Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/a2bb92-c591-4250-b2d3-8dda6c6ca81d/1/c7xqGqZ0KnoVgSHP1uxqIn-gcow.roa
File:                     c7xqGqZ0KnoVgSHP1uxqIn-gcow.roa (raw, json)
Hash identifier:          fgA4jW+G01sd+KIFTnm2o/eJLY8zge2zWEftjWqJRcE=
Subject key identifier:   73:BC:6A:1A:A6:74:2A:7A:15:81:21:CF:D6:EC:6A:22:7F:A0:72:8C
Certificate issuer:       /CN=a137891dd4f3df83772d7cfe7183843cbff44d54
Certificate serial:       019741010F05351D117D3B562973EE987BFD
Authority key identifier: A1:37:89:1D:D4:F3:DF:83:77:2D:7C:FE:71:83:84:3C:BF:F4:4D:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oTeJHdTz34N3LXz-cYOEPL_0TVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/a2bb92-c591-4250-b2d3-8dda6c6ca81d/1/c7xqGqZ0KnoVgSHP1uxqIn-gcow.roa
Signing time:             Thu 05 Jun 2025 16:51:17 +0000
ROA not before:           Thu 05 Jun 2025 16:51:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44489
IP address blocks:        93.91.48.0/20 maxlen: 20
                          2a01:7ec0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/a2bb92-c591-4250-b2d3-8dda6c6ca81d/1/oTeJHdTz34N3LXz-cYOEPL_0TVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/a2bb92-c591-4250-b2d3-8dda6c6ca81d/1/oTeJHdTz34N3LXz-cYOEPL_0TVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oTeJHdTz34N3LXz-cYOEPL_0TVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:41:01:0f:05:35:1d:11:7d:3b:56:29:73:ee:98:7b:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a137891dd4f3df83772d7cfe7183843cbff44d54
        Validity
            Not Before: Jun  5 16:51:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73bc6a1aa6742a7a158121cfd6ec6a227fa0728c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:89:89:01:78:59:01:ec:63:a3:90:53:08:e1:
                    f0:48:59:4e:ed:ac:11:61:32:a2:a4:48:6a:9b:a7:
                    af:78:9a:12:ce:bd:09:ca:17:46:78:40:eb:4b:f4:
                    ab:2d:fa:60:80:e2:4e:23:0c:03:df:05:c0:25:b6:
                    32:3a:d0:9f:80:89:d1:e8:b9:3b:27:5d:69:44:81:
                    1b:f1:56:4e:77:b7:74:e5:c8:47:72:96:02:fe:45:
                    40:18:7a:55:ee:df:4e:ec:da:8d:92:6f:20:8a:3a:
                    3c:a9:25:b2:ce:7e:e8:4e:63:e4:c5:ac:63:b7:06:
                    51:ed:d5:8d:ba:04:c0:24:1e:0f:de:b5:2b:30:59:
                    9c:79:a1:b4:6f:c1:7d:f7:7a:1b:82:e0:11:4d:a8:
                    93:a1:df:b1:b1:c1:17:9f:ab:1a:53:85:92:44:a5:
                    a6:10:5b:2c:75:db:b9:b4:12:32:32:71:b7:01:db:
                    cd:a6:b6:b7:e8:a0:13:53:c6:e2:53:7e:5e:c4:02:
                    fc:af:e5:56:6f:98:3a:a7:b6:35:f5:7a:a3:29:c6:
                    63:de:a3:77:d3:ff:1f:41:19:b1:49:a4:e2:10:df:
                    ac:b0:bb:55:70:6b:d4:91:d7:30:8d:ae:fa:a4:40:
                    bb:ae:5e:e3:b0:58:0f:0f:4f:72:f4:4a:4f:d9:ec:
                    33:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:BC:6A:1A:A6:74:2A:7A:15:81:21:CF:D6:EC:6A:22:7F:A0:72:8C
            X509v3 Authority Key Identifier:
                keyid:A1:37:89:1D:D4:F3:DF:83:77:2D:7C:FE:71:83:84:3C:BF:F4:4D:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oTeJHdTz34N3LXz-cYOEPL_0TVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/a2bb92-c591-4250-b2d3-8dda6c6ca81d/1/c7xqGqZ0KnoVgSHP1uxqIn-gcow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/a2bb92-c591-4250-b2d3-8dda6c6ca81d/1/oTeJHdTz34N3LXz-cYOEPL_0TVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.91.48.0/20
                IPv6:
                  2a01:7ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4c:64:aa:9d:f7:44:73:5d:e3:13:1d:a2:61:db:20:4b:b3:5c:
         c0:7b:b6:fd:a3:5e:96:b3:5a:c0:e9:e0:ff:16:ce:bb:fe:b2:
         ba:ff:e7:9d:4c:f2:f3:73:db:41:b9:49:79:cd:10:6e:2d:b4:
         82:99:0d:4b:78:d3:29:36:8b:cd:ae:d5:9e:d3:a2:44:86:54:
         31:49:20:1b:bd:00:c3:de:8b:83:9c:fe:aa:07:4b:d1:61:3a:
         ec:d4:52:4f:49:14:07:b8:87:ba:5c:b4:51:45:63:62:d0:c9:
         71:8f:08:18:fa:1e:aa:cf:d3:92:d9:2e:6b:1a:bb:df:ac:22:
         3d:30:08:90:f5:29:32:9a:47:9e:dc:56:fa:fb:6c:4e:99:77:
         f3:ad:50:46:a3:93:93:01:7b:9f:ab:e2:fd:12:fa:cc:de:a7:
         77:46:c0:34:17:50:6d:53:06:18:8a:47:ff:8d:92:0b:cc:7e:
         21:e6:4c:ff:f9:f8:2c:8b:4b:52:f2:4c:bd:e0:21:db:d3:15:
         14:ed:53:52:f8:ac:a5:02:4d:37:88:4d:4f:f0:1b:35:9f:b4:
         9b:61:1a:0d:0a:a7:c4:0f:98:fd:20:41:b3:2a:89:c1:16:06:
         b2:8a:89:47:36:2f:05:3b:d8:2a:d1:1e:66:e6:20:fd:77:74:
         66:d2:39:65
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZdBAQ8FNR0RfTtWKXPumHv9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMzc4OTFkZDRmM2RmODM3NzJkN2NmZTcxODM4NDNjYmZm
NDRkNTQwHhcNMjUwNjA1MTY1MTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2JjNmExYWE2NzQyYTdhMTU4MTIxY2ZkNmVjNmEyMjdmYTA3MjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYmJAXhZAexjo5BTCOHwSFlO7awR
YTKipEhqm6eveJoSzr0JyhdGeEDrS/SrLfpggOJOIwwD3wXAJbYyOtCfgInR6Lk7
J11pRIEb8VZOd7d05chHcpYC/kVAGHpV7t9O7NqNkm8gijo8qSWyzn7oTmPkxaxj
twZR7dWNugTAJB4P3rUrMFmceaG0b8F993obguARTaiTod+xscEXn6saU4WSRKWm
EFssddu5tBIyMnG3AdvNpra36KATU8biU35exAL8r+VWb5g6p7Y19XqjKcZj3qN3
0/8fQRmxSaTiEN+ssLtVcGvUkdcwja76pEC7rl7jsFgPD09y9EpP2ewztwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHO8ahqmdCp6FYEhz9bsaiJ/oHKMMB8GA1UdIwQY
MBaAFKE3iR3U89+Ddy18/nGDhDy/9E1UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1RlSkhkVHozNE4zTFh6LWNZT0VQTF8wVFZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9hMmJiOTItYzU5MS00MjUwLWIyZDMt
OGRkYTZjNmNhODFkLzEvYzd4cUdxWjBLbm9WZ1NIUDF1eHFJbi1nY293LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9hMmJiOTItYzU5MS00MjUwLWIyZDMtOGRkYTZjNmNhODFk
LzEvb1RlSkhkVHozNE4zTFh6LWNZT0VQTF8wVFZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEXVswMA0E
AgACMAcDBQAqAX7AMA0GCSqGSIb3DQEBCwUAA4IBAQBMZKqd90RzXeMTHaJh2yBL
s1zAe7b9o16Ws1rA6eD/Fs67/rK6/+edTPLzc9tBuUl5zRBuLbSCmQ1LeNMpNovN
rtWe06JEhlQxSSAbvQDD3ouDnP6qB0vRYTrs1FJPSRQHuIe6XLRRRWNi0MlxjwgY
+h6qz9OS2S5rGrvfrCI9MAiQ9Skymkee3Fb6+2xOmXfzrVBGo5OTAXufq+L9EvrM
3qd3RsA0F1BtUwYYikf/jZILzH4h5kz/+fgsi0tS8ky94CHb0xUU7VNS+KylAk03
iE1P8Bs1n7SbYRoNCqfED5j9IEGzKonBFgayiolHNi8FO9gq0R5m5iD9d3Rm0jll
-----END CERTIFICATE-----