Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/zIPCunbKhz8cPIKe1giE3uIj7h8.roa
File:                     zIPCunbKhz8cPIKe1giE3uIj7h8.roa (raw, json)
Hash identifier:          9WpdS/c5vPUs7vn29+uicrAavB5QqpuizqnOqwqgIr8=
Subject key identifier:   CC:83:C2:BA:76:CA:87:3F:1C:3C:82:9E:D6:08:84:DE:E2:23:EE:1F
Certificate issuer:       /CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
Certificate serial:       019803DB6CBB865DED3052D6419553DCCF2B
Authority key identifier: 5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/zIPCunbKhz8cPIKe1giE3uIj7h8.roa
Signing time:             Sun 13 Jul 2025 12:56:08 +0000
ROA not before:           Sun 13 Jul 2025 12:56:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34346
IP address blocks:        91.202.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:03:db:6c:bb:86:5d:ed:30:52:d6:41:95:53:dc:cf:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c6b0c001a99ab6296e242173bf7e7fdcf03c019
        Validity
            Not Before: Jul 13 12:56:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc83c2ba76ca873f1c3c829ed60884dee223ee1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a7:13:54:7e:7e:1a:5f:67:cd:0a:bb:89:cd:
                    84:f2:08:c4:af:ba:a7:6a:66:01:d6:e1:13:3c:30:
                    cb:c2:30:3e:a1:b7:52:9a:40:5d:5e:14:fa:76:df:
                    70:8e:7d:a5:60:e2:d0:5d:65:fa:78:21:31:6b:03:
                    de:ee:78:77:aa:41:66:b4:14:fc:c7:74:4d:37:30:
                    5f:d6:6d:b7:49:31:16:a4:6f:af:9c:6d:7a:41:f0:
                    a9:b9:81:9e:96:ea:76:97:59:80:4a:54:29:c3:95:
                    f6:65:85:67:3f:c7:06:5d:c8:1b:5b:b3:70:aa:ba:
                    5e:93:90:95:66:fe:56:48:3a:51:b4:4b:66:a3:c1:
                    72:26:b3:28:20:27:35:1d:4e:d8:42:ad:52:8e:22:
                    b6:b9:57:20:75:db:91:ca:26:d2:fb:75:de:ae:3e:
                    b0:65:7a:b0:60:23:c3:ae:bd:d8:29:2a:d6:13:60:
                    24:e4:0a:c9:b8:3d:18:b3:b8:9b:58:dc:d8:28:9b:
                    a7:5c:80:33:7c:82:2d:5a:c3:63:10:81:a9:d7:b8:
                    19:e0:a5:43:46:4e:00:49:09:69:9c:bd:2e:ea:d0:
                    19:b4:b8:47:a2:61:c1:c6:82:8c:8a:cc:9b:cd:6d:
                    e7:66:2a:07:7b:b3:95:03:ab:83:f0:4d:03:59:a8:
                    b4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:83:C2:BA:76:CA:87:3F:1C:3C:82:9E:D6:08:84:DE:E2:23:EE:1F
            X509v3 Authority Key Identifier:
