Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/r0fYtM8vJLJuud_1zoCTV08hICU.roa
File:                     r0fYtM8vJLJuud_1zoCTV08hICU.roa (raw, json)
Hash identifier:          N3MrpQwzFuxLwGpoLCDJQ7HCyHzM8rSnUBKZzdYMHOc=
Subject key identifier:   AF:47:D8:B4:CF:2F:24:B2:6E:B9:DF:F5:CE:80:93:57:4F:21:20:25
Certificate issuer:       /CN=0bd4ad95f17f397207a3fc0d186f2913df38eb93
Certificate serial:       0197DF426F31EF32EE17D2791767302CF493
Authority key identifier: 0B:D4:AD:95:F1:7F:39:72:07:A3:FC:0D:18:6F:29:13:DF:38:EB:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C9StlfF_OXIHo_wNGG8pE98465M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/r0fYtM8vJLJuud_1zoCTV08hICU.roa
Signing time:             Sun 06 Jul 2025 10:22:42 +0000
ROA not before:           Sun 06 Jul 2025 10:22:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48440
IP address blocks:        91.210.188.0/24 maxlen: 24
                          91.210.189.0/24 maxlen: 24
                          91.210.190.0/24 maxlen: 24
                          91.210.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/C9StlfF_OXIHo_wNGG8pE98465M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/C9StlfF_OXIHo_wNGG8pE98465M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C9StlfF_OXIHo_wNGG8pE98465M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 19:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:df:42:6f:31:ef:32:ee:17:d2:79:17:67:30:2c:f4:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bd4ad95f17f397207a3fc0d186f2913df38eb93
        Validity
            Not Before: Jul  6 10:22:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af47d8b4cf2f24b26eb9dff5ce8093574f212025
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:38:ad:e8:2b:b1:51:c5:54:54:ef:1d:a7:98:
                    eb:5a:e4:04:1c:4f:86:8a:d9:b3:dd:48:23:b6:0e:
                    c4:62:12:bc:23:c1:11:1d:7a:c7:4e:70:e3:97:62:
                    a9:8f:05:fc:c2:56:13:3f:c4:9a:b8:29:fd:d4:e3:
                    d8:6c:9d:cd:c8:b5:48:53:ac:f7:99:aa:31:19:03:
                    bb:d2:67:94:47:24:f2:06:ba:5a:f3:bb:60:67:84:
                    67:3f:a4:a4:53:4c:0e:71:12:22:aa:bd:af:35:60:
                    14:c9:25:bd:e8:04:ea:c3:df:77:a5:97:d2:31:d8:
                    3f:a3:32:16:de:e8:65:be:13:ea:ef:be:cf:bb:05:
                    29:33:a9:ce:fc:f7:84:9c:4c:76:39:66:f9:e9:f6:
                    87:01:e8:6f:73:41:42:68:1c:24:0f:3f:77:f0:64:
                    25:2d:7f:06:94:df:ab:9b:b7:de:e0:3a:0a:ec:63:
                    16:f1:63:1b:f8:2d:c2:7e:30:ec:cf:69:62:bf:dc:
                    af:71:ed:65:dc:45:75:ce:98:79:d5:c9:f4:9c:ff:
                    58:55:c9:00:e6:44:6b:14:0a:04:5e:10:5b:45:66:
                    7a:a8:44:9a:c1:db:24:1b:8c:5b:68:e3:32:35:da:
                    c3:86:80:f5:c4:52:79:46:20:79:6e:28:48:47:5f:
                    ba:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:47:D8:B4:CF:2F:24:B2:6E:B9:DF:F5:CE:80:93:57:4F:21:20:25
