Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/02e419-dd83-400b-b114-02c5008bcc09/1/zXpgIfivUxV3ksiBOIvLcsg5wsg.roa
File:                     zXpgIfivUxV3ksiBOIvLcsg5wsg.roa (raw, json)
Hash identifier:          kEoJUet4XPH+HygffLp7TrLFhJPdEY2uJaOE3uj/HMY=
Subject key identifier:   CD:7A:60:21:F8:AF:53:15:77:92:C8:81:38:8B:CB:72:C8:39:C2:C8
Certificate issuer:       /CN=73d31367608564d8783bb242486e93d6506e7f95
Certificate serial:       0196D3635C3C543218009B6DDFA79E435CDA
Authority key identifier: 73:D3:13:67:60:85:64:D8:78:3B:B2:42:48:6E:93:D6:50:6E:7F:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c9MTZ2CFZNh4O7JCSG6T1lBuf5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/02e419-dd83-400b-b114-02c5008bcc09/1/zXpgIfivUxV3ksiBOIvLcsg5wsg.roa
Signing time:             Thu 15 May 2025 10:00:26 +0000
ROA not before:           Thu 15 May 2025 10:00:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204288
IP address blocks:        91.210.110.0/24 maxlen: 24
                          193.33.38.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/02e419-dd83-400b-b114-02c5008bcc09/1/c9MTZ2CFZNh4O7JCSG6T1lBuf5U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/02e419-dd83-400b-b114-02c5008bcc09/1/c9MTZ2CFZNh4O7JCSG6T1lBuf5U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c9MTZ2CFZNh4O7JCSG6T1lBuf5U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:63:5c:3c:54:32:18:00:9b:6d:df:a7:9e:43:5c:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73d31367608564d8783bb242486e93d6506e7f95
        Validity
            Not Before: May 15 10:00:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd7a6021f8af53157792c881388bcb72c839c2c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:0a:50:60:b3:4e:f1:d3:73:5f:48:d8:e0:49:
                    18:88:eb:f3:47:01:35:8e:e0:23:e0:96:18:d5:79:
                    69:88:c8:85:f2:bc:f9:c7:14:af:1c:5f:8a:47:49:
                    02:83:ae:b9:52:60:7c:ee:6a:54:84:98:b8:3e:47:
                    47:ca:42:f2:6f:b4:1a:be:6b:62:95:7a:94:f3:c3:
                    60:92:55:77:18:90:df:7b:da:16:df:20:37:ee:93:
                    b9:76:a6:93:b1:2b:a4:b0:4c:63:37:c4:7b:6c:da:
                    a5:bc:6a:77:ae:00:66:4d:be:15:83:ed:94:89:b6:
                    67:d3:8d:ca:20:5d:16:39:7c:aa:68:3e:65:a3:77:
                    2a:45:f0:d2:de:f7:fd:be:ae:d2:42:18:50:4d:b5:
                    20:c1:a4:55:66:5e:92:4b:ff:8d:07:54:1e:66:01:
                    61:c2:62:0a:3c:17:06:2f:0e:61:5a:72:59:bc:82:
                    38:87:78:71:86:00:66:58:25:e5:ca:db:4f:49:bd:
                    30:ed:8e:b5:58:0f:27:fe:cb:c5:a2:4f:d5:a0:3e:
                    be:e5:b3:07:1f:59:39:b8:c6:22:70:d0:12:82:44:
                    1e:d7:2e:c2:7f:5c:15:16:a9:66:ac:12:68:1d:01:
                    8c:d6:07:3b:ae:de:23:50:8d:c8:44:be:4e:40:29:
                    30:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:7A:60:21:F8:AF:53:15:77:92:C8:81:38:8B:CB:72:C8:39:C2:C8
            X509v3 Authority Key Identifier:
