Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/2dac8b-76cd-40f0-854e-1da2acc76e11/1/S9IbEuckGJ-9L5NueHluP1etdYo.roa
File:                     S9IbEuckGJ-9L5NueHluP1etdYo.roa (raw, json)
Hash identifier:          3hI+07Eg5raje1kn4kUfDxud5d5a2unK+1/vO0g99aY=
Subject key identifier:   4B:D2:1B:12:E7:24:18:9F:BD:2F:93:6E:78:79:6E:3F:57:AD:75:8A
Certificate issuer:       /CN=e2bbc7067f8a7c57d686d675eb468e99b86bd62d
Certificate serial:       0194236909E439911797C07D6D82719D80F5
Authority key identifier: E2:BB:C7:06:7F:8A:7C:57:D6:86:D6:75:EB:46:8E:99:B8:6B:D6:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4rvHBn-KfFfWhtZ160aOmbhr1i0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/2dac8b-76cd-40f0-854e-1da2acc76e11/1/S9IbEuckGJ-9L5NueHluP1etdYo.roa
Signing time:             Wed 01 Jan 2025 19:47:53 +0000
ROA not before:           Wed 01 Jan 2025 19:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51435
IP address blocks:        91.217.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/2dac8b-76cd-40f0-854e-1da2acc76e11/1/4rvHBn-KfFfWhtZ160aOmbhr1i0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/2dac8b-76cd-40f0-854e-1da2acc76e11/1/4rvHBn-KfFfWhtZ160aOmbhr1i0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4rvHBn-KfFfWhtZ160aOmbhr1i0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:09:e4:39:91:17:97:c0:7d:6d:82:71:9d:80:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2bbc7067f8a7c57d686d675eb468e99b86bd62d
        Validity
            Not Before: Jan  1 19:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4bd21b12e724189fbd2f936e78796e3f57ad758a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:0b:7f:d2:6b:7d:cc:08:e6:31:59:d0:cc:25:
                    39:60:14:33:b0:56:36:d0:7c:a8:83:c5:71:2f:f9:
                    5f:ff:5a:db:e4:01:73:55:49:3d:12:77:1d:bd:79:
                    70:7d:3f:44:60:ea:6c:a4:db:55:15:c9:6f:ce:13:
                    ae:1a:32:25:fa:63:40:e9:9e:3a:7b:ee:2a:ec:89:
                    be:8b:a3:ec:ae:16:ba:78:5c:6d:57:63:18:42:e9:
                    b5:aa:8a:c9:7b:2c:4a:3a:05:55:fb:76:52:ff:c7:
                    a8:8d:b2:24:23:6c:88:c6:7e:19:e5:3f:26:13:dc:
                    56:e3:57:51:7c:13:c8:44:ff:16:4e:81:7a:80:53:
                    c5:6c:b7:d6:97:9e:98:dc:49:f0:c0:fb:42:9a:4d:
                    71:e9:f8:3b:79:b0:74:e1:7f:9d:e5:15:21:5d:9b:
                    db:4c:a3:dc:64:77:a7:46:49:d3:e0:60:54:44:42:
                    ec:c5:19:37:c4:93:25:9d:90:01:ea:ce:6c:d0:17:
                    44:98:7a:a3:3c:dc:9c:68:33:fd:bc:5f:fa:f5:4e:
                    09:92:0b:d2:80:97:3a:8a:69:c0:90:e8:6f:52:fd:
                    2a:a2:3a:cf:b1:2d:2e:4a:11:39:18:0f:9a:bd:4b:
                    65:eb:88:74:72:ff:17:cf:1b:09:54:76:a3:23:1d:
                    25:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:D2:1B:12:E7:24:18:9F:BD:2F:93:6E:78:79:6E:3F:57:AD:75:8A
            X509v3 Authority Key Identifier:
