Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/HGSRqlNYcI2T93P2gU900Qk3Dek.roa
File:                     HGSRqlNYcI2T93P2gU900Qk3Dek.roa (raw, json)
Hash identifier:          i02OHuqf6h/6q/dwtdwLhLZepe+elqJK3FHBGeLBHEE=
Subject key identifier:   1C:64:91:AA:53:58:70:8D:93:F7:73:F6:81:4F:74:D1:09:37:0D:E9
Certificate issuer:       /CN=5a5e66b2759e50bb69bb0a4409eeb3ba48c46c56
Certificate serial:       019712B8BB29638ADB2E7EC70A92FE52414E
Authority key identifier: 5A:5E:66:B2:75:9E:50:BB:69:BB:0A:44:09:EE:B3:BA:48:C4:6C:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wl5msnWeULtpuwpECe6zukjEbFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/HGSRqlNYcI2T93P2gU900Qk3Dek.roa
Signing time:             Tue 27 May 2025 17:09:45 +0000
ROA not before:           Tue 27 May 2025 17:09:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        91.237.254.0/24 maxlen: 24
                          91.237.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/Wl5msnWeULtpuwpECe6zukjEbFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/Wl5msnWeULtpuwpECe6zukjEbFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wl5msnWeULtpuwpECe6zukjEbFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 04:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:12:b8:bb:29:63:8a:db:2e:7e:c7:0a:92:fe:52:41:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a5e66b2759e50bb69bb0a4409eeb3ba48c46c56
        Validity
            Not Before: May 27 17:09:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c6491aa5358708d93f773f6814f74d109370de9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9a:a1:0c:f6:6f:5d:47:88:29:d8:67:72:0c:
                    a7:5d:58:42:0a:bd:a0:fa:05:b4:e6:7c:0c:50:5a:
                    e1:00:aa:a9:2c:0a:72:9c:3f:64:3a:cf:3b:77:90:
                    be:cb:d6:04:ea:4e:17:28:37:35:07:23:6f:9b:82:
                    53:8f:fa:c7:39:6d:08:21:18:c0:c5:f3:33:f1:d2:
                    72:b2:67:b3:d2:2f:c4:c0:bc:36:01:19:7c:3f:2d:
                    39:75:9a:0c:17:b3:d6:93:11:04:75:7c:5d:6b:b1:
                    07:a1:bd:e0:a2:3e:65:4f:c8:a2:13:08:d1:d2:d0:
                    ac:04:91:6b:d7:5a:29:83:0d:8b:2e:cb:a3:3a:a1:
                    a4:38:e5:63:52:ab:2b:ba:3e:37:75:7c:70:8b:d1:
                    8e:48:ee:cd:36:88:3e:73:4b:6c:64:dc:28:2e:b5:
                    35:f7:0f:39:22:fa:23:7a:3f:75:8e:62:95:c7:3d:
                    fb:10:e2:d8:ce:5f:01:c3:77:f9:a7:40:d2:2b:5c:
                    28:2a:86:fa:bd:56:a4:35:e2:cc:61:3a:45:14:e1:
                    c3:ed:4e:bc:f8:c7:b3:ef:66:0e:b9:69:4d:9a:af:
                    32:d9:fa:49:b6:a0:e6:8e:2d:8a:74:8e:46:fd:30:
                    dc:23:92:7f:89:6d:a6:cc:6b:1e:41:67:d9:81:a0:
                    bd:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:64:91:AA:53:58:70:8D:93:F7:73:F6:81:4F:74:D1:09:37:0D:E9
            X509v3 Authority Key Identifier:
