Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/kORzGbUwfQz_reUfKxE-VKML1Ko.roa
File:                     kORzGbUwfQz_reUfKxE-VKML1Ko.roa (raw, json)
Hash identifier:          LJNSK27C7NQtNI1BCy3DsB/OzJxofkAzOY3Bw0ai+Lk=
Subject key identifier:   90:E4:73:19:B5:30:7D:0C:FF:AD:E5:1F:2B:11:3E:54:A3:0B:D4:AA
Certificate issuer:       /CN=a6ac6d069d8fb732f4fe92b4e13cd7dc4d393a42
Certificate serial:       01971107D2FFF7A2343ADC7F65F5B7038113
Authority key identifier: A6:AC:6D:06:9D:8F:B7:32:F4:FE:92:B4:E1:3C:D7:DC:4D:39:3A:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pqxtBp2PtzL0_pK04TzX3E05OkI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/kORzGbUwfQz_reUfKxE-VKML1Ko.roa
Signing time:             Tue 27 May 2025 09:16:54 +0000
ROA not before:           Tue 27 May 2025 09:16:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48944
IP address blocks:        91.239.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/pqxtBp2PtzL0_pK04TzX3E05OkI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/pqxtBp2PtzL0_pK04TzX3E05OkI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pqxtBp2PtzL0_pK04TzX3E05OkI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:07:d2:ff:f7:a2:34:3a:dc:7f:65:f5:b7:03:81:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6ac6d069d8fb732f4fe92b4e13cd7dc4d393a42
        Validity
            Not Before: May 27 09:16:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90e47319b5307d0cffade51f2b113e54a30bd4aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:56:15:dc:2d:a8:1a:97:3a:5d:5d:21:c8:f3:
                    04:5a:0c:06:7d:43:b9:e1:40:68:18:da:b4:f5:31:
                    c4:f2:71:3b:a5:bc:b5:7f:d5:de:80:31:d8:99:ec:
                    74:b2:d8:c3:80:cc:13:f3:c3:cb:1c:86:7e:f3:6d:
                    4a:cf:6a:00:2c:b5:31:42:0d:48:4d:40:fe:33:bb:
                    4b:ff:87:9a:ee:9b:8d:f3:e6:c4:d1:ec:26:d5:d3:
                    26:0d:4d:d4:7a:1b:7b:62:7c:4e:d0:02:35:02:0d:
                    88:59:eb:ee:86:b4:13:03:2c:db:59:14:40:c5:aa:
                    8b:8f:91:c7:dc:f4:0f:5b:6c:87:f7:ce:d4:8d:30:
                    2b:03:78:88:f6:b0:b0:e3:56:cd:4d:00:25:15:1e:
                    86:a9:27:65:2a:58:4c:0b:3c:22:85:1c:1e:63:8d:
                    76:3e:69:97:60:b3:53:4c:d9:c2:46:63:49:2d:78:
                    20:28:77:69:19:11:97:56:c3:a1:39:71:b9:cc:08:
                    b2:10:93:89:c7:af:1a:7b:80:f2:13:d6:a0:d4:36:
                    ca:80:90:9f:85:17:be:c1:8f:85:67:41:b2:5b:22:
                    d9:e9:d5:61:be:9d:50:e1:bb:de:47:42:eb:e3:f2:
                    a6:55:05:40:69:e9:b3:57:dd:87:1e:af:77:86:64:
                    73:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E4:73:19:B5:30:7D:0C:FF:AD:E5:1F:2B:11:3E:54:A3:0B:D4:AA
            X509v3 Authority Key Identifier:
