Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/iyDkJ6tsf3xRvAJ0Gj5q4UQTX0w.roa
File:                     iyDkJ6tsf3xRvAJ0Gj5q4UQTX0w.roa (raw, json)
Hash identifier:          9D6oGG4UkPIHdgK/rGm54VcWFnSd+WbxSAZRhcGKtxs=
Subject key identifier:   8B:20:E4:27:AB:6C:7F:7C:51:BC:02:74:1A:3E:6A:E1:44:13:5F:4C
Certificate issuer:       /CN=5b797fcd8433b1f489f891194862fc36bfbef66b
Certificate serial:       01964231A0457E70A951F5625873E3523FF7
Authority key identifier: 5B:79:7F:CD:84:33:B1:F4:89:F8:91:19:48:62:FC:36:BF:BE:F6:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/iyDkJ6tsf3xRvAJ0Gj5q4UQTX0w.roa
Signing time:             Thu 17 Apr 2025 05:21:10 +0000
ROA not before:           Thu 17 Apr 2025 05:21:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215994
IP address blocks:        91.230.188.0/24 maxlen: 24
                          2a14:ba80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 14:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:42:31:a0:45:7e:70:a9:51:f5:62:58:73:e3:52:3f:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b797fcd8433b1f489f891194862fc36bfbef66b
        Validity
            Not Before: Apr 17 05:21:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b20e427ab6c7f7c51bc02741a3e6ae144135f4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:db:2e:2c:f9:5b:b0:1f:94:c9:07:07:54:30:
                    82:69:fe:cf:8a:e3:0c:34:9b:d5:c6:4f:5d:6d:31:
                    02:b1:c2:bd:06:2c:04:4c:58:c7:b6:a2:ef:3b:f2:
                    a3:85:0e:46:15:6c:33:fd:c5:4b:f6:7e:95:0b:f2:
                    b2:e9:ad:1c:bc:8f:51:bf:30:c6:5d:d8:85:c2:b6:
                    0d:0e:32:c7:c7:1b:c9:03:64:59:4d:c6:54:6c:29:
                    aa:32:4c:46:58:80:26:43:cd:63:6b:db:0a:fe:de:
                    28:2b:71:4f:7f:cf:3a:81:0c:6d:fa:49:c2:bf:96:
                    a9:6b:3e:0d:21:9f:8a:4e:4c:5e:ea:bb:eb:df:0c:
                    70:13:21:75:0b:d9:26:8c:14:8c:d0:34:43:91:03:
                    b1:d6:f2:b1:29:da:9b:2e:5a:06:b2:fa:15:b2:b6:
                    7a:a8:2f:a1:fd:dd:bc:b4:59:e7:53:25:17:8e:8c:
                    3f:5b:e9:82:b3:30:39:68:0d:6e:56:b2:0b:df:4a:
                    d0:43:53:29:f6:12:a3:92:80:19:d2:93:0f:21:5d:
                    c9:1a:14:be:ae:68:c9:c0:ff:31:79:68:8b:7c:43:
                    54:a1:99:08:4a:0f:c1:27:da:b6:f9:39:87:6b:ea:
                    59:20:67:c6:c2:75:49:80:17:29:60:d5:65:06:bf:
                    bc:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:20:E4:27:AB:6C:7F:7C:51:BC:02:74:1A:3E:6A:E1:44:13:5F:4C
            X509v3 Authority Key Identifier:
                keyid:5B:79:7F:CD:84:33:B1:F4:89:F8:91:19:48:62:FC:36:BF:BE:F6:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/iyDkJ6tsf3xRvAJ0Gj5q4UQTX0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/8fe4db-8c5b-40f5-9360-e596e524cabe/1/W3l_zYQzsfSJ-JEZSGL8Nr--9ms.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.188.0/24
