Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/nYzAsbllFT7Lr_SB7POfofSL3LI.roa
File:                     nYzAsbllFT7Lr_SB7POfofSL3LI.roa (raw, json)
Hash identifier:          EHarQeauYC+jtiVvfxPF0hW/Y2vVhZb67l4OYu1uAWA=
Subject key identifier:   9D:8C:C0:B1:B9:65:15:3E:CB:AF:F4:81:EC:F3:9F:A1:F4:8B:DC:B2
Certificate issuer:       /CN=975c9ffa65c3c9b57c549e72cd6dc703005b2e0e
Certificate serial:       019584ACB7FCF91100F071F97978AEEED8F2
Authority key identifier: 97:5C:9F:FA:65:C3:C9:B5:7C:54:9E:72:CD:6D:C7:03:00:5B:2E:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l1yf-mXDybV8VJ5yzW3HAwBbLg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/nYzAsbllFT7Lr_SB7POfofSL3LI.roa
Signing time:             Tue 11 Mar 2025 10:07:46 +0000
ROA not before:           Tue 11 Mar 2025 10:07:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43328
IP address blocks:        91.201.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/l1yf-mXDybV8VJ5yzW3HAwBbLg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/l1yf-mXDybV8VJ5yzW3HAwBbLg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l1yf-mXDybV8VJ5yzW3HAwBbLg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 22:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:84:ac:b7:fc:f9:11:00:f0:71:f9:79:78:ae:ee:d8:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=975c9ffa65c3c9b57c549e72cd6dc703005b2e0e
        Validity
            Not Before: Mar 11 10:07:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d8cc0b1b965153ecbaff481ecf39fa1f48bdcb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a7:f7:c1:a5:b8:ee:e9:79:1f:28:d2:4d:dd:
                    52:82:63:e5:d2:0f:3d:96:02:0d:24:26:25:8d:cb:
                    e1:99:20:61:71:7e:88:33:fe:9f:41:01:5a:a4:0a:
                    b9:b4:d4:db:84:49:9a:e4:54:f2:f9:6f:fa:1c:69:
                    e3:64:44:ba:a8:a8:1d:f2:1f:e7:ea:7b:c3:b1:fe:
                    93:0a:6e:7c:3e:87:08:1c:cb:d3:8a:93:4e:32:99:
                    91:48:d9:16:47:45:2c:9a:50:2c:6c:17:d0:e3:5d:
                    bd:f4:e7:b7:e7:cf:af:3f:e2:ee:84:79:be:41:d6:
                    6e:61:12:5b:6f:b9:83:f9:97:ee:b4:01:94:7f:57:
                    b2:15:5d:da:2a:06:88:00:e6:c0:57:87:b9:7b:41:
                    bc:e5:c7:f2:67:cd:ba:b2:d0:1e:2a:31:6a:fb:a5:
                    36:6b:6f:31:f8:e3:d0:49:25:e9:98:4d:f5:57:2f:
                    28:e3:8b:f3:a1:d9:77:53:55:37:35:e4:bf:87:6b:
                    13:98:55:77:43:0d:3e:a3:4d:5f:f5:f4:d4:3c:f8:
                    98:b6:3a:74:19:4b:e2:35:32:9c:53:33:a6:74:99:
                    b2:00:99:b9:84:c3:e0:1d:70:bc:83:5e:2a:3d:cf:
                    31:e5:17:a9:d9:ba:3e:bb:a1:19:74:04:26:b3:f1:
                    02:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:8C:C0:B1:B9:65:15:3E:CB:AF:F4:81:EC:F3:9F:A1:F4:8B:DC:B2
            X509v3 Authority Key Identifier:
