Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/sDI9J-YeyeYQVMdJrZIugzYeaO8.roa
File:                     sDI9J-YeyeYQVMdJrZIugzYeaO8.roa (raw, json)
Hash identifier:          Ux6lO/XerfQZvaCfnJt98dM1HZ2ISN1O/8TpFC+olZI=
Subject key identifier:   B0:32:3D:27:E6:1E:C9:E6:10:54:C7:49:AD:92:2E:83:36:1E:68:EF
Certificate issuer:       /CN=10721ead6a4575643cb703062c0968755e8281eb
Certificate serial:       0194228E1D83005D6B3EDF42F1006D96F026
Authority key identifier: 10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/sDI9J-YeyeYQVMdJrZIugzYeaO8.roa
Signing time:             Wed 01 Jan 2025 15:48:46 +0000
ROA not before:           Wed 01 Jan 2025 15:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47967
IP address blocks:        91.236.216.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:1d:83:00:5d:6b:3e:df:42:f1:00:6d:96:f0:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10721ead6a4575643cb703062c0968755e8281eb
        Validity
            Not Before: Jan  1 15:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0323d27e61ec9e61054c749ad922e83361e68ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:74:a8:03:67:fa:51:41:19:22:5a:9f:87:dd:
                    af:55:c9:dc:c2:be:f6:df:d2:c8:c8:1e:21:ac:78:
                    36:44:61:49:fc:6f:ba:e3:45:9f:fb:1f:09:1d:d5:
                    28:1d:29:e5:87:4a:cb:e8:9a:7d:c7:f9:49:6b:bf:
                    98:08:bb:a5:78:8f:b3:c7:2c:c7:68:76:ce:88:01:
                    9b:55:64:7b:1e:b5:bb:b9:32:c1:dd:9e:5c:33:15:
                    da:79:32:6c:8c:e6:04:e5:5f:94:17:92:ba:71:32:
                    c0:a5:20:58:5e:86:bd:e6:76:78:33:44:d8:68:81:
                    64:ff:16:f2:8d:d3:07:54:83:24:59:dd:57:29:23:
                    52:98:a7:c7:a7:99:10:21:da:42:7c:2c:3d:41:de:
                    f1:2c:03:8d:b8:f3:ec:50:47:97:5b:89:dc:73:c7:
                    44:e7:ae:a4:4d:d7:f2:c9:48:55:dc:fe:cd:80:4a:
                    dc:fb:08:5d:a7:73:f2:5c:81:a0:d5:93:35:27:98:
                    38:2c:62:fc:35:89:c4:56:a1:1d:4c:29:fa:29:dd:
                    69:68:a3:ab:b3:4f:1d:4a:64:8a:9c:17:ac:5a:4d:
                    dd:e7:19:fa:30:77:35:b0:34:9a:27:31:1a:4b:e6:
                    e3:f5:c0:bd:e8:f9:5b:db:79:d6:62:9b:3c:71:35:
                    28:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:32:3D:27:E6:1E:C9:E6:10:54:C7:49:AD:92:2E:83:36:1E:68:EF
            X509v3 Authority Key Identifier:
                keyid:10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/sDI9J-YeyeYQVMdJrZIugzYeaO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:8b:fa:f3:6b:12:2a:95:4d:56:46:4a:f8:64:48:9d:ae:5b:
         87:6b:d4:cf:b6:7d:22:d0:96:b9:5a:59:0a:3e:f7:6a:2e:aa:
         c0:86:18:07:52:d8:94:ba:9a:6e:53:39:5d:d3:1a:22:17:f5:
         51:66:f1:10:ba:83:c3:ca:37:9d:b2:07:e0:c9:0d:f9:db:bc:
         fa:5d:d0:a1:4c:83:76:c9:ca:17:0e:2c:a1:a3:12:ce:da:9c:
         84:0d:02:7b:5b:fe:d9:b5:21:7b:1a:ad:f9:ab:13:b5:12:3c:
         d9:0c:62:23:ef:38:54:e6:00:e6:76:2c:06:54:8e:0d:c2:9f:
         c3:c0:55:8a:b6:7f:9a:dc:19:5b:e0:93:f5:49:74:ab:70:28:
         d4:51:29:7b:ef:c0:f9:09:a1:32:b2:fb:2b:b8:46:c4:5b:2d:
         5f:8c:a0:87:dc:4c:60:1d:88:72:00:69:7a:69:56:8c:c1:d3:
         07:e4:49:0c:23:94:7e:35:97:50:bc:7c:90:9b:31:9d:ac:0d:
         5f:ca:3b:9e:a6:3b:ce:c7:19:42:b9:d8:36:28:02:9b:cd:c6:
         b1:bc:a1:c7:f0:c0:17:0c:71:88:53:6c:f3:41:65:82:a6:4d:
         40:77:05:1f:24:7e:ef:8f:4b:06:b7:f0:ed:bf:74:5e:13:42:
         c9:d2:4c:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijh2DAF1rPt9C8QBtlvAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzIxZWFkNmE0NTc1NjQzY2I3MDMwNjJjMDk2ODc1NWU4
MjgxZWIwHhcNMjUwMTAxMTU0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDMyM2QyN2U2MWVjOWU2MTA1NGM3NDlhZDkyMmU4MzM2MWU2OGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznSoA2f6UUEZIlqfh92vVcncwr72
39LIyB4hrHg2RGFJ/G+640Wf+x8JHdUoHSnlh0rL6Jp9x/lJa7+YCLuleI+zxyzH
aHbOiAGbVWR7HrW7uTLB3Z5cMxXaeTJsjOYE5V+UF5K6cTLApSBYXoa95nZ4M0TY
aIFk/xbyjdMHVIMkWd1XKSNSmKfHp5kQIdpCfCw9Qd7xLAONuPPsUEeXW4ncc8dE
566kTdfyyUhV3P7NgErc+whdp3PyXIGg1ZM1J5g4LGL8NYnEVqEdTCn6Kd1paKOr
s08dSmSKnBesWk3d5xn6MHc1sDSaJzEaS+bj9cC96Plb23nWYps8cTUomwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLAyPSfmHsnmEFTHSa2SLoM2HmjvMB8GA1UdIwQY
MBaAFBByHq1qRXVkPLcDBiwJaHVegoHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQt
M2Q0YWU4MGZjNDVkLzEvc0RJOUotWWV5ZVlRVk1kSnJaSXVnelllYU84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQtM2Q0YWU4MGZjNDVk
LzEvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+zYMA0G
CSqGSIb3DQEBCwUAA4IBAQCXi/rzaxIqlU1WRkr4ZEidrluHa9TPtn0i0Ja5WlkK
PvdqLqrAhhgHUtiUuppuUzld0xoiF/VRZvEQuoPDyjedsgfgyQ3527z6XdChTIN2
ycoXDiyhoxLO2pyEDQJ7W/7ZtSF7Gq35qxO1EjzZDGIj7zhU5gDmdiwGVI4Nwp/D
wFWKtn+a3Blb4JP1SXSrcCjUUSl778D5CaEysvsruEbEWy1fjKCH3ExgHYhyAGl6
aVaMwdMH5EkMI5R+NZdQvHyQmzGdrA1fyjuepjvOxxlCudg2KAKbzcaxvKHH8MAX
DHGIU2zzQWWCpk1AdwUfJH7vj0sGt/Dtv3ReE0LJ0kza
-----END CERTIFICATE-----