Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/b67551-35e3-42f1-912b-96a5b5dad671/1/s8WA6XbVKkNfKDWyIPbKv2MkdEI.roa
File:                     s8WA6XbVKkNfKDWyIPbKv2MkdEI.roa (raw, json)
Hash identifier:          cSlX1MSZ3bjIwkd1nKlEU1sHjeRq7ybsweqaQYPJx58=
Subject key identifier:   B3:C5:80:E9:76:D5:2A:43:5F:28:35:B2:20:F6:CA:BF:63:24:74:42
Certificate issuer:       /CN=aebc33d5ba585234cccef8a57ad86ca1eafc4aa2
Certificate serial:       01942745B677C4EC76A45C3DFE0096A35363
Authority key identifier: AE:BC:33:D5:BA:58:52:34:CC:CE:F8:A5:7A:D8:6C:A1:EA:FC:4A:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrwz1bpYUjTMzvilethsoer8SqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/b67551-35e3-42f1-912b-96a5b5dad671/1/s8WA6XbVKkNfKDWyIPbKv2MkdEI.roa
Signing time:             Thu 02 Jan 2025 13:47:47 +0000
ROA not before:           Thu 02 Jan 2025 13:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198333
IP address blocks:        91.217.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/b67551-35e3-42f1-912b-96a5b5dad671/1/rrwz1bpYUjTMzvilethsoer8SqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/b67551-35e3-42f1-912b-96a5b5dad671/1/rrwz1bpYUjTMzvilethsoer8SqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrwz1bpYUjTMzvilethsoer8SqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:45:b6:77:c4:ec:76:a4:5c:3d:fe:00:96:a3:53:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aebc33d5ba585234cccef8a57ad86ca1eafc4aa2
        Validity
            Not Before: Jan  2 13:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3c580e976d52a435f2835b220f6cabf63247442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:67:f3:4e:99:88:72:bd:10:b6:05:61:7c:a2:
                    13:04:76:d1:b1:22:55:03:df:7f:0e:79:0d:aa:35:
                    aa:8a:17:05:29:37:41:82:02:b5:84:81:11:07:09:
                    23:33:86:2f:03:db:47:d0:ac:8f:85:4d:af:16:43:
                    a4:46:f4:4f:72:8c:3a:1c:08:13:96:ee:11:9f:82:
                    e3:d0:6c:74:0a:a5:53:e1:c8:12:70:bf:ef:c5:33:
                    0c:db:b1:1a:ea:7d:b9:fa:c9:67:b7:51:99:1d:fd:
                    11:1f:8b:6c:06:07:40:2c:9f:cb:81:70:cf:ee:70:
                    48:e6:8f:35:24:8e:31:7a:a3:22:3c:74:c4:e7:79:
                    c2:ff:9f:23:26:8f:ef:a8:b5:9a:67:61:f2:db:18:
                    c8:09:38:ef:a9:72:b3:e8:7e:88:0c:e3:4d:ec:2b:
                    96:02:b4:25:f9:bc:fd:d2:0f:f7:6e:4e:88:c2:5e:
                    38:0e:7a:8e:78:ee:81:fe:96:ae:5c:dd:34:cb:40:
                    c9:6d:62:dc:e0:15:09:50:96:35:25:ae:87:25:13:
                    13:b5:b3:b0:2f:e2:66:00:2d:ec:cc:50:72:44:ae:
                    bb:c7:5e:e8:29:08:d2:01:38:8e:e3:7a:3f:b5:5c:
                    a9:4b:91:d4:4d:79:14:90:b3:a3:8f:71:39:dd:8e:
                    5a:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:C5:80:E9:76:D5:2A:43:5F:28:35:B2:20:F6:CA:BF:63:24:74:42
            X509v3 Authority Key Identifier:
