Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/n5HWKOnZqMf_HeJzgOhByI-5MCw.roa
File:                     n5HWKOnZqMf_HeJzgOhByI-5MCw.roa (raw, json)
Hash identifier:          YxqtLi8VJbl+yyfM6G5PrLuDd8IPpzOnurqCTIlxay8=
Subject key identifier:   9F:91:D6:28:E9:D9:A8:C7:FF:1D:E2:73:80:E8:41:C8:8F:B9:30:2C
Certificate issuer:       /CN=0f7dd32779c1a9b297e28cb035fd679abb1916d1
Certificate serial:       0196D43F2C7E3C2F92C6FECBB890B061E097
Authority key identifier: 0F:7D:D3:27:79:C1:A9:B2:97:E2:8C:B0:35:FD:67:9A:BB:19:16:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D33TJ3nBqbKX4oywNf1nmrsZFtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/n5HWKOnZqMf_HeJzgOhByI-5MCw.roa
Signing time:             Thu 15 May 2025 14:00:32 +0000
ROA not before:           Thu 15 May 2025 14:00:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        91.234.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/D33TJ3nBqbKX4oywNf1nmrsZFtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/D33TJ3nBqbKX4oywNf1nmrsZFtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D33TJ3nBqbKX4oywNf1nmrsZFtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d4:3f:2c:7e:3c:2f:92:c6:fe:cb:b8:90:b0:61:e0:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f7dd32779c1a9b297e28cb035fd679abb1916d1
        Validity
            Not Before: May 15 14:00:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f91d628e9d9a8c7ff1de27380e841c88fb9302c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a7:48:29:78:48:1a:57:7c:1f:3c:16:9d:33:
                    8d:01:e6:f2:b5:b4:65:2c:75:8e:45:ef:8e:a8:9b:
                    9a:dc:b0:0b:69:b8:b9:f6:90:ac:e4:65:4d:a2:a4:
                    28:4e:61:93:a8:d8:f7:12:90:e4:11:31:e3:14:dd:
                    8f:dd:43:98:1b:cd:75:2a:41:56:48:bc:9d:92:4c:
                    f5:9a:ba:87:4f:9a:8d:0f:a3:b6:36:f2:1d:13:b8:
                    bb:28:73:bf:97:84:c2:83:d5:93:30:e1:48:56:ab:
                    eb:db:84:70:94:9c:c6:2a:55:3c:54:d0:eb:51:a9:
                    77:96:d7:82:c7:d5:91:e8:a8:77:d3:9a:68:e9:97:
                    51:65:8b:1d:b1:0a:4d:55:30:ff:f5:a5:b8:c0:e8:
                    a2:67:f3:95:0b:18:bc:0b:8e:4f:ba:12:83:2e:36:
                    3a:1e:f8:ca:f7:e7:1b:57:db:93:b3:7f:ce:8e:53:
                    93:5c:74:e9:5b:1d:05:18:0d:ba:07:38:b7:ae:8d:
                    75:14:05:e4:11:49:f5:32:4d:db:01:46:84:0b:1d:
                    f8:d4:eb:ce:94:ea:74:94:cd:1d:bd:34:80:04:2b:
                    cd:c8:2d:32:db:a6:33:0b:ff:c8:e7:fd:9f:cc:cb:
                    3f:17:2f:18:9e:37:db:06:17:29:91:78:4a:5a:7d:
                    ee:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:91:D6:28:E9:D9:A8:C7:FF:1D:E2:73:80:E8:41:C8:8F:B9:30:2C
            X509v3 Authority Key Identifier:
