Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/i4OTVeCSPxgmFusN2MGQeEwphSs.roa
File:                     i4OTVeCSPxgmFusN2MGQeEwphSs.roa (raw, json)
Hash identifier:          swOQwwO4f3RtKfp1taiB7zCxN/mO3jgsarXonpS2zBQ=
Subject key identifier:   8B:83:93:55:E0:92:3F:18:26:16:EB:0D:D8:C1:90:78:4C:29:85:2B
Certificate issuer:       /CN=c72e716353ec733ab4b5085308b386d89a74f147
Certificate serial:       0194214376154C1EF56C99F3169A81EBA8AF
Authority key identifier: C7:2E:71:63:53:EC:73:3A:B4:B5:08:53:08:B3:86:D8:9A:74:F1:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xy5xY1Psczq0tQhTCLOG2Jp08Uc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/i4OTVeCSPxgmFusN2MGQeEwphSs.roa
Signing time:             Wed 01 Jan 2025 09:47:36 +0000
ROA not before:           Wed 01 Jan 2025 09:47:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209907
IP address blocks:        91.228.217.0/24 maxlen: 24
                          176.121.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/xy5xY1Psczq0tQhTCLOG2Jp08Uc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/xy5xY1Psczq0tQhTCLOG2Jp08Uc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xy5xY1Psczq0tQhTCLOG2Jp08Uc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:76:15:4c:1e:f5:6c:99:f3:16:9a:81:eb:a8:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c72e716353ec733ab4b5085308b386d89a74f147
        Validity
            Not Before: Jan  1 09:47:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b839355e0923f182616eb0dd8c190784c29852b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e6:b8:4e:86:2c:54:7d:d6:de:2e:c1:96:9c:
                    26:2b:c9:56:87:e1:a6:56:94:41:d5:05:72:7d:21:
                    9d:fa:ee:ec:3c:3f:6d:d8:94:52:04:d4:03:3b:97:
                    25:39:0d:96:dd:d6:22:1b:8f:34:29:4b:fc:11:5e:
                    b5:70:08:a4:c3:3f:4f:aa:de:58:b8:4a:83:c6:9b:
                    96:32:b5:12:5f:fe:1d:27:f9:c1:71:45:b0:31:99:
                    44:44:69:19:bb:78:a5:9c:c1:dd:5d:c1:1c:fa:bb:
                    4d:10:2f:61:33:58:6c:9e:70:fd:ff:55:22:22:89:
                    c4:60:dd:39:44:d5:05:73:0c:37:b5:82:75:96:95:
                    da:ff:eb:c0:35:0d:0f:db:00:f8:47:fa:c6:c3:71:
                    d8:87:0f:ae:3b:f8:67:72:f5:9d:ba:d5:ac:e1:f1:
                    b7:b0:d0:68:9b:47:a6:76:05:79:46:46:a3:35:2e:
                    78:5f:82:05:aa:a8:b2:14:7d:44:d0:53:46:a8:2e:
                    72:c8:b4:f8:e4:af:6f:06:5a:67:48:80:12:33:6c:
                    b9:44:b7:97:3d:79:a6:bb:03:8f:85:ad:b7:6a:7c:
                    e0:7c:e8:0d:77:87:50:6e:96:9d:bd:44:2a:d7:0b:
                    4a:41:23:97:60:b5:37:cf:73:57:20:05:64:f4:05:
                    11:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:83:93:55:E0:92:3F:18:26:16:EB:0D:D8:C1:90:78:4C:29:85:2B
            X509v3 Authority Key Identifier:
                keyid:C7:2E:71:63:53:EC:73:3A:B4:B5:08:53:08:B3:86:D8:9A:74:F1:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xy5xY1Psczq0tQhTCLOG2Jp08Uc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/i4OTVeCSPxgmFusN2MGQeEwphSs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/c49d34-1b14-4026-b77f-e4def9c697a7/1/xy5xY1Psczq0tQhTCLOG2Jp08Uc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.217.0/24
                  176.121.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:97:99:40:a8:c5:07:b6:f1:97:a1:d1:62:e5:28:87:c3:0d:
         5f:87:4d:61:2b:3d:6b:fd:e9:8a:ba:3b:cd:42:22:d4:de:12:
         f5:f2:0c:ab:63:35:13:5e:2e:95:10:fa:bd:2f:80:48:db:8c:
         3c:c9:2d:8d:fc:61:f8:aa:96:82:40:45:8a:47:af:5f:f0:07:
         58:6c:42:39:ec:30:45:39:af:d2:ec:ef:8e:51:65:66:aa:fa:
         fc:da:e2:ca:a0:01:6a:07:9f:00:ea:30:15:fb:eb:53:5f:70:
         4b:4c:59:66:ad:5e:08:d9:c8:cb:de:34:a7:9b:44:35:90:0a:
         65:6a:2e:c1:49:96:32:34:5e:cb:af:1a:21:00:09:1a:b3:9c:
         f6:21:7d:e6:11:66:e0:6c:0d:53:0e:ae:7f:09:ef:fe:82:da:
         13:64:c3:8d:37:70:c1:9c:a4:f6:7b:a4:cb:da:8f:24:c9:0e:
         75:d5:08:05:e5:5e:72:c0:6b:31:c0:c4:f9:50:e8:09:ec:46:
         58:93:50:11:39:fb:7c:b0:78:c0:9d:2d:fc:a9:ed:9d:05:13:
         21:9e:71:ba:8f:a5:b9:62:22:ea:dd:f2:f8:7f:71:3c:45:72:
         48:f1:9b:61:96:f8:8b:c9:3d:bb:2e:10:42:23:71:01:0a:07:
         61:27:7d:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhQ3YVTB71bJnzFpqB66ivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3MmU3MTYzNTNlYzczM2FiNGI1MDg1MzA4YjM4NmQ4OWE3
NGYxNDcwHhcNMjUwMTAxMDk0NzM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjgzOTM1NWUwOTIzZjE4MjYxNmViMGRkOGMxOTA3ODRjMjk4NTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtea4ToYsVH3W3i7BlpwmK8lWh+Gm
VpRB1QVyfSGd+u7sPD9t2JRSBNQDO5clOQ2W3dYiG480KUv8EV61cAikwz9Pqt5Y
uEqDxpuWMrUSX/4dJ/nBcUWwMZlERGkZu3ilnMHdXcEc+rtNEC9hM1hsnnD9/1Ui
IonEYN05RNUFcww3tYJ1lpXa/+vANQ0P2wD4R/rGw3HYhw+uO/hncvWdutWs4fG3
sNBom0emdgV5RkajNS54X4IFqqiyFH1E0FNGqC5yyLT45K9vBlpnSIASM2y5RLeX
PXmmuwOPha23anzgfOgNd4dQbpadvUQq1wtKQSOXYLU3z3NXIAVk9AURNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIuDk1Xgkj8YJhbrDdjBkHhMKYUrMB8GA1UdIwQY
MBaAFMcucWNT7HM6tLUIUwizhtiadPFHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHk1eFkxUHNjenEwdFFoVENMT0cySnAwOFVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9jNDlkMzQtMWIxNC00MDI2LWI3N2Yt
ZTRkZWY5YzY5N2E3LzEvaTRPVFZlQ1NQeGdtRnVzTjJNR1FlRXdwaFNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9jNDlkMzQtMWIxNC00MDI2LWI3N2YtZTRkZWY5YzY5N2E3
LzEveHk1eFkxUHNjenEwdFFoVENMT0cySnAwOFVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+TZAwQA
sHkBMA0GCSqGSIb3DQEBCwUAA4IBAQCal5lAqMUHtvGXodFi5SiHww1fh01hKz1r
/emKujvNQiLU3hL18gyrYzUTXi6VEPq9L4BI24w8yS2N/GH4qpaCQEWKR69f8AdY
bEI57DBFOa/S7O+OUWVmqvr82uLKoAFqB58A6jAV++tTX3BLTFlmrV4I2cjL3jSn
m0Q1kAplai7BSZYyNF7LrxohAAkas5z2IX3mEWbgbA1TDq5/Ce/+gtoTZMONN3DB
nKT2e6TL2o8kyQ511QgF5V5ywGsxwMT5UOgJ7EZYk1AROft8sHjAnS38qe2dBRMh
nnG6j6W5YiLq3fL4f3E8RXJI8ZthlviLyT27LhBCI3EBCgdhJ31A
-----END CERTIFICATE-----