Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/9j_0JH4J-5EAPmf2JrVr2VdAHRQ.roa
File:                     9j_0JH4J-5EAPmf2JrVr2VdAHRQ.roa (raw, json)
Hash identifier:          cUdYKnUDebxOFz1FHHICnxX67oQeRPMkJS2zAzgZtA4=
Subject key identifier:   F6:3F:F4:24:7E:09:FB:91:00:3E:67:F6:26:B5:6B:D9:57:40:1D:14
Certificate issuer:       /CN=fadbe65b28ff25667409cce635be096e3e6defca
Certificate serial:       0196C5F9E3FEB9A1FCF71D97C5DFEAB89376
Authority key identifier: FA:DB:E6:5B:28:FF:25:66:74:09:CC:E6:35:BE:09:6E:3E:6D:EF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/9j_0JH4J-5EAPmf2JrVr2VdAHRQ.roa
Signing time:             Mon 12 May 2025 19:30:10 +0000
ROA not before:           Mon 12 May 2025 19:30:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20712
IP address blocks:        91.208.66.0/24 maxlen: 24
                          2001:678:3c4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 16:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c5:f9:e3:fe:b9:a1:fc:f7:1d:97:c5:df:ea:b8:93:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fadbe65b28ff25667409cce635be096e3e6defca
        Validity
            Not Before: May 12 19:30:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f63ff4247e09fb91003e67f626b56bd957401d14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:c5:e5:a7:0d:d3:6d:49:93:96:d1:5d:cb:4d:
                    39:f8:94:a2:0f:3f:96:16:bd:5f:db:ef:30:57:ff:
                    5f:30:b3:24:86:53:c8:cb:30:7e:b2:fd:ff:56:29:
                    59:a0:4f:cb:62:31:12:1f:65:7d:a2:2c:dd:62:b5:
                    b5:65:50:01:eb:af:6a:e6:ae:83:4e:4d:4c:19:8b:
                    27:f1:f1:40:13:45:a8:bd:af:4d:32:24:35:f9:ef:
                    38:af:a8:08:2c:62:7e:00:f5:08:38:d9:95:38:20:
                    6f:6c:17:bf:f4:d3:29:3d:42:78:7a:c4:2c:13:56:
                    53:b3:7b:ec:2f:0c:47:44:2e:6e:c5:e1:52:14:fd:
                    73:11:90:be:4b:ae:44:f0:00:1d:d7:8f:c5:2b:10:
                    2d:03:a0:15:3a:7f:16:39:cc:3d:57:2e:89:b7:23:
                    b6:00:57:17:8a:0d:b4:dd:33:27:a9:92:80:d0:53:
                    8d:e9:39:f8:8b:07:ea:92:ba:dd:fa:2d:6e:49:ac:
                    0a:90:a0:d8:a7:f0:31:9c:23:41:16:95:71:e0:df:
                    8c:cb:2b:c0:18:f1:6c:5d:60:ca:b3:fe:03:b0:0a:
                    a9:75:e4:99:6f:57:2f:07:78:79:88:a7:c5:7e:ef:
                    48:78:05:88:61:87:dc:2d:c3:2c:31:61:98:36:ab:
                    f9:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:3F:F4:24:7E:09:FB:91:00:3E:67:F6:26:B5:6B:D9:57:40:1D:14
            X509v3 Authority Key Identifier:
                keyid:FA:DB:E6:5B:28:FF:25:66:74:09:CC:E6:35:BE:09:6E:3E:6D:EF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/9j_0JH4J-5EAPmf2JrVr2VdAHRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48e976-3707-4685-a5f9-961b78d9d4bc/1/1-tvmWyj_JWZ0CczmNb4Jbj5t78o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.66.0/24
