Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/9YQA36vAku85UbE81d8YCXXLJnY.roa
File:                     9YQA36vAku85UbE81d8YCXXLJnY.roa (raw, json)
Hash identifier:          Aeb9cL8NYmy9yNSDJcp65b2WQtEKFZt794slbkjrbPk=
Subject key identifier:   F5:84:00:DF:AB:C0:92:EF:39:51:B1:3C:D5:DF:18:09:75:CB:26:76
Certificate issuer:       /CN=779a4a4295c638fde760f3cda476d8bfc27112b2
Certificate serial:       0196ED8D5A076E7892FF1D3280F8E2C8CC58
Authority key identifier: 77:9A:4A:42:95:C6:38:FD:E7:60:F3:CD:A4:76:D8:BF:C2:71:12:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d5pKQpXGOP3nYPPNpHbYv8JxErI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/9YQA36vAku85UbE81d8YCXXLJnY.roa
Signing time:             Tue 20 May 2025 11:56:25 +0000
ROA not before:           Tue 20 May 2025 11:56:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56449
IP address blocks:        91.225.156.0/24 maxlen: 24
                          91.225.157.0/24 maxlen: 24
                          91.225.158.0/24 maxlen: 24
                          91.225.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/d5pKQpXGOP3nYPPNpHbYv8JxErI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/d5pKQpXGOP3nYPPNpHbYv8JxErI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d5pKQpXGOP3nYPPNpHbYv8JxErI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:8d:5a:07:6e:78:92:ff:1d:32:80:f8:e2:c8:cc:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=779a4a4295c638fde760f3cda476d8bfc27112b2
        Validity
            Not Before: May 20 11:56:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f58400dfabc092ef3951b13cd5df180975cb2676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:ab:ed:71:dc:d2:01:c0:3e:e0:27:a6:88:14:
                    40:7f:39:fc:b1:25:0c:d3:f4:94:8d:5c:4b:fc:db:
                    d1:d2:04:a7:aa:0d:0d:ab:d7:7d:3a:ae:af:9c:e6:
                    5c:4c:67:0a:29:07:11:01:66:16:47:8c:f0:e2:0c:
                    82:75:af:78:d5:fe:40:95:b2:c8:11:c6:45:ea:bd:
                    f8:17:97:9d:04:51:36:d6:9c:80:03:44:5f:51:68:
                    d2:f9:29:5b:a1:c0:ad:b4:68:5e:e4:29:6c:11:63:
                    1d:5d:fa:2f:61:67:bc:a4:76:f6:0a:61:87:d2:1b:
                    64:eb:6a:71:0f:37:45:d3:99:06:7e:13:74:2a:56:
                    51:85:43:b6:9a:1f:f9:9c:1a:62:80:eb:e4:a1:68:
                    c7:6d:14:8e:45:c3:fd:4f:b7:a9:ae:fa:b5:9e:86:
                    43:6e:fc:3e:e3:3c:f9:35:eb:a2:8a:98:42:1c:9f:
                    98:eb:f8:72:c1:6b:29:7a:f7:be:c8:dd:fb:14:ff:
                    06:97:55:d8:72:75:ba:0b:31:cc:1a:5d:97:d3:64:
                    bf:72:f2:41:54:9d:8c:3b:7f:65:61:d8:05:69:52:
                    d4:cc:fa:ca:b1:9b:64:05:f7:9d:6a:f7:4d:6f:59:
                    36:bd:f9:a0:cd:1c:48:2b:d0:c7:75:15:82:8b:4e:
                    40:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:84:00:DF:AB:C0:92:EF:39:51:B1:3C:D5:DF:18:09:75:CB:26:76
            X509v3 Authority Key Identifier:
