Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/Sj_-Ptmp5l-zNzTgHXDKWr6DNsQ.roa
File:                     Sj_-Ptmp5l-zNzTgHXDKWr6DNsQ.roa (raw, json)
Hash identifier:          S/l02EQhWoa3TBsVB+OnLc92uLdAeVgn7Z4178pnmT4=
Subject key identifier:   4A:3F:FE:3E:D9:A9:E6:5F:B3:37:34:E0:1D:70:CA:5A:BE:83:36:C4
Certificate issuer:       /CN=af84e3d23ff60b829e146ebdab4a0ae61de0f4fb
Certificate serial:       0197162F19BF70132B0DBDFA45A32E542FEB
Authority key identifier: AF:84:E3:D2:3F:F6:0B:82:9E:14:6E:BD:AB:4A:0A:E6:1D:E0:F4:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/Sj_-Ptmp5l-zNzTgHXDKWr6DNsQ.roa
Signing time:             Wed 28 May 2025 09:17:54 +0000
ROA not before:           Wed 28 May 2025 09:17:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211920
IP address blocks:        91.220.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:2f:19:bf:70:13:2b:0d:bd:fa:45:a3:2e:54:2f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af84e3d23ff60b829e146ebdab4a0ae61de0f4fb
        Validity
            Not Before: May 28 09:17:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4a3ffe3ed9a9e65fb33734e01d70ca5abe8336c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:42:d6:ce:16:30:95:6f:17:28:1b:f8:f3:8b:
                    c5:a9:ef:b1:dd:62:f8:5b:86:88:60:05:d7:75:30:
                    57:56:d6:fb:84:90:8b:c7:c5:99:b3:70:c3:e3:cc:
                    55:e7:3b:4d:d3:d0:90:c8:7c:9b:20:2d:c2:3c:62:
                    3a:10:7f:78:5d:44:6f:ed:f4:18:97:aa:8d:f8:0a:
                    5d:fe:e8:5b:cb:ac:8f:8e:c3:75:42:b6:61:0c:2f:
                    29:52:89:d0:d5:de:b3:31:8a:84:7b:10:6c:b3:33:
                    0d:df:b5:47:0b:2e:7f:7f:7f:30:b8:cb:c3:ce:57:
                    57:33:92:51:d9:c5:f4:54:e2:24:06:23:bf:81:2d:
                    f7:6d:5d:8b:e4:12:e4:92:4f:64:c2:2b:f9:cb:7e:
                    71:37:99:fc:4d:f1:6d:c3:a5:7c:a9:8e:71:5b:da:
                    55:03:a8:45:4f:e4:fe:a8:2f:a8:2e:da:db:1f:9c:
                    df:db:37:15:f9:0a:2f:d1:17:79:5e:a2:e5:1d:73:
                    f5:b9:17:3e:82:c7:31:a6:bb:d2:28:2f:95:8c:77:
                    ff:47:e0:c9:2d:4a:1a:d4:de:65:9b:a7:76:17:a7:
                    e8:7d:32:3c:90:12:2d:16:d7:b8:46:9a:e5:76:43:
                    a0:cd:28:99:32:69:1e:99:9d:ee:80:93:69:4c:5a:
                    0f:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:3F:FE:3E:D9:A9:E6:5F:B3:37:34:E0:1D:70:CA:5A:BE:83:36:C4
            X509v3 Authority Key Identifier:
                keyid:AF:84:E3:D2:3F:F6:0B:82:9E:14:6E:BD:AB:4A:0A:E6:1D:E0:F4:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/Sj_-Ptmp5l-zNzTgHXDKWr6DNsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/ba2391-05a1-4bcb-a61d-e5d8e3750009/1/r4Tj0j_2C4KeFG69q0oK5h3g9Ps.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:9c:53:0f:7f:9e:72:19:f0:3b:c9:a5:71:93:55:e5:4b:5f:
