Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/aFK2_PVsBjasgrZjR7O6nnMiZLQ.roa
File:                     aFK2_PVsBjasgrZjR7O6nnMiZLQ.roa (raw, json)
Hash identifier:          7C2rn/1bchZfIHI8JBSfQp1OCCG7fXsvQwqma4WoHcE=
Subject key identifier:   68:52:B6:FC:F5:6C:06:36:AC:82:B6:63:47:B3:BA:9E:73:22:64:B4
Certificate issuer:       /CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
Certificate serial:       01983C413C55A200B68F69A0D68327C1E19E
Authority key identifier: 8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/aFK2_PVsBjasgrZjR7O6nnMiZLQ.roa
Signing time:             Thu 24 Jul 2025 11:46:04 +0000
ROA not before:           Thu 24 Jul 2025 11:46:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        91.200.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Jul 2025 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3c:41:3c:55:a2:00:b6:8f:69:a0:d6:83:27:c1:e1:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a6024b2c27a67dff5b654efa06bf7bfc1222625
        Validity
            Not Before: Jul 24 11:46:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6852b6fcf56c0636ac82b66347b3ba9e732264b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:44:a2:49:9d:b7:ae:cd:44:15:2f:91:4f:cc:
                    09:77:46:ef:f3:7c:93:9b:cc:38:32:95:4b:e4:2d:
                    72:f2:c5:5a:87:3c:c2:46:80:8e:4d:ac:a7:fb:e6:
                    49:d2:2e:fb:d3:ba:78:89:65:29:3f:40:44:8c:71:
                    ad:13:7b:5f:2d:7e:53:3e:6d:b8:f9:c9:e6:9d:31:
                    ef:cb:f0:66:1c:cb:0b:c1:14:9b:53:b0:97:6c:35:
                    83:a6:61:9f:30:4e:06:cb:c2:0d:a2:dc:81:5b:43:
                    1a:d3:69:a1:5a:85:55:a1:d8:44:40:fa:7b:76:29:
                    82:2e:79:b2:27:f5:93:11:6b:5a:82:a7:d9:1f:7c:
                    0d:ca:fb:6c:12:d0:02:49:83:16:04:03:86:f1:0a:
                    d5:25:c6:8b:4f:d5:39:94:99:67:33:87:df:c0:16:
                    49:2d:30:71:1a:a0:80:41:c2:e1:8e:a0:50:28:1a:
                    86:13:6a:6e:15:1e:e2:9f:46:43:8c:48:81:72:b0:
                    aa:73:b1:7b:30:93:00:8e:47:08:b6:a4:6e:6c:b2:
                    c5:b7:b5:71:3e:77:5b:1b:08:50:02:20:4e:a0:a8:
                    4b:e4:b3:40:44:5b:59:19:49:42:ef:c9:8e:35:c5:
                    06:89:2a:14:4e:80:77:3a:1b:08:2a:26:dd:bd:b8:
                    ed:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:52:B6:FC:F5:6C:06:36:AC:82:B6:63:47:B3:BA:9E:73:22:64:B4
            X509v3 Authority Key Identifier:
