Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/yv-lKnLJ7FH3ebM94G5o9mRIoI0.roa
File:                     yv-lKnLJ7FH3ebM94G5o9mRIoI0.roa (raw, json)
Hash identifier:          NaXQYxgPfjl+IpTUFv/7Iibu/QutlXyZxHu9Cx6Aoy0=
Subject key identifier:   CA:FF:A5:2A:72:C9:EC:51:F7:79:B3:3D:E0:6E:68:F6:64:48:A0:8D
Certificate issuer:       /CN=b537115961c6abf5b87abe4a20053e4aca1b6ec2
Certificate serial:       0194221F9C393CA4A290A7D03B68CA3F09F5
Authority key identifier: B5:37:11:59:61:C6:AB:F5:B8:7A:BE:4A:20:05:3E:4A:CA:1B:6E:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tTcRWWHGq_W4er5KIAU-SsobbsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/yv-lKnLJ7FH3ebM94G5o9mRIoI0.roa
Signing time:             Wed 01 Jan 2025 13:48:04 +0000
ROA not before:           Wed 01 Jan 2025 13:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207413
IP address blocks:        91.194.140.0/23 maxlen: 24
                          91.194.166.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/tTcRWWHGq_W4er5KIAU-SsobbsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/tTcRWWHGq_W4er5KIAU-SsobbsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tTcRWWHGq_W4er5KIAU-SsobbsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:9c:39:3c:a4:a2:90:a7:d0:3b:68:ca:3f:09:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b537115961c6abf5b87abe4a20053e4aca1b6ec2
        Validity
            Not Before: Jan  1 13:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=caffa52a72c9ec51f779b33de06e68f66448a08d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:5e:05:ff:58:51:c8:72:d1:dc:95:bf:2e:37:
                    b7:ac:45:1e:2e:ce:32:7b:ef:88:28:21:ef:82:35:
                    8d:c2:d6:a5:23:fa:cc:19:be:08:58:3a:72:3a:7a:
                    e9:b7:df:09:8c:c3:3d:d6:42:0c:d8:2f:c0:6d:ff:
                    5f:bc:e3:a2:4e:03:d9:16:6c:e8:90:6f:a5:2b:eb:
                    f6:03:48:02:7c:f2:cd:e4:f4:9e:f9:b6:7c:d8:4d:
                    be:5f:01:49:2a:1a:31:aa:a7:dc:36:7b:87:3b:03:
                    b7:08:c4:d5:f4:5f:ca:51:f9:c5:b6:73:93:e7:ba:
                    22:98:4d:49:80:c5:1a:b1:31:6e:59:b6:b1:f7:37:
                    81:3f:13:22:e1:dd:0c:f0:10:d3:b7:af:d4:fc:14:
                    01:1d:d7:2e:c9:51:37:ea:af:56:d0:a3:9a:08:2a:
                    be:10:49:26:cd:cf:a8:b9:d3:06:54:88:9a:35:fd:
                    44:f7:c7:3c:07:ad:a3:19:8e:96:4c:92:ac:71:99:
                    83:d6:80:e5:71:ef:5b:e8:87:ea:8a:c0:bd:30:c0:
                    cf:42:e0:29:19:ed:e2:ec:51:d9:bc:15:fc:91:39:
                    19:8a:6f:24:35:f6:be:8a:75:27:33:68:59:9d:04:
                    b2:55:40:c8:bc:d8:58:f6:79:a9:b0:58:b6:ad:63:
                    66:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:FF:A5:2A:72:C9:EC:51:F7:79:B3:3D:E0:6E:68:F6:64:48:A0:8D
            X509v3 Authority Key Identifier:
