Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/9c6507-9d7f-42c7-9d12-0e35001778a5/1/ENc4V7s5D9VI1PWlf_wPokzkahE.roa
File:                     ENc4V7s5D9VI1PWlf_wPokzkahE.roa (raw, json)
Hash identifier:          BXmB/X/SHXqjZRpYnJuPeo2gTwWyCsvdek5X4RHOx9c=
Subject key identifier:   10:D7:38:57:BB:39:0F:D5:48:D4:F5:A5:7F:FC:0F:A2:4C:E4:6A:11
Certificate issuer:       /CN=cafaf6fa25b8d2acb1b44dcdd55437aba2226e9e
Certificate serial:       0194228D1383E625C6021C884F17004BEE97
Authority key identifier: CA:FA:F6:FA:25:B8:D2:AC:B1:B4:4D:CD:D5:54:37:AB:A2:22:6E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yvr2-iW40qyxtE3N1VQ3q6Iibp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/9c6507-9d7f-42c7-9d12-0e35001778a5/1/ENc4V7s5D9VI1PWlf_wPokzkahE.roa
Signing time:             Wed 01 Jan 2025 15:47:38 +0000
ROA not before:           Wed 01 Jan 2025 15:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12180
IP address blocks:        81.91.112.0/20 maxlen: 20
                          217.17.144.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/9c6507-9d7f-42c7-9d12-0e35001778a5/1/yvr2-iW40qyxtE3N1VQ3q6Iibp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/9c6507-9d7f-42c7-9d12-0e35001778a5/1/yvr2-iW40qyxtE3N1VQ3q6Iibp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yvr2-iW40qyxtE3N1VQ3q6Iibp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:13:83:e6:25:c6:02:1c:88:4f:17:00:4b:ee:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cafaf6fa25b8d2acb1b44dcdd55437aba2226e9e
        Validity
            Not Before: Jan  1 15:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10d73857bb390fd548d4f5a57ffc0fa24ce46a11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0c:df:05:51:c2:f9:38:ea:3f:94:38:f5:bc:
                    10:25:e3:da:0c:10:54:d2:18:4e:ee:6d:5e:c4:62:
                    28:f2:a3:29:6e:cc:35:45:e5:a0:e7:c9:83:d8:f2:
                    a3:3d:2e:7e:62:56:32:a0:72:a8:c7:3b:51:d2:36:
                    43:c5:8f:7e:83:59:41:e5:eb:92:10:7b:33:50:96:
                    26:1e:06:92:0d:79:8f:83:79:6e:a4:d5:86:94:c4:
                    5a:f4:dd:7a:4d:fa:2d:d3:3d:97:41:a6:32:68:c1:
                    a1:81:fb:e0:6d:8c:98:c3:b3:43:34:97:cd:cc:19:
                    d8:c5:62:64:92:fe:b6:11:df:d9:34:50:ce:18:50:
                    f3:70:75:1e:8d:55:a0:54:80:5b:72:60:63:fc:06:
                    77:bc:44:10:a8:9f:45:2f:97:cb:88:a5:d2:89:3f:
                    bb:72:95:14:d3:e7:bf:27:68:34:50:36:cd:4c:f3:
                    8b:dc:cc:ca:c6:96:dd:35:ef:1c:0f:e2:64:49:68:
                    20:ac:35:6e:91:5c:ad:0b:ba:b3:49:df:86:5d:75:
                    79:39:65:ec:2e:06:8d:8b:0b:61:a4:fb:74:45:d9:
                    66:22:a1:90:d9:d6:e5:e4:79:ef:41:b1:df:c8:91:
                    c7:b1:a1:1a:bb:3e:5f:2e:3b:d0:31:86:70:a5:68:
                    73:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:D7:38:57:BB:39:0F:D5:48:D4:F5:A5:7F:FC:0F:A2:4C:E4:6A:11
            X509v3 Authority Key Identifier:
