Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/d2hoUpvor7BPW8nmpz4xnZjE2u4.roa
File:                     d2hoUpvor7BPW8nmpz4xnZjE2u4.roa (raw, json)
Hash identifier:          hIY/GtYHLCsuos0GvnTm5ot49GmbZ9W7yYzcGZgrlOw=
Subject key identifier:   77:68:68:52:9B:E8:AF:B0:4F:5B:C9:E6:A7:3E:31:9D:98:C4:DA:EE
Certificate issuer:       /CN=f2a959dc16715c8a54c8094267b8e491fe321d2c
Certificate serial:       0196F34873E96124033D88C7F0FC5967AC5E
Authority key identifier: F2:A9:59:DC:16:71:5C:8A:54:C8:09:42:67:B8:E4:91:FE:32:1D:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/d2hoUpvor7BPW8nmpz4xnZjE2u4.roa
Signing time:             Wed 21 May 2025 14:38:53 +0000
ROA not before:           Wed 21 May 2025 14:38:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197615
IP address blocks:        91.223.167.0/24 maxlen: 24
                          91.224.180.0/23 maxlen: 23
                          91.230.88.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:48:73:e9:61:24:03:3d:88:c7:f0:fc:59:67:ac:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2a959dc16715c8a54c8094267b8e491fe321d2c
        Validity
            Not Before: May 21 14:38:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=776868529be8afb04f5bc9e6a73e319d98c4daee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:92:0a:cc:52:b6:59:3d:de:26:da:f8:8c:e1:
                    34:1d:62:da:81:ad:f2:a4:a8:a0:d6:66:db:d7:36:
                    84:cd:7a:72:d6:50:e5:f7:ca:75:d2:62:4b:e8:e9:
                    90:0a:e4:77:16:7f:d8:a3:c5:42:cf:d2:66:56:e3:
                    d3:be:8c:27:22:55:b6:d9:1a:fe:3a:b8:64:e3:dd:
                    cd:3e:98:e2:2e:be:06:67:f5:04:0a:5d:7d:58:0e:
                    34:40:8a:50:fb:d2:e4:60:48:6d:a6:d7:12:94:3d:
                    26:39:2c:0c:b3:b1:18:e1:42:d5:ae:bc:38:96:ee:
                    af:21:6a:bf:c9:cd:0e:f2:f6:f7:af:59:42:f8:c5:
                    92:a0:10:a4:6d:56:be:59:5a:2f:9e:f3:d6:46:44:
                    eb:1d:be:50:0d:31:88:64:bd:d4:d2:81:1d:e7:b9:
                    0d:8c:ad:54:82:83:e1:81:da:d3:64:30:06:cd:c7:
                    e3:e9:b9:47:a4:19:0f:00:51:cf:c3:7e:c1:51:ef:
                    7d:c3:ae:3b:06:b2:b8:26:da:4b:5c:75:f1:0c:44:
                    6c:89:0c:06:df:2a:53:95:5c:b2:72:f1:5d:6e:d9:
                    a2:0f:58:25:db:4e:bd:76:ba:a3:99:8f:80:bc:84:
                    84:8f:4d:f6:aa:e7:cf:05:b3:f4:85:84:c5:3a:58:
                    4d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:68:68:52:9B:E8:AF:B0:4F:5B:C9:E6:A7:3E:31:9D:98:C4:DA:EE
            X509v3 Authority Key Identifier:
                keyid:F2:A9:59:DC:16:71:5C:8A:54:C8:09:42:67:B8:E4:91:FE:32:1D:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/d2hoUpvor7BPW8nmpz4xnZjE2u4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/88a383-030c-4545-9e9c-4ebeec7e8275/1/8qlZ3BZxXIpUyAlCZ7jkkf4yHSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.167.0/24