                keyid:8A:60:24:B2:C2:7A:67:DF:F5:B6:54:EF:A0:6B:F7:BF:C1:22:26:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/imAkssJ6Z9_1tlTvoGv3v8EiJiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/aFK2_PVsBjasgrZjR7O6nnMiZLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/33eccf-0ae3-4c7e-a441-08e8f0cbb840/1/imAkssJ6Z9_1tlTvoGv3v8EiJiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:53:eb:d8:a4:1a:b6:2c:1c:20:50:2d:9c:a5:69:01:c1:e3:
         2e:b0:84:e3:d8:f8:7c:af:cf:75:5d:70:99:d6:84:f2:1d:81:
         db:31:ca:f1:1f:27:5c:92:61:01:26:3a:a1:49:38:b3:1f:24:
         58:36:8e:99:14:e9:f4:49:c3:0f:94:c6:f8:02:04:c2:5a:0a:
         ba:ae:3e:6e:bb:d0:2b:23:8e:39:b3:94:4a:3e:58:47:58:6d:
         ff:ae:1b:8a:74:dc:d2:fd:f8:c6:a9:3f:d3:10:ba:9d:35:df:
         96:b4:ee:eb:26:eb:65:5d:34:04:d6:5f:5f:61:41:19:93:9a:
         c3:ca:d0:3f:2c:eb:f9:1e:36:79:87:e8:60:5b:e9:cc:c6:44:
         b7:ad:90:28:4b:a7:61:42:2b:58:1d:c0:2c:93:67:3f:79:70:
         c0:19:35:2b:9f:f7:7e:78:69:0f:7f:db:df:89:1c:dd:80:4a:
         b9:0b:7e:e4:d4:c8:a1:31:a7:ba:53:d3:80:9a:88:3f:3c:62:
         f0:22:ab:83:59:9e:49:c8:3c:59:ae:2f:00:8b:4c:68:c9:cb:
         40:fd:a9:13:10:45:a0:91:ab:6c:78:31:8e:0c:a6:0e:ed:2f:
         88:e0:00:9a:e9:00:72:7f:a9:d7:7b:55:5f:f3:5c:44:30:13:
         25:98:f1:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZg8QTxVogC2j2mg1oMnweGeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhNjAyNGIyYzI3YTY3ZGZmNWI2NTRlZmEwNmJmN2JmYzEy
MjI2MjUwHhcNMjUwNzI0MTE0NjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODUyYjZmY2Y1NmMwNjM2YWM4MmI2NjM0N2IzYmE5ZTczMjI2NGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0SiSZ23rs1EFS+RT8wJd0bv83yT
m8w4MpVL5C1y8sVahzzCRoCOTayn++ZJ0i7707p4iWUpP0BEjHGtE3tfLX5TPm24
+cnmnTHvy/BmHMsLwRSbU7CXbDWDpmGfME4Gy8INotyBW0Ma02mhWoVVodhEQPp7
dimCLnmyJ/WTEWtagqfZH3wNyvtsEtACSYMWBAOG8QrVJcaLT9U5lJlnM4ffwBZJ
LTBxGqCAQcLhjqBQKBqGE2puFR7in0ZDjEiBcrCqc7F7MJMAjkcItqRubLLFt7Vx
PndbGwhQAiBOoKhL5LNARFtZGUlC78mONcUGiSoUToB3OhsIKibdvbjt1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhStvz1bAY2rIK2Y0ezup5zImS0MB8GA1UdIwQY
MBaAFIpgJLLCemff9bZU76Br97/BIiYlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEt
MDhlOGYwY2JiODQwLzEvYUZLMl9QVnNCamFzZ3JaalI3TzZubk1pWkxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zM2VjY2YtMGFlMy00YzdlLWE0NDEtMDhlOGYwY2JiODQw
LzEvaW1Ba3NzSjZaOV8xdGxUdm9HdjN2OEVpSmlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8g7MA0G
CSqGSIb3DQEBCwUAA4IBAQA5U+vYpBq2LBwgUC2cpWkBweMusITj2Ph8r891XXCZ
1oTyHYHbMcrxHydckmEBJjqhSTizHyRYNo6ZFOn0ScMPlMb4AgTCWgq6rj5uu9Ar
I445s5RKPlhHWG3/rhuKdNzS/fjGqT/TELqdNd+WtO7rJutlXTQE1l9fYUEZk5rD
ytA/LOv5HjZ5h+hgW+nMxkS3rZAoS6dhQitYHcAsk2c/eXDAGTUrn/d+eGkPf9vf
iRzdgEq5C37k1MihMae6U9OAmog/PGLwIquDWZ5JyDxZri8Ai0xoyctA/akTEEWg
katseDGODKYO7S+I4ACa6QByf6nXe1Vf81xEMBMlmPEm
-----END CERTIFICATE-----