Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/4Q0OMlDeRzDSOzAw8LxkvQaDF7E.roa
File:                     4Q0OMlDeRzDSOzAw8LxkvQaDF7E.roa (raw, json)
Hash identifier:          U7GjqbV2dOQXajvpmYRAMgZ0b0HIaEV5bZmn2apsyWk=
Subject key identifier:   E1:0D:0E:32:50:DE:47:30:D2:3B:30:30:F0:BC:64:BD:06:83:17:B1
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       0196A484371A354F29AE7A374ED617DFB1FC
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/4Q0OMlDeRzDSOzAw8LxkvQaDF7E.roa
Signing time:             Tue 06 May 2025 07:34:10 +0000
ROA not before:           Tue 06 May 2025 07:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        91.102.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a4:84:37:1a:35:4f:29:ae:7a:37:4e:d6:17:df:b1:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: May  6 07:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e10d0e3250de4730d23b3030f0bc64bd068317b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9d:65:70:e6:b3:8e:8f:c7:94:90:c4:6c:ae:
                    c7:3b:db:fa:d1:86:19:e2:76:cd:8e:27:b1:58:55:
                    ed:69:49:64:c1:c2:18:bd:03:ba:07:a8:2d:40:f2:
                    05:a2:89:b7:83:90:31:90:c4:d7:9e:4d:46:8b:4d:
                    1c:22:df:7a:10:2c:c5:ab:51:39:60:37:aa:48:8a:
                    4e:15:77:fc:7f:a2:80:e5:ec:41:9c:67:c2:0d:7f:
                    d2:82:00:1b:f5:43:e8:ee:34:79:bc:f9:b8:99:c5:
                    8c:1f:79:87:1a:8a:f8:09:2e:66:f5:6d:ac:91:b2:
                    25:b6:a1:f0:b2:96:b6:72:68:ed:9a:54:89:44:dd:
                    fa:f5:d1:49:19:8c:56:88:37:33:4d:86:f7:01:1b:
                    87:8d:8e:68:eb:68:5a:c0:de:eb:7d:4b:dd:6b:14:
                    7c:ef:bf:29:44:4d:ce:7e:2d:f0:60:c8:4f:25:0f:
                    89:f9:6c:58:69:22:4d:a2:d4:30:01:fb:ea:53:62:
                    70:d9:02:fa:51:63:76:ff:f2:59:46:87:1f:8c:63:
                    98:35:b7:07:bc:71:fd:df:1e:7b:5c:2e:3c:6b:40:
                    e8:4c:d4:66:c7:0a:56:f3:44:74:20:83:f2:62:d9:
                    de:d5:a7:af:f0:e6:b9:6e:94:25:fe:05:d8:82:15:
                    e6:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:0D:0E:32:50:DE:47:30:D2:3B:30:30:F0:BC:64:BD:06:83:17:B1
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/4Q0OMlDeRzDSOzAw8LxkvQaDF7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:fa:56:98:f9:a8:ec:b5:34:2b:05:0c:d0:b0:1c:c8:67:de:
         d3:c9:55:32:74:e5:bb:91:d8:14:d2:b4:24:61:f9:f4:f5:a2:
         b3:b8:db:bf:83:73:fc:0b:9c:1c:6a:52:7b:bd:16:47:07:69:
         4a:47:41:e5:cc:af:82:fc:ed:c2:6a:41:f6:b4:af:f7:ec:30:
         f1:dc:3e:f7:30:14:9a:f4:f6:6e:94:b2:9b:8a:37:6e:41:28:
         e1:89:de:e3:3f:21:f4:9c:26:94:1a:a4:49:3e:39:ef:95:6c:
         29:65:d1:11:18:21:6a:cf:bf:2f:d9:a8:19:c5:6d:54:36:3e:
         eb:6e:c8:8e:ed:8d:aa:16:78:0d:66:7b:5d:8e:b4:ca:51:b8:
         7d:84:11:15:86:8f:47:01:13:44:6b:01:29:0e:3b:ef:e8:ee:
         9e:f7:31:b7:32:b9:63:cb:43:52:f8:4d:47:c5:7d:13:7c:fb:
         3f:d6:fd:c3:00:12:04:a9:b0:46:65:78:6b:2b:ee:45:7f:21:
         6c:ea:60:69:25:b3:28:2a:c9:fd:e0:9f:72:0a:a0:6e:86:1a:
         bf:65:a1:0d:8c:7e:41:0f:49:d3:3c:b5:96:fe:12:30:d2:a1:
         a4:b8:ad:19:76:fd:7f:68:60:3d:ee:36:e9:1d:27:b8:79:b8:
         bc:92:47:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZakhDcaNU8prno3TtYX37H8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjUwNTA2MDczNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTBkMGUzMjUwZGU0NzMwZDIzYjMwMzBmMGJjNjRiZDA2ODMxN2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxp1lcOazjo/HlJDEbK7HO9v60YYZ
4nbNjiexWFXtaUlkwcIYvQO6B6gtQPIFoom3g5AxkMTXnk1Gi00cIt96ECzFq1E5
YDeqSIpOFXf8f6KA5exBnGfCDX/SggAb9UPo7jR5vPm4mcWMH3mHGor4CS5m9W2s
kbIltqHwspa2cmjtmlSJRN369dFJGYxWiDczTYb3ARuHjY5o62hawN7rfUvdaxR8
778pRE3Ofi3wYMhPJQ+J+WxYaSJNotQwAfvqU2Jw2QL6UWN2//JZRocfjGOYNbcH
vHH93x57XC48a0DoTNRmxwpW80R0IIPyYtne1aev8Oa5bpQl/gXYghXm3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOENDjJQ3kcw0jswMPC8ZL0GgxexMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvNFEwT01sRGVSekRTT3pBdzhMeGt2UWFERjdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2aiMA0G
CSqGSIb3DQEBCwUAA4IBAQBv+laY+ajstTQrBQzQsBzIZ97TyVUydOW7kdgU0rQk
Yfn09aKzuNu/g3P8C5wcalJ7vRZHB2lKR0HlzK+C/O3CakH2tK/37DDx3D73MBSa
9PZulLKbijduQSjhid7jPyH0nCaUGqRJPjnvlWwpZdERGCFqz78v2agZxW1UNj7r
bsiO7Y2qFngNZntdjrTKUbh9hBEVho9HARNEawEpDjvv6O6e9zG3Mrljy0NS+E1H
xX0TfPs/1v3DABIEqbBGZXhrK+5FfyFs6mBpJbMoKsn94J9yCqBuhhq/ZaENjH5B
D0nTPLWW/hIw0qGkuK0Zdv1/aGA97jbpHSe4ebi8kkdk
-----END CERTIFICATE-----