Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/yEsMSFNm5dJ-A_JpG2DXLz7wI-Y.roa
File:                     yEsMSFNm5dJ-A_JpG2DXLz7wI-Y.roa (raw, json)
Hash identifier:          8AHka5aF5G+PfLY03Vs1HshDxFgYYrha9TXGX/Fcp3g=
Subject key identifier:   C8:4B:0C:48:53:66:E5:D2:7E:03:F2:69:1B:60:D7:2F:3E:F0:23:E6
Certificate issuer:       /CN=41fc55ee2488fb9401c4b668abac54110ebb8092
Certificate serial:       019421B2117C4BB922EDF596A45718475F66
Authority key identifier: 41:FC:55:EE:24:88:FB:94:01:C4:B6:68:AB:AC:54:11:0E:BB:80:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfxV7iSI-5QBxLZoq6xUEQ67gJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/yEsMSFNm5dJ-A_JpG2DXLz7wI-Y.roa
Signing time:             Wed 01 Jan 2025 11:48:25 +0000
ROA not before:           Wed 01 Jan 2025 11:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50246
IP address blocks:        91.227.187.0/24 maxlen: 24
                          193.29.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/QfxV7iSI-5QBxLZoq6xUEQ67gJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/QfxV7iSI-5QBxLZoq6xUEQ67gJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfxV7iSI-5QBxLZoq6xUEQ67gJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:11:7c:4b:b9:22:ed:f5:96:a4:57:18:47:5f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41fc55ee2488fb9401c4b668abac54110ebb8092
        Validity
            Not Before: Jan  1 11:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c84b0c485366e5d27e03f2691b60d72f3ef023e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:10:26:5f:1f:05:c1:c5:c9:32:71:33:81:2c:
                    79:43:5d:12:62:b7:4d:6d:8e:60:43:c4:a1:57:03:
                    53:ae:13:6c:1b:02:30:1f:39:bd:9c:07:28:e3:1d:
                    27:00:98:f7:ce:28:0a:03:6b:04:a2:06:d6:f3:4c:
                    90:88:b7:35:4b:cf:a6:5c:ac:a7:b0:cf:b1:3e:3b:
                    57:6f:46:f1:e5:fc:5d:58:8c:98:3f:7b:23:e1:1b:
                    c6:36:5c:25:c3:27:65:03:b4:c3:80:40:be:b0:0c:
                    b0:52:01:39:91:cd:64:9e:e2:8d:d2:90:cc:a8:58:
                    88:38:90:a0:ea:01:2a:db:cd:ca:e6:e3:93:88:ec:
                    dc:83:da:e0:da:04:19:a0:83:9b:7d:99:ba:11:16:
                    84:81:56:73:4f:4f:cf:81:5f:62:02:85:ca:bb:f3:
                    a3:09:26:6c:f2:a8:70:d4:b1:1a:d9:64:eb:95:34:
                    78:84:71:d0:5e:43:42:83:fb:ad:d4:46:e4:d9:8c:
                    8f:13:a0:d5:66:28:d7:4b:a2:47:d8:ee:67:7c:a2:
                    e5:6f:16:18:71:7c:20:83:3c:aa:a9:4c:74:93:5b:
                    44:dc:fa:4e:c5:f0:c6:7d:be:3f:2d:55:8d:74:47:
                    04:23:08:ba:85:85:dc:7d:c1:09:9d:51:b6:2b:32:
                    cf:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:4B:0C:48:53:66:E5:D2:7E:03:F2:69:1B:60:D7:2F:3E:F0:23:E6
            X509v3 Authority Key Identifier:
