Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/Gf3jvBMOfhZBwSB5ikn6Zc8VBOc.roa
File:                     Gf3jvBMOfhZBwSB5ikn6Zc8VBOc.roa (raw, json)
Hash identifier:          PrqqFSWCyQw4MMIVoDAAQwK7/JGtuyLc3nwPf6LWd0o=
Subject key identifier:   19:FD:E3:BC:13:0E:7E:16:41:C1:20:79:8A:49:FA:65:CF:15:04:E7
Certificate issuer:       /CN=d9e78e866e9204d01a6f52d39fd84ff0900b21d4
Certificate serial:       01973492423E00A5EC0CFA832E0B2A61100C
Authority key identifier: D9:E7:8E:86:6E:92:04:D0:1A:6F:52:D3:9F:D8:4F:F0:90:0B:21:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2eeOhm6SBNAab1LTn9hP8JALIdQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/Gf3jvBMOfhZBwSB5ikn6Zc8VBOc.roa
Signing time:             Tue 03 Jun 2025 06:54:49 +0000
ROA not before:           Tue 03 Jun 2025 06:54:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56816
IP address blocks:        91.228.16.0/23 maxlen: 24
                          91.228.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/2eeOhm6SBNAab1LTn9hP8JALIdQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/2eeOhm6SBNAab1LTn9hP8JALIdQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2eeOhm6SBNAab1LTn9hP8JALIdQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:34:92:42:3e:00:a5:ec:0c:fa:83:2e:0b:2a:61:10:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9e78e866e9204d01a6f52d39fd84ff0900b21d4
        Validity
            Not Before: Jun  3 06:54:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19fde3bc130e7e1641c120798a49fa65cf1504e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:7d:fa:d1:23:38:5d:61:24:fa:d7:73:35:b5:
                    92:ee:0d:cc:99:01:db:05:11:9c:73:d6:de:70:f1:
                    71:39:46:f8:76:d9:be:76:a3:a9:27:9f:2b:88:c3:
                    d2:77:c4:50:23:28:7e:c5:a8:0d:e7:94:89:ad:3b:
                    f2:b0:86:97:02:b5:77:52:71:b2:b9:fd:b3:51:95:
                    55:e4:21:92:f7:2a:21:a1:30:8b:c2:bf:f7:ab:e2:
                    8a:14:88:39:14:be:c1:b9:f5:8c:63:92:d1:ee:72:
                    e5:39:4f:00:ed:f4:e4:8a:00:d2:1e:5a:5f:96:db:
                    43:d1:4b:66:40:36:48:17:61:90:1b:d3:2f:7f:95:
                    8b:19:cb:3e:74:b4:b6:5b:b9:2c:ad:22:a0:6f:5b:
                    28:12:f9:ab:e3:75:d8:d3:c6:f1:ee:80:0b:a0:c0:
                    03:38:70:9c:00:86:cf:14:19:b0:6f:42:23:c0:0e:
                    90:88:6e:f0:42:fd:ea:6a:d0:fa:49:77:f5:84:2d:
                    78:4b:5e:a7:d6:dd:37:e2:3c:11:75:2c:a5:a8:cd:
                    47:4f:fd:47:9c:c7:2d:d3:27:49:f4:2b:e1:96:48:
                    51:28:f2:ce:3f:6c:82:48:be:4b:db:df:cf:ce:4c:
                    8e:bc:2b:34:97:4d:9b:b0:78:8a:14:39:61:94:f1:
                    5e:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:FD:E3:BC:13:0E:7E:16:41:C1:20:79:8A:49:FA:65:CF:15:04:E7
            X509v3 Authority Key Identifier:
