Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/numbWnJewpdlWjFsofSPwm7IG3g.roa
File:                     numbWnJewpdlWjFsofSPwm7IG3g.roa (raw, json)
Hash identifier:          14YqjZz0f+0ogH+Jj76bMz/1yDXbVz5uWlMR4KVjJRU=
Subject key identifier:   9E:E9:9B:5A:72:5E:C2:97:65:5A:31:6C:A1:F4:8F:C2:6E:C8:1B:78
Certificate issuer:       /CN=798e0da4f91007b224768acb4d131f12517d2b7a
Certificate serial:       01942521B8818532854C9A60D7888D863B6D
Authority key identifier: 79:8E:0D:A4:F9:10:07:B2:24:76:8A:CB:4D:13:1F:12:51:7D:2B:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/numbWnJewpdlWjFsofSPwm7IG3g.roa
Signing time:             Thu 02 Jan 2025 03:49:14 +0000
ROA not before:           Thu 02 Jan 2025 03:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31229
IP address blocks:        91.202.100.0/24 maxlen: 24
                          91.202.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:b8:81:85:32:85:4c:9a:60:d7:88:8d:86:3b:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=798e0da4f91007b224768acb4d131f12517d2b7a
        Validity
            Not Before: Jan  2 03:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ee99b5a725ec297655a316ca1f48fc26ec81b78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c1:ba:86:3c:56:ee:5d:0f:f5:fd:ac:84:38:
                    ad:bb:11:23:2c:33:1e:2e:bc:49:b0:cb:e8:9a:86:
                    96:bc:57:de:18:5f:e6:16:cb:ba:3d:75:7e:41:32:
                    2c:60:51:bb:97:06:c4:1c:2f:1f:58:31:1a:d1:40:
                    40:52:2c:d3:cb:f6:62:ec:5f:50:06:2a:a1:14:15:
                    e5:e3:68:f8:7a:00:59:38:a7:f0:1c:35:56:2b:17:
                    34:7f:19:60:e9:ed:ed:37:df:df:cc:7a:89:6a:0d:
                    f3:b9:16:20:dd:7b:c6:68:8b:61:f7:36:07:ac:ab:
                    bf:16:97:19:6e:c7:8c:b2:0b:5c:b0:e8:26:2f:90:
                    b3:ac:e4:b7:6d:f8:aa:75:ae:71:fa:c8:ea:68:10:
                    fa:92:9d:0f:fc:74:60:87:8f:be:ef:0d:d9:4a:a5:
                    82:e1:f7:a8:25:ee:47:5e:ea:f5:a6:82:dc:f4:4b:
                    73:d4:53:57:29:8d:58:99:3e:30:9a:79:d7:3e:40:
                    8d:48:ab:61:f3:7e:42:23:89:35:3e:59:14:34:3c:
                    d8:e6:46:3f:35:62:3b:cc:9b:16:ce:31:71:29:45:
                    ad:f0:96:52:93:89:e9:67:33:8c:f4:54:21:de:47:
                    02:32:63:f3:ea:cb:e3:c3:98:4f:f5:9f:0b:9d:72:
                    fe:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:E9:9B:5A:72:5E:C2:97:65:5A:31:6C:A1:F4:8F:C2:6E:C8:1B:78
            X509v3 Authority Key Identifier:
                keyid:79:8E:0D:A4:F9:10:07:B2:24:76:8A:CB:4D:13:1F:12:51:7D:2B:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eY4NpPkQB7IkdorLTRMfElF9K3o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/numbWnJewpdlWjFsofSPwm7IG3g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/404e64-f981-45b5-9cae-4fb4ef91a82f/1/eY4NpPkQB7IkdorLTRMfElF9K3o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.100.0/23

