Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/d3cc80-c1de-498f-88ef-6ba79957e862/1/r_GfDo9ZWQ7myQ0iViJXzfWcph4.roa
File:                     r_GfDo9ZWQ7myQ0iViJXzfWcph4.roa (raw, json)
Hash identifier:          x8B6QTHVzWahPni+0i08daL7qF7EoN+d+/45THjKk0M=
Subject key identifier:   AF:F1:9F:0E:8F:59:59:0E:E6:C9:0D:22:56:22:57:CD:F5:9C:A6:1E
Certificate issuer:       /CN=d3530c144f592cfa891babf195a817900cd6d916
Certificate serial:       0196EDBA3CC4D5F319143C773EB63FA9747B
Authority key identifier: D3:53:0C:14:4F:59:2C:FA:89:1B:AB:F1:95:A8:17:90:0C:D6:D9:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/01MMFE9ZLPqJG6vxlagXkAzW2RY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/d3cc80-c1de-498f-88ef-6ba79957e862/1/r_GfDo9ZWQ7myQ0iViJXzfWcph4.roa
Signing time:             Tue 20 May 2025 12:45:27 +0000
ROA not before:           Tue 20 May 2025 12:45:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197135
IP address blocks:        91.216.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/d3cc80-c1de-498f-88ef-6ba79957e862/1/01MMFE9ZLPqJG6vxlagXkAzW2RY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/d3cc80-c1de-498f-88ef-6ba79957e862/1/01MMFE9ZLPqJG6vxlagXkAzW2RY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/01MMFE9ZLPqJG6vxlagXkAzW2RY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:ba:3c:c4:d5:f3:19:14:3c:77:3e:b6:3f:a9:74:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3530c144f592cfa891babf195a817900cd6d916
        Validity
            Not Before: May 20 12:45:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aff19f0e8f59590ee6c90d22562257cdf59ca61e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:de:42:17:50:95:89:a0:ac:09:90:de:bc:d3:
                    30:57:25:42:34:91:49:ac:15:0a:20:82:f1:7d:5d:
                    db:de:e3:0c:f0:2e:62:72:e3:44:eb:3a:98:8d:08:
                    e1:36:53:9c:fc:9a:04:8a:4b:82:ca:2d:a9:29:4d:
                    5c:c5:e4:a6:82:3d:27:32:e4:fd:af:92:09:87:4d:
                    08:68:41:3d:29:bd:b7:f3:16:d3:43:40:41:10:3a:
                    38:a0:eb:ea:64:97:c5:f2:04:54:51:5c:7e:42:62:
                    3a:eb:7a:85:54:ed:8f:04:72:da:a3:f6:53:cd:f5:
                    3e:4a:9c:e6:6e:3f:37:18:a0:81:d2:d4:99:97:f7:
                    0c:e4:ea:84:39:61:d0:2c:c2:ad:b9:95:5e:71:a7:
                    dd:76:ec:23:60:3a:de:e7:18:d0:ba:09:8c:23:16:
                    68:41:93:65:b9:1a:2c:2e:c6:59:61:df:99:05:eb:
                    62:c7:b3:79:42:52:c0:8d:c5:ce:6d:ec:05:a3:5a:
                    07:77:7b:81:96:76:8d:06:10:c9:d1:9c:84:91:88:
                    6f:4f:71:08:8d:16:dd:f8:9d:83:2b:74:13:ab:e3:
                    ef:8f:eb:c6:94:37:77:00:5c:79:f9:42:23:8d:d8:
                    8d:f9:85:81:0f:ff:bb:8c:c1:28:21:2a:44:cc:ec:
                    1b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F1:9F:0E:8F:59:59:0E:E6:C9:0D:22:56:22:57:CD:F5:9C:A6:1E
            X509v3 Authority Key Identifier:
                keyid:D3:53:0C:14:4F:59:2C:FA:89:1B:AB:F1:95:A8:17:90:0C:D6:D9:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01MMFE9ZLPqJG6vxlagXkAzW2RY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d3cc80-c1de-498f-88ef-6ba79957e862/1/r_GfDo9ZWQ7myQ0iViJXzfWcph4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/d3cc80-c1de-498f-88ef-6ba79957e862/1/01MMFE9ZLPqJG6vxlagXkAzW2RY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:e0:ef:21:16:1d:1e:c9:71:8b:22:c0:51:ea:2b:f5:ea:b7:
         c5:a4:ed:17:8c:4e:3f:97:37:4d:fe:25:b2:ce:4f:f2:87:ce:
         04:13:f2:04:e4:29:bc:43:c1:61:bc:4b:b0:02:48:84:7a:27:
         bb:ab:27:73:40:5d:12:66:73:f1:00:c2:f5:5c:17:d5:74:7a:
         9d:71:3e:09:f1:da:2e:f3:b2:49:91:11:f1:b8:7b:cf:6c:60:
         c6:fc:29:06:1c:b9:6e:1d:64:73:b0:cf:76:fd:5b:c9:9e:80:
         48:dc:fd:4c:2e:40:f1:3d:f7:fe:69:2c:71:e7:71:8f:f5:38:
         51:1d:8d:6f:b8:65:93:8d:5d:e5:3a:24:84:b6:ce:7d:18:25:
         ad:26:a5:7c:18:0c:63:6e:6b:6b:a0:a2:bf:70:63:d3:1b:e0:
         86:e0:9c:9c:60:a1:04:68:ce:d8:a7:72:0c:7e:01:1a:75:ea:
         e4:21:46:10:7e:c5:25:91:0a:ae:57:f1:c1:80:ae:72:5c:f7:
         d4:41:8c:fb:8b:02:ae:57:8b:67:c8:13:ec:5f:ef:7c:1d:d4:
         29:f3:5c:11:ec:58:d1:48:a8:1b:f1:37:a6:f4:e7:3e:26:9d:
         2c:9a:44:91:08:0c:15:04:96:0f:c5:e4:05:31:e8:21:79:28:
         57:62:0e:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtujzE1fMZFDx3PrY/qXR7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTMwYzE0NGY1OTJjZmE4OTFiYWJmMTk1YTgxNzkwMGNk
NmQ5MTYwHhcNMjUwNTIwMTI0NTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmYxOWYwZThmNTk1OTBlZTZjOTBkMjI1NjIyNTdjZGY1OWNhNjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyt5CF1CViaCsCZDevNMwVyVCNJFJ
rBUKIILxfV3b3uMM8C5icuNE6zqYjQjhNlOc/JoEikuCyi2pKU1cxeSmgj0nMuT9
r5IJh00IaEE9Kb238xbTQ0BBEDo4oOvqZJfF8gRUUVx+QmI663qFVO2PBHLao/ZT
zfU+Spzmbj83GKCB0tSZl/cM5OqEOWHQLMKtuZVecafdduwjYDre5xjQugmMIxZo
QZNluRosLsZZYd+ZBetix7N5QlLAjcXObewFo1oHd3uBlnaNBhDJ0ZyEkYhvT3EI
jRbd+J2DK3QTq+Pvj+vGlDd3AFx5+UIjjdiN+YWBD/+7jMEoISpEzOwbSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK/xnw6PWVkO5skNIlYiV831nKYeMB8GA1UdIwQY
MBaAFNNTDBRPWSz6iRur8ZWoF5AM1tkWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFNTUZFOVpMUHFKRzZ2eGxhZ1hrQXpXMlJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9kM2NjODAtYzFkZS00OThmLTg4ZWYt
NmJhNzk5NTdlODYyLzEvcl9HZkRvOVpXUTdteVEwaVZpSlh6ZldjcGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9kM2NjODAtYzFkZS00OThmLTg4ZWYtNmJhNzk5NTdlODYy
LzEvMDFNTUZFOVpMUHFKRzZ2eGxhZ1hrQXpXMlJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9jKMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ4O8hFh0eyXGLIsBR6iv16rfFpO0XjE4/lzdN/iWy
zk/yh84EE/IE5Cm8Q8FhvEuwAkiEeie7qydzQF0SZnPxAML1XBfVdHqdcT4J8dou
87JJkRHxuHvPbGDG/CkGHLluHWRzsM92/VvJnoBI3P1MLkDxPff+aSxx53GP9ThR
HY1vuGWTjV3lOiSEts59GCWtJqV8GAxjbmtroKK/cGPTG+CG4JycYKEEaM7Yp3IM
fgEaderkIUYQfsUlkQquV/HBgK5yXPfUQYz7iwKuV4tnyBPsX+98HdQp81wR7FjR
SKgb8Tem9Oc+Jp0smkSRCAwVBJYPxeQFMegheShXYg6J
-----END CERTIFICATE-----