                keyid:77:9A:4A:42:95:C6:38:FD:E7:60:F3:CD:A4:76:D8:BF:C2:71:12:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5pKQpXGOP3nYPPNpHbYv8JxErI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/9YQA36vAku85UbE81d8YCXXLJnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fd89f9-98b6-4217-bccd-62c67d4bc546/1/d5pKQpXGOP3nYPPNpHbYv8JxErI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:c1:93:be:62:81:46:79:b1:70:b3:b5:4f:28:c3:94:f9:d0:
         83:a7:3c:e0:96:82:9c:11:f8:5b:ee:74:53:d7:02:28:52:3d:
         ee:02:09:51:d4:09:41:cc:19:39:27:75:da:e2:95:48:53:af:
         2b:4b:34:3f:9b:41:01:a7:84:3d:51:93:57:93:72:82:0c:95:
         ef:fb:85:a0:a9:b7:1c:01:25:70:02:1d:c9:7e:95:25:75:ef:
         96:56:96:fc:f3:cd:a0:c4:ea:30:81:b0:0c:70:cb:0f:03:a3:
         a5:53:9d:49:c2:08:14:3c:b2:34:27:aa:61:5a:dd:79:bc:28:
         db:90:f6:b1:f5:71:2a:74:9b:67:86:a4:b6:a3:a0:47:8a:86:
         4a:70:74:e6:d5:2d:79:1e:7e:87:19:19:3d:39:50:5a:a3:bf:
         7c:6a:62:d7:48:48:2f:d8:9e:0c:12:93:09:be:91:91:28:ec:
         99:ee:78:b4:e1:5d:7d:c9:cc:dc:43:42:a3:62:79:35:97:0c:
         5b:3c:c5:d6:8f:65:25:ec:a1:6d:5b:05:ad:c0:ee:d4:3a:ee:
         6d:e9:92:1c:f4:28:cf:3f:90:05:13:f4:1a:ee:30:92:ea:f7:
         44:04:44:fa:9f:96:75:a6:85:aa:db:e1:3e:a6:8e:d0:d2:1b:
         e1:87:7d:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtjVoHbniS/x0ygPjiyMxYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3OWE0YTQyOTVjNjM4ZmRlNzYwZjNjZGE0NzZkOGJmYzI3
MTEyYjIwHhcNMjUwNTIwMTE1NjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNTg0MDBkZmFiYzA5MmVmMzk1MWIxM2NkNWRmMTgwOTc1Y2IyNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8avtcdzSAcA+4CemiBRAfzn8sSUM
0/SUjVxL/NvR0gSnqg0Nq9d9Oq6vnOZcTGcKKQcRAWYWR4zw4gyCda941f5AlbLI
EcZF6r34F5edBFE21pyAA0RfUWjS+SlbocCttGhe5ClsEWMdXfovYWe8pHb2CmGH
0htk62pxDzdF05kGfhN0KlZRhUO2mh/5nBpigOvkoWjHbRSORcP9T7eprvq1noZD
bvw+4zz5NeuiiphCHJ+Y6/hywWspeve+yN37FP8Gl1XYcnW6CzHMGl2X02S/cvJB
VJ2MO39lYdgFaVLUzPrKsZtkBfedavdNb1k2vfmgzRxIK9DHdRWCi05ABwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPWEAN+rwJLvOVGxPNXfGAl1yyZ2MB8GA1UdIwQY
MBaAFHeaSkKVxjj952DzzaR22L/CcRKyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDVwS1FwWEdPUDNuWVBQTnBIYll2OEp4RXJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mZDg5ZjktOThiNi00MjE3LWJjY2Qt
NjJjNjdkNGJjNTQ2LzEvOVlRQTM2dkFrdTg1VWJFODFkOFlDWFhMSm5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mZDg5ZjktOThiNi00MjE3LWJjY2QtNjJjNjdkNGJjNTQ2
LzEvZDVwS1FwWEdPUDNuWVBQTnBIYll2OEp4RXJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+GcMA0G
CSqGSIb3DQEBCwUAA4IBAQARwZO+YoFGebFws7VPKMOU+dCDpzzgloKcEfhb7nRT
1wIoUj3uAglR1AlBzBk5J3Xa4pVIU68rSzQ/m0EBp4Q9UZNXk3KCDJXv+4Wgqbcc
ASVwAh3JfpUlde+WVpb8882gxOowgbAMcMsPA6OlU51JwggUPLI0J6phWt15vCjb
kPax9XEqdJtnhqS2o6BHioZKcHTm1S15Hn6HGRk9OVBao798amLXSEgv2J4MEpMJ
vpGRKOyZ7ni04V19yczcQ0KjYnk1lwxbPMXWj2Ul7KFtWwWtwO7UOu5t6ZIc9CjP
P5AFE/Qa7jCS6vdEBET6n5Z1poWq2+E+po7Q0hvhh30p
-----END CERTIFICATE-----