    Signature Algorithm: sha256WithRSAEncryption
         36:03:ce:1c:07:5f:28:60:cc:33:ae:da:69:f2:47:96:39:32:
         1d:f5:ef:9d:b3:24:11:96:df:89:2b:c1:ff:b7:5b:56:cb:90:
         1c:80:39:6a:c4:45:a8:24:ee:0d:e2:e2:a8:e2:b5:8a:14:84:
         b7:0f:fd:25:53:32:13:f1:b1:7b:06:03:93:81:45:c4:91:f7:
         c4:a5:15:da:31:e1:75:74:39:b3:4b:8c:4b:41:13:90:9f:2d:
         3b:67:2b:02:4f:be:8c:ac:5d:64:3e:40:a1:d3:4a:b8:49:2f:
         2d:6d:ec:dd:38:86:a3:32:24:27:8c:d0:2f:2b:13:73:4f:71:
         19:43:91:e5:77:22:03:c0:ad:d2:f3:0f:1f:95:9b:1a:43:c0:
         e5:4a:d6:cb:ae:0d:bd:a4:ba:fa:aa:58:2c:df:f1:d7:ee:c8:
         86:c0:34:f4:50:7f:57:e8:8f:5a:de:cb:62:f6:e1:67:79:da:
         71:7d:9c:7f:f8:af:19:a4:31:94:c3:fa:7c:c7:0e:f2:10:f2:
         a2:d9:65:98:b2:68:81:c4:fd:76:c0:a8:b0:dd:55:19:1e:a3:
         74:b9:cd:f3:42:fb:f7:74:93:09:26:a3:f2:5a:27:56:08:55:
         3c:ea:e8:1a:d1:e1:bb:b2:b5:95:d6:e3:72:50:35:0f:a1:4b:
         8b:f8:b3:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIbiBhTKFTJpg14iNhjttMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5OGUwZGE0ZjkxMDA3YjIyNDc2OGFjYjRkMTMxZjEyNTE3
ZDJiN2EwHhcNMjUwMTAyMDM0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWU5OWI1YTcyNWVjMjk3NjU1YTMxNmNhMWY0OGZjMjZlYzgxYjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMG6hjxW7l0P9f2shDituxEjLDMe
LrxJsMvomoaWvFfeGF/mFsu6PXV+QTIsYFG7lwbEHC8fWDEa0UBAUizTy/Zi7F9Q
BiqhFBXl42j4egBZOKfwHDVWKxc0fxlg6e3tN9/fzHqJag3zuRYg3XvGaIth9zYH
rKu/FpcZbseMsgtcsOgmL5CzrOS3bfiqda5x+sjqaBD6kp0P/HRgh4++7w3ZSqWC
4feoJe5HXur1poLc9Etz1FNXKY1YmT4wmnnXPkCNSKth835CI4k1PlkUNDzY5kY/
NWI7zJsWzjFxKUWt8JZSk4npZzOM9FQh3kcCMmPz6svjw5hP9Z8LnXL+fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ7pm1pyXsKXZVoxbKH0j8JuyBt4MB8GA1UdIwQY
MBaAFHmODaT5EAeyJHaKy00THxJRfSt6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVk0TnBQa1FCN0lrZG9yTFRSTWZFbEY5SzNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MDRlNjQtZjk4MS00NWI1LTljYWUt
NGZiNGVmOTFhODJmLzEvbnVtYlduSmV3cGRsV2pGc29mU1B3bTdJRzNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MDRlNjQtZjk4MS00NWI1LTljYWUtNGZiNGVmOTFhODJm
LzEvZVk0TnBQa1FCN0lrZG9yTFRSTWZFbEY5SzNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8pkMA0G
CSqGSIb3DQEBCwUAA4IBAQA2A84cB18oYMwzrtpp8keWOTId9e+dsyQRlt+JK8H/
t1tWy5AcgDlqxEWoJO4N4uKo4rWKFIS3D/0lUzIT8bF7BgOTgUXEkffEpRXaMeF1
dDmzS4xLQROQny07ZysCT76MrF1kPkCh00q4SS8tbezdOIajMiQnjNAvKxNzT3EZ
Q5HldyIDwK3S8w8flZsaQ8DlStbLrg29pLr6qlgs3/HX7siGwDT0UH9X6I9a3sti
9uFnedpxfZx/+K8ZpDGUw/p8xw7yEPKi2WWYsmiBxP12wKiw3VUZHqN0uc3zQvv3
dJMJJqPyWidWCFU86uga0eG7srWV1uNyUDUPoUuL+LND
-----END CERTIFICATE-----