Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/s36NnV4BEmNAGVVpW4Q6tZ1SdBs.roa
File:                     s36NnV4BEmNAGVVpW4Q6tZ1SdBs.roa (raw, json)
Hash identifier:          +o3+HumRoGhYfsOubY4wwqGbFSgOLOFq9cUXdWeku6E=
Subject key identifier:   B3:7E:8D:9D:5E:01:12:63:40:19:55:69:5B:84:3A:B5:9D:52:74:1B
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       01981927A677068505D04E763B33CAF624BC
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/s36NnV4BEmNAGVVpW4Q6tZ1SdBs.roa
Signing time:             Thu 17 Jul 2025 16:11:25 +0000
ROA not before:           Thu 17 Jul 2025 16:11:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        91.197.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 21:50:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:19:27:a6:77:06:85:05:d0:4e:76:3b:33:ca:f6:24:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jul 17 16:11:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b37e8d9d5e011263401955695b843ab59d52741b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:b6:31:f9:0b:ff:f1:9b:71:4c:76:81:d3:6d:
                    8c:09:d9:7c:fa:61:c1:66:81:41:e9:24:c6:db:88:
                    ca:7f:5f:35:23:80:35:97:69:6a:4f:f9:7a:c9:2e:
                    73:85:83:ad:4c:f4:8c:f6:ad:81:46:94:91:d1:52:
                    64:7f:31:19:0b:98:65:5a:38:af:e5:22:e5:83:b5:
                    2f:31:d9:a9:0f:96:25:4a:9d:25:84:45:f2:ee:b9:
                    74:ad:f8:70:b9:45:ac:70:a4:bb:a7:35:05:b6:cf:
                    66:7a:f2:e0:58:b3:fb:cb:05:83:49:01:c5:ed:8a:
                    77:10:8d:e3:03:dc:2b:63:bd:c3:2a:0e:4a:ce:f5:
                    3c:72:eb:1d:3e:b0:84:54:09:ab:b5:dc:b7:4c:f6:
                    e8:57:07:ef:59:05:30:78:cc:f1:62:d3:12:cf:97:
                    d9:fd:23:2b:6d:7e:0b:aa:32:ac:c3:a6:b1:7b:59:
                    e0:09:f5:59:7c:58:58:9b:03:be:dc:31:f9:b8:a8:
                    ef:91:4f:7e:31:1f:69:63:a0:4f:51:f9:52:01:8d:
                    b8:25:73:8a:a3:15:65:14:6d:32:bd:75:ff:ad:52:
                    4a:e8:e5:29:89:e7:b8:74:01:fb:9b:e3:0c:91:19:
                    ca:57:8d:2a:65:1c:c4:16:fe:d0:95:0d:db:7f:64:
                    2e:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:7E:8D:9D:5E:01:12:63:40:19:55:69:5B:84:3A:B5:9D:52:74:1B
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/s36NnV4BEmNAGVVpW4Q6tZ1SdBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:b4:70:be:22:b1:5b:04:ce:aa:5e:d3:db:d0:a6:2f:8e:0b:
         ea:0e:b8:9b:93:71:82:e1:fa:00:61:aa:7b:ca:75:95:da:e8:
         c2:14:7a:b9:0e:75:c4:1a:c2:64:fb:f6:0b:b4:09:3b:f6:2d:
         e4:63:f6:d2:8a:57:78:79:b6:92:75:97:d6:d2:a4:dd:90:8c:
         e1:79:49:e4:48:e5:cd:db:0d:b8:2f:d0:0c:83:25:7c:4e:fc:
         22:73:2e:2e:43:fa:18:47:5f:f3:78:5b:c1:fd:cb:21:a4:6f:
         fb:d9:27:f5:c7:d1:25:74:cb:ce:3f:86:59:0e:ce:48:ff:83:
         f2:66:db:ec:14:0d:e4:c1:ab:c8:fb:0c:bc:43:4a:b4:cf:50:
         41:42:f3:72:63:5f:56:fb:fc:b5:50:16:92:34:38:17:4a:d2:
         c8:1a:72:b7:4f:c7:df:41:bc:8a:cb:9b:4a:48:33:0e:c4:52:
         cb:ce:34:9f:df:b3:56:41:d1:ff:19:27:64:1e:6c:e2:a7:19:
         ca:d2:98:fd:08:17:44:6c:b1:3c:68:4d:71:72:ae:78:c3:1f:
         c3:4d:ba:14:b3:f3:06:5b:46:89:24:76:b8:41:d5:fb:db:f3:
         ac:fe:11:2b:9a:35:0a:7f:d1:7b:eb:a0:20:9c:b9:43:9f:3c:
         ee:e7:40:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgZJ6Z3BoUF0E52OzPK9iS8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUwNzE3MTYxMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzdlOGQ5ZDVlMDExMjYzNDAxOTU1Njk1Yjg0M2FiNTlkNTI3NDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7Yx+Qv/8ZtxTHaB022MCdl8+mHB
ZoFB6STG24jKf181I4A1l2lqT/l6yS5zhYOtTPSM9q2BRpSR0VJkfzEZC5hlWjiv
5SLlg7UvMdmpD5YlSp0lhEXy7rl0rfhwuUWscKS7pzUFts9mevLgWLP7ywWDSQHF
7Yp3EI3jA9wrY73DKg5KzvU8cusdPrCEVAmrtdy3TPboVwfvWQUweMzxYtMSz5fZ
/SMrbX4LqjKsw6axe1ngCfVZfFhYmwO+3DH5uKjvkU9+MR9pY6BPUflSAY24JXOK
oxVlFG0yvXX/rVJK6OUpiee4dAH7m+MMkRnKV40qZRzEFv7QlQ3bf2QudwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLN+jZ1eARJjQBlVaVuEOrWdUnQbMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvczM2Tm5WNEJFbU5BR1ZWcFc0UTZ0WjFTZEJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8VHMA0G
CSqGSIb3DQEBCwUAA4IBAQA2tHC+IrFbBM6qXtPb0KYvjgvqDribk3GC4foAYap7
ynWV2ujCFHq5DnXEGsJk+/YLtAk79i3kY/bSild4ebaSdZfW0qTdkIzheUnkSOXN
2w24L9AMgyV8Tvwicy4uQ/oYR1/zeFvB/cshpG/72Sf1x9EldMvOP4ZZDs5I/4Py
ZtvsFA3kwavI+wy8Q0q0z1BBQvNyY19W+/y1UBaSNDgXStLIGnK3T8ffQbyKy5tK
SDMOxFLLzjSf37NWQdH/GSdkHmzipxnK0pj9CBdEbLE8aE1xcq54wx/DTboUs/MG
W0aJJHa4QdX72/Os/hErmjUKf9F766AgnLlDnzzu50Ac
-----END CERTIFICATE-----