Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/ISfPRM-SEBMwIZmnHT5jIS_-gBU.roa
File:                     ISfPRM-SEBMwIZmnHT5jIS_-gBU.roa (raw, json)
Hash identifier:          pS/+rKjXtCUTD0CGwmyiuK46+VtmU6rEgbnmTRXJgas=
Subject key identifier:   21:27:CF:44:CF:92:10:13:30:21:99:A7:1D:3E:63:21:2F:FE:80:15
Certificate issuer:       /CN=b5cafe1e3aea2f6d911ed107a08aafee979a4f51
Certificate serial:       0198DFEE2A82DBD5BDB000394BB13D3A33CA
Authority key identifier: B5:CA:FE:1E:3A:EA:2F:6D:91:1E:D1:07:A0:8A:AF:EE:97:9A:4F:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/ISfPRM-SEBMwIZmnHT5jIS_-gBU.roa
Signing time:             Mon 25 Aug 2025 06:33:04 +0000
ROA not before:           Mon 25 Aug 2025 06:33:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48339
IP address blocks:        91.207.134.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Sep 2025 18:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:df:ee:2a:82:db:d5:bd:b0:00:39:4b:b1:3d:3a:33:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5cafe1e3aea2f6d911ed107a08aafee979a4f51
        Validity
            Not Before: Aug 25 06:33:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2127cf44cf921013302199a71d3e63212ffe8015
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e5:6f:20:53:87:31:44:a6:60:c4:10:a9:60:
                    36:b1:a1:db:ff:9c:f6:48:11:47:e4:f3:5f:85:72:
                    d3:5f:6e:21:ed:03:22:4f:12:3a:27:3b:6f:e8:46:
                    16:ac:3f:f0:8a:6b:9b:da:18:f0:8a:de:1f:ac:0e:
                    f0:75:c2:82:e2:e1:4c:c2:b8:b8:c3:84:85:bc:ed:
                    ac:78:15:70:3c:e5:d0:58:b6:3f:56:d9:55:cd:98:
                    84:b9:1d:d2:f9:17:a8:20:16:63:58:52:50:8c:67:
                    37:74:68:3e:d5:00:00:2d:da:26:3a:99:2f:e4:fb:
                    26:71:4e:ef:a2:ae:45:0a:86:fd:0c:87:9a:d1:e3:
                    b7:a4:36:6c:40:7e:23:01:2e:61:eb:7c:6b:cf:00:
                    15:67:b7:09:11:cd:df:6a:35:f1:bf:bc:6c:33:69:
                    9a:d7:fd:c2:f9:ae:77:1f:25:f0:2f:57:e5:c8:2d:
                    5b:e9:47:06:35:8b:68:6b:74:d3:8e:ab:31:e8:47:
                    ad:4e:fe:96:3a:f9:81:a2:c6:f6:ca:38:25:a2:9b:
                    87:47:db:dd:d2:8c:41:70:82:5f:cd:c5:60:ef:02:
                    d1:96:82:81:b4:5d:6f:47:75:ef:b5:55:8d:34:4a:
                    43:52:02:9d:59:0d:10:bf:20:dd:14:06:56:b6:a4:
                    43:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:27:CF:44:CF:92:10:13:30:21:99:A7:1D:3E:63:21:2F:FE:80:15
            X509v3 Authority Key Identifier:
