Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/VWY8XiWq4Jote7W-6rigfrKoiY4.roa
File:                     VWY8XiWq4Jote7W-6rigfrKoiY4.roa (raw, json)
Hash identifier:          ON7HuggQtcTWGIVCoLH7d6Q/DUJJsZCop+RTdEiL82o=
Subject key identifier:   55:66:3C:5E:25:AA:E0:9A:2D:7B:B5:BE:EA:B8:A0:7E:B2:A8:89:8E
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       01961C01F61853E60B0DA89A1540E771362C
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/VWY8XiWq4Jote7W-6rigfrKoiY4.roa
Signing time:             Wed 09 Apr 2025 19:23:32 +0000
ROA not before:           Wed 09 Apr 2025 19:23:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        91.109.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:1c:01:f6:18:53:e6:0b:0d:a8:9a:15:40:e7:71:36:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Apr  9 19:23:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55663c5e25aae09a2d7bb5beeab8a07eb2a8898e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:49:d5:8e:59:b1:90:54:0b:09:b0:e8:b2:c1:
                    e5:61:cd:46:cc:a7:ef:80:76:e5:aa:b8:20:ec:ba:
                    b0:f5:c0:c7:2d:24:09:6b:18:92:25:6e:3a:21:66:
                    86:57:46:52:f1:40:49:bc:ec:ff:1f:85:a4:1c:9b:
                    f3:61:50:65:cd:2f:e0:f3:02:c6:73:61:2a:54:de:
                    4a:85:96:10:1d:f8:30:ad:2a:d7:9c:05:fd:90:6d:
                    ac:4b:8a:d6:4b:93:29:d4:4b:f3:4a:ff:89:22:09:
                    62:c6:a4:ff:97:30:f8:07:11:55:bb:7c:7c:c2:9f:
                    6b:9c:07:f6:5a:77:65:43:ed:ee:f5:82:a8:86:7f:
                    9f:9f:90:bf:61:04:bf:99:ad:11:f2:40:9b:9d:e7:
                    1c:c7:4f:fc:97:f1:bd:3e:c2:bf:8e:02:3c:f7:d8:
                    4c:99:3e:f0:1e:10:89:94:da:a4:89:09:37:02:e7:
                    e5:ec:85:2a:5b:33:56:71:e1:1a:01:90:c6:17:24:
                    98:2a:e0:83:9c:53:1a:1e:4b:e9:f4:ad:4f:17:38:
                    32:af:77:0e:1c:51:cd:50:b7:d0:c4:1c:6d:03:b9:
                    b2:e1:62:b6:d2:4c:3a:a4:23:ba:73:3a:2b:6f:61:
                    11:f1:55:44:cf:c7:66:20:47:51:a5:60:38:d2:bb:
                    8f:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:66:3C:5E:25:AA:E0:9A:2D:7B:B5:BE:EA:B8:A0:7E:B2:A8:89:8E
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/VWY8XiWq4Jote7W-6rigfrKoiY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:bb:27:4d:5c:77:c5:5d:93:34:64:7a:66:15:7e:eb:5c:36:
         56:00:53:2c:e7:67:ee:76:25:42:27:c9:df:72:e3:05:fd:1a:
         e7:d6:92:cf:9d:4d:e1:ef:84:49:58:59:1c:ef:4f:c5:f3:7c:
         6f:cc:13:ed:4d:b3:57:e4:89:0e:78:8d:39:cf:65:31:2b:6f:
         af:cd:49:ab:bd:73:83:b8:49:f8:44:b3:70:94:ef:71:b1:15:
         e3:c8:34:be:9d:eb:24:92:0c:40:6b:80:72:41:5b:b2:75:f3:
         4f:42:31:9b:3d:c4:c6:0d:83:f5:40:06:97:b6:17:4e:c7:e2:
         51:e2:b5:d8:d2:18:2b:f1:2f:b6:d7:78:2a:19:7c:37:31:6a:
         73:67:06:ad:4f:c7:30:17:ef:23:58:18:ec:65:7f:14:ac:b4:
         cd:b1:9f:d8:7c:4c:e8:28:33:93:b8:f5:e2:87:18:75:8f:8d:
         68:bd:fc:ee:f1:b4:b5:8a:99:ed:07:ec:a8:a8:71:bd:c3:32:
         de:94:37:85:16:f5:e8:af:15:81:9b:7d:5c:5f:b0:c1:6b:fd:
         26:ef:da:6f:a8:47:8e:de:3c:ab:fb:3d:8f:b5:77:64:f0:96:
         78:13:4a:da:2b:dc:6b:24:cf:69:52:c9:dd:ff:24:95:65:09:
         f7:1e:cc:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYcAfYYU+YLDaiaFUDncTYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwNDA5MTkyMzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTY2M2M1ZTI1YWFlMDlhMmQ3YmI1YmVlYWI4YTA3ZWIyYTg4OThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4EnVjlmxkFQLCbDossHlYc1GzKfv
gHblqrgg7Lqw9cDHLSQJaxiSJW46IWaGV0ZS8UBJvOz/H4WkHJvzYVBlzS/g8wLG
c2EqVN5KhZYQHfgwrSrXnAX9kG2sS4rWS5Mp1EvzSv+JIglixqT/lzD4BxFVu3x8
wp9rnAf2WndlQ+3u9YKohn+fn5C/YQS/ma0R8kCbneccx0/8l/G9PsK/jgI899hM
mT7wHhCJlNqkiQk3Aufl7IUqWzNWceEaAZDGFySYKuCDnFMaHkvp9K1PFzgyr3cO
HFHNULfQxBxtA7my4WK20kw6pCO6czorb2ER8VVEz8dmIEdRpWA40ruPEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFVmPF4lquCaLXu1vuq4oH6yqImOMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvVldZOFhpV3E0Sm90ZTdXLTZyaWdmcktvaVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW20vMA0G
CSqGSIb3DQEBCwUAA4IBAQCouydNXHfFXZM0ZHpmFX7rXDZWAFMs52fudiVCJ8nf
cuMF/Rrn1pLPnU3h74RJWFkc70/F83xvzBPtTbNX5IkOeI05z2UxK2+vzUmrvXOD
uEn4RLNwlO9xsRXjyDS+neskkgxAa4ByQVuydfNPQjGbPcTGDYP1QAaXthdOx+JR
4rXY0hgr8S+213gqGXw3MWpzZwatT8cwF+8jWBjsZX8UrLTNsZ/YfEzoKDOTuPXi
hxh1j41ovfzu8bS1ipntB+yoqHG9wzLelDeFFvXorxWBm31cX7DBa/0m79pvqEeO
3jyr+z2PtXdk8JZ4E0raK9xrJM9pUsnd/ySVZQn3HszB
-----END CERTIFICATE-----