Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/W9TFdD94lkINNpe0yudKptP_VLs.roa
File:                     W9TFdD94lkINNpe0yudKptP_VLs.roa (raw, json)
Hash identifier:          cP06PmfxXfnVdgeDD5yGsXjPUheUvD8ffIUpVLl0OGI=
Subject key identifier:   5B:D4:C5:74:3F:78:96:42:0D:36:97:B4:CA:E7:4A:A6:D3:FF:54:BB
Certificate issuer:       /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial:       01971B2230BBD5804372F4E2796C5EDE2BB4
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/W9TFdD94lkINNpe0yudKptP_VLs.roa
Signing time:             Thu 29 May 2025 08:21:54 +0000
ROA not before:           Thu 29 May 2025 08:21:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209938
IP address blocks:        91.210.132.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1b:22:30:bb:d5:80:43:72:f4:e2:79:6c:5e:de:2b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
        Validity
            Not Before: May 29 08:21:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bd4c5743f7896420d3697b4cae74aa6d3ff54bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:87:02:58:bc:a0:fb:86:af:74:70:d8:ba:5a:
                    b6:fa:41:e0:e9:3a:ee:fa:5b:0d:86:42:44:e3:03:
                    0d:a8:b9:93:70:0a:69:b5:91:b4:7b:05:09:59:37:
                    df:30:89:41:59:cf:38:ee:6d:73:0a:8e:ae:8d:17:
                    4c:e5:81:79:eb:87:74:1e:75:68:77:a3:cb:25:bb:
                    63:31:40:f3:c7:b8:16:c9:e8:65:6d:a5:bf:cc:b8:
                    25:95:fe:9e:f8:47:ca:e0:f6:23:0f:1c:49:74:24:
                    a0:48:e8:63:56:fb:13:fb:0a:35:89:65:c0:c5:c2:
                    82:ff:ca:6c:ac:69:d6:45:d9:d6:3d:d8:1f:29:21:
                    41:ea:46:ce:66:99:17:e2:bb:ed:79:61:76:01:ba:
                    6c:5b:e7:3c:89:ea:7b:59:66:cb:a5:4d:8b:47:4c:
                    f4:be:e5:db:31:ab:af:cf:75:12:ad:98:8d:96:f7:
                    8d:6f:c9:bd:20:e2:73:02:28:3f:9a:b9:67:c6:0e:
                    9a:6c:c4:2c:0a:f5:b7:19:51:58:41:f1:5a:57:c3:
                    37:6e:a0:88:45:1b:e3:f4:a1:53:3a:6d:05:1c:d2:
                    fb:06:b3:28:58:3b:02:51:61:4b:f9:74:ef:55:e2:
                    85:71:fe:59:32:31:a1:f7:1a:b9:93:a5:2f:9d:68:
                    08:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:D4:C5:74:3F:78:96:42:0D:36:97:B4:CA:E7:4A:A6:D3:FF:54:BB
            X509v3 Authority Key Identifier:
                keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/W9TFdD94lkINNpe0yudKptP_VLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         90:d2:61:27:68:0e:04:dd:35:db:02:e5:90:71:49:f9:3a:e1:
         e5:f2:17:32:27:90:4c:87:89:b1:13:24:81:ba:bb:01:ff:23:
         a4:44:bb:1d:19:15:e3:47:d1:65:74:ac:79:97:ec:41:04:99:
         36:99:1e:a5:5d:f5:2b:32:a4:fb:33:71:7a:b5:fd:ca:43:77:
         ae:5f:94:ed:55:df:70:77:ca:26:10:e9:45:c9:d1:05:a4:70:
         a1:b0:b0:93:0d:c1:57:b4:37:e0:4b:77:c1:96:a6:d9:1e:ad:
         5b:45:0f:ec:7c:27:20:eb:2f:b5:cc:4a:d7:a6:92:71:89:f2:
         bb:b4:3c:6e:fa:7b:ea:5f:31:82:5b:08:5c:30:ec:d1:70:bd:
         5b:0e:73:84:dc:ab:84:31:3a:14:55:62:d7:e2:7a:a2:fa:1b:
         47:74:f7:b1:d7:78:02:bb:f0:e1:c0:80:78:f6:77:32:af:e6:
         36:e0:e5:f0:81:2d:a3:02:60:07:59:a2:71:41:5d:29:1a:75:
         10:e4:fc:b4:3f:04:52:fc:98:54:54:74:df:c9:96:ed:de:78:
         ef:db:49:42:83:6d:aa:cc:ce:06:4f:33:76:72:dd:52:40:36:
         7a:cc:8e:b5:97:72:a3:cf:94:5e:43:1e:f3:d3:c8:a0:75:4c:
         8e:01:4e:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcbIjC71YBDcvTieWxe3iu0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjUwNTI5MDgyMTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmQ0YzU3NDNmNzg5NjQyMGQzNjk3YjRjYWU3NGFhNmQzZmY1NGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYcCWLyg+4avdHDYulq2+kHg6Tru
+lsNhkJE4wMNqLmTcApptZG0ewUJWTffMIlBWc847m1zCo6ujRdM5YF564d0HnVo
d6PLJbtjMUDzx7gWyehlbaW/zLgllf6e+EfK4PYjDxxJdCSgSOhjVvsT+wo1iWXA
xcKC/8psrGnWRdnWPdgfKSFB6kbOZpkX4rvteWF2AbpsW+c8iep7WWbLpU2LR0z0
vuXbMauvz3USrZiNlveNb8m9IOJzAig/mrlnxg6abMQsCvW3GVFYQfFaV8M3bqCI
RRvj9KFTOm0FHNL7BrMoWDsCUWFL+XTvVeKFcf5ZMjGh9xq5k6UvnWgI9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFvUxXQ/eJZCDTaXtMrnSqbT/1S7MB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvVzlURmREOTRsa0lOTnBlMHl1ZEtwdFBfVkxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9KEMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ0mEnaA4E3TXbAuWQcUn5OuHl8hcyJ5BMh4mxEySB
ursB/yOkRLsdGRXjR9FldKx5l+xBBJk2mR6lXfUrMqT7M3F6tf3KQ3euX5TtVd9w
d8omEOlFydEFpHChsLCTDcFXtDfgS3fBlqbZHq1bRQ/sfCcg6y+1zErXppJxifK7
tDxu+nvqXzGCWwhcMOzRcL1bDnOE3KuEMToUVWLX4nqi+htHdPex13gCu/DhwIB4
9ncyr+Y24OXwgS2jAmAHWaJxQV0pGnUQ5Py0PwRS/JhUVHTfyZbt3njv20lCg22q
zM4GTzN2ct1SQDZ6zI61l3Kjz5ReQx7z08igdUyOAU7m
-----END CERTIFICATE-----