Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/1on02s47SmwkekNYRvvqPMKKs1s.roa
File:                     1on02s47SmwkekNYRvvqPMKKs1s.roa (raw, json)
Hash identifier:          PVU8TQ1XVWLL41acJ/qMMaJx5HekZ2LfJTCmhfZN/cY=
Subject key identifier:   D6:89:F4:DA:CE:3B:4A:6C:24:7A:43:58:46:FB:EA:3C:C2:8A:B3:5B
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0197C12AFB8890EDAEFFE0E629168605BC9A
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/1on02s47SmwkekNYRvvqPMKKs1s.roa
Signing time:             Mon 30 Jun 2025 14:08:28 +0000
ROA not before:           Mon 30 Jun 2025 14:08:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208427
IP address blocks:        91.203.232.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c1:2a:fb:88:90:ed:ae:ff:e0:e6:29:16:86:05:bc:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jun 30 14:08:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d689f4dace3b4a6c247a435846fbea3cc28ab35b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:83:16:17:66:d1:d7:50:1e:ad:11:3e:5c:af:
                    fd:22:74:06:d8:4d:d0:1f:56:da:f2:e1:6b:ce:94:
                    32:8a:dd:34:a2:4a:39:33:32:60:36:2a:5c:eb:75:
                    92:84:90:2d:f5:13:7d:8e:a4:ff:be:e6:08:29:e3:
                    dd:a8:fe:fc:29:5c:34:18:07:84:ec:57:a5:bc:8e:
                    47:6e:72:41:a2:47:17:0e:e0:29:bd:f3:f8:31:72:
                    57:ee:84:8c:3d:bc:b4:50:78:65:1e:11:fe:45:49:
                    0e:0b:15:53:b1:45:2f:1b:da:7c:63:99:80:06:74:
                    76:f5:d6:f3:79:ae:d6:c7:d7:b6:e3:52:15:2e:c8:
                    c2:41:4f:1b:d6:3d:fd:c4:92:49:73:ef:d9:0b:3d:
                    7b:d2:15:d4:66:d7:1c:85:59:91:af:08:6c:99:af:
                    e4:55:18:89:cd:24:7c:fd:0a:57:24:64:a2:4b:b0:
                    7e:cd:b5:86:3d:6e:44:1b:62:8b:30:fb:6a:d7:e5:
                    c6:dc:a5:45:f1:6a:54:49:fe:0e:17:97:a6:df:3b:
                    c0:9d:eb:d2:75:7c:ee:10:bd:d8:2c:85:fc:fd:8b:
                    9f:09:6d:aa:7e:60:e8:e4:87:01:f4:45:0a:1e:ce:
                    e5:25:e2:5c:ad:d2:d0:0c:08:24:d6:eb:ee:95:18:
                    db:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:89:F4:DA:CE:3B:4A:6C:24:7A:43:58:46:FB:EA:3C:C2:8A:B3:5B
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/1on02s47SmwkekNYRvvqPMKKs1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:bd:0d:7a:0f:a5:ad:4b:77:0f:51:a6:34:b6:a7:ce:2e:9b:
         4d:ba:3b:ab:58:07:d9:f1:e7:bc:29:04:5a:91:a1:49:de:7d:
         1c:6c:7c:cf:e9:1d:41:4c:14:60:ca:6d:fd:e0:19:bf:87:f3:
         fb:46:05:18:f5:81:0a:70:82:80:eb:ec:25:57:ce:8d:6e:f7:
         fb:d2:71:58:33:d0:83:1d:09:25:cd:42:61:7d:55:76:e3:fb:
         cf:2a:2d:9c:8b:a8:f8:5e:d6:c2:8c:e9:1e:5c:fa:3b:2a:86:
         72:7c:af:65:1d:ba:cc:ff:e5:f8:2d:71:22:92:24:95:ee:d2:
         d1:db:26:76:97:df:bc:ba:9c:54:fc:2a:6d:34:4b:e9:15:e2:
         d1:ea:c6:74:aa:05:e0:b1:ff:bd:09:23:97:52:a1:61:51:48:
         6a:21:f9:6a:e6:d0:34:22:4b:93:03:53:f7:fa:31:57:09:41:
         b3:40:75:20:32:d7:08:27:61:5f:87:fa:56:d1:fc:a5:5b:d8:
         59:7f:59:98:cf:57:83:25:3e:d5:d1:0f:86:50:56:70:1f:5b:
         5e:23:5f:a5:0c:c1:4a:1f:be:ed:36:ec:32:dd:c2:4f:01:b9:
         fb:e2:84:15:31:5e:5c:c8:1f:f7:55:43:59:bb:66:00:0c:8f:
         0b:54:47:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfBKvuIkO2u/+DmKRaGBbyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwNjMwMTQwODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjg5ZjRkYWNlM2I0YTZjMjQ3YTQzNTg0NmZiZWEzY2MyOGFiMzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0IMWF2bR11AerRE+XK/9InQG2E3Q
H1ba8uFrzpQyit00oko5MzJgNipc63WShJAt9RN9jqT/vuYIKePdqP78KVw0GAeE
7FelvI5HbnJBokcXDuApvfP4MXJX7oSMPby0UHhlHhH+RUkOCxVTsUUvG9p8Y5mA
BnR29dbzea7Wx9e241IVLsjCQU8b1j39xJJJc+/ZCz170hXUZtcchVmRrwhsma/k
VRiJzSR8/QpXJGSiS7B+zbWGPW5EG2KLMPtq1+XG3KVF8WpUSf4OF5em3zvAnevS
dXzuEL3YLIX8/YufCW2qfmDo5IcB9EUKHs7lJeJcrdLQDAgk1uvulRjbbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNaJ9NrOO0psJHpDWEb76jzCirNbMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvMW9uMDJzNDdTbXdrZWtOWVJ2dnFQTUtLczFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8voMA0G
CSqGSIb3DQEBCwUAA4IBAQA5vQ16D6WtS3cPUaY0tqfOLptNujurWAfZ8ee8KQRa
kaFJ3n0cbHzP6R1BTBRgym394Bm/h/P7RgUY9YEKcIKA6+wlV86Nbvf70nFYM9CD
HQklzUJhfVV24/vPKi2ci6j4XtbCjOkeXPo7KoZyfK9lHbrM/+X4LXEikiSV7tLR
2yZ2l9+8upxU/CptNEvpFeLR6sZ0qgXgsf+9CSOXUqFhUUhqIflq5tA0IkuTA1P3
+jFXCUGzQHUgMtcIJ2Ffh/pW0fylW9hZf1mYz1eDJT7V0Q+GUFZwH1teI1+lDMFK
H77tNuwy3cJPAbn74oQVMV5cyB/3VUNZu2YADI8LVEeT
-----END CERTIFICATE-----