                keyid:5A:5E:66:B2:75:9E:50:BB:69:BB:0A:44:09:EE:B3:BA:48:C4:6C:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wl5msnWeULtpuwpECe6zukjEbFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/HGSRqlNYcI2T93P2gU900Qk3Dek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/Wl5msnWeULtpuwpECe6zukjEbFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.254.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:b1:09:ce:69:8c:6e:a1:7b:77:f5:10:78:fd:e3:69:75:fd:
         1a:ba:62:0e:76:2d:14:2c:9a:1c:92:5b:5e:ed:e5:8d:10:57:
         f1:ff:a2:b6:f0:49:5f:3a:df:29:a0:9f:26:df:af:39:1d:6c:
         00:2c:33:a5:15:6a:6f:76:6e:ac:bc:93:70:ff:26:9a:a5:43:
         01:4c:92:0f:f1:5d:a6:92:ea:18:99:88:ad:aa:0c:a4:af:4c:
         e6:51:c5:55:03:17:10:dc:47:9b:c6:29:65:ae:02:55:02:7d:
         87:15:b1:d5:ca:2f:81:73:14:04:ce:4f:b3:44:a1:31:52:d8:
         72:ab:7c:7a:5d:72:5d:21:a9:2e:f5:e6:62:ff:e6:12:3d:e1:
         fa:dc:18:8e:ca:c4:ac:2f:3f:5b:f4:07:86:d0:90:75:74:da:
         1f:5a:2d:e6:fd:63:57:40:6b:a1:28:ee:2f:91:8c:21:34:b7:
         aa:6d:a0:34:c7:50:dc:76:02:d1:1a:9b:de:53:0c:63:19:54:
         75:85:42:1f:de:b3:12:7e:d1:c2:63:c6:e1:3d:e1:39:56:10:
         1c:a5:91:b7:bf:9e:8a:e4:50:c9:7b:be:3d:30:f3:f4:08:ab:
         4b:38:3f:f5:75:94:e5:f6:d0:9b:69:e2:16:fc:ae:36:c7:28:
         3b:56:30:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcSuLspY4rbLn7HCpL+UkFOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNWU2NmIyNzU5ZTUwYmI2OWJiMGE0NDA5ZWViM2JhNDhj
NDZjNTYwHhcNMjUwNTI3MTcwOTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzY0OTFhYTUzNTg3MDhkOTNmNzczZjY4MTRmNzRkMTA5MzcwZGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJqhDPZvXUeIKdhncgynXVhCCr2g
+gW05nwMUFrhAKqpLApynD9kOs87d5C+y9YE6k4XKDc1ByNvm4JTj/rHOW0IIRjA
xfMz8dJysmez0i/EwLw2ARl8Py05dZoMF7PWkxEEdXxda7EHob3goj5lT8iiEwjR
0tCsBJFr11opgw2LLsujOqGkOOVjUqsruj43dXxwi9GOSO7NNog+c0tsZNwoLrU1
9w85Ivojej91jmKVxz37EOLYzl8Bw3f5p0DSK1woKob6vVakNeLMYTpFFOHD7U68
+Mez72YOuWlNmq8y2fpJtqDmji2KdI5G/TDcI5J/iW2mzGseQWfZgaC9+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBxkkapTWHCNk/dz9oFPdNEJNw3pMB8GA1UdIwQY
MBaAFFpeZrJ1nlC7absKRAnus7pIxGxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2w1bXNuV2VVTHRwdXdwRUNlNnp1a2pFYkZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi80Zjc2YjQtN2Q1Ni00N2EwLWFjNWIt
NjUzZjIzOWZlOWEwLzEvSEdTUnFsTlljSTJUOTNQMmdVOTAwUWszRGVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi80Zjc2YjQtN2Q1Ni00N2EwLWFjNWItNjUzZjIzOWZlOWEw
LzEvV2w1bXNuV2VVTHRwdXdwRUNlNnp1a2pFYkZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+3+MA0G
CSqGSIb3DQEBCwUAA4IBAQCGsQnOaYxuoXt39RB4/eNpdf0aumIOdi0ULJocklte
7eWNEFfx/6K28ElfOt8poJ8m3685HWwALDOlFWpvdm6svJNw/yaapUMBTJIP8V2m
kuoYmYitqgykr0zmUcVVAxcQ3EebxillrgJVAn2HFbHVyi+BcxQEzk+zRKExUthy
q3x6XXJdIaku9eZi/+YSPeH63BiOysSsLz9b9AeG0JB1dNofWi3m/WNXQGuhKO4v
kYwhNLeqbaA0x1DcdgLRGpveUwxjGVR1hUIf3rMSftHCY8bhPeE5VhAcpZG3v56K
5FDJe749MPP0CKtLOD/1dZTl9tCbaeIW/K42xyg7VjDc
-----END CERTIFICATE-----