Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/yh9ccliyxEcC6Avn1oCQoSv62L0.roa
File:                     yh9ccliyxEcC6Avn1oCQoSv62L0.roa (raw, json)
Hash identifier:          +3+0y4CEemTmWkaSTewyd3AcJUzmmij1RdzS9B5WjYY=
Subject key identifier:   CA:1F:5C:72:58:B2:C4:47:02:E8:0B:E7:D6:80:90:A1:2B:FA:D8:BD
Certificate issuer:       /CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
Certificate serial:       01941F8CA7A6C4E35323EE79D25757DCDDD0
Authority key identifier: D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/yh9ccliyxEcC6Avn1oCQoSv62L0.roa
Signing time:             Wed 01 Jan 2025 01:48:19 +0000
ROA not before:           Wed 01 Jan 2025 01:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41418
IP address blocks:        91.235.48.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:a7:a6:c4:e3:53:23:ee:79:d2:57:57:dc:dd:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d475fb0934cf6a58dccef110875dbe5e3e8b6b75
        Validity
            Not Before: Jan  1 01:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca1f5c7258b2c44702e80be7d68090a12bfad8bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:77:82:46:b0:ae:65:65:a1:67:42:f0:4f:f8:
                    65:00:fb:b7:df:8e:71:d4:43:b3:ad:9c:5c:b8:9f:
                    e9:98:ac:77:64:36:24:5f:b5:24:a3:6e:20:64:16:
                    53:97:e3:4f:e9:cc:ec:a9:cb:1b:98:5c:23:1f:e6:
                    d7:d9:d1:3d:91:a3:20:f5:d5:09:85:83:69:af:ef:
                    f4:0e:c8:4c:a0:6d:b1:e9:a8:c9:74:bd:a0:a0:9b:
                    00:6f:f5:22:b5:3d:95:77:b0:97:b6:d8:66:62:e6:
                    2e:e8:31:47:17:0b:04:a9:4a:88:c8:25:10:26:88:
                    20:8b:3b:f5:f6:c2:b7:b5:ac:9a:97:53:d7:b4:06:
                    65:b4:6a:5b:a9:b5:94:cc:88:c6:35:b1:33:58:84:
                    5d:55:e6:90:10:1a:f5:e9:d6:b9:ee:af:a8:29:9f:
                    ea:e5:e2:fc:c0:7b:66:a8:37:c5:ea:a9:d9:bc:9a:
                    bc:51:9d:67:9d:d2:ed:b2:67:cc:cb:07:99:99:31:
                    f9:3b:0f:d6:0e:e9:f2:8c:c8:37:24:95:cc:98:d3:
                    8e:10:1e:91:2b:c5:7c:44:66:b5:db:32:be:5e:3e:
                    fd:6d:09:52:57:41:58:06:d7:1f:1b:64:0c:8c:e2:
                    33:f5:fe:78:36:74:b3:23:5f:7c:e8:2a:dd:82:54:
                    7d:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:1F:5C:72:58:B2:C4:47:02:E8:0B:E7:D6:80:90:A1:2B:FA:D8:BD
            X509v3 Authority Key Identifier:
                keyid:D4:75:FB:09:34:CF:6A:58:DC:CE:F1:10:87:5D:BE:5E:3E:8B:6B:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HX7CTTPaljczvEQh12-Xj6La3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/yh9ccliyxEcC6Avn1oCQoSv62L0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/bff4aa-4f07-4129-8ad6-c7914ab64273/1/1HX7CTTPaljczvEQh12-Xj6La3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:7e:a6:52:09:dd:f6:ed:36:bf:ce:39:04:98:6c:59:dc:e7:
         35:8b:06:0b:d4:cc:07:78:11:ef:1a:ec:da:30:34:fd:9a:43:
         f5:0c:47:a1:9f:3c:a3:69:b7:de:87:8d:fb:e0:b0:25:51:21:
         e0:52:51:b0:d6:79:0b:95:3c:37:34:09:21:60:f8:8e:4d:d6:
         94:0e:6e:e1:4f:f2:22:5b:34:b8:38:93:2d:9c:5d:1d:f0:fa:
         9e:1b:98:12:51:82:63:a8:2e:49:73:9e:b7:e1:e7:ab:2e:05:
         22:9d:4f:17:7d:ee:b4:83:b3:ac:5f:44:5b:bf:63:eb:e4:7f:
         5c:d8:48:e4:2c:8e:e8:95:3d:19:e1:c8:27:ff:35:17:92:6d:
         e0:71:98:79:13:59:a2:c7:f2:66:10:9b:0c:fc:34:1a:7b:a9:
         ec:5b:f8:22:3c:c5:ac:02:01:eb:18:25:c0:f1:17:41:8c:2e:
         90:f4:38:4f:1c:b6:b8:0a:76:6e:0d:e4:a1:58:84:88:41:35:
         8c:ae:e2:01:87:e6:e3:c1:b4:07:da:ba:f8:16:bd:e7:0a:0c:
         8b:25:2f:91:ff:b7:40:41:7a:ee:b1:1b:5c:3f:7c:95:a6:7a:
         f8:6d:a6:71:96:6b:de:59:20:af:46:ff:ae:12:ac:61:67:1e:
         dd:8e:2b:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjKemxONTI+550ldX3N3QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NzVmYjA5MzRjZjZhNThkY2NlZjExMDg3NWRiZTVlM2U4
YjZiNzUwHhcNMjUwMTAxMDE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTFmNWM3MjU4YjJjNDQ3MDJlODBiZTdkNjgwOTBhMTJiZmFkOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4HeCRrCuZWWhZ0LwT/hlAPu3345x
1EOzrZxcuJ/pmKx3ZDYkX7Uko24gZBZTl+NP6czsqcsbmFwjH+bX2dE9kaMg9dUJ
hYNpr+/0DshMoG2x6ajJdL2goJsAb/UitT2Vd7CXtthmYuYu6DFHFwsEqUqIyCUQ
Joggizv19sK3tayal1PXtAZltGpbqbWUzIjGNbEzWIRdVeaQEBr16da57q+oKZ/q
5eL8wHtmqDfF6qnZvJq8UZ1nndLtsmfMyweZmTH5Ow/WDunyjMg3JJXMmNOOEB6R
K8V8RGa12zK+Xj79bQlSV0FYBtcfG2QMjOIz9f54NnSzI1986CrdglR9qQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMofXHJYssRHAugL59aAkKEr+ti9MB8GA1UdIwQY
MBaAFNR1+wk0z2pY3M7xEIddvl4+i2t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYt
Yzc5MTRhYjY0MjczLzEveWg5Y2NsaXl4RWNDNkF2bjFvQ1FvU3Y2MkwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9iZmY0YWEtNGYwNy00MTI5LThhZDYtYzc5MTRhYjY0Mjcz
LzEvMUhYN0NUVFBhbGpjenZFUWgxMi1YajZMYTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+swMA0G
CSqGSIb3DQEBCwUAA4IBAQAPfqZSCd327Ta/zjkEmGxZ3Oc1iwYL1MwHeBHvGuza
MDT9mkP1DEehnzyjabfeh4374LAlUSHgUlGw1nkLlTw3NAkhYPiOTdaUDm7hT/Ii
WzS4OJMtnF0d8PqeG5gSUYJjqC5Jc5634eerLgUinU8Xfe60g7OsX0Rbv2Pr5H9c
2EjkLI7olT0Z4cgn/zUXkm3gcZh5E1mix/JmEJsM/DQae6nsW/giPMWsAgHrGCXA
8RdBjC6Q9DhPHLa4CnZuDeShWISIQTWMruIBh+bjwbQH2rr4Fr3nCgyLJS+R/7dA
QXrusRtcP3yVpnr4baZxlmveWSCvRv+uEqxhZx7djivE
-----END CERTIFICATE-----