                  91.224.180.0/23
                  91.230.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:6b:23:76:d1:f6:e4:8d:05:bf:87:8f:24:8a:84:92:27:2c:
         e7:5f:8b:f5:b7:cb:a0:10:7e:44:ae:a3:3e:01:27:63:4d:58:
         0d:73:c1:fe:6d:d1:5f:f2:c9:cf:df:a4:f8:50:55:eb:0f:9e:
         47:52:20:2c:5f:5e:7a:b2:39:b9:3e:41:9b:12:60:89:75:1e:
         2f:19:88:12:b8:b2:a7:28:74:74:86:19:31:db:e4:fb:e3:c9:
         be:25:1f:0b:83:8d:a6:14:ee:9d:83:57:2b:a6:5d:6d:f4:70:
         77:17:a1:c3:fd:e8:21:ba:e7:8d:da:26:40:67:77:e2:0f:48:
         4f:a6:e7:cb:67:83:36:1c:b7:b4:eb:8f:78:d7:aa:36:58:c6:
         bd:fe:07:1b:5f:13:36:32:69:7d:0b:9a:02:53:84:8f:1a:0b:
         a4:73:40:cc:57:59:5f:38:ba:bf:55:4a:24:b3:16:a8:a6:7f:
         1a:cb:7d:f3:4b:ec:49:98:4d:12:06:bc:3c:46:2b:94:e4:ab:
         7d:32:a7:99:53:63:32:62:ad:78:d4:c8:7b:c5:d7:4f:0f:84:
         8e:c5:d5:0b:12:86:f5:92:ab:ed:cc:8b:92:42:16:12:4d:a2:
         e4:6a:7b:14:32:bf:6d:30:e4:f4:ca:4f:14:09:75:f6:1d:02:
         0a:5c:58:eb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbzSHPpYSQDPYjH8PxZZ6xeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyYTk1OWRjMTY3MTVjOGE1NGM4MDk0MjY3YjhlNDkxZmUz
MjFkMmMwHhcNMjUwNTIxMTQzODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzY4Njg1MjliZThhZmIwNGY1YmM5ZTZhNzNlMzE5ZDk4YzRkYWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZIKzFK2WT3eJtr4jOE0HWLaga3y
pKig1mbb1zaEzXpy1lDl98p10mJL6OmQCuR3Fn/Yo8VCz9JmVuPTvownIlW22Rr+
Orhk493NPpjiLr4GZ/UECl19WA40QIpQ+9LkYEhtptcSlD0mOSwMs7EY4ULVrrw4
lu6vIWq/yc0O8vb3r1lC+MWSoBCkbVa+WVovnvPWRkTrHb5QDTGIZL3U0oEd57kN
jK1UgoPhgdrTZDAGzcfj6blHpBkPAFHPw37BUe99w647BrK4JtpLXHXxDERsiQwG
3ypTlVyycvFdbtmiD1gl2069drqjmY+AvISEj032qufPBbP0hYTFOlhNQQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHdoaFKb6K+wT1vJ5qc+MZ2YxNruMB8GA1UdIwQY
MBaAFPKpWdwWcVyKVMgJQme45JH+Mh0sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHFsWjNCWnhYSXBVeUFsQ1o3amtrZjR5SFN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84OGEzODMtMDMwYy00NTQ1LTllOWMt
NGViZWVjN2U4Mjc1LzEvZDJob1Vwdm9yN0JQVzhubXB6NHhuWmpFMnU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84OGEzODMtMDMwYy00NTQ1LTllOWMtNGViZWVjN2U4Mjc1
LzEvOHFsWjNCWnhYSXBVeUFsQ1o3amtrZjR5SFN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9+nAwQB
W+C0AwQBW+ZYMA0GCSqGSIb3DQEBCwUAA4IBAQC6ayN20fbkjQW/h48kioSSJyzn
X4v1t8ugEH5ErqM+ASdjTVgNc8H+bdFf8snP36T4UFXrD55HUiAsX156sjm5PkGb
EmCJdR4vGYgSuLKnKHR0hhkx2+T748m+JR8Lg42mFO6dg1crpl1t9HB3F6HD/egh
uueN2iZAZ3fiD0hPpufLZ4M2HLe0649416o2WMa9/gcbXxM2Mml9C5oCU4SPGguk
c0DMV1lfOLq/VUoksxaopn8ay33zS+xJmE0SBrw8RiuU5Kt9MqeZU2MyYq141Mh7
xddPD4SOxdULEob1kqvtzIuSQhYSTaLkansUMr9tMOT0yk8UCXX2HQIKXFjr
-----END CERTIFICATE-----