                keyid:41:FC:55:EE:24:88:FB:94:01:C4:B6:68:AB:AC:54:11:0E:BB:80:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfxV7iSI-5QBxLZoq6xUEQ67gJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/yEsMSFNm5dJ-A_JpG2DXLz7wI-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/QfxV7iSI-5QBxLZoq6xUEQ67gJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.187.0/24
                  193.29.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:69:c7:77:c3:06:8b:2a:87:ab:61:48:2f:e9:06:50:97:30:
         b1:fa:2a:bd:51:28:50:f0:b3:46:91:62:bd:4d:ee:65:95:52:
         6c:f4:c1:20:21:78:b0:eb:32:9a:3d:9d:98:e7:ff:d0:98:c1:
         93:9c:aa:21:63:cb:a9:86:87:9a:45:bc:9b:ab:a2:0a:e9:2a:
         16:68:0d:ed:16:3e:81:e3:05:40:57:f0:0b:81:7c:f2:bd:d3:
         3d:8f:ae:0e:ba:2e:d0:48:47:54:1d:37:03:86:7a:99:70:0a:
         bf:e8:9e:81:8a:87:17:44:26:10:75:c1:82:94:45:99:75:b2:
         c9:ac:a9:09:81:e0:a9:87:21:75:95:cd:95:0a:17:88:e5:78:
         c6:ac:28:d2:0a:5f:a3:2a:f8:ff:5b:63:ad:bc:90:a2:31:44:
         a4:35:81:23:a9:5b:da:7a:48:d1:86:b0:be:e7:96:e9:2f:80:
         cf:fb:aa:04:7e:54:3c:0e:da:b6:0a:04:82:9f:3f:e8:f9:d6:
         b9:0c:86:f4:6e:be:e9:a6:20:04:4e:f7:c7:20:e1:8d:ca:13:
         7b:8d:a1:cd:13:66:0c:3f:22:e0:4b:7e:77:37:0a:ac:5c:64:
         43:db:e9:e4:23:62:e2:ee:19:99:23:7c:e2:08:1f:32:a7:7c:
         5a:b8:cf:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQhshF8S7ki7fWWpFcYR19mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZmM1NWVlMjQ4OGZiOTQwMWM0YjY2OGFiYWM1NDExMGVi
YjgwOTIwHhcNMjUwMTAxMTE0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODRiMGM0ODUzNjZlNWQyN2UwM2YyNjkxYjYwZDcyZjNlZjAyM2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRAmXx8FwcXJMnEzgSx5Q10SYrdN
bY5gQ8ShVwNTrhNsGwIwHzm9nAco4x0nAJj3zigKA2sEogbW80yQiLc1S8+mXKyn
sM+xPjtXb0bx5fxdWIyYP3sj4RvGNlwlwydlA7TDgEC+sAywUgE5kc1knuKN0pDM
qFiIOJCg6gEq283K5uOTiOzcg9rg2gQZoIObfZm6ERaEgVZzT0/PgV9iAoXKu/Oj
CSZs8qhw1LEa2WTrlTR4hHHQXkNCg/ut1Ebk2YyPE6DVZijXS6JH2O5nfKLlbxYY
cXwggzyqqUx0k1tE3PpOxfDGfb4/LVWNdEcEIwi6hYXcfcEJnVG2KzLPWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMhLDEhTZuXSfgPyaRtg1y8+8CPmMB8GA1UdIwQY
MBaAFEH8Ve4kiPuUAcS2aKusVBEOu4CSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZ4VjdpU0ktNVFCeExab3E2eFVFUTY3Z0pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hYTM2NjEtZGViMy00NWE0LTg2OTMt
Mzg4MWE4YjgyN2FjLzEveUVzTVNGTm01ZEotQV9KcEcyRFhMejd3SS1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hYTM2NjEtZGViMy00NWE0LTg2OTMtMzg4MWE4YjgyN2Fj
LzEvUWZ4VjdpU0ktNVFCeExab3E2eFVFUTY3Z0pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+O7AwQA
wR0mMA0GCSqGSIb3DQEBCwUAA4IBAQBwacd3wwaLKoerYUgv6QZQlzCx+iq9UShQ
8LNGkWK9Te5llVJs9MEgIXiw6zKaPZ2Y5//QmMGTnKohY8uphoeaRbybq6IK6SoW
aA3tFj6B4wVAV/ALgXzyvdM9j64Oui7QSEdUHTcDhnqZcAq/6J6BiocXRCYQdcGC
lEWZdbLJrKkJgeCphyF1lc2VCheI5XjGrCjSCl+jKvj/W2OtvJCiMUSkNYEjqVva
ekjRhrC+55bpL4DP+6oEflQ8Dtq2CgSCnz/o+da5DIb0br7ppiAETvfHIOGNyhN7
jaHNE2YMPyLgS353NwqsXGRD2+nkI2Li7hmZI3ziCB8yp3xauM+E
-----END CERTIFICATE-----