Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/ba95fe-4599-4d83-b6bd-e01919fcfedf/1/kpL1mBA7PiBUtfdmw6AVzfdGe84.roa
File:                     kpL1mBA7PiBUtfdmw6AVzfdGe84.roa (raw, json)
Hash identifier:          X1ZTIcXTz0jbHRbURZ6ZK36qgjM4K05EqBeOsJvnW6o=
Subject key identifier:   92:92:F5:98:10:3B:3E:20:54:B5:F7:66:C3:A0:15:CD:F7:46:7B:CE
Certificate issuer:       /CN=8bb0b17dd89b3864249728b9fc2eeae510fde4fb
Certificate serial:       01942144426CCF3BF9ED7E00E3CF1C3EF9DE
Authority key identifier: 8B:B0:B1:7D:D8:9B:38:64:24:97:28:B9:FC:2E:EA:E5:10:FD:E4:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i7CxfdibOGQklyi5_C7q5RD95Ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/ba95fe-4599-4d83-b6bd-e01919fcfedf/1/kpL1mBA7PiBUtfdmw6AVzfdGe84.roa
Signing time:             Wed 01 Jan 2025 09:48:29 +0000
ROA not before:           Wed 01 Jan 2025 09:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41751
IP address blocks:        91.206.0.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/ba95fe-4599-4d83-b6bd-e01919fcfedf/1/i7CxfdibOGQklyi5_C7q5RD95Ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/ba95fe-4599-4d83-b6bd-e01919fcfedf/1/i7CxfdibOGQklyi5_C7q5RD95Ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i7CxfdibOGQklyi5_C7q5RD95Ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:42:6c:cf:3b:f9:ed:7e:00:e3:cf:1c:3e:f9:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bb0b17dd89b3864249728b9fc2eeae510fde4fb
        Validity
            Not Before: Jan  1 09:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9292f598103b3e2054b5f766c3a015cdf7467bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6d:13:31:81:05:7e:4c:d1:dc:f4:12:55:98:
                    c5:23:23:be:fd:df:6b:63:61:e2:0c:b8:b1:06:43:
                    80:4e:11:f2:c7:44:98:ce:34:70:49:d1:6b:56:62:
                    87:d6:15:8a:38:24:9a:58:f2:ba:ec:17:6a:66:d5:
                    d5:5a:b7:7f:e4:1b:24:ff:fb:33:4e:55:59:56:39:
                    ee:fc:5d:59:a4:f5:9f:fd:14:ec:35:44:dd:e3:76:
                    cb:df:cd:cf:11:e3:70:17:d8:2e:5a:03:85:12:94:
                    b5:fe:00:f5:e4:a6:3f:cb:4b:e6:d2:09:6e:15:7e:
                    a9:28:5a:ec:bc:d7:67:5f:3c:60:5f:c9:0d:78:64:
                    81:3c:8d:45:fc:0b:5e:eb:0d:1d:8e:32:c4:2a:a2:
                    90:8d:df:ce:a0:ec:fb:a0:a0:82:34:b6:d1:91:a6:
                    ea:db:99:27:09:17:44:dc:55:55:f3:46:3e:4d:b0:
                    b9:f7:53:2d:f3:94:81:03:ea:81:5f:63:51:92:e4:
                    ae:a2:ab:77:75:b7:41:0f:58:f4:03:a6:18:da:e5:
                    6c:69:b3:c7:9b:fb:3f:69:06:6d:17:b9:bb:62:49:
                    c7:0a:c8:41:67:bc:a7:94:c1:d4:ff:a3:69:51:8e:
                    29:9b:44:41:86:cc:33:c7:a4:b2:c7:e0:5a:af:c4:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:92:F5:98:10:3B:3E:20:54:B5:F7:66:C3:A0:15:CD:F7:46:7B:CE
            X509v3 Authority Key Identifier:
                keyid:8B:B0:B1:7D:D8:9B:38:64:24:97:28:B9:FC:2E:EA:E5:10:FD:E4:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i7CxfdibOGQklyi5_C7q5RD95Ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ba95fe-4599-4d83-b6bd-e01919fcfedf/1/kpL1mBA7PiBUtfdmw6AVzfdGe84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/ba95fe-4599-4d83-b6bd-e01919fcfedf/1/i7CxfdibOGQklyi5_C7q5RD95Ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         69:1c:01:93:1c:08:a7:f8:21:f1:0a:88:33:cd:eb:0d:da:ef:
         3c:3c:8c:0c:a1:53:3f:87:ea:21:30:89:69:cb:d1:06:f5:f5:
         36:f4:8c:e8:2a:81:47:61:20:9e:5b:c9:09:0d:e9:a6:5f:48:
         bc:ad:da:e3:00:d9:bc:20:5b:d6:66:5f:c1:03:29:20:89:1b:
         72:fa:9e:4a:4e:82:a6:3c:be:a6:f9:38:5c:8e:27:b3:e7:b7:
         f5:c5:e8:0c:0f:b4:b2:3a:eb:a2:3a:a4:3d:c1:02:e5:55:c7:
         3b:a3:b1:2b:be:44:ae:2b:dc:92:d8:5f:16:d9:29:46:0d:2f:
         c6:49:af:99:af:29:21:e4:09:ab:9a:0a:18:34:26:66:2a:cd:
         bb:e6:f8:ca:b3:e1:8e:1d:a8:9e:f7:91:64:ae:b1:a7:5e:1b:
         b5:da:4f:ae:af:93:77:1d:15:f4:f6:b2:f6:fa:4d:95:a0:8f:
         c5:26:03:32:e0:55:16:d5:d9:40:46:54:13:17:5b:84:10:f0:
         6e:fe:6c:07:69:b6:88:91:f1:cf:3e:cf:cd:d2:45:2c:29:02:
         0e:15:c0:46:bf:9f:c6:0f:e2:cf:3b:71:6a:7c:7a:cf:8f:70:
         26:11:c5:a3:9e:83:8f:be:0a:3c:a2:1b:bc:fa:4e:9b:1e:31:
         05:d2:06:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhREJszzv57X4A488cPvneMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYjBiMTdkZDg5YjM4NjQyNDk3MjhiOWZjMmVlYWU1MTBm
ZGU0ZmIwHhcNMjUwMTAxMDk0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjkyZjU5ODEwM2IzZTIwNTRiNWY3NjZjM2EwMTVjZGY3NDY3YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnG0TMYEFfkzR3PQSVZjFIyO+/d9r
Y2HiDLixBkOAThHyx0SYzjRwSdFrVmKH1hWKOCSaWPK67BdqZtXVWrd/5Bsk//sz
TlVZVjnu/F1ZpPWf/RTsNUTd43bL383PEeNwF9guWgOFEpS1/gD15KY/y0vm0glu
FX6pKFrsvNdnXzxgX8kNeGSBPI1F/Ate6w0djjLEKqKQjd/OoOz7oKCCNLbRkabq
25knCRdE3FVV80Y+TbC591Mt85SBA+qBX2NRkuSuoqt3dbdBD1j0A6YY2uVsabPH
m/s/aQZtF7m7YknHCshBZ7ynlMHU/6NpUY4pm0RBhswzx6Syx+Bar8RjxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJKS9ZgQOz4gVLX3ZsOgFc33RnvOMB8GA1UdIwQY
MBaAFIuwsX3YmzhkJJcoufwu6uUQ/eT7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTdDeGZkaWJPR1FrbHlpNV9DN3E1UkQ5NVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9iYTk1ZmUtNDU5OS00ZDgzLWI2YmQt
ZTAxOTE5ZmNmZWRmLzEva3BMMW1CQTdQaUJVdGZkbXc2QVZ6ZmRHZTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9iYTk1ZmUtNDU5OS00ZDgzLWI2YmQtZTAxOTE5ZmNmZWRm
LzEvaTdDeGZkaWJPR1FrbHlpNV9DN3E1UkQ5NVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW84AMA0G
CSqGSIb3DQEBCwUAA4IBAQBpHAGTHAin+CHxCogzzesN2u88PIwMoVM/h+ohMIlp
y9EG9fU29IzoKoFHYSCeW8kJDemmX0i8rdrjANm8IFvWZl/BAykgiRty+p5KToKm
PL6m+Thcjiez57f1xegMD7SyOuuiOqQ9wQLlVcc7o7ErvkSuK9yS2F8W2SlGDS/G
Sa+Zrykh5AmrmgoYNCZmKs275vjKs+GOHaie95FkrrGnXhu12k+ur5N3HRX09rL2
+k2VoI/FJgMy4FUW1dlARlQTF1uEEPBu/mwHabaIkfHPPs/N0kUsKQIOFcBGv5/G
D+LPO3FqfHrPj3AmEcWjnoOPvgo8ohu8+k6bHjEF0gaC
-----END CERTIFICATE-----