Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/suBVFY86lLLNw-jyyfI-FYfhvNA.roa
File:                     suBVFY86lLLNw-jyyfI-FYfhvNA.roa (raw, json)
Hash identifier:          81WEqdV7PNWoCGw6D45g6WF3xPhoMsG1WXe8GERJGtA=
Subject key identifier:   B2:E0:55:15:8F:3A:94:B2:CD:C3:E8:F2:C9:F2:3E:15:87:E1:BC:D0
Certificate issuer:       /CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
Certificate serial:       019425FC207E307FFEF1A2F3EB305B1A4197
Authority key identifier: C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/suBVFY86lLLNw-jyyfI-FYfhvNA.roa
Signing time:             Thu 02 Jan 2025 07:47:47 +0000
ROA not before:           Thu 02 Jan 2025 07:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61236
IP address blocks:        91.238.72.0/23 maxlen: 24
                          185.14.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:20:7e:30:7f:fe:f1:a2:f3:eb:30:5b:1a:41:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1eb076d16702c7dbea972e2972ef576a1f2c873
        Validity
            Not Before: Jan  2 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2e055158f3a94b2cdc3e8f2c9f23e1587e1bcd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:35:d4:fb:e9:0c:79:cf:ed:27:ba:3d:30:1c:
                    fb:b6:9f:70:8d:6b:26:df:f6:8b:77:73:55:ee:b3:
                    97:f4:45:6e:41:46:76:33:56:18:39:64:ca:d6:65:
                    2b:a7:78:74:20:37:55:8c:4b:60:71:8e:30:ed:9a:
                    ec:f3:bb:e6:56:fd:4d:42:19:18:2b:63:c2:6f:4e:
                    b1:9d:2f:f6:75:ae:e1:3b:76:fd:37:a4:3d:ef:9c:
                    c6:b7:94:d5:02:16:3f:39:0e:10:1f:e3:54:4b:3b:
                    68:a8:1d:81:91:f5:71:3f:b4:5b:0a:5b:3b:a1:8e:
                    5a:83:9f:b7:be:88:f1:89:cd:5e:d4:2e:ea:0a:b4:
                    01:e9:c1:a1:73:c0:6f:e4:e8:3e:81:80:03:13:48:
                    1f:df:3a:0c:49:fd:8c:85:d8:af:f9:de:e8:40:f4:
                    03:c8:f2:da:d4:18:a1:2d:d5:ac:59:1f:8a:14:b7:
                    e8:29:e6:da:87:4c:90:3b:44:09:ec:7f:c4:74:3c:
                    5b:3a:50:4c:d0:fa:33:d6:3f:dd:3b:8e:32:79:80:
                    4c:9f:52:34:7f:7b:19:fd:5b:b8:22:02:14:2f:76:
                    e8:bb:95:ec:3a:1f:0a:3c:5f:30:f6:6f:80:45:93:
                    c0:c8:d5:09:75:57:a9:ed:7d:16:7c:a7:6c:31:21:
                    c8:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:E0:55:15:8F:3A:94:B2:CD:C3:E8:F2:C9:F2:3E:15:87:E1:BC:D0
            X509v3 Authority Key Identifier:
                keyid:C1:EB:07:6D:16:70:2C:7D:BE:A9:72:E2:97:2E:F5:76:A1:F2:C8:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wesHbRZwLH2-qXLily71dqHyyHM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/suBVFY86lLLNw-jyyfI-FYfhvNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a43c6e-349c-4914-8da3-6c32a6ab1ef2/1/wesHbRZwLH2-qXLily71dqHyyHM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.72.0/23
