Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/XCryBEDTOUl3Ea_MrSEtSaMG3Co.roa
File:                     XCryBEDTOUl3Ea_MrSEtSaMG3Co.roa (raw, json)
Hash identifier:          sPppTj0F7pCpY5ONI7GqIQuZY0OVMDZ1iOjt9ofxfhw=
Subject key identifier:   5C:2A:F2:04:40:D3:39:49:77:11:AF:CC:AD:21:2D:49:A3:06:DC:2A
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0197BFCBA18EC1A377100A913679883C56CB
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/XCryBEDTOUl3Ea_MrSEtSaMG3Co.roa
Signing time:             Mon 30 Jun 2025 07:44:42 +0000
ROA not before:           Mon 30 Jun 2025 07:44:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        91.200.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:bf:cb:a1:8e:c1:a3:77:10:0a:91:36:79:88:3c:56:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jun 30 07:44:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c2af20440d339497711afccad212d49a306dc2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:75:50:1d:8d:91:93:cb:24:32:08:c4:6b:36:
                    a9:ba:d2:ce:65:59:c7:4e:a5:93:ad:4a:d9:4c:81:
                    8a:86:59:4c:e2:26:0f:b3:08:01:45:82:22:bb:0d:
                    84:96:46:ca:9a:61:43:83:40:ff:02:1f:37:08:48:
                    20:73:b2:b7:c5:7f:5d:f0:f7:cb:61:00:c5:e4:57:
                    1b:ec:8f:46:ac:c9:59:a8:64:68:90:80:63:ad:5d:
                    a7:b7:3c:6c:76:a6:2d:50:e1:dc:d7:9b:02:d5:1b:
                    33:c0:62:f5:0d:c2:e4:26:01:2e:e7:dd:c7:ca:65:
                    c7:d7:f6:8e:92:64:9b:e2:ed:a4:48:43:6a:be:57:
                    65:79:64:e8:39:e4:ba:b8:b6:50:61:70:23:08:72:
                    09:98:97:9b:cd:53:69:7c:33:63:57:35:b8:8c:67:
                    cc:63:25:05:6f:89:09:d9:1c:0a:9e:03:8a:9e:f1:
                    da:68:d7:4e:a1:11:d3:fd:c6:87:15:9a:b7:ea:b1:
                    77:58:06:f3:6a:55:06:82:41:ed:13:41:8e:80:b7:
                    d0:19:b4:f6:5b:0d:17:6d:07:18:e1:04:20:ce:c3:
                    59:15:ac:38:0e:06:c5:9d:ff:0a:fc:ad:f8:e6:94:
                    10:4e:35:a3:39:67:8f:2f:54:7c:bf:8a:c1:82:b6:
                    ad:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:2A:F2:04:40:D3:39:49:77:11:AF:CC:AD:21:2D:49:A3:06:DC:2A
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/XCryBEDTOUl3Ea_MrSEtSaMG3Co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:e4:d4:a0:fb:32:e6:ac:fe:75:9b:40:c1:8d:f7:e6:99:7b:
         6a:21:b6:f9:82:7b:02:04:21:81:4e:98:aa:64:50:18:6a:10:
         6c:66:53:1c:7c:8c:db:b9:a8:e9:12:eb:1f:7e:f5:fc:76:c1:
         0a:18:11:8d:59:a6:b3:98:c6:54:4b:51:fb:55:88:87:14:24:
         86:74:23:a3:af:1e:f9:85:78:3b:96:4d:ad:88:ca:7a:59:9c:
         25:17:f2:20:d6:b9:a8:df:1f:a4:14:fe:b8:6e:69:80:f3:8b:
         bb:64:e4:b3:9e:6b:05:9f:0f:05:23:99:96:09:c0:42:6e:7d:
         f2:51:d4:ec:01:cf:b4:ea:71:b3:aa:64:9a:63:57:1c:36:fd:
         86:04:18:df:e4:37:89:5e:c5:4d:b7:a6:09:59:30:6a:5f:ff:
         ca:2a:d2:31:58:b4:63:19:63:f7:08:d8:8a:02:c0:ca:f6:c2:
         fc:d4:76:2e:4d:9b:64:cf:55:a8:d1:6a:8a:4a:4a:93:0e:9f:
         e5:64:7a:ea:3b:19:64:07:10:88:e3:c5:bb:60:79:fa:40:b0:
         44:f4:ec:bd:bc:38:1c:1d:01:87:42:23:01:44:c8:ba:17:fb:
         49:3a:59:36:46:48:eb:30:e5:6a:3a:d6:e1:b6:38:e8:d6:ca:
         b2:26:d6:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe/y6GOwaN3EAqRNnmIPFbLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNjMwMDc0NDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzJhZjIwNDQwZDMzOTQ5NzcxMWFmY2NhZDIxMmQ0OWEzMDZkYzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnVQHY2Rk8skMgjEazaputLOZVnH
TqWTrUrZTIGKhllM4iYPswgBRYIiuw2ElkbKmmFDg0D/Ah83CEggc7K3xX9d8PfL
YQDF5Fcb7I9GrMlZqGRokIBjrV2ntzxsdqYtUOHc15sC1RszwGL1DcLkJgEu593H
ymXH1/aOkmSb4u2kSENqvldleWToOeS6uLZQYXAjCHIJmJebzVNpfDNjVzW4jGfM
YyUFb4kJ2RwKngOKnvHaaNdOoRHT/caHFZq36rF3WAbzalUGgkHtE0GOgLfQGbT2
Ww0XbQcY4QQgzsNZFaw4DgbFnf8K/K345pQQTjWjOWePL1R8v4rBgratZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFwq8gRA0zlJdxGvzK0hLUmjBtwqMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvWENyeUJFRFRPVWwzRWFfTXJTRXRTYU1HM0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8jdMA0G
CSqGSIb3DQEBCwUAA4IBAQBy5NSg+zLmrP51m0DBjffmmXtqIbb5gnsCBCGBTpiq
ZFAYahBsZlMcfIzbuajpEusffvX8dsEKGBGNWaazmMZUS1H7VYiHFCSGdCOjrx75
hXg7lk2tiMp6WZwlF/Ig1rmo3x+kFP64bmmA84u7ZOSznmsFnw8FI5mWCcBCbn3y
UdTsAc+06nGzqmSaY1ccNv2GBBjf5DeJXsVNt6YJWTBqX//KKtIxWLRjGWP3CNiK
AsDK9sL81HYuTZtkz1Wo0WqKSkqTDp/lZHrqOxlkBxCI48W7YHn6QLBE9Oy9vDgc
HQGHQiMBRMi6F/tJOlk2RkjrMOVqOtbhtjjo1sqyJtZK
-----END CERTIFICATE-----