1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8xOGQwNTktM2NiMi00NmJmLWE1ODgtZmU5NWE5YWYzYWRj
LzEvMVh4OXNFNTR3aUh6M3lvcThJSzFHTmxpcVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW84DMA0E
AgACMAcDBQAqD/TAMA0GCSqGSIb3DQEBCwUAA4IBAQBX4+D+B/NZlPXxTvJDdoQK
pNn6uy3aK6M/Qvf2SOpHlxdOs1eJ/gTM1blsbAqQyl99ggit5XivvPqytTQBaw1/
Z7XxGNDZW1pioXfMRH4mqvK2AW5t/h0UjySVw/ojV4e2hmiUJLUtW2nGNr/s8dFs
dv5DeDrqUDfvSma7OBl0QRHAMoaPLd9xGJMRPQh3u9438MNHcPhPClocSl9fPUpF
I9jRYBhvImMmdSTRpZOaiY0zZ4lVIeg6Zy5xe1NoRuALGZYOHXHYS2gT1Eo3dl+Q
E+ZfK5obePLeF4gZl69s7HFN76hUdy+Kk+O/SpP1OBfcKXdxYa1hwQKAuAZnMSiL
-----END CERTIFICATE-----