                  185.14.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:ed:57:97:bd:b5:15:db:c9:57:ed:29:92:a9:50:94:48:ed:
         03:09:fe:e8:78:a8:c3:d1:76:e5:1a:69:a3:b3:3d:8f:68:68:
         b8:37:91:f2:61:73:5b:43:e4:e1:0b:cb:5b:17:d0:c7:78:88:
         c9:be:d2:0f:63:f8:d6:ae:63:b0:cd:59:3d:5d:16:50:a6:7c:
         fc:b2:51:b5:94:9f:2f:04:39:b9:c2:b6:0c:17:ee:fd:0c:27:
         c0:c0:65:c5:15:45:1a:dc:ef:60:d2:e1:8a:12:6b:2e:2d:28:
         e6:34:23:5d:cd:39:67:90:88:f0:0e:99:49:2c:7c:6e:eb:54:
         54:45:79:e1:22:2e:e8:b9:9c:04:ed:1b:c9:da:6e:27:c0:96:
         08:29:46:a1:26:14:a0:b2:b7:6b:e9:07:8f:18:75:26:5c:5e:
         f3:b7:72:bb:a2:e0:f2:71:f4:01:b0:b4:db:24:b1:19:c2:c6:
         53:cd:cf:e4:64:e7:52:82:3f:75:78:74:fd:7f:28:6e:1e:3a:
         b4:3f:7c:e5:e8:24:d5:0d:0c:78:75:d5:a2:9d:c6:e3:20:a2:
         c1:05:c7:08:ed:d7:51:b2:27:7e:ab:43:80:29:db:4b:9c:97:
         58:0a:41:22:68:23:28:9c:35:d8:fa:88:43:4f:f8:a5:14:fe:
         f3:cc:ac:01
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/CB+MH/+8aLz6zBbGkGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZWIwNzZkMTY3MDJjN2RiZWE5NzJlMjk3MmVmNTc2YTFm
MmM4NzMwHhcNMjUwMTAyMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmUwNTUxNThmM2E5NGIyY2RjM2U4ZjJjOWYyM2UxNTg3ZTFiY2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DXU++kMec/tJ7o9MBz7tp9wjWsm
3/aLd3NV7rOX9EVuQUZ2M1YYOWTK1mUrp3h0IDdVjEtgcY4w7Zrs87vmVv1NQhkY
K2PCb06xnS/2da7hO3b9N6Q975zGt5TVAhY/OQ4QH+NUSztoqB2BkfVxP7RbCls7
oY5ag5+3vojxic1e1C7qCrQB6cGhc8Bv5Og+gYADE0gf3zoMSf2Mhdiv+d7oQPQD
yPLa1BihLdWsWR+KFLfoKebah0yQO0QJ7H/EdDxbOlBM0Poz1j/dO44yeYBMn1I0
f3sZ/Vu4IgIUL3bou5XsOh8KPF8w9m+ARZPAyNUJdVep7X0WfKdsMSHIswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLLgVRWPOpSyzcPo8snyPhWH4bzQMB8GA1UdIwQY
MBaAFMHrB20WcCx9vqly4pcu9Xah8shzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMt
NmMzMmE2YWIxZWYyLzEvc3VCVkZZODZsTExOdy1qeXlmSS1GWWZodk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNDNjNmUtMzQ5Yy00OTE0LThkYTMtNmMzMmE2YWIxZWYy
LzEvd2VzSGJSWndMSDItcVhMaWx5NzFkcUh5eUhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+5IAwQC
uQ5oMA0GCSqGSIb3DQEBCwUAA4IBAQB17VeXvbUV28lX7SmSqVCUSO0DCf7oeKjD
0XblGmmjsz2PaGi4N5HyYXNbQ+ThC8tbF9DHeIjJvtIPY/jWrmOwzVk9XRZQpnz8
slG1lJ8vBDm5wrYMF+79DCfAwGXFFUUa3O9g0uGKEmsuLSjmNCNdzTlnkIjwDplJ
LHxu61RURXnhIi7ouZwE7RvJ2m4nwJYIKUahJhSgsrdr6QePGHUmXF7zt3K7ouDy
cfQBsLTbJLEZwsZTzc/kZOdSgj91eHT9fyhuHjq0P3zl6CTVDQx4ddWincbjIKLB
BccI7ddRsid+q0OAKdtLnJdYCkEiaCMonDXY+ohDT/ilFP7zzKwB
-----END CERTIFICATE-----