                keyid:73:D3:13:67:60:85:64:D8:78:3B:B2:42:48:6E:93:D6:50:6E:7F:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9MTZ2CFZNh4O7JCSG6T1lBuf5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/02e419-dd83-400b-b114-02c5008bcc09/1/zXpgIfivUxV3ksiBOIvLcsg5wsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/02e419-dd83-400b-b114-02c5008bcc09/1/c9MTZ2CFZNh4O7JCSG6T1lBuf5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.110.0/24
                  193.33.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:f0:1f:a0:2a:72:b5:29:23:15:a4:2f:6b:61:0a:f1:57:af:
         9a:3a:e8:19:5c:ac:00:c1:eb:0d:c6:3e:0e:de:0f:26:68:bb:
         ee:a8:54:13:0b:3c:54:80:06:58:e9:fe:2b:0e:1a:d1:08:e6:
         f5:41:63:6c:27:c0:a1:52:98:9e:a0:e3:3b:63:70:08:d0:ac:
         4f:f7:5e:14:5c:f3:57:b3:05:b9:c9:f5:04:10:07:ef:ac:42:
         37:86:42:35:3f:e7:f4:9a:a8:54:db:fa:eb:66:e3:89:5e:24:
         dd:f8:ed:c5:55:b7:d6:ae:9c:7b:8c:55:f7:5d:59:1f:68:0e:
         cb:0f:2d:4f:8f:c1:17:43:e0:b3:51:f2:54:9d:e8:a6:0f:97:
         99:79:6f:78:2b:9d:5b:77:d8:35:dc:26:b0:da:9f:be:4b:be:
         d4:51:f1:f7:3b:5b:f6:10:f3:32:99:f3:3e:b2:c9:a5:89:ad:
         70:34:75:0c:16:71:bb:63:42:32:af:0a:a4:8b:b6:b0:6d:75:
         8a:ae:b7:74:cf:e2:cf:40:6a:6f:c0:9f:46:3b:c6:b9:2b:35:
         8d:dc:e9:69:48:7e:6a:78:44:ea:15:86:5e:e2:e0:7b:8b:df:
         24:5b:94:ed:c4:c7:ed:ae:95:9d:bb:35:4f:04:28:ee:b3:e3:
         9a:cf:fb:cf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbTY1w8VDIYAJtt36eeQ1zaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZDMxMzY3NjA4NTY0ZDg3ODNiYjI0MjQ4NmU5M2Q2NTA2
ZTdmOTUwHhcNMjUwNTE1MTAwMDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDdhNjAyMWY4YWY1MzE1Nzc5MmM4ODEzODhiY2I3MmM4MzljMmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QpQYLNO8dNzX0jY4EkYiOvzRwE1
juAj4JYY1XlpiMiF8rz5xxSvHF+KR0kCg665UmB87mpUhJi4PkdHykLyb7Qavmti
lXqU88NgklV3GJDfe9oW3yA37pO5dqaTsSuksExjN8R7bNqlvGp3rgBmTb4Vg+2U
ibZn043KIF0WOXyqaD5lo3cqRfDS3vf9vq7SQhhQTbUgwaRVZl6SS/+NB1QeZgFh
wmIKPBcGLw5hWnJZvII4h3hxhgBmWCXlyttPSb0w7Y61WA8n/svFok/VoD6+5bMH
H1k5uMYicNASgkQe1y7Cf1wVFqlmrBJoHQGM1gc7rt4jUI3IRL5OQCkwFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFM16YCH4r1MVd5LIgTiLy3LIOcLIMB8GA1UdIwQY
MBaAFHPTE2dghWTYeDuyQkhuk9ZQbn+VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYzlNVFoyQ0ZaTmg0TzdKQ1NHNlQxbEJ1ZjVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS8wMmU0MTktZGQ4My00MDBiLWIxMTQt
MDJjNTAwOGJjYzA5LzEvelhwZ0lmaXZVeFYza3NpQk9Jdkxjc2c1d3NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS8wMmU0MTktZGQ4My00MDBiLWIxMTQtMDJjNTAwOGJjYzA5
LzEvYzlNVFoyQ0ZaTmg0TzdKQ1NHNlQxbEJ1ZjVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9JuAwQB
wSEmMA0GCSqGSIb3DQEBCwUAA4IBAQCK8B+gKnK1KSMVpC9rYQrxV6+aOugZXKwA
wesNxj4O3g8maLvuqFQTCzxUgAZY6f4rDhrRCOb1QWNsJ8ChUpieoOM7Y3AI0KxP
914UXPNXswW5yfUEEAfvrEI3hkI1P+f0mqhU2/rrZuOJXiTd+O3FVbfWrpx7jFX3
XVkfaA7LDy1Pj8EXQ+CzUfJUneimD5eZeW94K51bd9g13Caw2p++S77UUfH3O1v2
EPMymfM+ssmlia1wNHUMFnG7Y0Iyrwqki7awbXWKrrd0z+LPQGpvwJ9GO8a5KzWN
3OlpSH5qeETqFYZe4uB7i98kW5TtxMftrpWduzVPBCjus+Oaz/vP
-----END CERTIFICATE-----