Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/Yb9ZPey_VZJtzcKKiL6JDM882gg.roa
File:                     Yb9ZPey_VZJtzcKKiL6JDM882gg.roa (raw, json)
Hash identifier:          DL/rclwYSpQjEfvlW7rDalZKw4n8GD87d1DWeV+VnQQ=
Subject key identifier:   61:BF:59:3D:EC:BF:55:92:6D:CD:C2:8A:88:BE:89:0C:CF:3C:DA:08
Certificate issuer:       /CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
Certificate serial:       018CC56E3E6EA066237613F52589991512D5
Authority key identifier: 9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/Yb9ZPey_VZJtzcKKiL6JDM882gg.roa
Signing time:             Mon 01 Jan 2024 14:29:45 +0000
ROA not before:           Mon 01 Jan 2024 14:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205161
IP address blocks:        91.203.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3e:6e:a0:66:23:76:13:f5:25:89:99:15:12:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
        Validity
            Not Before: Jan  1 14:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=61bf593decbf55926dcdc28a88be890ccf3cda08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:7d:7f:8a:58:4d:ba:97:02:f4:1d:2f:bf:b4:
                    21:7e:ad:fa:0f:8b:70:29:49:30:72:04:50:05:28:
                    df:6c:13:3a:b5:22:e3:37:f8:70:b6:19:c4:17:96:
                    fa:37:c6:35:1b:3b:ca:ec:73:be:92:30:c9:84:a9:
                    42:3f:b1:2b:fd:6a:46:19:97:cc:26:bf:42:ac:21:
                    91:e4:a1:77:d1:1b:44:79:90:18:02:d5:21:a1:55:
                    c1:4d:53:a0:01:86:59:40:f6:8e:d0:d4:dc:ce:41:
                    83:c0:43:d0:a9:d2:08:6a:7d:ce:00:6d:f9:73:41:
                    7f:4e:73:4b:e0:87:22:35:f5:cf:61:a5:b4:fa:c6:
                    6f:e2:58:f4:5f:3d:5e:17:f6:96:ca:fa:04:25:83:
                    71:5b:22:21:36:8e:04:25:8a:1b:54:ae:6f:e4:48:
                    d8:8a:b8:ae:3d:22:ea:98:db:5a:3c:75:a1:88:31:
                    a3:8e:de:5c:b1:01:f5:e9:6b:45:f3:db:63:43:0c:
                    22:ad:48:bd:78:19:5f:b2:4d:d3:1c:a8:86:12:0c:
                    3a:b6:0a:af:c1:95:5c:7f:39:9f:15:4a:b1:14:d9:
                    2b:4a:61:df:38:75:3c:ed:c5:e7:e2:0c:e3:b3:18:
                    41:96:a0:e1:52:28:40:e2:f0:de:f3:c3:53:64:df:
                    ca:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:BF:59:3D:EC:BF:55:92:6D:CD:C2:8A:88:BE:89:0C:CF:3C:DA:08
            X509v3 Authority Key Identifier:
                keyid:9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/Yb9ZPey_VZJtzcKKiL6JDM882gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:b0:1f:73:6d:3f:90:75:0a:e3:ed:5e:04:51:85:98:9b:46:
         f3:7c:44:ff:d0:8e:dc:8c:48:04:b0:81:ad:e1:60:9f:c8:ff:
         e1:48:68:3e:29:00:79:bd:01:f2:90:e4:19:3b:fb:11:d9:af:
         5c:d8:1f:1a:fe:6c:07:b3:5c:68:a7:2a:6b:1a:e1:bf:cd:14:
         79:c4:58:09:0f:bd:9e:0e:46:0c:36:c5:c1:f9:67:f8:83:2c:
         31:b9:7c:89:69:1d:29:ba:77:be:79:0b:12:6d:97:ca:74:1b:
         64:01:f0:c0:3c:95:4d:91:6a:4b:ef:7f:d7:75:bb:68:2e:bb:
         0b:ff:f7:47:d8:a0:0f:fc:41:4c:7c:13:e8:b6:2d:91:0c:9f:
         dd:10:17:eb:62:89:05:d8:5e:8d:13:b3:e3:ae:27:77:2e:57:
         61:9f:db:91:cc:39:05:42:36:3b:76:1a:c8:df:f2:a9:df:be:
         15:58:51:47:ab:71:17:d9:56:4a:40:c4:7f:41:14:0e:a3:86:
         59:3b:ac:d7:36:50:4a:7b:44:9a:2a:ef:33:28:2d:41:9d:5d:
         19:49:fd:66:3e:6d:d2:fc:ec:34:2c:e6:f8:97:53:99:a4:ac:
         eb:bf:76:c5:84:47:b8:dc:72:c5:a9:8f:1a:c4:fb:47:a9:ed:
         23:51:a2:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbj5uoGYjdhP1JYmZFRLVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNTI2YTczY2U4ZjlmNjJjMTRhMTFhMmVhOTEzZWMyNzNk
NThjNDYwHhcNMjQwMTAxMTQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWJmNTkzZGVjYmY1NTkyNmRjZGMyOGE4OGJlODkwY2NmM2NkYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAln1/ilhNupcC9B0vv7Qhfq36D4tw
KUkwcgRQBSjfbBM6tSLjN/hwthnEF5b6N8Y1GzvK7HO+kjDJhKlCP7Er/WpGGZfM
Jr9CrCGR5KF30RtEeZAYAtUhoVXBTVOgAYZZQPaO0NTczkGDwEPQqdIIan3OAG35
c0F/TnNL4IciNfXPYaW0+sZv4lj0Xz1eF/aWyvoEJYNxWyIhNo4EJYobVK5v5EjY
iriuPSLqmNtaPHWhiDGjjt5csQH16WtF89tjQwwirUi9eBlfsk3THKiGEgw6tgqv
wZVcfzmfFUqxFNkrSmHfOHU87cXn4gzjsxhBlqDhUihA4vDe88NTZN/K2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGG/WT3sv1WSbc3Cioi+iQzPPNoIMB8GA1UdIwQY
MBaAFJpSanPOj59iwUoRouqRPsJz1YxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWxKcWM4NlBuMkxCU2hHaTZwRS13blBWakVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82ZmNkY2EtZDEyMS00MzkxLTljZmMt
N2QxNmI5MGRiZTcyLzEvWWI5WlBleV9WWkp0emNLS2lMNkpETTg4MmdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82ZmNkY2EtZDEyMS00MzkxLTljZmMtN2QxNmI5MGRiZTcy
LzEvbWxKcWM4NlBuMkxCU2hHaTZwRS13blBWakVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8vhMA0G
CSqGSIb3DQEBCwUAA4IBAQCDsB9zbT+QdQrj7V4EUYWYm0bzfET/0I7cjEgEsIGt
4WCfyP/hSGg+KQB5vQHykOQZO/sR2a9c2B8a/mwHs1xopyprGuG/zRR5xFgJD72e
DkYMNsXB+Wf4gywxuXyJaR0pune+eQsSbZfKdBtkAfDAPJVNkWpL73/XdbtoLrsL
//dH2KAP/EFMfBPoti2RDJ/dEBfrYokF2F6NE7Pjrid3Lldhn9uRzDkFQjY7dhrI
3/Kp374VWFFHq3EX2VZKQMR/QRQOo4ZZO6zXNlBKe0SaKu8zKC1BnV0ZSf1mPm3S
/Ow0LOb4l1OZpKzrv3bFhEe43HLFqY8axPtHqe0jUaIU
-----END CERTIFICATE-----