Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/yIs7-43LvI6qFPUZ4Fc1B5P-Nd8.roa
File:                     yIs7-43LvI6qFPUZ4Fc1B5P-Nd8.roa (raw, json)
Hash identifier:          7iyioJq4gHgZnNWCIj3ZbngUuVlDh727OLbKlKLfGaU=
Subject key identifier:   C8:8B:3B:FB:8D:CB:BC:8E:AA:14:F5:19:E0:57:35:07:93:FE:35:DF
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0196C53F1EF75E17445A3B3C06A38FE54476
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/yIs7-43LvI6qFPUZ4Fc1B5P-Nd8.roa
Signing time:             Mon 12 May 2025 16:06:10 +0000
ROA not before:           Mon 12 May 2025 16:06:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211415
IP address blocks:        91.212.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c5:3f:1e:f7:5e:17:44:5a:3b:3c:06:a3:8f:e5:44:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: May 12 16:06:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c88b3bfb8dcbbc8eaa14f519e057350793fe35df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:c2:35:b4:b7:5a:d8:38:25:80:ed:2a:80:70:
                    09:2c:eb:c3:d4:51:75:a2:6c:c5:63:85:04:a6:77:
                    5a:46:f0:2d:53:12:67:af:6f:52:02:fc:a9:10:15:
                    69:29:d9:ec:93:b6:9e:68:56:e1:c7:d1:48:68:e9:
                    f4:47:0e:af:3f:82:52:47:f1:e0:38:37:72:9d:7c:
                    e2:58:a7:d0:b2:3e:bb:29:f3:b8:26:2e:9b:ac:58:
                    4b:7d:f4:01:d7:e3:46:d9:82:26:76:86:77:d7:7d:
                    c4:03:19:11:61:63:9c:db:33:61:43:f4:64:fc:76:
                    93:9c:c3:87:8c:47:85:f9:fa:77:b5:f7:db:42:2d:
                    68:80:70:71:05:59:13:81:8d:a1:6c:2f:85:b4:4b:
                    a7:77:26:e0:6a:06:a4:d0:67:c8:36:4f:f8:16:de:
                    f2:0b:ca:3b:8f:ce:13:bc:e8:67:e4:81:49:d1:96:
                    1a:4e:23:f7:4e:34:e1:96:87:b7:13:76:74:3f:ff:
                    41:f0:7a:27:5d:61:95:c5:4f:3e:f7:02:47:ae:3c:
                    50:a5:82:ce:a4:04:c6:22:0c:78:dd:8e:53:48:11:
                    04:8e:2c:f3:a0:a4:95:c0:7b:86:a3:43:10:08:ec:
                    ad:9d:41:3c:b1:80:64:06:0a:83:17:30:8d:80:03:
                    8c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:8B:3B:FB:8D:CB:BC:8E:AA:14:F5:19:E0:57:35:07:93:FE:35:DF
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/yIs7-43LvI6qFPUZ4Fc1B5P-Nd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:43:a2:75:ed:ea:3d:7f:3d:1e:b0:65:8d:10:bf:e9:f1:ee:
         0b:ab:7d:62:b0:1e:6f:f2:e5:86:37:dd:ee:66:de:bc:6a:80:
         2f:99:51:6d:e4:0e:ca:2c:6f:0b:33:dd:9e:b2:ee:ed:5b:14:
         cf:6d:32:c3:01:8f:8d:4e:6b:16:66:e5:81:b0:51:af:9e:d2:
         bc:a1:a0:19:d4:8f:ee:ec:53:41:44:bc:e1:c0:db:a1:d6:cf:
         f7:9e:a9:a5:4b:f2:d4:d0:2c:01:eb:58:f3:06:ff:fc:02:f2:
         de:e4:a6:bf:8a:ef:56:c7:76:de:9b:b7:6a:b3:4e:b5:74:dc:
         bf:2e:da:a0:0c:ee:bc:0b:be:4f:da:7a:23:ef:f1:4c:de:2c:
         99:8d:84:d6:a9:83:f1:9f:ee:ad:32:96:94:e5:1f:1f:90:c0:
         18:dc:50:4b:50:7d:44:8c:7e:f1:80:2e:b3:bd:30:12:fc:09:
         e1:e1:a9:ae:73:5c:96:95:1f:cd:8a:62:a6:a0:a1:13:35:19:
         9d:0c:45:b5:c3:db:ae:3e:20:a5:e4:96:75:e0:fc:cd:2d:d1:
         00:9d:d6:9d:a1:32:a9:f8:b9:85:1f:b2:15:f6:4f:18:71:87:
         39:50:33:29:80:6b:4d:77:2f:58:b9:5f:f7:96:76:a5:e1:3f:
         01:79:62:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbFPx73XhdEWjs8BqOP5UR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNTEyMTYwNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODhiM2JmYjhkY2JiYzhlYWExNGY1MTllMDU3MzUwNzkzZmUzNWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsI1tLda2DglgO0qgHAJLOvD1FF1
omzFY4UEpndaRvAtUxJnr29SAvypEBVpKdnsk7aeaFbhx9FIaOn0Rw6vP4JSR/Hg
ODdynXziWKfQsj67KfO4Ji6brFhLffQB1+NG2YImdoZ3133EAxkRYWOc2zNhQ/Rk
/HaTnMOHjEeF+fp3tffbQi1ogHBxBVkTgY2hbC+FtEundybgagak0GfINk/4Ft7y
C8o7j84TvOhn5IFJ0ZYaTiP3TjThloe3E3Z0P/9B8HonXWGVxU8+9wJHrjxQpYLO
pATGIgx43Y5TSBEEjizzoKSVwHuGo0MQCOytnUE8sYBkBgqDFzCNgAOMyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiLO/uNy7yOqhT1GeBXNQeT/jXfMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEveUlzNy00M0x2STZxRlBVWjRGYzFCNVAtTmQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9TYMA0G
CSqGSIb3DQEBCwUAA4IBAQAlQ6J17eo9fz0esGWNEL/p8e4Lq31isB5v8uWGN93u
Zt68aoAvmVFt5A7KLG8LM92esu7tWxTPbTLDAY+NTmsWZuWBsFGvntK8oaAZ1I/u
7FNBRLzhwNuh1s/3nqmlS/LU0CwB61jzBv/8AvLe5Ka/iu9Wx3bem7dqs061dNy/
LtqgDO68C75P2noj7/FM3iyZjYTWqYPxn+6tMpaU5R8fkMAY3FBLUH1EjH7xgC6z
vTAS/Anh4amuc1yWlR/NimKmoKETNRmdDEW1w9uuPiCl5JZ14PzNLdEAndadoTKp
+LmFH7IV9k8YcYc5UDMpgGtNdy9YuV/3lnal4T8BeWLs
-----END CERTIFICATE-----