                keyid:5C:6B:0C:00:1A:99:AB:62:96:E2:42:17:3B:F7:E7:FD:CF:03:C0:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGsMABqZq2KW4kIXO_fn_c8DwBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/zIPCunbKhz8cPIKe1giE3uIj7h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c89677-1d9a-418d-8593-c18e3ccc742b/1/XGsMABqZq2KW4kIXO_fn_c8DwBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:44:33:05:a1:c1:a3:49:be:24:81:91:e9:79:72:60:8e:a5:
         99:56:3e:6b:f9:c6:8c:c5:b5:dc:5f:c8:8b:a1:35:dc:4c:3f:
         34:a9:c5:2f:59:e9:d6:b8:5a:75:dc:05:52:a7:c8:9b:e9:4b:
         3a:ac:e5:60:85:9c:66:bc:3d:0d:b7:be:0e:8c:31:cb:eb:3b:
         69:ad:20:eb:a3:b4:a8:2d:b4:b7:41:48:37:70:37:1d:a8:dc:
         5a:8f:36:c0:fb:6f:fc:fd:88:65:a1:c3:5c:81:15:f6:4f:f5:
         a0:3d:77:56:67:06:44:00:fa:7e:16:dd:95:af:6b:ff:1e:11:
         86:a6:1a:4d:3d:4b:06:bf:f3:6b:59:8f:7c:4c:70:1e:69:7f:
         db:c4:aa:94:c5:d1:33:9a:d2:da:64:21:8d:99:44:64:b0:30:
         d6:1c:08:fb:ab:97:b0:f8:20:89:81:78:b3:db:fb:2a:a0:89:
         2f:04:61:d9:ad:6f:7a:8f:50:ff:cc:08:b5:45:61:46:86:4b:
         5a:7b:1b:f9:c5:30:1f:90:6a:0e:6e:c8:a3:5b:12:07:82:16:
         12:77:26:e8:e3:23:58:7c:1f:10:6c:59:37:81:b6:56:9b:2e:
         11:55:4d:27:86:e5:cd:66:93:9a:a4:bb:a7:dd:ce:98:86:93:
         b0:96:cb:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgD22y7hl3tMFLWQZVT3M8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNmIwYzAwMWE5OWFiNjI5NmUyNDIxNzNiZjdlN2ZkY2Yw
M2MwMTkwHhcNMjUwNzEzMTI1NjA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzgzYzJiYTc2Y2E4NzNmMWMzYzgyOWVkNjA4ODRkZWUyMjNlZTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6cTVH5+Gl9nzQq7ic2E8gjEr7qn
amYB1uETPDDLwjA+obdSmkBdXhT6dt9wjn2lYOLQXWX6eCExawPe7nh3qkFmtBT8
x3RNNzBf1m23STEWpG+vnG16QfCpuYGelup2l1mASlQpw5X2ZYVnP8cGXcgbW7Nw
qrpek5CVZv5WSDpRtEtmo8FyJrMoICc1HU7YQq1SjiK2uVcgdduRyibS+3Xerj6w
ZXqwYCPDrr3YKSrWE2Ak5ArJuD0Ys7ibWNzYKJunXIAzfIItWsNjEIGp17gZ4KVD
Rk4ASQlpnL0u6tAZtLhHomHBxoKMisybzW3nZioHe7OVA6uD8E0DWai0KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyDwrp2yoc/HDyCntYIhN7iI+4fMB8GA1UdIwQY
MBaAFFxrDAAamatiluJCFzv35/3PA8AZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMt
YzE4ZTNjY2M3NDJiLzEveklQQ3VuYktoejhjUElLZTFnaUUzdUlqN2g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jODk2NzctMWQ5YS00MThkLTg1OTMtYzE4ZTNjY2M3NDJi
LzEvWEdzTUFCcVpxMktXNGtJWE9fZm5fYzhEd0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8qgMA0G
CSqGSIb3DQEBCwUAA4IBAQANRDMFocGjSb4kgZHpeXJgjqWZVj5r+caMxbXcX8iL
oTXcTD80qcUvWenWuFp13AVSp8ib6Us6rOVghZxmvD0Nt74OjDHL6ztprSDro7So
LbS3QUg3cDcdqNxajzbA+2/8/YhlocNcgRX2T/WgPXdWZwZEAPp+Ft2Vr2v/HhGG
phpNPUsGv/NrWY98THAeaX/bxKqUxdEzmtLaZCGNmURksDDWHAj7q5ew+CCJgXiz
2/sqoIkvBGHZrW96j1D/zAi1RWFGhktaexv5xTAfkGoObsijWxIHghYSdybo4yNY
fB8QbFk3gbZWmy4RVU0nhuXNZpOapLun3c6YhpOwlssY
-----END CERTIFICATE-----