                keyid:E2:BB:C7:06:7F:8A:7C:57:D6:86:D6:75:EB:46:8E:99:B8:6B:D6:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4rvHBn-KfFfWhtZ160aOmbhr1i0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/2dac8b-76cd-40f0-854e-1da2acc76e11/1/S9IbEuckGJ-9L5NueHluP1etdYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/2dac8b-76cd-40f0-854e-1da2acc76e11/1/4rvHBn-KfFfWhtZ160aOmbhr1i0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f1:e4:86:2d:c2:b0:e2:23:27:b3:88:df:e8:99:36:a5:06:
         4a:90:8c:b4:fa:82:0d:db:7a:0f:f8:61:13:3e:f1:1a:08:43:
         e7:6f:74:9f:e2:1d:3f:cc:14:09:bb:aa:04:45:f8:3a:f6:e8:
         d5:bf:9a:72:27:62:18:1b:3a:d8:02:31:41:42:8a:fd:9b:ea:
         0f:76:2b:96:8f:cc:05:04:fa:81:30:44:ce:27:e2:f5:cc:c2:
         71:22:88:8b:b6:60:a0:69:63:9d:21:85:a3:e4:63:69:2d:12:
         b3:3a:8f:0d:cd:c0:cd:69:94:62:ff:5b:a0:03:83:08:5f:df:
         83:5c:c3:55:08:32:ce:5b:d8:13:0b:ed:b4:5a:7b:ba:07:0b:
         c3:ae:c0:c9:1a:0a:01:05:e6:23:b2:71:e1:8f:9b:e9:6d:0e:
         09:97:82:86:13:7b:fa:ed:12:57:11:0c:b8:f3:c2:38:22:99:
         5d:96:37:e4:2f:f3:ec:80:6b:be:47:3b:66:0a:33:33:cb:9e:
         23:ec:27:12:31:27:d7:a1:e1:34:be:67:f1:bf:d5:47:e6:fa:
         2c:2f:ef:99:b7:24:b5:4f:e4:7e:30:5c:6c:a1:48:7c:4b:6e:
         f5:f2:1f:e0:af:5e:02:1c:ad:17:f1:9d:04:40:0d:82:11:5b:
         a0:62:34:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaQnkOZEXl8B9bYJxnYD1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYmJjNzA2N2Y4YTdjNTdkNjg2ZDY3NWViNDY4ZTk5Yjg2
YmQ2MmQwHhcNMjUwMTAxMTk0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmQyMWIxMmU3MjQxODlmYmQyZjkzNmU3ODc5NmUzZjU3YWQ3NThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wt/0mt9zAjmMVnQzCU5YBQzsFY2
0Hyog8VxL/lf/1rb5AFzVUk9EncdvXlwfT9EYOpspNtVFclvzhOuGjIl+mNA6Z46
e+4q7Im+i6Psrha6eFxtV2MYQum1qorJeyxKOgVV+3ZS/8eojbIkI2yIxn4Z5T8m
E9xW41dRfBPIRP8WToF6gFPFbLfWl56Y3EnwwPtCmk1x6fg7ebB04X+d5RUhXZvb
TKPcZHenRknT4GBURELsxRk3xJMlnZAB6s5s0BdEmHqjPNycaDP9vF/69U4JkgvS
gJc6imnAkOhvUv0qojrPsS0uShE5GA+avUtl64h0cv8XzxsJVHajIx0lGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEvSGxLnJBifvS+Tbnh5bj9XrXWKMB8GA1UdIwQY
MBaAFOK7xwZ/inxX1obWdetGjpm4a9YtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHJ2SEJuLUtmRmZXaHRaMTYwYU9tYmhyMWkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8yZGFjOGItNzZjZC00MGYwLTg1NGUt
MWRhMmFjYzc2ZTExLzEvUzlJYkV1Y2tHSi05TDVOdWVIbHVQMWV0ZFlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8yZGFjOGItNzZjZC00MGYwLTg1NGUtMWRhMmFjYzc2ZTEx
LzEvNHJ2SEJuLUtmRmZXaHRaMTYwYU9tYmhyMWkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mTMA0G
CSqGSIb3DQEBCwUAA4IBAQAv8eSGLcKw4iMns4jf6Jk2pQZKkIy0+oIN23oP+GET
PvEaCEPnb3Sf4h0/zBQJu6oERfg69ujVv5pyJ2IYGzrYAjFBQor9m+oPdiuWj8wF
BPqBMETOJ+L1zMJxIoiLtmCgaWOdIYWj5GNpLRKzOo8NzcDNaZRi/1ugA4MIX9+D
XMNVCDLOW9gTC+20Wnu6BwvDrsDJGgoBBeYjsnHhj5vpbQ4Jl4KGE3v67RJXEQy4
88I4IpldljfkL/PsgGu+RztmCjMzy54j7CcSMSfXoeE0vmfxv9VH5vosL++ZtyS1
T+R+MFxsoUh8S2718h/gr14CHK0X8Z0EQA2CEVugYjQp
-----END CERTIFICATE-----