Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/DyBY2wfHB6a4dl33U3SXwgLJDGU.roa
File:                     DyBY2wfHB6a4dl33U3SXwgLJDGU.roa (raw, json)
Hash identifier:          WRQJvvPjJahE1qm/vBTCrYOROs7sZwpvslZhT6hCk+s=
Subject key identifier:   0F:20:58:DB:07:C7:07:A6:B8:76:5D:F7:53:74:97:C2:02:C9:0C:65
Certificate issuer:       /CN=0969cb21563e26edb6afb20d1d92e893a8ddb81d
Certificate serial:       01950EBF72B140493C88966833F93F56D38D
Authority key identifier: 09:69:CB:21:56:3E:26:ED:B6:AF:B2:0D:1D:92:E8:93:A8:DD:B8:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CWnLIVY-Ju22r7INHZLok6jduB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/DyBY2wfHB6a4dl33U3SXwgLJDGU.roa
Signing time:             Sun 16 Feb 2025 12:33:02 +0000
ROA not before:           Sun 16 Feb 2025 12:33:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3302
IP address blocks:        91.234.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/CWnLIVY-Ju22r7INHZLok6jduB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/CWnLIVY-Ju22r7INHZLok6jduB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CWnLIVY-Ju22r7INHZLok6jduB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 21:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:0e:bf:72:b1:40:49:3c:88:96:68:33:f9:3f:56:d3:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0969cb21563e26edb6afb20d1d92e893a8ddb81d
        Validity
            Not Before: Feb 16 12:33:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f2058db07c707a6b8765df7537497c202c90c65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:95:05:dc:21:84:be:3b:63:14:2d:e9:77:42:
                    88:b1:a2:87:cb:7f:ef:53:c4:8c:a4:bc:9e:d1:c4:
                    b2:37:fc:3a:bd:9a:87:e3:65:d0:fc:d0:c4:2b:7f:
                    b0:d1:ab:d2:0c:ca:a9:55:f6:f0:90:95:63:d5:d2:
                    f3:81:9f:35:bb:3a:e4:cb:e9:76:47:29:30:e9:b2:
                    27:5d:05:6d:12:72:85:6a:a1:2d:c2:50:0d:58:3b:
                    56:ae:5f:cb:54:ca:76:5b:f8:46:53:23:25:7c:af:
                    04:be:d5:38:49:1e:cf:5a:99:86:bf:4c:46:c3:de:
                    39:46:aa:7a:f9:46:14:8b:90:7b:64:39:fc:65:34:
                    ae:a9:d5:b3:89:69:90:92:4e:1c:7b:10:95:30:e5:
                    fe:18:77:7d:13:a0:d3:a6:73:8a:f8:69:8f:89:88:
                    41:0c:55:83:32:37:8f:a1:d5:1a:09:4f:eb:34:0b:
                    43:5d:12:51:f8:57:ce:3c:09:9c:de:0c:a8:9d:a7:
                    82:0d:7b:8b:c7:8b:9e:37:d3:f0:24:75:1c:87:34:
                    f5:09:d6:8b:87:ac:16:72:66:b9:38:85:4c:2c:92:
                    dd:ae:c1:69:d0:8f:3a:67:1d:9f:36:12:5e:87:23:
                    98:18:c1:81:0e:25:6b:81:fd:93:00:32:ed:39:a9:
                    20:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:20:58:DB:07:C7:07:A6:B8:76:5D:F7:53:74:97:C2:02:C9:0C:65
            X509v3 Authority Key Identifier:
                keyid:09:69:CB:21:56:3E:26:ED:B6:AF:B2:0D:1D:92:E8:93:A8:DD:B8:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CWnLIVY-Ju22r7INHZLok6jduB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/DyBY2wfHB6a4dl33U3SXwgLJDGU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/7fe823-6ed7-4786-97b4-3600d02a6f0e/1/CWnLIVY-Ju22r7INHZLok6jduB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:76:7f:11:8f:8f:d1:0d:b9:dc:8e:d5:cd:8e:d9:63:ec:10:
         b3:55:7a:76:b4:61:4c:fd:f8:48:e1:df:89:9b:11:26:82:a1:
         ed:0a:5f:f5:28:c1:31:2d:f5:6e:30:27:4b:1e:58:b4:fd:66:
         c6:ec:71:9c:ab:28:20:76:fe:2c:f8:91:65:ea:d2:4d:0a:a4:
         97:91:2a:a3:4b:c3:35:23:cc:79:f0:bd:d8:2c:4c:6c:04:7e:
         ea:2f:1d:18:7b:1f:15:d3:a4:f2:5a:05:b2:4f:20:cf:88:55:
         1a:81:6a:4c:90:88:2b:6e:99:8c:06:8f:50:c6:9e:e0:1f:23:
         4d:dd:7f:a0:02:0c:5f:95:b4:df:11:c7:09:41:6d:5f:1c:37:
         2b:b8:48:c7:5f:b1:64:2d:d7:fd:ba:99:dc:09:ab:73:17:8c:
         d8:b5:45:94:3f:6b:b1:e4:d5:63:c7:59:75:f3:51:31:9b:68:
         92:f5:22:47:b8:da:a0:45:2a:d6:35:c8:80:3f:a5:da:3a:2e:
         e4:02:e5:fa:d0:3a:ae:58:07:bf:58:3b:b5:ce:ef:58:77:1e:
         45:fe:29:0c:ae:b8:67:78:33:d1:60:48:b1:61:f3:97:45:04:
         f4:31:0b:65:f2:19:f6:db:32:ad:95:b9:2f:7b:4d:90:eb:dd:
         cf:4f:53:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUOv3KxQEk8iJZoM/k/VtONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5NjljYjIxNTYzZTI2ZWRiNmFmYjIwZDFkOTJlODkzYThk
ZGI4MWQwHhcNMjUwMjE2MTIzMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjIwNThkYjA3YzcwN2E2Yjg3NjVkZjc1Mzc0OTdjMjAyYzkwYzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzZUF3CGEvjtjFC3pd0KIsaKHy3/v
U8SMpLye0cSyN/w6vZqH42XQ/NDEK3+w0avSDMqpVfbwkJVj1dLzgZ81uzrky+l2
Rykw6bInXQVtEnKFaqEtwlANWDtWrl/LVMp2W/hGUyMlfK8EvtU4SR7PWpmGv0xG
w945Rqp6+UYUi5B7ZDn8ZTSuqdWziWmQkk4cexCVMOX+GHd9E6DTpnOK+GmPiYhB
DFWDMjePodUaCU/rNAtDXRJR+FfOPAmc3gyonaeCDXuLx4ueN9PwJHUchzT1CdaL
h6wWcma5OIVMLJLdrsFp0I86Zx2fNhJehyOYGMGBDiVrgf2TADLtOakgxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA8gWNsHxwemuHZd91N0l8ICyQxlMB8GA1UdIwQY
MBaAFAlpyyFWPibttq+yDR2S6JOo3bgdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1duTElWWS1KdTIycjdJTkhaTG9rNmpkdUIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy83ZmU4MjMtNmVkNy00Nzg2LTk3YjQt
MzYwMGQwMmE2ZjBlLzEvRHlCWTJ3ZkhCNmE0ZGwzM1UzU1h3Z0xKREdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy83ZmU4MjMtNmVkNy00Nzg2LTk3YjQtMzYwMGQwMmE2ZjBl
LzEvQ1duTElWWS1KdTIycjdJTkhaTG9rNmpkdUIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rtMA0G
CSqGSIb3DQEBCwUAA4IBAQAfdn8Rj4/RDbncjtXNjtlj7BCzVXp2tGFM/fhI4d+J
mxEmgqHtCl/1KMExLfVuMCdLHli0/WbG7HGcqyggdv4s+JFl6tJNCqSXkSqjS8M1
I8x58L3YLExsBH7qLx0Yex8V06TyWgWyTyDPiFUagWpMkIgrbpmMBo9Qxp7gHyNN
3X+gAgxflbTfEccJQW1fHDcruEjHX7FkLdf9upncCatzF4zYtUWUP2ux5NVjx1l1
81Exm2iS9SJHuNqgRSrWNciAP6XaOi7kAuX60DquWAe/WDu1zu9Ydx5F/ikMrrhn
eDPRYEixYfOXRQT0MQtl8hn22zKtlbkve02Q693PT1Mg
-----END CERTIFICATE-----