                keyid:AE:BC:33:D5:BA:58:52:34:CC:CE:F8:A5:7A:D8:6C:A1:EA:FC:4A:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrwz1bpYUjTMzvilethsoer8SqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b67551-35e3-42f1-912b-96a5b5dad671/1/s8WA6XbVKkNfKDWyIPbKv2MkdEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/b67551-35e3-42f1-912b-96a5b5dad671/1/rrwz1bpYUjTMzvilethsoer8SqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:c5:e4:55:09:13:59:95:0c:49:1a:a6:68:4b:ec:38:99:58:
         d7:27:50:f9:ef:74:fe:97:27:20:3b:e7:da:58:fc:be:9e:85:
         57:3c:ad:fc:b6:51:2b:3e:8a:29:de:f1:72:a4:90:36:59:d3:
         7d:6b:92:5a:c7:37:54:a9:e1:92:19:c7:ad:39:90:fc:54:d5:
         4b:4f:f4:9b:b2:c6:75:a7:52:64:93:ee:8f:81:46:a9:8c:75:
         67:21:d4:60:0e:a3:a3:64:9c:a0:fc:2e:77:d7:a3:28:cb:0c:
         7f:85:50:6a:ff:21:38:e8:97:01:e1:0a:12:c1:e0:22:36:32:
         12:1a:0a:65:b6:30:ff:9c:ea:c9:56:fb:4f:28:ab:00:8d:91:
         00:c7:15:bb:1e:ab:cc:a6:3c:a7:25:e9:03:3d:5e:04:6b:e1:
         d0:48:e7:51:ab:7b:c2:41:98:9a:64:f2:a3:b9:28:25:46:b6:
         d7:0b:ed:93:95:e5:0f:de:cb:7e:89:aa:5b:d0:32:79:6d:05:
         be:55:b6:4a:fa:ae:85:16:25:cc:aa:cb:f1:88:3a:93:98:12:
         cb:ad:d4:39:45:aa:1b:bd:fc:f2:e1:a1:a8:af:c5:d0:9d:3b:
         7c:34:63:5a:a7:a0:ed:f0:ad:7e:94:fc:89:10:8e:68:21:96:
         5c:82:da:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRbZ3xOx2pFw9/gCWo1NjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYmMzM2Q1YmE1ODUyMzRjY2NlZjhhNTdhZDg2Y2ExZWFm
YzRhYTIwHhcNMjUwMTAyMTM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2M1ODBlOTc2ZDUyYTQzNWYyODM1YjIyMGY2Y2FiZjYzMjQ3NDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmfzTpmIcr0QtgVhfKITBHbRsSJV
A99/DnkNqjWqihcFKTdBggK1hIERBwkjM4YvA9tH0KyPhU2vFkOkRvRPcow6HAgT
lu4Rn4Lj0Gx0CqVT4cgScL/vxTMM27Ea6n25+slnt1GZHf0RH4tsBgdALJ/LgXDP
7nBI5o81JI4xeqMiPHTE53nC/58jJo/vqLWaZ2Hy2xjICTjvqXKz6H6IDONN7CuW
ArQl+bz90g/3bk6Iwl44DnqOeO6B/pauXN00y0DJbWLc4BUJUJY1Ja6HJRMTtbOw
L+JmAC3szFByRK67x17oKQjSATiO43o/tVypS5HUTXkUkLOjj3E53Y5aawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLPFgOl21SpDXyg1siD2yr9jJHRCMB8GA1UdIwQY
MBaAFK68M9W6WFI0zM74pXrYbKHq/EqiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJ3ejFicFlValRNenZpbGV0aHNvZXI4U3FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9iNjc1NTEtMzVlMy00MmYxLTkxMmIt
OTZhNWI1ZGFkNjcxLzEvczhXQTZYYlZLa05mS0RXeUlQYkt2Mk1rZEVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9iNjc1NTEtMzVlMy00MmYxLTkxMmItOTZhNWI1ZGFkNjcx
LzEvcnJ3ejFicFlValRNenZpbGV0aHNvZXI4U3FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9mNMA0G
CSqGSIb3DQEBCwUAA4IBAQCPxeRVCRNZlQxJGqZoS+w4mVjXJ1D573T+lycgO+fa
WPy+noVXPK38tlErPoop3vFypJA2WdN9a5JaxzdUqeGSGcetOZD8VNVLT/SbssZ1
p1Jkk+6PgUapjHVnIdRgDqOjZJyg/C5316Moywx/hVBq/yE46JcB4QoSweAiNjIS
GgpltjD/nOrJVvtPKKsAjZEAxxW7HqvMpjynJekDPV4Ea+HQSOdRq3vCQZiaZPKj
uSglRrbXC+2TleUP3st+iapb0DJ5bQW+VbZK+q6FFiXMqsvxiDqTmBLLrdQ5Raob
vfzy4aGor8XQnTt8NGNap6Dt8K1+lPyJEI5oIZZcgtoR
-----END CERTIFICATE-----