Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/EfIYNiM608dw9De4gr0QoLFH8AU.roa
File:                     EfIYNiM608dw9De4gr0QoLFH8AU.roa (raw, json)
Hash identifier:          2TaK0wfXNwHYOVXohwQvDaJR6X0XqbjEaNjkMp4hvKo=
Subject key identifier:   11:F2:18:36:23:3A:D3:C7:70:F4:37:B8:82:BD:10:A0:B1:47:F0:05
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       0197C12AFAF54BE559047E593BE7A3B4C7D4
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/EfIYNiM608dw9De4gr0QoLFH8AU.roa
Signing time:             Mon 30 Jun 2025 14:08:28 +0000
ROA not before:           Mon 30 Jun 2025 14:08:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202984
IP address blocks:        91.203.232.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c1:2a:fa:f5:4b:e5:59:04:7e:59:3b:e7:a3:b4:c7:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Jun 30 14:08:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11f21836233ad3c770f437b882bd10a0b147f005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a7:22:04:9f:a6:35:62:2f:6d:ca:38:a2:09:
                    25:cb:78:eb:9c:eb:c7:b6:db:98:cd:1e:72:c9:6e:
                    a9:7a:00:37:aa:d5:53:b1:42:d6:c2:ec:3c:48:8d:
                    52:e6:27:9f:6d:22:99:07:4b:40:88:63:f6:b5:7e:
                    b1:dd:e1:84:0f:52:c0:5e:41:cf:de:c9:38:ba:31:
                    c7:8e:f8:48:fc:4b:1d:e9:55:80:dc:cc:ba:9a:5f:
                    34:f4:cf:2a:e4:b4:5e:f1:c7:ff:6b:ef:b4:c3:fe:
                    1b:ee:cb:f4:9c:1a:d9:7c:c3:52:fc:f7:45:85:3f:
                    76:dc:97:dd:60:49:06:12:e4:99:f2:1e:3a:c7:7e:
                    4c:45:8a:1b:ae:c3:f8:33:9a:bf:25:e5:70:78:23:
                    6c:00:9f:2b:c5:48:ad:98:0f:bf:38:5c:38:a4:c6:
                    cc:ac:01:55:eb:76:18:28:b2:c6:cc:fd:16:4a:bd:
                    ae:e9:34:00:bd:c6:f2:0c:8b:6a:58:8b:33:46:35:
                    57:09:94:45:a8:37:f7:8e:eb:22:cd:2a:dd:83:b0:
                    13:1e:31:67:51:32:06:fd:3e:08:63:84:b5:75:18:
                    a3:34:1b:7d:a1:cb:91:b0:c0:1b:00:92:04:01:4b:
                    35:f2:e5:c4:ec:b0:c0:05:cf:ce:ef:aa:62:d1:33:
                    74:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F2:18:36:23:3A:D3:C7:70:F4:37:B8:82:BD:10:A0:B1:47:F0:05
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/EfIYNiM608dw9De4gr0QoLFH8AU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.203.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:54:ce:c6:f6:16:58:17:e1:71:3e:25:e3:c3:71:70:03:36:
         3a:84:20:c4:85:74:f5:f6:e1:4d:5c:8c:c7:c2:23:19:e1:ce:
         8a:64:3f:1b:84:22:c2:06:39:62:e8:05:54:36:37:1a:b0:d9:
         ab:b1:52:cb:06:8a:68:8e:26:c1:ea:74:1d:cd:3a:ca:56:da:
         1d:83:ab:1c:45:12:d7:d4:a3:d6:ce:91:d4:fe:30:06:04:48:
         54:c0:9b:ca:ad:fa:e2:9a:56:1a:cb:d6:2a:90:b3:48:24:ea:
         7f:17:fe:bf:d8:d6:bc:cf:23:da:99:7b:bf:23:94:99:63:03:
         c6:54:7b:5f:bc:68:ce:43:c1:8e:e5:fe:7e:c2:b2:91:4f:cd:
         a0:a3:55:84:35:81:8b:94:b0:ac:7e:92:0e:a5:56:b5:32:f4:
         28:b3:00:e3:dd:4f:b4:6c:f9:9a:57:51:86:18:ec:db:82:cb:
         1c:e6:35:b2:1f:a2:6e:9e:6d:a2:cb:a2:51:45:85:25:48:b4:
         01:8f:e8:25:02:86:da:8b:32:ef:f6:8d:fb:ce:15:78:d5:ca:
         ca:01:00:2d:e8:ab:6d:e3:15:17:1b:95:53:4f:c6:75:8a:91:
         20:b1:06:6a:ae:7e:0d:d0:e8:0f:0a:52:43:0d:01:69:97:e9:
         be:e8:6d:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfBKvr1S+VZBH5ZO+ejtMfUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjUwNjMwMTQwODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWYyMTgzNjIzM2FkM2M3NzBmNDM3Yjg4MmJkMTBhMGIxNDdmMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6ciBJ+mNWIvbco4ogkly3jrnOvH
ttuYzR5yyW6pegA3qtVTsULWwuw8SI1S5iefbSKZB0tAiGP2tX6x3eGED1LAXkHP
3sk4ujHHjvhI/Esd6VWA3My6ml809M8q5LRe8cf/a++0w/4b7sv0nBrZfMNS/PdF
hT923JfdYEkGEuSZ8h46x35MRYobrsP4M5q/JeVweCNsAJ8rxUitmA+/OFw4pMbM
rAFV63YYKLLGzP0WSr2u6TQAvcbyDItqWIszRjVXCZRFqDf3jusizSrdg7ATHjFn
UTIG/T4IY4S1dRijNBt9ocuRsMAbAJIEAUs18uXE7LDABc/O76pi0TN0EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHyGDYjOtPHcPQ3uIK9EKCxR/AFMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvRWZJWU5pTTYwOGR3OURlNGdyMFFvTEZIOEFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8voMA0G
CSqGSIb3DQEBCwUAA4IBAQB7VM7G9hZYF+FxPiXjw3FwAzY6hCDEhXT19uFNXIzH
wiMZ4c6KZD8bhCLCBjli6AVUNjcasNmrsVLLBopojibB6nQdzTrKVtodg6scRRLX
1KPWzpHU/jAGBEhUwJvKrfrimlYay9YqkLNIJOp/F/6/2Na8zyPamXu/I5SZYwPG
VHtfvGjOQ8GO5f5+wrKRT82go1WENYGLlLCsfpIOpVa1MvQoswDj3U+0bPmaV1GG
GOzbgssc5jWyH6Junm2iy6JRRYUlSLQBj+glAobaizLv9o37zhV41crKAQAt6Ktt
4xUXG5VTT8Z1ipEgsQZqrn4N0OgPClJDDQFpl+m+6G0W
-----END CERTIFICATE-----