                keyid:CA:FA:F6:FA:25:B8:D2:AC:B1:B4:4D:CD:D5:54:37:AB:A2:22:6E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yvr2-iW40qyxtE3N1VQ3q6Iibp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/9c6507-9d7f-42c7-9d12-0e35001778a5/1/ENc4V7s5D9VI1PWlf_wPokzkahE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/9c6507-9d7f-42c7-9d12-0e35001778a5/1/yvr2-iW40qyxtE3N1VQ3q6Iibp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.91.112.0/20
                  217.17.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         38:67:2e:28:6d:52:00:2a:12:25:11:e9:76:eb:c1:a1:b8:9a:
         69:90:cd:80:43:68:c5:56:20:84:b4:32:d1:04:25:6a:af:2e:
         75:e3:43:d9:69:dd:3e:6a:b6:17:30:25:59:b7:a6:3b:16:99:
         65:d4:a0:93:d5:09:54:07:ce:e5:e7:72:28:c1:65:08:82:fb:
         ec:36:94:ed:2e:8d:06:7e:e7:c5:eb:85:54:92:c1:fb:71:79:
         f2:aa:23:86:ce:62:b2:37:49:9e:ca:48:64:4c:d9:f0:5a:21:
         a1:02:96:63:db:cd:6d:ed:d3:56:1c:06:58:99:59:43:cc:53:
         f9:71:d6:cd:85:7c:c8:bb:75:87:80:7c:27:92:b9:08:ca:ef:
         67:42:7c:65:f2:f4:19:25:ea:9c:05:ed:70:a3:da:01:05:1f:
         61:54:21:09:c2:92:0a:ae:e2:07:27:f8:3b:e4:87:4c:58:c5:
         66:03:33:3b:8f:a1:84:c2:d8:61:99:b6:17:3b:92:54:19:f7:
         06:2e:08:a9:39:1f:c5:8e:2c:d6:76:57:2e:ee:46:56:08:ef:
         48:f3:41:cc:76:f3:1e:bf:e7:fc:2c:9d:9d:92:91:43:14:0f:
         78:6e:7e:1f:01:15:e5:92:12:51:15:b2:c1:f2:21:69:3b:9d:
         51:7e:a5:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQijROD5iXGAhyITxcAS+6XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhZmFmNmZhMjViOGQyYWNiMWI0NGRjZGQ1NTQzN2FiYTIy
MjZlOWUwHhcNMjUwMTAxMTU0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGQ3Mzg1N2JiMzkwZmQ1NDhkNGY1YTU3ZmZjMGZhMjRjZTQ2YTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQzfBVHC+TjqP5Q49bwQJePaDBBU
0hhO7m1exGIo8qMpbsw1ReWg58mD2PKjPS5+YlYyoHKoxztR0jZDxY9+g1lB5euS
EHszUJYmHgaSDXmPg3lupNWGlMRa9N16Tfot0z2XQaYyaMGhgfvgbYyYw7NDNJfN
zBnYxWJkkv62Ed/ZNFDOGFDzcHUejVWgVIBbcmBj/AZ3vEQQqJ9FL5fLiKXSiT+7
cpUU0+e/J2g0UDbNTPOL3MzKxpbdNe8cD+JkSWggrDVukVytC7qzSd+GXXV5OWXs
LgaNiwthpPt0RdlmIqGQ2dbl5HnvQbHfyJHHsaEauz5fLjvQMYZwpWhz1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBDXOFe7OQ/VSNT1pX/8D6JM5GoRMB8GA1UdIwQY
MBaAFMr69voluNKssbRNzdVUN6uiIm6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXZyMi1pVzQwcXl4dEUzTjFWUTNxNklpYnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi85YzY1MDctOWQ3Zi00MmM3LTlkMTIt
MGUzNTAwMTc3OGE1LzEvRU5jNFY3czVEOVZJMVBXbGZfd1Bva3prYWhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi85YzY1MDctOWQ3Zi00MmM3LTlkMTItMGUzNTAwMTc3OGE1
LzEveXZyMi1pVzQwcXl4dEUzTjFWUTNxNklpYnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUVtwAwQE
2RGQMA0GCSqGSIb3DQEBCwUAA4IBAQA4Zy4obVIAKhIlEel268GhuJppkM2AQ2jF
ViCEtDLRBCVqry5140PZad0+arYXMCVZt6Y7Fpll1KCT1QlUB87l53IowWUIgvvs
NpTtLo0GfufF64VUksH7cXnyqiOGzmKyN0meykhkTNnwWiGhApZj281t7dNWHAZY
mVlDzFP5cdbNhXzIu3WHgHwnkrkIyu9nQnxl8vQZJeqcBe1wo9oBBR9hVCEJwpIK
ruIHJ/g75IdMWMVmAzM7j6GEwthhmbYXO5JUGfcGLgipOR/FjizWdlcu7kZWCO9I
80HMdvMev+f8LJ2dkpFDFA94bn4fARXlkhJRFbLB8iFpO51RfqXw
-----END CERTIFICATE-----