                keyid:0F:7D:D3:27:79:C1:A9:B2:97:E2:8C:B0:35:FD:67:9A:BB:19:16:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D33TJ3nBqbKX4oywNf1nmrsZFtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/n5HWKOnZqMf_HeJzgOhByI-5MCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/729210-d720-4f38-b6be-acf66f78b2b7/1/D33TJ3nBqbKX4oywNf1nmrsZFtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:24:47:55:43:7c:17:90:4f:23:0b:1d:7b:ce:f9:a7:a0:2f:
         11:b8:d8:ea:8d:53:34:07:9a:dd:4f:25:d9:95:d2:14:e3:4c:
         c7:c7:7d:e9:21:52:95:6f:8a:18:fb:06:a7:2e:7c:4b:14:5d:
         41:28:de:ec:a1:0b:2e:d0:b7:35:25:9c:0b:a7:23:7d:dc:95:
         6f:cd:93:46:1f:7c:5c:dc:b7:99:5c:f4:20:db:b5:71:e8:98:
         84:22:98:a4:29:bb:8d:9c:25:a5:f9:31:c2:40:12:5e:30:90:
         d3:ca:61:f2:88:5e:3f:a1:a4:e9:70:93:bb:f2:a8:87:b0:27:
         77:7d:e7:e9:a3:f0:85:d4:bc:9e:4f:1d:3f:6c:09:ae:65:97:
         9f:96:90:4d:1f:a5:05:b6:2a:fe:25:e0:c7:2a:c3:83:49:79:
         40:8f:24:89:71:e2:86:12:8b:c2:50:6e:77:a4:54:31:48:5d:
         72:d0:a4:6c:29:26:e0:8c:48:c0:27:7d:20:bf:51:b5:02:b9:
         fb:32:30:15:aa:68:3f:ce:37:68:9e:ed:92:04:8b:ba:22:d7:
         c1:08:27:16:30:1a:b4:df:c5:6f:95:32:23:5e:1c:dc:f3:6a:
         4d:1f:7d:a5:09:5f:53:76:f7:89:3b:45:13:19:4a:a0:19:fe:
         97:29:f8:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbUPyx+PC+Sxv7LuJCwYeCXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmN2RkMzI3NzljMWE5YjI5N2UyOGNiMDM1ZmQ2NzlhYmIx
OTE2ZDEwHhcNMjUwNTE1MTQwMDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjkxZDYyOGU5ZDlhOGM3ZmYxZGUyNzM4MGU4NDFjODhmYjkzMDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKdIKXhIGld8HzwWnTONAebytbRl
LHWORe+OqJua3LALabi59pCs5GVNoqQoTmGTqNj3EpDkETHjFN2P3UOYG811KkFW
SLydkkz1mrqHT5qND6O2NvIdE7i7KHO/l4TCg9WTMOFIVqvr24RwlJzGKlU8VNDr
Ual3lteCx9WR6Kh305po6ZdRZYsdsQpNVTD/9aW4wOiiZ/OVCxi8C45PuhKDLjY6
HvjK9+cbV9uTs3/OjlOTXHTpWx0FGA26Bzi3ro11FAXkEUn1Mk3bAUaECx341OvO
lOp0lM0dvTSABCvNyC0y26YzC//I5/2fzMs/Fy8YnjfbBhcpkXhKWn3ukwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+R1ijp2ajH/x3ic4DoQciPuTAsMB8GA1UdIwQY
MBaAFA990yd5wamyl+KMsDX9Z5q7GRbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDMzVEozbkJxYktYNG95d05mMW5tcnNaRnRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi83MjkyMTAtZDcyMC00ZjM4LWI2YmUt
YWNmNjZmNzhiMmI3LzEvbjVIV0tPblpxTWZfSGVKemdPaEJ5SS01TUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi83MjkyMTAtZDcyMC00ZjM4LWI2YmUtYWNmNjZmNzhiMmI3
LzEvRDMzVEozbkJxYktYNG95d05mMW5tcnNaRnRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+onMA0G
CSqGSIb3DQEBCwUAA4IBAQA5JEdVQ3wXkE8jCx17zvmnoC8RuNjqjVM0B5rdTyXZ
ldIU40zHx33pIVKVb4oY+wanLnxLFF1BKN7soQsu0Lc1JZwLpyN93JVvzZNGH3xc
3LeZXPQg27Vx6JiEIpikKbuNnCWl+THCQBJeMJDTymHyiF4/oaTpcJO78qiHsCd3
fefpo/CF1LyeTx0/bAmuZZeflpBNH6UFtir+JeDHKsODSXlAjySJceKGEovCUG53
pFQxSF1y0KRsKSbgjEjAJ30gv1G1Arn7MjAVqmg/zjdonu2SBIu6ItfBCCcWMBq0
38VvlTIjXhzc82pNH32lCV9TdveJO0UTGUqgGf6XKfgW
-----END CERTIFICATE-----