Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/mxp9eCP_e2nSLu5oRfBqVs7w-s8.roa
File:                     mxp9eCP_e2nSLu5oRfBqVs7w-s8.roa (raw, json)
Hash identifier:          6jdAOohFaolMwD/Z0nQ8nrDtHYVzSE7gtNTijlQEgqw=
Subject key identifier:   9B:1A:7D:78:23:FF:7B:69:D2:2E:EE:68:45:F0:6A:56:CE:F0:FA:CF
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       0198090A0853072B3FE140CE684E88010ACA
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/mxp9eCP_e2nSLu5oRfBqVs7w-s8.roa
Signing time:             Mon 14 Jul 2025 13:05:09 +0000
ROA not before:           Mon 14 Jul 2025 13:05:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199724
IP address blocks:        91.102.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:0a:08:53:07:2b:3f:e1:40:ce:68:4e:88:01:0a:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Jul 14 13:05:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b1a7d7823ff7b69d22eee6845f06a56cef0facf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:dc:cf:a2:7c:ee:58:55:5c:ad:91:34:af:9f:
                    bd:2d:80:a6:d6:e2:b4:8d:dc:24:9b:c5:76:25:22:
                    15:d3:29:56:6e:10:51:e1:e2:e8:bb:26:42:20:12:
                    95:c4:ea:c3:1d:45:e3:4e:52:9a:88:ca:28:4b:fe:
                    c2:28:25:55:06:e3:fe:36:3f:43:6b:1a:33:de:11:
                    3f:4c:e9:10:f9:a1:4f:c8:d4:94:fc:04:9c:b9:56:
                    46:33:d6:c1:7f:10:98:0c:9c:7a:6e:c7:06:c8:a4:
                    89:a6:7b:89:83:0e:8a:8f:96:56:1e:19:05:31:b6:
                    2c:44:b5:e1:4a:a6:69:9b:01:32:38:ff:bf:f4:c5:
                    64:ab:34:bd:4e:0c:bc:1e:f1:8b:b6:3a:da:f4:eb:
                    49:d6:db:fa:20:9c:8b:e8:ee:63:56:98:6d:5b:a8:
                    91:48:1e:01:28:94:e6:bd:da:e9:ca:bb:14:9d:93:
                    90:77:8e:44:1e:e1:52:16:64:7d:33:00:9d:fe:d2:
                    fa:4e:67:3f:eb:88:db:0a:0a:7c:33:c9:65:9d:8d:
                    10:3c:d3:22:95:fb:d4:98:30:b3:9d:47:e1:29:2d:
                    f7:1e:53:9e:93:c1:f2:64:9f:22:fb:bb:98:c0:b1:
                    11:ab:70:cf:e9:35:ec:c2:d9:fc:a8:04:2a:c4:c3:
                    d5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:1A:7D:78:23:FF:7B:69:D2:2E:EE:68:45:F0:6A:56:CE:F0:FA:CF
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/mxp9eCP_e2nSLu5oRfBqVs7w-s8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:c9:a9:7b:28:66:d6:66:51:e5:64:a1:1a:6a:f8:b6:ec:07:
         ab:c2:f4:67:df:66:17:d5:13:52:7c:a2:db:32:9b:30:10:24:
         06:fa:0c:6c:5c:14:f4:c3:c4:f8:6f:2b:7f:d4:db:d2:29:18:
         e3:56:27:a6:b0:ca:b8:cb:01:55:ce:79:9a:1d:10:2f:9d:e6:
         49:57:bd:26:5a:1c:99:3a:7f:a2:b0:f6:39:20:30:3b:22:00:
         ce:f8:8d:93:22:cc:1f:37:e1:d9:c9:48:a1:ce:06:ba:37:1c:
         8e:cc:3c:12:df:7d:e8:6e:70:44:f0:a8:15:8c:86:76:8a:af:
         18:53:3f:92:37:f6:89:56:10:47:09:ec:51:d1:cf:5b:03:0f:
         f8:b6:f1:65:13:91:df:7b:e0:a6:e6:8b:cd:09:c9:2f:4f:0e:
         61:a3:80:af:38:62:70:76:04:39:4c:07:20:cd:f0:45:0f:01:
         fc:46:db:91:02:6a:39:e8:42:66:a9:ff:f8:42:de:8f:9c:e6:
         8e:aa:69:73:76:78:f7:ba:63:2c:ce:d7:83:d5:0f:e4:e2:de:
         d5:4e:ff:0d:47:aa:2c:fd:34:85:3a:c0:76:fa:22:56:bb:b1:
         86:f4:d6:55:64:2a:7c:3f:79:85:94:7f:64:04:85:be:df:01:
         9c:66:43:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJCghTBys/4UDOaE6IAQrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjUwNzE0MTMwNTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjFhN2Q3ODIzZmY3YjY5ZDIyZWVlNjg0NWYwNmE1NmNlZjBmYWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNzPonzuWFVcrZE0r5+9LYCm1uK0
jdwkm8V2JSIV0ylWbhBR4eLouyZCIBKVxOrDHUXjTlKaiMooS/7CKCVVBuP+Nj9D
axoz3hE/TOkQ+aFPyNSU/AScuVZGM9bBfxCYDJx6bscGyKSJpnuJgw6Kj5ZWHhkF
MbYsRLXhSqZpmwEyOP+/9MVkqzS9Tgy8HvGLtjra9OtJ1tv6IJyL6O5jVphtW6iR
SB4BKJTmvdrpyrsUnZOQd45EHuFSFmR9MwCd/tL6Tmc/64jbCgp8M8llnY0QPNMi
lfvUmDCznUfhKS33HlOek8HyZJ8i+7uYwLERq3DP6TXswtn8qAQqxMPVKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJsafXgj/3tp0i7uaEXwalbO8PrPMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvbXhwOWVDUF9lMm5TTHU1b1JmQnFWczd3LXM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2agMA0G
CSqGSIb3DQEBCwUAA4IBAQCSyal7KGbWZlHlZKEaavi27AerwvRn32YX1RNSfKLb
MpswECQG+gxsXBT0w8T4byt/1NvSKRjjViemsMq4ywFVznmaHRAvneZJV70mWhyZ
On+isPY5IDA7IgDO+I2TIswfN+HZyUihzga6NxyOzDwS333obnBE8KgVjIZ2iq8Y
Uz+SN/aJVhBHCexR0c9bAw/4tvFlE5Hfe+Cm5ovNCckvTw5ho4CvOGJwdgQ5TAcg
zfBFDwH8RtuRAmo56EJmqf/4Qt6PnOaOqmlzdnj3umMszteD1Q/k4t7VTv8NR6os
/TSFOsB2+iJWu7GG9NZVZCp8P3mFlH9kBIW+3wGcZkMq
-----END CERTIFICATE-----