         3a:23:10:78:01:b1:4d:c4:83:87:8d:ab:62:61:83:20:15:9b:
         06:3f:69:a8:a9:cc:a2:2c:7c:2c:51:ab:a0:12:50:ba:0d:87:
         b3:e2:5e:29:ec:4c:86:80:b1:90:64:60:c6:6b:c9:c2:77:23:
         0a:e0:9a:f5:1b:e7:45:23:09:5c:5a:3c:1f:01:21:0b:b8:7e:
         cf:cb:0d:50:4b:ac:2b:8b:a5:8d:97:00:9f:ad:77:94:36:12:
         eb:3a:4a:0f:94:8e:10:67:22:7a:d6:95:6d:8a:b2:b8:60:0c:
         23:40:62:8b:5f:56:30:d8:e2:72:ed:82:55:e3:bd:ce:22:38:
         0f:47:ab:ae:33:ef:f2:a1:cd:e9:7d:b4:31:fb:64:f7:f0:9d:
         15:d7:c7:5c:dd:cf:e1:65:d2:f7:d4:db:b0:33:ca:ec:65:3b:
         da:54:e9:00:81:d1:9b:fd:4a:27:cc:a0:f8:95:a8:9b:e3:bb:
         b1:c8:02:40:b1:9c:8a:21:61:63:e4:e1:df:63:f5:55:1b:95:
         ed:ff:51:60:70:61:5b:76:01:2f:bf:0d:a0:c5:34:17:6a:7e:
         44:74:8e:8d:03:65:38:c5:98:2e:3d:f4:99:aa:7d:c2:ae:3d:
         f5:8c:53:33
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcWLxm/cBMrDb36RaMuVC/rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODRlM2QyM2ZmNjBiODI5ZTE0NmViZGFiNGEwYWU2MWRl
MGY0ZmIwHhcNMjUwNTI4MDkxNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTNmZmUzZWQ5YTllNjVmYjMzNzM0ZTAxZDcwY2E1YWJlODMzNmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kLWzhYwlW8XKBv484vFqe+x3WL4
W4aIYAXXdTBXVtb7hJCLx8WZs3DD48xV5ztN09CQyHybIC3CPGI6EH94XURv7fQY
l6qN+Apd/uhby6yPjsN1QrZhDC8pUonQ1d6zMYqEexBsszMN37VHCy5/f38wuMvD
zldXM5JR2cX0VOIkBiO/gS33bV2L5BLkkk9kwiv5y35xN5n8TfFtw6V8qY5xW9pV
A6hFT+T+qC+oLtrbH5zf2zcV+Qov0Rd5XqLlHXP1uRc+gscxprvSKC+VjHf/R+DJ
LUoa1N5lm6d2F6fofTI8kBItFte4RprldkOgzSiZMmkemZ3ugJNpTFoPxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEo//j7ZqeZfszc04B1wylq+gzbEMB8GA1UdIwQY
MBaAFK+E49I/9guCnhRuvatKCuYd4PT7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRUajBqXzJDNEtlRkc2OXEwb0s1aDNnOVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9iYTIzOTEtMDVhMS00YmNiLWE2MWQt
ZTVkOGUzNzUwMDA5LzEvU2pfLVB0bXA1bC16TnpUZ0hYREtXcjZETnNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9iYTIzOTEtMDVhMS00YmNiLWE2MWQtZTVkOGUzNzUwMDA5
LzEvcjRUajBqXzJDNEtlRkc2OXEwb0s1aDNnOVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xhMA0G
CSqGSIb3DQEBCwUAA4IBAQB2nFMPf55yGfA7yaVxk1XlS186IxB4AbFNxIOHjati
YYMgFZsGP2moqcyiLHwsUaugElC6DYez4l4p7EyGgLGQZGDGa8nCdyMK4Jr1G+dF
IwlcWjwfASELuH7Pyw1QS6wri6WNlwCfrXeUNhLrOkoPlI4QZyJ61pVtirK4YAwj
QGKLX1Yw2OJy7YJV473OIjgPR6uuM+/yoc3pfbQx+2T38J0V18dc3c/hZdL31Nuw
M8rsZTvaVOkAgdGb/UonzKD4laib47uxyAJAsZyKIWFj5OHfY/VVG5Xt/1FgcGFb
dgEvvw2gxTQXan5EdI6NA2U4xZguPfSZqn3Crj31jFMz
-----END CERTIFICATE-----