Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/6fnAZ8W2MGF8ZNrQkh_nCxeTpv4.roa
File:                     6fnAZ8W2MGF8ZNrQkh_nCxeTpv4.roa (raw, json)
Hash identifier:          VVdXTpC74ZKSlf0OaYeG4sfAbOWwASAnFr5UUxM1yrQ=
Subject key identifier:   E9:F9:C0:67:C5:B6:30:61:7C:64:DA:D0:92:1F:E7:0B:17:93:A6:FE
Certificate issuer:       /CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
Certificate serial:       01942826EED0DB15EB0B49DD75339C8678D3
Authority key identifier: 91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/6fnAZ8W2MGF8ZNrQkh_nCxeTpv4.roa
Signing time:             Thu 02 Jan 2025 17:53:47 +0000
ROA not before:           Thu 02 Jan 2025 17:53:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201268
IP address blocks:        91.221.248.0/24 maxlen: 24
                          91.221.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:ee:d0:db:15:eb:0b:49:dd:75:33:9c:86:78:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
        Validity
            Not Before: Jan  2 17:53:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9f9c067c5b630617c64dad0921fe70b1793a6fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:b3:71:0f:ea:0e:22:bb:41:91:87:63:89:ae:
                    2b:bc:08:81:b0:a9:92:de:13:84:e4:48:f6:95:fd:
                    e8:07:f9:6f:b1:1b:43:05:95:85:11:65:6a:8b:91:
                    91:6d:cc:39:ed:33:76:c3:7a:f1:c8:11:73:43:2e:
                    67:39:90:73:78:00:63:95:99:5d:c7:bc:4e:50:9a:
                    df:a4:a1:6b:e1:b4:9d:a9:90:e2:93:ed:f1:2f:56:
                    93:9c:c1:32:11:e4:bc:97:97:33:87:12:71:64:db:
                    01:bd:fe:f1:ee:a9:cc:67:93:7b:79:e9:fe:ab:29:
                    92:66:4c:81:2e:0b:18:6a:48:88:a1:60:74:23:22:
                    44:c4:86:5e:f6:1b:8c:31:f7:86:a7:5f:7a:f6:3c:
                    5f:52:db:cf:d9:26:14:07:0b:5c:28:ed:1b:42:d1:
                    c0:d1:41:21:7d:20:f7:96:20:fd:2f:8f:12:d4:09:
                    d5:be:e2:f6:69:42:45:76:7f:6b:f7:ca:72:ee:b7:
                    36:7a:7c:8f:60:78:f0:3c:b8:ac:b5:90:17:7b:92:
                    16:69:ab:ad:97:dd:b3:c8:1d:77:88:46:de:eb:19:
                    e1:9a:36:83:f6:2f:3f:c3:58:a9:25:fe:50:18:80:
                    61:c7:e9:ae:dc:c7:fa:25:a9:bf:d0:81:d2:7b:ea:
                    60:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F9:C0:67:C5:B6:30:61:7C:64:DA:D0:92:1F:E7:0B:17:93:A6:FE
            X509v3 Authority Key Identifier:
                keyid:91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/6fnAZ8W2MGF8ZNrQkh_nCxeTpv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a4:97:a1:76:79:d5:b1:d8:21:15:98:44:3f:13:08:7d:88:03:
         be:3b:40:bb:7f:67:6a:09:92:c6:46:61:b5:3c:f8:9f:c3:6e:
         2e:f1:b2:2e:ea:28:49:53:35:9e:86:a0:64:11:43:5e:a6:54:
         4c:70:d4:80:7b:5e:df:28:47:26:70:30:45:f2:94:6f:ba:c5:
         2e:62:ee:db:21:76:b1:9e:7d:35:f2:ee:81:d5:04:b3:16:02:
         36:32:15:54:bd:ea:c1:8d:56:22:27:55:05:0e:a1:fd:eb:33:
         81:62:ae:53:46:e2:55:10:97:20:fa:5c:a0:d6:31:8b:c2:cc:
         dc:da:cf:b9:8d:39:97:ca:79:3a:02:84:85:95:57:a1:cd:d4:
         25:5d:9b:67:22:95:f1:cd:48:3d:2f:5f:34:4b:60:de:52:e8:
         60:60:ef:a4:26:b1:ba:25:0d:8d:10:a6:aa:98:73:04:70:ac:
         7c:9f:59:47:f5:5c:1b:0e:36:a5:ae:62:89:6f:a5:d0:0b:6e:
         f7:e0:43:43:4d:55:f5:7f:b1:d0:bd:08:0f:5c:16:e7:f6:99:
         3f:b7:64:17:3b:e5:47:fd:ed:92:9c:c3:81:d0:bc:35:8a:c5:
         b4:41:d5:3e:64:3c:ba:8f:f3:13:15:cf:97:48:64:68:d5:3c:
         5f:f2:a5:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJu7Q2xXrC0nddTOchnjTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDAxYzQ3ZjAwZTY0ZjM1Y2M3NTJkMDNiMzRhNzFiNzE0
MDZiM2YwHhcNMjUwMTAyMTc1MzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWY5YzA2N2M1YjYzMDYxN2M2NGRhZDA5MjFmZTcwYjE3OTNhNmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLNxD+oOIrtBkYdjia4rvAiBsKmS
3hOE5Ej2lf3oB/lvsRtDBZWFEWVqi5GRbcw57TN2w3rxyBFzQy5nOZBzeABjlZld
x7xOUJrfpKFr4bSdqZDik+3xL1aTnMEyEeS8l5czhxJxZNsBvf7x7qnMZ5N7een+
qymSZkyBLgsYakiIoWB0IyJExIZe9huMMfeGp1969jxfUtvP2SYUBwtcKO0bQtHA
0UEhfSD3liD9L48S1AnVvuL2aUJFdn9r98py7rc2enyPYHjwPListZAXe5IWaaut
l92zyB13iEbe6xnhmjaD9i8/w1ipJf5QGIBhx+mu3Mf6Jam/0IHSe+pgewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOn5wGfFtjBhfGTa0JIf5wsXk6b+MB8GA1UdIwQY
MBaAFJHQHEfwDmTzXMdS0Ds0pxtxQGs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWIt
NTZiMDA2ZWYwZDNiLzEvNmZuQVo4VzJNR0Y4Wk5yUWtoX25DeGVUcHY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWItNTZiMDA2ZWYwZDNi
LzEva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW934MA0G
CSqGSIb3DQEBCwUAA4IBAQCkl6F2edWx2CEVmEQ/Ewh9iAO+O0C7f2dqCZLGRmG1
PPifw24u8bIu6ihJUzWehqBkEUNeplRMcNSAe17fKEcmcDBF8pRvusUuYu7bIXax
nn018u6B1QSzFgI2MhVUverBjVYiJ1UFDqH96zOBYq5TRuJVEJcg+lyg1jGLwszc
2s+5jTmXynk6AoSFlVehzdQlXZtnIpXxzUg9L180S2DeUuhgYO+kJrG6JQ2NEKaq
mHMEcKx8n1lH9VwbDjalrmKJb6XQC2734ENDTVX1f7HQvQgPXBbn9pk/t2QXO+VH
/e2SnMOB0Lw1isW0QdU+ZDy6j/MTFc+XSGRo1Txf8qWD
-----END CERTIFICATE-----