                IPv6:
                  2a14:ba80::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:2c:87:71:27:33:af:8d:90:00:07:63:d2:2e:44:46:9f:22:
         79:fb:78:24:ed:29:84:48:09:b4:29:fb:4a:12:fe:42:60:44:
         94:c6:28:dc:5a:db:6a:6c:7f:cd:8c:97:74:47:b0:c3:79:30:
         d1:d8:41:d7:dc:db:5d:4e:62:e3:a9:e5:9e:6a:13:a3:9d:e0:
         55:5b:0e:ec:da:83:76:89:eb:7a:fd:6b:a8:5d:85:70:4a:93:
         ae:34:25:75:85:0e:dc:7b:ae:9f:69:3e:40:ff:c0:5c:29:10:
         d9:98:83:17:d0:af:42:50:12:0c:14:ec:35:44:37:79:dd:3d:
         1d:b6:62:dc:65:71:25:35:97:a1:c0:a4:57:9f:10:4e:6d:9e:
         00:22:f2:59:fd:a7:55:18:5c:34:ae:75:e6:95:f1:4d:4e:ff:
         a2:43:7e:9b:73:df:02:c4:33:3b:b0:a4:1f:f5:77:cf:63:47:
         0d:18:6e:b3:6b:9b:c7:33:53:22:b9:9e:b9:b6:4f:f3:47:07:
         6a:fe:05:5d:15:d2:03:48:0b:5d:b2:a5:0c:fd:e1:ea:2f:3f:
         a5:2d:2b:e5:9e:7d:af:09:91:be:05:39:d1:36:2a:1d:a7:e6:
         dc:a4:c5:31:66:a0:bb:8a:0e:3d:00:b7:f9:47:2a:ff:9e:ca:
         6d:ce:f5:6c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZCMaBFfnCpUfViWHPjUj/3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViNzk3ZmNkODQzM2IxZjQ4OWY4OTExOTQ4NjJmYzM2YmZi
ZWY2NmIwHhcNMjUwNDE3MDUyMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjIwZTQyN2FiNmM3ZjdjNTFiYzAyNzQxYTNlNmFlMTQ0MTM1ZjRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdsuLPlbsB+UyQcHVDCCaf7PiuMM
NJvVxk9dbTECscK9BiwETFjHtqLvO/KjhQ5GFWwz/cVL9n6VC/Ky6a0cvI9RvzDG
XdiFwrYNDjLHxxvJA2RZTcZUbCmqMkxGWIAmQ81ja9sK/t4oK3FPf886gQxt+knC
v5apaz4NIZ+KTkxe6rvr3wxwEyF1C9kmjBSM0DRDkQOx1vKxKdqbLloGsvoVsrZ6
qC+h/d28tFnnUyUXjow/W+mCszA5aA1uVrIL30rQQ1Mp9hKjkoAZ0pMPIV3JGhS+
rmjJwP8xeWiLfENUoZkISg/BJ9q2+TmHa+pZIGfGwnVJgBcpYNVlBr+8yQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIsg5CerbH98UbwCdBo+auFEE19MMB8GA1UdIwQY
MBaAFFt5f82EM7H0ifiRGUhi/Da/vvZrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzNsX3pZUXpzZlNKLUpFWlNHTDhOci0tOW1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC84ZmU0ZGItOGM1Yi00MGY1LTkzNjAt
ZTU5NmU1MjRjYWJlLzEvaXlEa0o2dHNmM3hSdkFKMEdqNXE0VVFUWDB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC84ZmU0ZGItOGM1Yi00MGY1LTkzNjAtZTU5NmU1MjRjYWJl
LzEvVzNsX3pZUXpzZlNKLUpFWlNHTDhOci0tOW1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW+a8MA0E
AgACMAcDBQMqFLqAMA0GCSqGSIb3DQEBCwUAA4IBAQDALIdxJzOvjZAAB2PSLkRG
nyJ5+3gk7SmESAm0KftKEv5CYESUxijcWttqbH/NjJd0R7DDeTDR2EHX3NtdTmLj
qeWeahOjneBVWw7s2oN2iet6/WuoXYVwSpOuNCV1hQ7ce66faT5A/8BcKRDZmIMX
0K9CUBIMFOw1RDd53T0dtmLcZXElNZehwKRXnxBObZ4AIvJZ/adVGFw0rnXmlfFN
Tv+iQ36bc98CxDM7sKQf9XfPY0cNGG6za5vHM1MiuZ65tk/zRwdq/gVdFdIDSAtd
sqUM/eHqLz+lLSvlnn2vCZG+BTnRNiodp+bcpMUxZqC7ig49ALf5Ryr/nsptzvVs
-----END CERTIFICATE-----