Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/POA-RLnRKYqy-Ho5BMnCtkwI53Y.roa
File:                     POA-RLnRKYqy-Ho5BMnCtkwI53Y.roa (raw, json)
Hash identifier:          Y5C1KTy8BZMh+lAoiAERbQcEAaIKNOwrhPNL4Br8AOc=
Subject key identifier:   3C:E0:3E:44:B9:D1:29:8A:B2:F8:7A:39:04:C9:C2:B6:4C:08:E7:76
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0197C14FD10D659F5B0751859EE6BAEF53D6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/POA-RLnRKYqy-Ho5BMnCtkwI53Y.roa
Signing time:             Mon 30 Jun 2025 14:48:42 +0000
ROA not before:           Mon 30 Jun 2025 14:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        91.92.244.0/22 maxlen: 24
                          91.92.248.0/22 maxlen: 24
                          94.156.64.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 15:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c1:4f:d1:0d:65:9f:5b:07:51:85:9e:e6:ba:ef:53:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jun 30 14:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ce03e44b9d1298ab2f87a3904c9c2b64c08e776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:a5:15:91:38:3a:04:61:85:d9:11:e9:bc:ec:
                    f0:32:ec:1e:8d:0f:ad:16:07:91:2f:ac:8b:24:88:
                    b0:26:9c:82:2c:8a:fa:e3:8a:8b:7b:aa:73:2e:87:
                    4d:18:b9:af:ad:a7:38:6f:c9:50:3b:dd:24:25:cc:
                    7d:d2:ba:af:63:93:df:06:5c:77:2e:7c:14:f3:bd:
                    bf:80:50:05:40:50:45:5c:20:bf:0f:4b:51:b4:4a:
                    d7:3a:e6:66:ae:dc:14:af:13:ab:e1:eb:98:56:d2:
                    a3:03:cd:ed:a3:ef:8d:ce:b0:d9:80:b3:c4:ac:7a:
                    51:39:97:88:ab:70:60:c2:93:d3:48:a7:33:97:c4:
                    70:a6:98:f9:ec:bd:73:f0:71:56:49:17:ee:68:8d:
                    24:10:c9:c9:8c:40:66:f9:1b:ec:ab:bf:39:85:43:
                    24:19:32:0c:54:c8:c8:0a:f5:53:e5:8c:5e:fa:0f:
                    8c:70:e2:38:a7:b2:b9:37:97:50:ab:55:9f:f2:e4:
                    a6:41:ab:27:66:5e:5c:46:93:d7:59:51:42:f7:a5:
                    1e:e0:0b:2e:67:cd:5d:65:f6:6a:53:61:ee:4e:f5:
                    be:92:a0:c0:f0:16:28:65:20:5f:74:50:d3:44:fc:
                    e1:c9:f6:f6:37:33:5f:1b:66:a6:fc:2c:ac:0f:d4:
                    7d:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:E0:3E:44:B9:D1:29:8A:B2:F8:7A:39:04:C9:C2:B6:4C:08:E7:76
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/POA-RLnRKYqy-Ho5BMnCtkwI53Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.92.244.0-91.92.251.255
                  94.156.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:8b:44:5f:22:65:d5:5f:6b:80:9f:5e:9d:6d:7c:02:cb:cb:
         e7:70:3a:8e:64:dd:b7:5a:21:20:42:ca:e8:4b:c9:21:12:33:
         3e:78:86:16:9a:f5:30:3b:06:8d:f1:ad:e8:8b:a9:e1:48:2f:
         c2:cc:96:70:2d:91:68:b7:d7:86:84:f0:bc:26:d1:4e:15:86:
         19:08:1f:9a:6d:6f:a5:b0:c3:9c:f0:cf:bf:28:06:6a:56:c3:
         86:f5:6f:f0:5e:fb:7f:ce:fb:79:fd:63:95:13:e0:b6:8a:16:
         47:0d:f5:00:fe:ad:08:71:2c:67:e6:b5:90:e4:1a:1b:db:c3:
         09:40:26:11:aa:6d:f6:43:69:e2:cb:68:24:59:e9:77:82:b6:
         af:fd:c1:4b:a9:65:04:a8:e9:a7:40:15:ff:ba:43:ea:45:50:
         48:25:9d:8f:30:be:2e:e5:94:de:c9:19:85:ae:48:af:75:e4:
         2d:31:b0:ca:76:5b:b8:df:2b:72:f2:77:04:e1:93:43:21:17:
         19:32:bf:df:f4:f5:8a:16:52:30:ef:63:2b:e6:ee:00:9a:07:
         ea:fe:c3:27:0b:87:2d:b8:10:c6:4b:c7:e3:fa:3e:76:99:63:
         b8:8e:c5:ad:7a:6e:12:ed:f0:ac:40:cb:d0:81:70:5a:ef:1d:
         61:f9:9f:45
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZfBT9ENZZ9bB1GFnua671PWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNjMwMTQ0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2UwM2U0NGI5ZDEyOThhYjJmODdhMzkwNGM5YzJiNjRjMDhlNzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvqUVkTg6BGGF2RHpvOzwMuwejQ+t
FgeRL6yLJIiwJpyCLIr644qLe6pzLodNGLmvrac4b8lQO90kJcx90rqvY5PfBlx3
LnwU872/gFAFQFBFXCC/D0tRtErXOuZmrtwUrxOr4euYVtKjA83to++NzrDZgLPE
rHpROZeIq3BgwpPTSKczl8Rwppj57L1z8HFWSRfuaI0kEMnJjEBm+Rvsq785hUMk
GTIMVMjICvVT5Yxe+g+McOI4p7K5N5dQq1Wf8uSmQasnZl5cRpPXWVFC96Ue4Asu
Z81dZfZqU2HuTvW+kqDA8BYoZSBfdFDTRPzhyfb2NzNfG2am/CysD9R9XwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDzgPkS50SmKsvh6OQTJwrZMCOd2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUE9BLVJMblJLWXF5LUhvNUJNbkN0a3dJNTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAJbXPQD
BAJbXPgDBAJenEAwDQYJKoZIhvcNAQELBQADggEBAGSLRF8iZdVfa4CfXp1tfALL
y+dwOo5k3bdaISBCyuhLySESMz54hhaa9TA7Bo3xreiLqeFIL8LMlnAtkWi314aE
8Lwm0U4VhhkIH5ptb6Www5zwz78oBmpWw4b1b/Be+3/O+3n9Y5UT4LaKFkcN9QD+
rQhxLGfmtZDkGhvbwwlAJhGqbfZDaeLLaCRZ6XeCtq/9wUupZQSo6adAFf+6Q+pF
UEglnY8wvi7llN7JGYWuSK915C0xsMp2W7jfK3LydwThk0MhFxkyv9/09YoWUjDv
Yyvm7gCaB+r+wycLhy24EMZLx+P6PnaZY7iOxa16bhLt8KxAy9CBcFrvHWH5n0U=
-----END CERTIFICATE-----