Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/a9iv50ooVHm1APCybq4owIunnG8.roa
File:                     a9iv50ooVHm1APCybq4owIunnG8.roa (raw, json)
Hash identifier:          phKXw/sbpuIWnctwyonEWyJEOXe+K9H58t2l6qBy6tg=
Subject key identifier:   6B:D8:AF:E7:4A:28:54:79:B5:00:F0:B2:6E:AE:28:C0:8B:A7:9C:6F
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       019427B4884FF737A3C636E5992611B41F32
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/a9iv50ooVHm1APCybq4owIunnG8.roa
Signing time:             Thu 02 Jan 2025 15:48:50 +0000
ROA not before:           Thu 02 Jan 2025 15:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215443
IP address blocks:        91.204.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:88:4f:f7:37:a3:c6:36:e5:99:26:11:b4:1f:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan  2 15:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6bd8afe74a285479b500f0b26eae28c08ba79c6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:66:e5:7e:cc:9d:ba:dd:20:e7:9f:3b:8d:fc:
                    c5:b9:2a:74:6c:47:15:94:73:56:68:f2:65:6e:1c:
                    a7:56:fe:ec:46:07:b6:14:b4:2d:2a:79:bd:2e:d1:
                    35:3b:39:a7:fe:20:48:99:16:be:e0:b0:0a:a3:1d:
                    06:1f:6d:70:de:12:ef:59:8d:d1:dc:ee:16:cf:b2:
                    ca:17:4d:60:36:cd:cf:45:91:91:30:ee:88:23:c3:
                    a3:3c:7c:8f:a1:68:7c:65:cc:6b:1b:4e:3e:a3:7f:
                    5c:c0:17:4a:8b:0a:13:fa:c5:43:eb:cd:35:0b:83:
                    89:f6:f6:d3:e8:99:85:8e:22:1c:47:67:8a:12:af:
                    d1:10:41:6c:3a:4d:fc:74:79:d2:aa:bf:ad:c3:e8:
                    a3:b8:16:0d:7c:16:30:e2:8c:2d:bb:91:8f:17:62:
                    81:d8:c4:85:48:20:79:04:bf:00:56:44:04:9a:69:
                    98:bd:f8:e0:8d:ff:84:c9:53:dd:25:5a:7c:5d:08:
                    a4:f7:80:d2:55:63:e4:3b:de:b4:2f:d1:df:35:b7:
                    1c:66:23:2f:f6:bb:8d:94:cb:3d:78:9c:52:3b:33:
                    fd:ea:c0:57:ee:42:bd:36:f9:94:14:54:48:f5:d1:
                    01:b2:45:2c:42:ea:1a:96:2a:0f:c7:68:43:43:b2:
                    46:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:D8:AF:E7:4A:28:54:79:B5:00:F0:B2:6E:AE:28:C0:8B:A7:9C:6F
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/a9iv50ooVHm1APCybq4owIunnG8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:64:05:78:55:cf:2e:12:be:c9:62:a8:c2:a7:fb:4c:48:b5:
         c5:f8:2c:3c:bc:b6:41:4c:ca:36:a7:2d:ba:0c:6c:ad:7e:f4:
         8e:9b:e0:9f:81:e9:a7:27:6c:35:1e:d6:4d:56:20:4e:eb:47:
         3e:c0:74:92:61:28:3b:38:9f:8b:6c:5b:4a:5d:1a:48:dc:15:
         df:fa:88:b1:da:fa:c9:11:c4:64:8d:76:16:b5:92:59:fb:f0:
         5e:8b:dc:a0:5f:17:58:48:2f:b9:cb:1f:0f:13:1f:c4:1b:cd:
         5e:15:a5:34:15:27:b5:8d:7c:35:df:b4:a3:f9:e0:99:e7:b3:
         71:5c:76:0d:06:7a:0b:31:52:69:a9:48:07:e8:1d:c7:25:86:
         38:77:09:21:bb:ea:0a:82:52:85:e5:1f:45:d8:84:fc:29:54:
         41:7d:6c:03:7a:5a:0b:6b:9e:8f:11:49:6a:60:e5:2e:5d:79:
         7e:79:4e:c6:b5:3b:6b:be:e6:60:c3:1b:5c:52:dc:90:b0:ca:
         6f:eb:85:71:96:9a:8a:62:01:8b:d5:7a:66:2c:b9:77:0b:56:
         93:f2:c8:37:f8:87:93:d4:6d:a1:57:2f:30:dc:b0:80:1d:1e:
         5e:dd:48:7d:fd:11:47:ba:7d:72:b4:6f:ac:88:95:93:4f:66:
         7c:bf:12:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntIhP9zejxjblmSYRtB8yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjUwMTAyMTU0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmQ4YWZlNzRhMjg1NDc5YjUwMGYwYjI2ZWFlMjhjMDhiYTc5YzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWblfsydut0g5587jfzFuSp0bEcV
lHNWaPJlbhynVv7sRge2FLQtKnm9LtE1Ozmn/iBImRa+4LAKox0GH21w3hLvWY3R
3O4Wz7LKF01gNs3PRZGRMO6II8OjPHyPoWh8ZcxrG04+o39cwBdKiwoT+sVD6801
C4OJ9vbT6JmFjiIcR2eKEq/REEFsOk38dHnSqr+tw+ijuBYNfBYw4owtu5GPF2KB
2MSFSCB5BL8AVkQEmmmYvfjgjf+EyVPdJVp8XQik94DSVWPkO960L9HfNbccZiMv
9ruNlMs9eJxSOzP96sBX7kK9NvmUFFRI9dEBskUsQuoalioPx2hDQ7JG+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvYr+dKKFR5tQDwsm6uKMCLp5xvMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvYTlpdjUwb29WSG0xQVBDeWJxNG93SXVubkc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8yDMA0G
CSqGSIb3DQEBCwUAA4IBAQBGZAV4Vc8uEr7JYqjCp/tMSLXF+Cw8vLZBTMo2py26
DGytfvSOm+CfgemnJ2w1HtZNViBO60c+wHSSYSg7OJ+LbFtKXRpI3BXf+oix2vrJ
EcRkjXYWtZJZ+/Bei9ygXxdYSC+5yx8PEx/EG81eFaU0FSe1jXw137Sj+eCZ57Nx
XHYNBnoLMVJpqUgH6B3HJYY4dwkhu+oKglKF5R9F2IT8KVRBfWwDeloLa56PEUlq
YOUuXXl+eU7GtTtrvuZgwxtcUtyQsMpv64VxlpqKYgGL1XpmLLl3C1aT8sg3+IeT
1G2hVy8w3LCAHR5e3Uh9/RFHun1ytG+siJWTT2Z8vxLY
-----END CERTIFICATE-----