            X509v3 Authority Key Identifier:
                keyid:0B:D4:AD:95:F1:7F:39:72:07:A3:FC:0D:18:6F:29:13:DF:38:EB:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C9StlfF_OXIHo_wNGG8pE98465M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/r0fYtM8vJLJuud_1zoCTV08hICU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/76d082-ac32-4738-99e6-b2f6086368c7/1/C9StlfF_OXIHo_wNGG8pE98465M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:90:83:4b:91:fc:1b:a4:bb:a7:aa:11:a5:05:65:ea:a9:4d:
         0e:19:d4:77:85:de:94:47:e9:f5:90:56:1a:bb:0a:86:6e:56:
         c8:56:38:05:ab:28:5e:80:a8:84:6d:b4:92:8a:f9:48:96:c6:
         03:a6:3f:fb:47:e1:62:e3:9c:08:56:4c:93:fa:40:7d:7a:a7:
         6b:51:9e:b0:2b:ed:44:52:ac:66:fe:66:23:f9:c6:1f:66:d2:
         56:1d:73:01:48:b5:d5:77:34:82:5d:04:e6:08:b1:88:12:05:
         74:f6:07:95:3a:2f:f4:c6:48:e8:52:bd:f7:5b:12:c0:43:d7:
         bb:1e:6b:85:66:ae:bb:15:37:80:ef:9a:4c:ac:8f:5e:11:23:
         63:f2:29:7b:98:6a:37:32:67:3b:6e:aa:85:1b:c6:c0:98:94:
         7c:f6:ea:a5:2e:1c:15:ec:51:54:0c:72:4b:42:8a:b4:ba:48:
         ef:b0:bf:ff:13:db:18:16:06:3a:cb:a4:0d:c0:9b:83:b2:aa:
         99:3a:62:a7:03:09:a4:37:d2:04:10:b4:8e:e7:48:72:b3:7b:
         c6:3a:79:1f:44:1f:6a:b1:62:4a:ef:74:7f:a5:e4:fa:4c:d8:
         e1:45:a1:4c:05:02:06:37:46:e4:b8:33:6a:5c:75:ec:08:22:
         6f:14:d7:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZffQm8x7zLuF9J5F2cwLPSTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZDRhZDk1ZjE3ZjM5NzIwN2EzZmMwZDE4NmYyOTEzZGYz
OGViOTMwHhcNMjUwNzA2MTAyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQ3ZDhiNGNmMmYyNGIyNmViOWRmZjVjZTgwOTM1NzRmMjEyMDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjit6CuxUcVUVO8dp5jrWuQEHE+G
itmz3Ugjtg7EYhK8I8ERHXrHTnDjl2KpjwX8wlYTP8SauCn91OPYbJ3NyLVIU6z3
maoxGQO70meURyTyBrpa87tgZ4RnP6SkU0wOcRIiqr2vNWAUySW96ATqw993pZfS
Mdg/ozIW3uhlvhPq777PuwUpM6nO/PeEnEx2OWb56faHAehvc0FCaBwkDz938GQl
LX8GlN+rm7fe4DoK7GMW8WMb+C3CfjDsz2liv9yvce1l3EV1zph51cn0nP9YVckA
5kRrFAoEXhBbRWZ6qESawdskG4xbaOMyNdrDhoD1xFJ5RiB5bihIR1+6EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9H2LTPLySybrnf9c6Ak1dPISAlMB8GA1UdIwQY
MBaAFAvUrZXxfzlyB6P8DRhvKRPfOOuTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzlTdGxmRl9PWElIb193TkdHOHBFOTg0NjVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83NmQwODItYWMzMi00NzM4LTk5ZTYt
YjJmNjA4NjM2OGM3LzEvcjBmWXRNOHZKTEp1dWRfMXpvQ1RWMDhoSUNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83NmQwODItYWMzMi00NzM4LTk5ZTYtYjJmNjA4NjM2OGM3
LzEvQzlTdGxmRl9PWElIb193TkdHOHBFOTg0NjVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9K8MA0G
CSqGSIb3DQEBCwUAA4IBAQAPkINLkfwbpLunqhGlBWXqqU0OGdR3hd6UR+n1kFYa
uwqGblbIVjgFqyhegKiEbbSSivlIlsYDpj/7R+Fi45wIVkyT+kB9eqdrUZ6wK+1E
Uqxm/mYj+cYfZtJWHXMBSLXVdzSCXQTmCLGIEgV09geVOi/0xkjoUr33WxLAQ9e7
HmuFZq67FTeA75pMrI9eESNj8il7mGo3Mmc7bqqFG8bAmJR89uqlLhwV7FFUDHJL
Qoq0ukjvsL//E9sYFgY6y6QNwJuDsqqZOmKnAwmkN9IEELSO50hys3vGOnkfRB9q
sWJK73R/peT6TNjhRaFMBQIGN0bkuDNqXHXsCCJvFNfv
-----END CERTIFICATE-----