Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/sPYhG40WeNs4D0fdLBoDQKTV_Eo.roa
File:                     sPYhG40WeNs4D0fdLBoDQKTV_Eo.roa (raw, json)
Hash identifier:          bDpPm+4aHa819Yue2u9g5oa22BJIhkWyJ4aj3sH99kM=
Subject key identifier:   B0:F6:21:1B:8D:16:78:DB:38:0F:47:DD:2C:1A:03:40:A4:D5:FC:4A
Certificate issuer:       /CN=473469a966f4df3cf28171d87c74780fc472f979
Certificate serial:       019423D7E0437182B5FF562BE366967B206A
Authority key identifier: 47:34:69:A9:66:F4:DF:3C:F2:81:71:D8:7C:74:78:0F:C4:72:F9:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RzRpqWb03zzygXHYfHR4D8Ry-Xk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/sPYhG40WeNs4D0fdLBoDQKTV_Eo.roa
Signing time:             Wed 01 Jan 2025 21:48:57 +0000
ROA not before:           Wed 01 Jan 2025 21:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43310
IP address blocks:        91.197.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/RzRpqWb03zzygXHYfHR4D8Ry-Xk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/RzRpqWb03zzygXHYfHR4D8Ry-Xk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RzRpqWb03zzygXHYfHR4D8Ry-Xk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:e0:43:71:82:b5:ff:56:2b:e3:66:96:7b:20:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=473469a966f4df3cf28171d87c74780fc472f979
        Validity
            Not Before: Jan  1 21:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b0f6211b8d1678db380f47dd2c1a0340a4d5fc4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f1:12:fe:e8:21:2e:c0:4f:1e:5f:31:dd:1b:
                    4d:85:bc:76:15:d2:ff:b7:2f:67:1b:f0:18:8a:9e:
                    2a:14:96:91:30:73:a9:7e:9c:2b:61:45:68:65:11:
                    4f:eb:92:d7:44:9b:f2:65:b6:b8:b4:ac:5b:2f:eb:
                    32:d7:79:ec:c6:17:51:51:04:10:bb:17:16:eb:58:
                    ad:07:0a:ca:a1:8a:61:e0:61:96:f2:ab:82:4c:35:
                    08:e5:87:a7:be:db:46:2d:83:12:44:24:1a:91:f2:
                    36:70:a6:5c:b8:4b:c3:0b:bc:8d:a3:d2:ce:ec:40:
                    e4:3d:de:aa:da:96:14:a2:22:22:32:90:fe:6e:7d:
                    99:3a:ef:a1:e5:7a:e1:f8:51:75:36:ae:d7:a0:92:
                    8d:cf:46:42:78:a2:a6:8d:f1:6e:db:30:b7:26:a3:
                    ae:88:61:c4:97:3a:93:d9:ec:07:36:f7:10:cb:ec:
                    84:b8:81:66:b7:1d:c2:bb:bd:2b:1e:78:de:26:78:
                    d1:a1:e5:e4:c6:fc:f2:b1:77:a0:10:9a:bf:77:0c:
                    9d:4a:19:14:f7:5c:a2:ba:5e:9f:a4:b7:c7:19:ca:
                    d9:89:98:53:1f:0a:c0:c2:05:23:99:b3:08:6b:b0:
                    0d:d7:89:06:27:80:6e:47:97:9f:68:b7:f4:97:bf:
                    99:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:F6:21:1B:8D:16:78:DB:38:0F:47:DD:2C:1A:03:40:A4:D5:FC:4A
            X509v3 Authority Key Identifier:
                keyid:47:34:69:A9:66:F4:DF:3C:F2:81:71:D8:7C:74:78:0F:C4:72:F9:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RzRpqWb03zzygXHYfHR4D8Ry-Xk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/sPYhG40WeNs4D0fdLBoDQKTV_Eo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/1efbe6-a014-417c-9685-583920f5f05b/1/RzRpqWb03zzygXHYfHR4D8Ry-Xk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f0:d2:b1:3e:5d:38:c1:e8:88:dd:ea:c7:69:75:e8:ce:98:
         19:5d:7d:b2:42:c6:0f:99:ab:ba:c6:77:4c:9b:17:b4:9f:6f:
         17:e1:fc:25:86:84:f9:23:e7:d7:b4:64:3d:c8:bf:bb:d0:be:
         97:d2:9f:3a:96:d0:4c:8e:14:bc:86:72:45:d0:b7:29:ac:49:
         07:12:df:f9:02:ed:c6:f0:4c:eb:0f:19:5e:e7:fc:ee:24:72:
         ed:b7:71:8a:7e:0d:8d:dc:0f:83:22:d9:76:ed:3e:cd:b9:e5:
         a9:a2:8f:7a:7c:d5:60:d8:a2:73:9b:75:a4:9f:c6:44:39:d1:
         b9:66:97:e9:4e:44:97:69:65:3c:ae:37:13:25:b8:d4:e9:e1:
         d1:20:bb:93:00:ce:96:f7:20:39:b4:1d:91:a9:9a:f5:10:40:
         bb:a4:dc:20:1e:0b:dc:93:b4:91:2e:e1:b0:44:5a:fa:f8:a2:
         3c:25:6f:d3:f5:f3:86:80:ba:d1:12:07:65:c5:f6:7c:90:67:
         f3:85:ca:7e:12:4b:f4:4e:cc:30:2a:2a:50:ea:9a:ee:06:e7:
         21:bb:14:9b:2e:69:f7:54:99:fa:b1:9a:0f:1f:99:f1:99:bc:
         f4:c2:1d:18:d9:93:70:9c:98:4a:8e:b7:07:75:86:86:a2:d9:
         d7:51:d1:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1+BDcYK1/1Yr42aWeyBqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MzQ2OWE5NjZmNGRmM2NmMjgxNzFkODdjNzQ3ODBmYzQ3
MmY5NzkwHhcNMjUwMTAxMjE0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGY2MjExYjhkMTY3OGRiMzgwZjQ3ZGQyYzFhMDM0MGE0ZDVmYzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPES/ughLsBPHl8x3RtNhbx2FdL/
ty9nG/AYip4qFJaRMHOpfpwrYUVoZRFP65LXRJvyZba4tKxbL+sy13nsxhdRUQQQ
uxcW61itBwrKoYph4GGW8quCTDUI5YenvttGLYMSRCQakfI2cKZcuEvDC7yNo9LO
7EDkPd6q2pYUoiIiMpD+bn2ZOu+h5Xrh+FF1Nq7XoJKNz0ZCeKKmjfFu2zC3JqOu
iGHElzqT2ewHNvcQy+yEuIFmtx3Cu70rHnjeJnjRoeXkxvzysXegEJq/dwydShkU
91yiul6fpLfHGcrZiZhTHwrAwgUjmbMIa7AN14kGJ4BuR5efaLf0l7+ZFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLD2IRuNFnjbOA9H3SwaA0Ck1fxKMB8GA1UdIwQY
MBaAFEc0aalm9N888oFx2Hx0eA/Ecvl5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnpScHFXYjAzenp5Z1hIWWZIUjREOFJ5LVhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8xZWZiZTYtYTAxNC00MTdjLTk2ODUt
NTgzOTIwZjVmMDViLzEvc1BZaEc0MFdlTnM0RDBmZExCb0RRS1RWX0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8xZWZiZTYtYTAxNC00MTdjLTk2ODUtNTgzOTIwZjVmMDVi
LzEvUnpScHFXYjAzenp5Z1hIWWZIUjREOFJ5LVhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8UHMA0G
CSqGSIb3DQEBCwUAA4IBAQAK8NKxPl04weiI3erHaXXozpgZXX2yQsYPmau6xndM
mxe0n28X4fwlhoT5I+fXtGQ9yL+70L6X0p86ltBMjhS8hnJF0LcprEkHEt/5Au3G
8EzrDxle5/zuJHLtt3GKfg2N3A+DItl27T7NueWpoo96fNVg2KJzm3Wkn8ZEOdG5
ZpfpTkSXaWU8rjcTJbjU6eHRILuTAM6W9yA5tB2RqZr1EEC7pNwgHgvck7SRLuGw
RFr6+KI8JW/T9fOGgLrREgdlxfZ8kGfzhcp+Ekv0TswwKipQ6pruBuchuxSbLmn3
VJn6sZoPH5nxmbz0wh0Y2ZNwnJhKjrcHdYaGotnXUdHo
-----END CERTIFICATE-----