Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/9hbofTa8wmBhXG-prhgMHzrh8LQ.roa
File:                     9hbofTa8wmBhXG-prhgMHzrh8LQ.roa (raw, json)
Hash identifier:          oj+TVOa3IXAijydn5VPy/DSH3tXPUY065JYAspyYspE=
Subject key identifier:   F6:16:E8:7D:36:BC:C2:60:61:5C:6F:A9:AE:18:0C:1F:3A:E1:F0:B4
Certificate issuer:       /CN=c9e0e4c9acbf701f930149b325ce042cf9f92a59
Certificate serial:       019534C555C64C074C1628462DBBCFFED9C8
Authority key identifier: C9:E0:E4:C9:AC:BF:70:1F:93:01:49:B3:25:CE:04:2C:F9:F9:2A:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yeDkyay_cB-TAUmzJc4ELPn5Klk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/9hbofTa8wmBhXG-prhgMHzrh8LQ.roa
Signing time:             Sun 23 Feb 2025 21:45:02 +0000
ROA not before:           Sun 23 Feb 2025 21:45:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        91.213.126.0/24 maxlen: 24
                          2a12:7280::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/yeDkyay_cB-TAUmzJc4ELPn5Klk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/yeDkyay_cB-TAUmzJc4ELPn5Klk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yeDkyay_cB-TAUmzJc4ELPn5Klk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:04:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:34:c5:55:c6:4c:07:4c:16:28:46:2d:bb:cf:fe:d9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c9e0e4c9acbf701f930149b325ce042cf9f92a59
        Validity
            Not Before: Feb 23 21:45:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f616e87d36bcc260615c6fa9ae180c1f3ae1f0b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:be:7b:62:9d:6e:f9:a7:e2:36:02:ea:0a:60:
                    0c:0b:b7:56:91:84:24:bb:3c:d1:ff:08:47:d6:9c:
                    61:6e:c9:c8:15:66:6e:84:8d:6d:7d:af:60:d9:b1:
                    e6:10:86:02:48:35:5e:ef:c1:fc:ba:e5:b3:fe:13:
                    a8:e3:65:ab:47:d2:a1:04:cf:32:b4:b0:f0:6b:c8:
                    73:07:e8:77:89:6d:de:8e:69:3b:6d:b6:2b:bd:91:
                    33:6f:b6:67:8b:90:aa:1f:bd:4e:21:50:f7:fa:8c:
                    df:e1:1f:6d:21:cd:2f:6c:a3:a5:3b:6f:89:4c:0f:
                    53:4c:7c:bb:c3:bb:45:cc:f6:bc:b7:22:9d:02:a9:
                    46:a8:39:92:69:a4:f7:ec:eb:0c:bb:86:dc:9d:79:
                    c7:48:58:e0:56:64:a2:04:ed:6f:95:c9:09:de:6f:
                    3c:1a:20:41:57:3b:c9:bd:a2:9f:84:67:6a:56:27:
                    93:55:07:74:74:38:87:f8:94:25:ac:1c:10:5c:15:
                    ff:74:64:9c:7c:a9:bd:30:a1:1b:7f:8b:68:f3:f8:
                    56:fc:a8:ef:91:6e:9b:fb:2e:1f:07:07:1e:e1:fd:
                    f2:95:9f:15:d0:d5:a2:53:7d:ab:a8:cb:62:a5:e7:
                    56:02:ad:40:b5:53:b4:ae:4b:43:60:ab:aa:75:ed:
                    5c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:16:E8:7D:36:BC:C2:60:61:5C:6F:A9:AE:18:0C:1F:3A:E1:F0:B4
            X509v3 Authority Key Identifier:
                keyid:C9:E0:E4:C9:AC:BF:70:1F:93:01:49:B3:25:CE:04:2C:F9:F9:2A:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yeDkyay_cB-TAUmzJc4ELPn5Klk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/9hbofTa8wmBhXG-prhgMHzrh8LQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/fdb641-d1a3-4dda-bf91-be7c828c3693/1/yeDkyay_cB-TAUmzJc4ELPn5Klk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.126.0/24
                IPv6:
                  2a12:7280::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:13:ed:a1:9d:7d:4e:ef:b1:61:f2:e1:4c:8b:66:cd:31:56:
         7c:d3:fa:e3:58:47:a0:15:71:e2:ab:d5:cd:03:47:77:53:39:
         3e:d6:3f:1c:b8:5e:4b:41:33:2c:64:49:71:cf:d7:68:9a:82:
         a1:a9:8a:dc:93:9b:8b:2e:f0:f2:34:57:61:d2:6b:91:20:c4:
         9d:95:f8:42:1f:c9:48:49:76:a6:be:d4:ed:40:ee:04:60:cc:
         d8:aa:68:78:73:f5:54:24:ef:0d:fe:43:3b:09:92:ae:b6:59:
         82:67:cb:17:07:bc:78:a0:39:43:c1:0f:19:93:bb:97:ed:31:
         0b:37:84:01:25:fe:a0:03:24:f7:d2:a6:1a:40:e4:53:64:8b:
         65:d8:fe:39:44:fa:c3:34:5c:39:4e:25:69:9b:52:2c:59:ee:
         0e:b6:4e:4a:cd:fd:d2:5a:37:7f:9e:b8:37:20:ac:ca:0d:af:
         cb:c4:b0:25:88:22:21:a4:38:94:08:c6:ef:ec:8e:25:df:06:
         3d:3d:db:98:0e:f7:09:7d:a9:25:3f:f4:58:34:5a:db:5b:54:
         f2:8a:61:b1:1f:b8:66:8d:a6:5d:d2:c5:87:f1:03:7f:33:ac:
         70:5a:7f:4e:d1:d5:89:89:c8:cf:34:e1:41:ea:24:ad:29:d5:
         02:54:f7:14
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZU0xVXGTAdMFihGLbvP/tnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZTBlNGM5YWNiZjcwMWY5MzAxNDliMzI1Y2UwNDJjZjlm
OTJhNTkwHhcNMjUwMjIzMjE0NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE2ZTg3ZDM2YmNjMjYwNjE1YzZmYTlhZTE4MGMxZjNhZTFmMGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtb57Yp1u+afiNgLqCmAMC7dWkYQk
uzzR/whH1pxhbsnIFWZuhI1tfa9g2bHmEIYCSDVe78H8uuWz/hOo42WrR9KhBM8y
tLDwa8hzB+h3iW3ejmk7bbYrvZEzb7Zni5CqH71OIVD3+ozf4R9tIc0vbKOlO2+J
TA9TTHy7w7tFzPa8tyKdAqlGqDmSaaT37OsMu4bcnXnHSFjgVmSiBO1vlckJ3m88
GiBBVzvJvaKfhGdqVieTVQd0dDiH+JQlrBwQXBX/dGScfKm9MKEbf4to8/hW/Kjv
kW6b+y4fBwce4f3ylZ8V0NWiU32rqMtipedWAq1AtVO0rktDYKuqde1ckwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPYW6H02vMJgYVxvqa4YDB864fC0MB8GA1UdIwQY
MBaAFMng5Mmsv3AfkwFJsyXOBCz5+SpZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWVEa3lheV9jQi1UQVVtekpjNEVMUG41S2xrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mZGI2NDEtZDFhMy00ZGRhLWJmOTEt
YmU3YzgyOGMzNjkzLzEvOWhib2ZUYTh3bUJoWEctcHJoZ01IenJoOExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mZGI2NDEtZDFhMy00ZGRhLWJmOTEtYmU3YzgyOGMzNjkz
LzEveWVEa3lheV9jQi1UQVVtekpjNEVMUG41S2xrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9V+MA0E
AgACMAcDBQMqEnKAMA0GCSqGSIb3DQEBCwUAA4IBAQCNE+2hnX1O77Fh8uFMi2bN
MVZ80/rjWEegFXHiq9XNA0d3Uzk+1j8cuF5LQTMsZElxz9domoKhqYrck5uLLvDy
NFdh0muRIMSdlfhCH8lISXamvtTtQO4EYMzYqmh4c/VUJO8N/kM7CZKutlmCZ8sX
B7x4oDlDwQ8Zk7uX7TELN4QBJf6gAyT30qYaQORTZItl2P45RPrDNFw5TiVpm1Is
We4Otk5Kzf3SWjd/nrg3IKzKDa/LxLAliCIhpDiUCMbv7I4l3wY9PduYDvcJfakl
P/RYNFrbW1TyimGxH7hmjaZd0sWH8QN/M6xwWn9O0dWJicjPNOFB6iStKdUCVPcU
-----END CERTIFICATE-----