                keyid:A6:AC:6D:06:9D:8F:B7:32:F4:FE:92:B4:E1:3C:D7:DC:4D:39:3A:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pqxtBp2PtzL0_pK04TzX3E05OkI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/kORzGbUwfQz_reUfKxE-VKML1Ko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/c09f02-7510-42ea-b281-bfa03a668577/1/pqxtBp2PtzL0_pK04TzX3E05OkI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:d8:ed:7d:c6:02:12:43:7e:3d:a9:97:39:da:5d:05:53:8c:
         75:e4:6c:50:61:97:4e:0e:ef:98:ad:a4:c7:40:9c:35:72:7f:
         ad:a1:07:65:5f:51:23:a9:d1:c8:9a:56:2c:b3:5b:0f:d3:15:
         2f:e8:13:28:70:1a:aa:4e:91:38:29:2b:d0:38:c9:26:1f:58:
         5f:4a:63:03:a3:9d:9d:11:fe:3b:4f:57:52:7c:6f:44:fc:3e:
         da:98:73:c1:0d:59:0e:42:9d:a4:c1:f5:47:94:78:0e:e6:d5:
         7d:43:1b:1b:c9:c4:f6:0b:47:02:f2:12:37:b2:ec:59:19:c1:
         40:b6:fb:8c:9d:9a:9f:d4:9f:53:9f:6b:0c:7c:e1:f5:21:c5:
         c1:8b:51:73:1c:93:29:5a:6d:55:cc:7e:e5:25:bc:73:9d:fe:
         62:19:29:1e:89:da:1b:5a:bd:54:5f:5e:59:63:46:aa:64:89:
         a6:9b:d8:2f:a5:c1:f4:e4:6d:a8:78:b0:72:14:46:b4:b8:21:
         ed:5f:d9:69:40:e9:33:9b:51:2e:73:3d:25:c0:4e:b3:3c:fc:
         93:e1:36:ac:be:b4:47:1f:d8:38:30:f6:3b:10:5c:07:5b:68:
         88:88:b8:f3:ba:ff:12:5a:d2:82:13:f9:ed:0c:c5:ad:bf:63:
         a5:91:68:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcRB9L/96I0Otx/ZfW3A4ETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YWM2ZDA2OWQ4ZmI3MzJmNGZlOTJiNGUxM2NkN2RjNGQz
OTNhNDIwHhcNMjUwNTI3MDkxNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGU0NzMxOWI1MzA3ZDBjZmZhZGU1MWYyYjExM2U1NGEzMGJkNGFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4VYV3C2oGpc6XV0hyPMEWgwGfUO5
4UBoGNq09THE8nE7pby1f9XegDHYmex0stjDgMwT88PLHIZ+821Kz2oALLUxQg1I
TUD+M7tL/4ea7puN8+bE0ewm1dMmDU3Ueht7YnxO0AI1Ag2IWevuhrQTAyzbWRRA
xaqLj5HH3PQPW2yH987UjTArA3iI9rCw41bNTQAlFR6GqSdlKlhMCzwihRweY412
PmmXYLNTTNnCRmNJLXggKHdpGRGXVsOhOXG5zAiyEJOJx68ae4DyE9ag1DbKgJCf
hRe+wY+FZ0GyWyLZ6dVhvp1Q4bveR0Lr4/KmVQVAaemzV92HHq93hmRzMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDkcxm1MH0M/63lHysRPlSjC9SqMB8GA1UdIwQY
MBaAFKasbQadj7cy9P6StOE819xNOTpCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHF4dEJwMlB0ekwwX3BLMDRUelgzRTA1T2tJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9jMDlmMDItNzUxMC00MmVhLWIyODEt
YmZhMDNhNjY4NTc3LzEva09SekdiVXdmUXpfcmVVZkt4RS1WS01MMUtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9jMDlmMDItNzUxMC00MmVhLWIyODEtYmZhMDNhNjY4NTc3
LzEvcHF4dEJwMlB0ekwwX3BLMDRUelgzRTA1T2tJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/SMA0G
CSqGSIb3DQEBCwUAA4IBAQBx2O19xgISQ349qZc52l0FU4x15GxQYZdODu+YraTH
QJw1cn+toQdlX1EjqdHImlYss1sP0xUv6BMocBqqTpE4KSvQOMkmH1hfSmMDo52d
Ef47T1dSfG9E/D7amHPBDVkOQp2kwfVHlHgO5tV9QxsbycT2C0cC8hI3suxZGcFA
tvuMnZqf1J9Tn2sMfOH1IcXBi1FzHJMpWm1VzH7lJbxznf5iGSkeidobWr1UX15Z
Y0aqZImmm9gvpcH05G2oeLByFEa0uCHtX9lpQOkzm1Eucz0lwE6zPPyT4TasvrRH
H9g4MPY7EFwHW2iIiLjzuv8SWtKCE/ntDMWtv2OlkWgu
-----END CERTIFICATE-----