                IPv6:
                  2001:678:3c4::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:38:19:a3:cc:10:30:53:e9:fe:f4:0e:23:a5:4f:7d:66:bb:
         4e:84:c3:74:a3:f5:4d:a7:cb:fb:2f:eb:2b:68:a0:01:80:cd:
         36:f9:78:e8:83:fc:59:fd:49:9f:0f:93:69:6f:7e:df:32:fa:
         55:04:91:47:75:00:44:92:28:ad:a3:0f:17:64:ea:b8:8b:75:
         a6:5e:d1:eb:70:63:69:b0:09:de:39:99:cf:17:73:dc:38:9c:
         bf:64:3c:78:a3:66:a5:28:f4:f7:e6:58:e2:8e:d0:58:1b:a5:
         2a:cb:14:dd:e5:72:ef:c4:29:5f:9f:c8:0c:4c:d3:8c:e4:64:
         16:af:db:20:d5:5b:e4:c0:a1:76:22:b7:70:f9:64:e3:18:93:
         92:c6:61:96:8b:db:18:32:31:fb:39:cf:58:01:7a:b0:e8:f1:
         be:83:97:ab:18:e0:c5:97:a3:b6:54:b3:dc:5c:2f:fe:06:ad:
         81:f5:25:48:f7:da:ea:b5:a6:f1:2e:17:18:08:89:39:88:bb:
         3a:46:0a:a3:f4:99:5c:b5:78:55:f9:25:c3:22:85:ea:67:a5:
         0b:c4:6b:1f:a4:db:9a:63:68:3f:6f:78:e4:a1:5f:19:ed:a3:
         21:fb:65:5e:65:5d:74:ce:4c:71:48:fc:db:5d:21:74:6a:5a:
         44:38:d1:6a
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZbF+eP+uaH89x2Xxd/quJN2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZGJlNjViMjhmZjI1NjY3NDA5Y2NlNjM1YmUwOTZlM2U2
ZGVmY2EwHhcNMjUwNTEyMTkzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjNmZjQyNDdlMDlmYjkxMDAzZTY3ZjYyNmI1NmJkOTU3NDAxZDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl8Xlpw3TbUmTltFdy005+JSiDz+W
Fr1f2+8wV/9fMLMkhlPIyzB+sv3/VilZoE/LYjESH2V9oizdYrW1ZVAB669q5q6D
Tk1MGYsn8fFAE0Wova9NMiQ1+e84r6gILGJ+APUIONmVOCBvbBe/9NMpPUJ4esQs
E1ZTs3vsLwxHRC5uxeFSFP1zEZC+S65E8AAd14/FKxAtA6AVOn8WOcw9Vy6JtyO2
AFcXig203TMnqZKA0FON6Tn4iwfqkrrd+i1uSawKkKDYp/AxnCNBFpVx4N+MyyvA
GPFsXWDKs/4DsAqpdeSZb1cvB3h5iKfFfu9IeAWIYYfcLcMsMWGYNqv5BwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPY/9CR+CfuRAD5n9ia1a9lXQB0UMB8GA1UdIwQY
MBaAFPrb5lso/yVmdAnM5jW+CW4+be/KMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10dm1XeWpfSldaMENjem1OYjRKYmo1dDc4by5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2MvNDhlOTc2LTM3MDctNDY4NS1hNWY5
LTk2MWI3OGQ5ZDRiYy8xLzlqXzBKSDRKLTVFQVBtZjJKclZyMlZkQUhSUS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2MvNDhlOTc2LTM3MDctNDY4NS1hNWY5LTk2MWI3OGQ5ZDRi
Yy8xLzEtdHZtV3lqX0pXWjBDY3ptTmI0SmJqNXQ3OG8uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBABb0EIw
DwQCAAIwCQMHACABBngDxDANBgkqhkiG9w0BAQsFAAOCAQEAVjgZo8wQMFPp/vQO
I6VPfWa7ToTDdKP1TafL+y/rK2igAYDNNvl46IP8Wf1Jnw+TaW9+3zL6VQSRR3UA
RJIoraMPF2TquIt1pl7R63BjabAJ3jmZzxdz3Dicv2Q8eKNmpSj09+ZY4o7QWBul
KssU3eVy78QpX5/IDEzTjORkFq/bINVb5MChdiK3cPlk4xiTksZhlovbGDIx+znP
WAF6sOjxvoOXqxjgxZejtlSz3Fwv/gatgfUlSPfa6rWm8S4XGAiJOYi7OkYKo/SZ
XLV4VfklwyKF6melC8RrH6TbmmNoP2945KFfGe2jIftlXmVddM5McUj8210hdGpa
RDjRag==
-----END CERTIFICATE-----