                keyid:B5:37:11:59:61:C6:AB:F5:B8:7A:BE:4A:20:05:3E:4A:CA:1B:6E:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tTcRWWHGq_W4er5KIAU-SsobbsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/yv-lKnLJ7FH3ebM94G5o9mRIoI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/26cc6a-6f17-40a9-b987-6fc717175e58/1/tTcRWWHGq_W4er5KIAU-SsobbsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.140.0/23
                  91.194.166.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a8:81:99:58:4d:bf:f6:1c:43:37:ba:8e:34:41:b1:08:d2:f5:
         b4:7f:61:8a:f6:82:86:8a:bd:df:c3:66:bc:5d:ca:1c:81:03:
         77:35:82:3e:55:ad:17:fe:7e:70:af:41:5c:f3:ec:1c:12:10:
         e7:c9:4e:bd:41:e4:11:96:16:5a:7b:7f:4f:25:3a:16:f9:24:
         ca:c5:6f:ae:87:52:c8:d9:65:32:a5:4f:59:c3:02:e3:4f:dd:
         08:66:9b:ff:12:ad:72:63:ce:aa:d1:75:55:b6:fa:a3:7e:86:
         91:0b:9e:e5:c0:03:4a:c7:cc:70:c7:17:c4:5f:42:8a:ae:67:
         b9:91:59:3a:6f:7a:4d:9e:a1:c0:ce:6d:92:86:d2:c9:a1:c6:
         7d:fd:08:3c:e6:d2:eb:48:93:75:2d:3c:79:27:c7:7e:00:15:
         e6:3a:05:13:29:b7:87:11:2a:e8:03:d9:4f:91:a5:9b:63:ae:
         fa:50:58:0f:51:7c:19:cf:12:12:db:cc:30:8f:43:4e:e7:4a:
         4e:4d:9f:38:f8:93:a8:31:8e:72:b3:dc:1f:5f:c8:5e:ed:4d:
         1b:26:04:bd:55:fa:40:62:49:7b:0e:31:ba:dc:0d:8a:0b:a9:
         c8:57:53:49:23:94:e7:d4:76:81:b0:da:3d:1b:41:77:6e:f6:
         f0:b2:4e:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH5w5PKSikKfQO2jKPwn1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MzcxMTU5NjFjNmFiZjViODdhYmU0YTIwMDUzZTRhY2Ex
YjZlYzIwHhcNMjUwMTAxMTM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWZmYTUyYTcyYzllYzUxZjc3OWIzM2RlMDZlNjhmNjY0NDhhMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApl4F/1hRyHLR3JW/Lje3rEUeLs4y
e++IKCHvgjWNwtalI/rMGb4IWDpyOnrpt98JjMM91kIM2C/Abf9fvOOiTgPZFmzo
kG+lK+v2A0gCfPLN5PSe+bZ82E2+XwFJKhoxqqfcNnuHOwO3CMTV9F/KUfnFtnOT
57oimE1JgMUasTFuWbax9zeBPxMi4d0M8BDTt6/U/BQBHdcuyVE36q9W0KOaCCq+
EEkmzc+oudMGVIiaNf1E98c8B62jGY6WTJKscZmD1oDlce9b6IfqisC9MMDPQuAp
Ge3i7FHZvBX8kTkZim8kNfa+inUnM2hZnQSyVUDIvNhY9nmpsFi2rWNmFwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMr/pSpyyexR93mzPeBuaPZkSKCNMB8GA1UdIwQY
MBaAFLU3EVlhxqv1uHq+SiAFPkrKG27CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFRjUldXSEdxX1c0ZXI1S0lBVS1Tc29iYnNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8yNmNjNmEtNmYxNy00MGE5LWI5ODct
NmZjNzE3MTc1ZTU4LzEveXYtbEtuTEo3RkgzZWJNOTRHNW85bVJJb0kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8yNmNjNmEtNmYxNy00MGE5LWI5ODctNmZjNzE3MTc1ZTU4
LzEvdFRjUldXSEdxX1c0ZXI1S0lBVS1Tc29iYnNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8KMAwQB
W8KmMA0GCSqGSIb3DQEBCwUAA4IBAQCogZlYTb/2HEM3uo40QbEI0vW0f2GK9oKG
ir3fw2a8XcocgQN3NYI+Va0X/n5wr0Fc8+wcEhDnyU69QeQRlhZae39PJToW+STK
xW+uh1LI2WUypU9ZwwLjT90IZpv/Eq1yY86q0XVVtvqjfoaRC57lwANKx8xwxxfE
X0KKrme5kVk6b3pNnqHAzm2ShtLJocZ9/Qg85tLrSJN1LTx5J8d+ABXmOgUTKbeH
ESroA9lPkaWbY676UFgPUXwZzxIS28wwj0NO50pOTZ84+JOoMY5ys9wfX8he7U0b
JgS9VfpAYkl7DjG63A2KC6nIV1NJI5Tn1HaBsNo9G0F3bvbwsk52
-----END CERTIFICATE-----