Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/69H9nuaYzzRi_7MRSIl6AwfMEZ8.roa
File:                     69H9nuaYzzRi_7MRSIl6AwfMEZ8.roa (raw, json)
Hash identifier:          AKZV5AcjjaPBsRFuJ1owk+1YCbQLVZHHRJVdcXrDf9Q=
Subject key identifier:   EB:D1:FD:9E:E6:98:CF:34:62:FF:B3:11:48:89:7A:03:07:CC:11:9F
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       019564F48046598CA24CE6F9AD9856592872
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/69H9nuaYzzRi_7MRSIl6AwfMEZ8.roa
Signing time:             Wed 05 Mar 2025 06:18:20 +0000
ROA not before:           Wed 05 Mar 2025 06:18:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     137897
IP address blocks:        91.102.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:64:f4:80:46:59:8c:a2:4c:e6:f9:ad:98:56:59:28:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Mar  5 06:18:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebd1fd9ee698cf3462ffb31148897a0307cc119f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:e2:51:a6:71:1c:ea:17:4d:f3:a8:e6:30:34:
                    46:a0:7a:8a:70:a8:17:0a:42:57:db:b7:32:14:19:
                    22:be:42:39:a0:9f:1c:4e:e0:10:6b:0e:bb:6f:c0:
                    f2:f2:e6:24:65:fe:85:32:9e:18:38:aa:f1:3e:1b:
                    ba:60:ed:ed:59:7e:1e:1c:12:fd:a4:19:a2:ff:15:
                    ac:16:26:84:a9:24:1f:b8:f3:11:40:b5:0e:e6:db:
                    f7:85:76:0f:39:d5:87:3a:ce:6f:d5:aa:8a:91:f1:
                    27:2b:4e:6b:85:b5:37:15:84:a6:79:1e:9f:ce:23:
                    42:7d:53:f6:79:0b:76:bc:39:91:2f:1b:5b:d0:00:
                    9a:67:a2:6b:25:fd:42:26:60:d0:9d:fa:ed:9b:89:
                    9f:79:5b:7b:e6:da:cc:80:a8:7a:7b:5f:b9:01:db:
                    de:9c:f8:05:a2:37:4f:7c:6a:12:00:cb:f7:4e:df:
                    df:ff:93:52:39:f8:11:cb:ec:f4:cd:09:ba:e9:22:
                    a0:ba:c5:5c:a6:36:6a:1d:82:b4:ee:26:cb:77:ef:
                    fc:00:d2:ee:5f:08:aa:68:90:25:96:44:d6:2b:26:
                    d6:1a:bf:0c:7f:2f:41:4c:a2:13:8e:ab:51:d6:2d:
                    e8:d3:e1:b4:78:9d:ed:d1:da:88:57:3d:55:d7:63:
                    d3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:D1:FD:9E:E6:98:CF:34:62:FF:B3:11:48:89:7A:03:07:CC:11:9F
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/69H9nuaYzzRi_7MRSIl6AwfMEZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:cb:bb:f4:54:bc:a7:60:d1:f3:bc:98:10:94:7c:17:48:8f:
         bb:0c:6e:98:aa:10:6c:ad:d5:a4:4a:23:5a:4c:69:c8:42:45:
         c8:d3:df:76:9b:96:41:90:8c:6a:0b:94:69:a2:1c:1c:01:57:
         a2:d8:91:80:9a:77:9e:6b:18:b7:70:85:18:38:12:44:5e:f4:
         ff:28:98:ce:9c:f8:fd:5f:ac:3f:5f:e2:fa:2c:ec:7b:4b:13:
         33:30:4f:d1:2c:a7:2a:0f:79:23:bd:a3:77:46:05:a1:17:00:
         6d:01:97:76:de:79:cc:fc:4b:40:e1:f2:5b:3d:c1:11:46:49:
         a5:6a:44:d2:98:b1:7e:f7:df:06:11:20:cf:b2:3c:5c:b5:cd:
         2d:92:4f:c2:52:29:ed:b1:60:b2:4e:99:e3:8e:cf:b0:ff:95:
         6c:3a:ac:6d:55:e7:1e:6c:1b:72:d5:8f:8d:36:90:f3:8a:ea:
         07:f2:47:ae:91:cf:a2:08:46:0b:24:64:58:b0:ed:50:ef:59:
         aa:6d:22:9e:38:c3:72:75:e7:93:67:99:a8:20:c9:e3:c7:d6:
         d7:54:77:2e:07:2a:b1:8f:8a:9e:4a:d2:e2:d8:82:60:d7:f0:
         32:6d:5c:19:61:29:17:1b:24:e7:10:cb:b2:8a:2b:e2:ca:03:
         2c:cc:ed:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVk9IBGWYyiTOb5rZhWWShyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjUwMzA1MDYxODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmQxZmQ5ZWU2OThjZjM0NjJmZmIzMTE0ODg5N2EwMzA3Y2MxMTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2uJRpnEc6hdN86jmMDRGoHqKcKgX
CkJX27cyFBkivkI5oJ8cTuAQaw67b8Dy8uYkZf6FMp4YOKrxPhu6YO3tWX4eHBL9
pBmi/xWsFiaEqSQfuPMRQLUO5tv3hXYPOdWHOs5v1aqKkfEnK05rhbU3FYSmeR6f
ziNCfVP2eQt2vDmRLxtb0ACaZ6JrJf1CJmDQnfrtm4mfeVt75trMgKh6e1+5Adve
nPgFojdPfGoSAMv3Tt/f/5NSOfgRy+z0zQm66SKgusVcpjZqHYK07ibLd+/8ANLu
XwiqaJAllkTWKybWGr8Mfy9BTKITjqtR1i3o0+G0eJ3t0dqIVz1V12PTZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvR/Z7mmM80Yv+zEUiJegMHzBGfMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvNjlIOW51YVl6elJpXzdNUlNJbDZBd2ZNRVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2aiMA0G
CSqGSIb3DQEBCwUAA4IBAQB8y7v0VLynYNHzvJgQlHwXSI+7DG6YqhBsrdWkSiNa
TGnIQkXI0992m5ZBkIxqC5RpohwcAVei2JGAmneeaxi3cIUYOBJEXvT/KJjOnPj9
X6w/X+L6LOx7SxMzME/RLKcqD3kjvaN3RgWhFwBtAZd23nnM/EtA4fJbPcERRkml
akTSmLF+998GESDPsjxctc0tkk/CUintsWCyTpnjjs+w/5VsOqxtVecebBty1Y+N
NpDziuoH8keukc+iCEYLJGRYsO1Q71mqbSKeOMNydeeTZ5moIMnjx9bXVHcuByqx
j4qeStLi2IJg1/AybVwZYSkXGyTnEMuyiiviygMszO3o
-----END CERTIFICATE-----