                keyid:B5:CA:FE:1E:3A:EA:2F:6D:91:1E:D1:07:A0:8A:AF:EE:97:9A:4F:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tcr-HjrqL22RHtEHoIqv7peaT1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/ISfPRM-SEBMwIZmnHT5jIS_-gBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/77f99c-35cb-47a6-bac3-caba81c9a152/1/tcr-HjrqL22RHtEHoIqv7peaT1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         aa:35:e3:97:08:62:27:4c:9b:18:2e:90:d2:23:24:02:ec:4b:
         09:df:37:8c:1d:84:d8:24:98:68:e4:cd:80:d0:14:7b:b2:95:
         0b:5d:7c:0b:41:d2:44:29:29:d7:b6:0b:ed:36:fb:82:89:c0:
         3e:46:32:3b:e9:71:1e:c2:44:15:49:a5:ea:91:bd:17:6b:da:
         b6:3a:09:99:67:2d:ed:c4:f5:7d:8a:6b:24:d2:dc:4c:8a:23:
         0f:63:1b:fc:7a:0a:9e:4e:31:0f:79:aa:74:f3:df:15:e6:4a:
         b5:28:71:7f:7e:e6:79:a7:6a:7e:4c:0f:75:83:93:9f:70:7b:
         d1:4e:a3:d1:fb:a7:30:7a:09:f0:85:6f:39:e3:18:df:2d:44:
         35:35:ec:c8:ce:3c:f6:71:94:67:f0:92:07:aa:9d:6b:76:80:
         c3:1d:22:08:b8:6e:51:38:65:34:df:ce:cf:f1:d6:64:fc:3d:
         df:1c:b7:db:dd:9f:b3:7b:a4:10:00:56:b1:dd:e3:69:37:ac:
         e2:66:df:fe:68:91:25:d0:d8:31:72:56:e2:57:5f:ca:03:a7:
         d7:2f:9f:27:6a:b0:3d:d6:82:60:92:8d:56:32:de:3d:18:5a:
         0b:81:44:44:5e:af:b3:ae:d3:8d:7c:f1:fa:08:cc:1d:19:dc:
         b5:53:e1:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjf7iqC29W9sAA5S7E9OjPKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1Y2FmZTFlM2FlYTJmNmQ5MTFlZDEwN2EwOGFhZmVlOTc5
YTRmNTEwHhcNMjUwODI1MDYzMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTI3Y2Y0NGNmOTIxMDEzMzAyMTk5YTcxZDNlNjMyMTJmZmU4MDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOVvIFOHMUSmYMQQqWA2saHb/5z2
SBFH5PNfhXLTX24h7QMiTxI6Jztv6EYWrD/wimub2hjwit4frA7wdcKC4uFMwri4
w4SFvO2seBVwPOXQWLY/VtlVzZiEuR3S+ReoIBZjWFJQjGc3dGg+1QAALdomOpkv
5PsmcU7voq5FCob9DIea0eO3pDZsQH4jAS5h63xrzwAVZ7cJEc3fajXxv7xsM2ma
1/3C+a53HyXwL1flyC1b6UcGNYtoa3TTjqsx6EetTv6WOvmBosb2yjglopuHR9vd
0oxBcIJfzcVg7wLRloKBtF1vR3XvtVWNNEpDUgKdWQ0QvyDdFAZWtqRDTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEnz0TPkhATMCGZpx0+YyEv/oAVMB8GA1UdIwQY
MBaAFLXK/h466i9tkR7RB6CKr+6Xmk9RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGNyLUhqcnFMMjJSSHRFSG9JcXY3cGVhVDFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi83N2Y5OWMtMzVjYi00N2E2LWJhYzMt
Y2FiYTgxYzlhMTUyLzEvSVNmUFJNLVNFQk13SVptbkhUNWpJU18tZ0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi83N2Y5OWMtMzVjYi00N2E2LWJhYzMtY2FiYTgxYzlhMTUy
LzEvdGNyLUhqcnFMMjJSSHRFSG9JcXY3cGVhVDFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8+GMA0G
CSqGSIb3DQEBCwUAA4IBAQCqNeOXCGInTJsYLpDSIyQC7EsJ3zeMHYTYJJho5M2A
0BR7spULXXwLQdJEKSnXtgvtNvuCicA+RjI76XEewkQVSaXqkb0Xa9q2OgmZZy3t
xPV9imsk0txMiiMPYxv8egqeTjEPeap0898V5kq1KHF/fuZ5p2p+TA91g5OfcHvR
TqPR+6cwegnwhW854xjfLUQ1NezIzjz2cZRn8JIHqp1rdoDDHSIIuG5ROGU0387P
8dZk/D3fHLfb3Z+ze6QQAFax3eNpN6ziZt/+aJEl0NgxclbiV1/KA6fXL58narA9
1oJgko1WMt49GFoLgUREXq+zrtONfPH6CMwdGdy1U+H4
-----END CERTIFICATE-----