                keyid:97:5C:9F:FA:65:C3:C9:B5:7C:54:9E:72:CD:6D:C7:03:00:5B:2E:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l1yf-mXDybV8VJ5yzW3HAwBbLg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/nYzAsbllFT7Lr_SB7POfofSL3LI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/92ecea-3f3c-4baa-834b-126c7b48b847/1/l1yf-mXDybV8VJ5yzW3HAwBbLg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:11:80:80:b9:30:ff:21:49:09:da:54:6a:63:26:0f:e8:ae:
         bc:fe:89:61:a0:dd:2f:a6:ba:c6:a1:b7:8a:7a:17:6f:34:aa:
         97:04:52:d7:34:82:89:36:c5:10:ba:cb:5e:54:ad:80:f4:05:
         65:eb:64:a0:9b:ba:b5:7b:4e:4e:18:7c:23:fd:21:70:9a:c3:
         dd:69:c5:8b:55:de:c5:97:f5:a0:69:43:60:2e:f6:7b:c7:81:
         21:46:dd:33:02:f2:9b:87:dd:b3:54:b5:99:ba:96:df:0d:92:
         7c:99:79:18:0d:4b:4e:93:86:4c:46:05:d4:a0:1e:5d:10:39:
         21:a4:70:7f:35:31:a4:8f:f9:01:26:46:0f:2c:3e:80:eb:72:
         ac:a4:a7:ef:d7:ea:88:00:cb:71:7d:47:cf:a0:e6:ac:8b:8b:
         3a:12:26:0b:91:f9:ef:f9:52:9a:26:13:2d:3d:04:68:ec:78:
         ac:d1:6f:de:2a:78:56:88:9e:85:b5:bb:4f:bc:35:f4:26:94:
         88:17:e4:6d:40:1c:0d:3e:8c:33:76:a7:43:ea:2b:b3:c3:07:
         ce:c1:0f:2b:5d:46:8c:7d:e7:51:20:9e:53:69:52:b8:ec:ba:
         9b:e6:58:b6:c1:3b:5c:52:5d:b1:fa:f8:4f:f0:e7:1e:5f:f5:
         9b:df:c0:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWErLf8+REA8HH5eXiu7tjyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3NWM5ZmZhNjVjM2M5YjU3YzU0OWU3MmNkNmRjNzAzMDA1
YjJlMGUwHhcNMjUwMzExMTAwNzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDhjYzBiMWI5NjUxNTNlY2JhZmY0ODFlY2YzOWZhMWY0OGJkY2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6f3waW47ul5HyjSTd1SgmPl0g89
lgINJCYljcvhmSBhcX6IM/6fQQFapAq5tNTbhEma5FTy+W/6HGnjZES6qKgd8h/n
6nvDsf6TCm58PocIHMvTipNOMpmRSNkWR0UsmlAsbBfQ41299Oe358+vP+LuhHm+
QdZuYRJbb7mD+ZfutAGUf1eyFV3aKgaIAObAV4e5e0G85cfyZ826stAeKjFq+6U2
a28x+OPQSSXpmE31Vy8o44vzodl3U1U3NeS/h2sTmFV3Qw0+o01f9fTUPPiYtjp0
GUviNTKcUzOmdJmyAJm5hMPgHXC8g14qPc8x5Rep2bo+u6EZdAQms/ECrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2MwLG5ZRU+y6/0gezzn6H0i9yyMB8GA1UdIwQY
MBaAFJdcn/plw8m1fFSecs1txwMAWy4OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDF5Zi1tWER5YlY4Vko1eXpXM0hBd0JiTGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85MmVjZWEtM2YzYy00YmFhLTgzNGIt
MTI2YzdiNDhiODQ3LzEvbll6QXNibGxGVDdMcl9TQjdQT2ZvZlNMM0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85MmVjZWEtM2YzYy00YmFhLTgzNGItMTI2YzdiNDhiODQ3
LzEvbDF5Zi1tWER5YlY4Vko1eXpXM0hBd0JiTGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8nsMA0G
CSqGSIb3DQEBCwUAA4IBAQCQEYCAuTD/IUkJ2lRqYyYP6K68/olhoN0vprrGobeK
ehdvNKqXBFLXNIKJNsUQusteVK2A9AVl62Sgm7q1e05OGHwj/SFwmsPdacWLVd7F
l/WgaUNgLvZ7x4EhRt0zAvKbh92zVLWZupbfDZJ8mXkYDUtOk4ZMRgXUoB5dEDkh
pHB/NTGkj/kBJkYPLD6A63KspKfv1+qIAMtxfUfPoOasi4s6EiYLkfnv+VKaJhMt
PQRo7His0W/eKnhWiJ6FtbtPvDX0JpSIF+RtQBwNPowzdqdD6iuzwwfOwQ8rXUaM
fedRIJ5TaVK47Lqb5li2wTtcUl2x+vhP8OceX/Wb38Dz
-----END CERTIFICATE-----