Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/nr73ane_xV3J7Nua8uBeH1o1PE4.roa
File:                     nr73ane_xV3J7Nua8uBeH1o1PE4.roa (raw, json)
Hash identifier:          QwTlytH6HNtlpMALz2I/ThBKh6a4HRmeQm2uNwc83Hs=
Subject key identifier:   9E:BE:F7:6A:77:BF:C5:5D:C9:EC:DB:9A:F2:E0:5E:1F:5A:35:3C:4E
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       0197C2EAE20E2D850471AB8B27CA8CA86B2A
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/nr73ane_xV3J7Nua8uBeH1o1PE4.roa
Signing time:             Mon 30 Jun 2025 22:17:42 +0000
ROA not before:           Mon 30 Jun 2025 22:17:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        91.205.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c2:ea:e2:0e:2d:85:04:71:ab:8b:27:ca:8c:a8:6b:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Jun 30 22:17:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ebef76a77bfc55dc9ecdb9af2e05e1f5a353c4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:0e:db:3c:96:53:4e:5d:15:22:83:d9:f4:e0:
                    6c:c9:39:ba:d7:b4:5a:70:06:c7:4e:0d:fa:ee:30:
                    7f:eb:ce:3a:6f:1c:93:6f:5c:5e:0b:0d:76:af:6c:
                    83:30:21:2c:ef:d7:67:6c:91:47:26:42:24:71:39:
                    98:a8:80:86:b7:32:b1:bb:36:b5:56:ae:46:93:85:
                    b9:99:d0:a1:1f:16:71:29:1e:53:db:ac:ee:e1:ab:
                    c1:1a:6c:2d:d2:f0:f1:74:cd:eb:1b:8c:3b:79:3f:
                    50:17:29:ca:0a:39:03:47:73:ca:ed:04:83:21:d6:
                    92:47:af:45:07:9f:06:ef:83:53:83:e0:e1:d7:81:
                    f4:09:d3:29:49:56:c5:53:d0:50:a6:5e:d9:cd:e0:
                    b3:cd:c3:7c:e0:8b:1f:a7:9d:5c:82:3c:2a:6d:bf:
                    06:aa:40:c9:21:ea:14:1d:b9:59:94:4a:5e:11:d3:
                    09:70:80:ac:cd:fa:62:af:df:3d:31:84:d6:89:54:
                    ec:c9:58:7f:b8:33:ed:34:fe:3b:6a:a3:60:fc:34:
                    19:72:5c:c4:40:84:76:3a:67:d8:67:15:51:32:d2:
                    95:60:77:42:98:a3:82:12:22:95:33:43:ad:a6:36:
                    90:73:4d:ca:f3:55:85:77:71:56:d1:63:4c:fe:e3:
                    d9:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:BE:F7:6A:77:BF:C5:5D:C9:EC:DB:9A:F2:E0:5E:1F:5A:35:3C:4E
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/nr73ane_xV3J7Nua8uBeH1o1PE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:39:d0:1c:ae:78:96:a2:8f:0d:a7:a8:dc:a8:4f:d8:c1:fe:
         3d:ed:7b:6a:93:05:75:24:27:82:17:47:e1:c8:e2:19:0c:19:
         e3:e0:cc:cf:d8:c2:35:81:bb:1a:7b:e4:a9:c4:80:b4:7d:52:
         e3:25:f2:81:41:e4:af:92:07:21:d6:49:24:81:22:60:b3:1f:
         bb:b5:33:66:93:db:a1:44:9f:92:cd:61:24:8c:73:de:a6:70:
         ce:5b:a4:60:3a:8a:ec:bf:0c:2f:7a:d0:8e:06:e0:f7:d3:4c:
         26:c3:77:1c:09:96:a5:0d:1c:ee:a6:50:0d:f3:fb:8d:8d:35:
         d0:a5:9c:37:14:87:31:a4:e1:f4:37:71:2b:cf:86:2a:0d:da:
         d8:67:7f:ee:a6:56:80:89:af:3b:29:bb:c2:9d:60:63:4a:15:
         82:e6:8d:f5:24:ed:c9:a0:4d:a8:4c:6b:2d:26:b1:5d:cd:2f:
         c7:54:55:ad:b4:04:c3:2e:5f:19:d7:8e:76:09:ca:5d:e2:90:
         78:68:16:ef:22:8e:df:53:bd:0e:bb:0e:e8:c7:5d:54:ff:84:
         1e:90:10:e5:4f:ca:67:27:dd:45:7c:77:6f:bf:58:6a:07:6e:
         2c:83:82:b6:98:27:71:03:ef:c0:70:62:51:28:5b:44:fc:6b:
         e7:89:8a:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfC6uIOLYUEcauLJ8qMqGsqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUwNjMwMjIxNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWJlZjc2YTc3YmZjNTVkYzllY2RiOWFmMmUwNWUxZjVhMzUzYzRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqA7bPJZTTl0VIoPZ9OBsyTm617Ra
cAbHTg367jB/6846bxyTb1xeCw12r2yDMCEs79dnbJFHJkIkcTmYqICGtzKxuza1
Vq5Gk4W5mdChHxZxKR5T26zu4avBGmwt0vDxdM3rG4w7eT9QFynKCjkDR3PK7QSD
IdaSR69FB58G74NTg+Dh14H0CdMpSVbFU9BQpl7ZzeCzzcN84Isfp51cgjwqbb8G
qkDJIeoUHblZlEpeEdMJcICszfpir989MYTWiVTsyVh/uDPtNP47aqNg/DQZclzE
QIR2OmfYZxVRMtKVYHdCmKOCEiKVM0OtpjaQc03K81WFd3FW0WNM/uPZGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6+92p3v8VdyezbmvLgXh9aNTxOMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvbnI3M2FuZV94VjNKN051YTh1QmVIMW8xUEU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW83kMA0G
CSqGSIb3DQEBCwUAA4IBAQAqOdAcrniWoo8Np6jcqE/Ywf497XtqkwV1JCeCF0fh
yOIZDBnj4MzP2MI1gbsae+SpxIC0fVLjJfKBQeSvkgch1kkkgSJgsx+7tTNmk9uh
RJ+SzWEkjHPepnDOW6RgOorsvwwvetCOBuD300wmw3ccCZalDRzuplAN8/uNjTXQ
pZw3FIcxpOH0N3Erz4YqDdrYZ3/uplaAia87KbvCnWBjShWC5o31JO3JoE2oTGst
JrFdzS/HVFWttATDLl8Z1452Ccpd4pB4aBbvIo7fU70Ouw7ox11U/4QekBDlT8pn
J91FfHdvv1hqB24sg4K2mCdxA+/AcGJRKFtE/GvniYou
-----END CERTIFICATE-----