                keyid:D9:E7:8E:86:6E:92:04:D0:1A:6F:52:D3:9F:D8:4F:F0:90:0B:21:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2eeOhm6SBNAab1LTn9hP8JALIdQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/Gf3jvBMOfhZBwSB5ikn6Zc8VBOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/32915b-9ea1-4c64-8ff1-d76d6627fb2e/1/2eeOhm6SBNAab1LTn9hP8JALIdQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.16.0/23
                  91.228.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:a7:f1:ae:fb:42:65:86:36:22:10:2d:12:c7:47:54:d3:f8:
         32:b0:94:19:b4:70:3d:17:71:87:47:b9:ca:7e:e5:15:ee:f7:
         bd:3a:5b:58:af:b6:72:13:be:ed:0f:cd:92:ef:98:46:90:5a:
         4e:d0:5b:26:34:01:d7:5e:79:b5:e9:0e:ab:a4:b0:6d:10:13:
         83:46:b1:4f:8d:45:8a:6e:18:12:13:b5:85:b7:45:72:ea:ad:
         b2:14:78:4f:f1:c6:af:c9:d9:97:c4:2d:36:e4:ea:2d:7a:42:
         b6:43:05:d8:49:3f:5c:23:d3:b5:c8:c7:50:c5:71:19:ef:a0:
         75:16:cc:aa:23:92:b4:69:d9:9f:c9:13:e8:d9:6e:d4:db:f9:
         50:03:a7:25:70:fd:c7:93:b2:32:1b:55:4d:33:88:49:05:fe:
         ae:69:54:a8:00:b7:1d:ff:47:5f:e9:52:f0:e5:4c:69:72:c4:
         62:0d:e5:88:14:c0:c0:19:80:d9:68:c7:57:e9:d5:a1:0f:ad:
         e2:f9:59:5d:8a:61:56:46:a2:ba:7f:19:f9:21:50:00:20:90:
         93:3a:39:fd:af:94:b1:ae:b9:9a:d2:51:d9:fa:81:75:32:c3:
         5f:b3:5c:96:61:1f:04:e6:fe:27:fd:2d:62:5c:3e:a9:8b:88:
         02:a0:02:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZc0kkI+AKXsDPqDLgsqYRAMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZTc4ZTg2NmU5MjA0ZDAxYTZmNTJkMzlmZDg0ZmYwOTAw
YjIxZDQwHhcNMjUwNjAzMDY1NDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWZkZTNiYzEzMGU3ZTE2NDFjMTIwNzk4YTQ5ZmE2NWNmMTUwNGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3360SM4XWEk+tdzNbWS7g3MmQHb
BRGcc9becPFxOUb4dtm+dqOpJ58riMPSd8RQIyh+xagN55SJrTvysIaXArV3UnGy
uf2zUZVV5CGS9yohoTCLwr/3q+KKFIg5FL7BufWMY5LR7nLlOU8A7fTkigDSHlpf
lttD0UtmQDZIF2GQG9Mvf5WLGcs+dLS2W7ksrSKgb1soEvmr43XY08bx7oALoMAD
OHCcAIbPFBmwb0IjwA6QiG7wQv3qatD6SXf1hC14S16n1t034jwRdSylqM1HT/1H
nMct0ydJ9CvhlkhRKPLOP2yCSL5L29/PzkyOvCs0l02bsHiKFDlhlPFePwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBn947wTDn4WQcEgeYpJ+mXPFQTnMB8GA1UdIwQY
MBaAFNnnjoZukgTQGm9S05/YT/CQCyHUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmVlT2htNlNCTkFhYjFMVG45aFA4SkFMSWRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy8zMjkxNWItOWVhMS00YzY0LThmZjEt
ZDc2ZDY2MjdmYjJlLzEvR2YzanZCTU9maFpCd1NCNWlrbjZaYzhWQk9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy8zMjkxNWItOWVhMS00YzY0LThmZjEtZDc2ZDY2MjdmYjJl
LzEvMmVlT2htNlNCTkFhYjFMVG45aFA4SkFMSWRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+QQAwQB
W+QUMA0GCSqGSIb3DQEBCwUAA4IBAQA9p/Gu+0JlhjYiEC0Sx0dU0/gysJQZtHA9
F3GHR7nKfuUV7ve9OltYr7ZyE77tD82S75hGkFpO0FsmNAHXXnm16Q6rpLBtEBOD
RrFPjUWKbhgSE7WFt0Vy6q2yFHhP8cavydmXxC025OotekK2QwXYST9cI9O1yMdQ
xXEZ76B1FsyqI5K0admfyRPo2W7U2/lQA6clcP3Hk7IyG1VNM4hJBf6uaVSoALcd
/0df6VLw5UxpcsRiDeWIFMDAGYDZaMdX6dWhD63i+VldimFWRqK6fxn5IVAAIJCT
Ojn9r5Sxrrma0lHZ+oF1MsNfs1yWYR8E5v4n/S1iXD6pi4gCoAIv
-----END CERTIFICATE-----