Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/5a58cc-f9fe-49e6-bb8a-a5f11bc35f31/1/Hma6GYWs5Tdom6T2R14STXiUtLo.roa
File:                     Hma6GYWs5Tdom6T2R14STXiUtLo.roa (raw, json)
Hash identifier:          nzMAO+8FCPXY1wL1mWVZEzCo6GePIs/i8E7UJEjZ+GM=
Subject key identifier:   1E:66:BA:19:85:AC:E5:37:68:9B:A4:F6:47:5E:12:4D:78:94:B4:BA
Certificate issuer:       /CN=918f566c8ff9512a5748cc1489f0935c25d8c4ab
Certificate serial:       01973715630A2F21ED827769CF9B16E84F4D
Authority key identifier: 91:8F:56:6C:8F:F9:51:2A:57:48:CC:14:89:F0:93:5C:25:D8:C4:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kY9WbI_5USpXSMwUifCTXCXYxKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/5a58cc-f9fe-49e6-bb8a-a5f11bc35f31/1/Hma6GYWs5Tdom6T2R14STXiUtLo.roa
Signing time:             Tue 03 Jun 2025 18:37:17 +0000
ROA not before:           Tue 03 Jun 2025 18:37:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59497
IP address blocks:        91.239.104.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/5a58cc-f9fe-49e6-bb8a-a5f11bc35f31/1/kY9WbI_5USpXSMwUifCTXCXYxKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/5a58cc-f9fe-49e6-bb8a-a5f11bc35f31/1/kY9WbI_5USpXSMwUifCTXCXYxKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kY9WbI_5USpXSMwUifCTXCXYxKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:15:63:0a:2f:21:ed:82:77:69:cf:9b:16:e8:4f:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=918f566c8ff9512a5748cc1489f0935c25d8c4ab
        Validity
            Not Before: Jun  3 18:37:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1e66ba1985ace537689ba4f6475e124d7894b4ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:46:f3:c2:b0:7a:93:29:e3:53:d8:2e:94:7e:
                    ae:57:41:af:af:06:83:74:c6:c5:87:34:38:b2:cc:
                    ca:bd:ee:98:4b:3f:4f:e2:31:39:c3:30:d0:77:e4:
                    d4:e5:66:64:69:93:d9:6e:44:4c:51:24:c2:37:67:
                    0c:d2:1a:ea:c1:5b:34:cc:7d:f0:d5:16:c9:9c:11:
                    15:b4:10:77:f1:45:cd:8c:6c:aa:02:26:91:51:77:
                    97:46:71:7c:f2:ea:c7:d5:bb:5b:98:30:d8:0d:da:
                    e3:59:f6:24:3e:82:35:f7:27:f5:d2:37:17:68:03:
                    d8:c1:1b:12:8b:f8:6d:f2:49:98:c7:03:5f:b4:07:
                    31:87:9f:e4:92:b5:a8:d9:e8:92:9c:59:85:05:e5:
                    de:c3:64:cb:e6:2c:53:50:92:10:9c:51:ef:14:7a:
                    35:bc:fb:30:c9:76:94:0b:d1:f1:8e:d5:0d:9b:a7:
                    51:28:86:a1:73:46:c6:32:00:72:f1:34:0b:63:1c:
                    c9:f1:9c:36:ce:f7:49:6f:84:bb:90:1d:ae:c8:48:
                    cd:9d:19:2d:5f:bf:a1:5c:ae:48:32:bf:db:a5:eb:
                    f4:0d:1f:3e:2e:8a:74:37:b6:41:98:a7:fd:bd:21:
                    70:14:2e:9b:4b:d2:3a:40:fc:bc:04:a4:45:6a:f3:
                    c8:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:66:BA:19:85:AC:E5:37:68:9B:A4:F6:47:5E:12:4D:78:94:B4:BA
            X509v3 Authority Key Identifier:
                keyid:91:8F:56:6C:8F:F9:51:2A:57:48:CC:14:89:F0:93:5C:25:D8:C4:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kY9WbI_5USpXSMwUifCTXCXYxKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/5a58cc-f9fe-49e6-bb8a-a5f11bc35f31/1/Hma6GYWs5Tdom6T2R14STXiUtLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/5a58cc-f9fe-49e6-bb8a-a5f11bc35f31/1/kY9WbI_5USpXSMwUifCTXCXYxKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:2b:5f:55:d2:ee:c1:b8:d7:14:17:1d:10:8c:0e:af:44:2f:
         3f:c8:33:6f:e2:09:e0:8b:a0:17:52:a7:71:61:87:e0:38:94:
         03:d2:59:1b:5b:01:63:e1:3b:3f:0f:f6:50:32:64:e2:aa:ff:
         f9:06:ef:7e:6f:77:2e:08:cb:65:4f:06:33:b5:68:c0:26:43:
         98:31:64:e9:63:75:e5:19:82:67:5d:7e:20:8a:17:09:66:f2:
         9c:92:0b:9b:89:05:3f:94:09:a6:1f:15:87:06:d1:ea:e1:f1:
         38:81:54:a9:02:3c:4b:80:73:4b:c1:fa:d7:88:79:63:a6:d0:
         b1:03:9e:02:3f:15:1e:c6:c8:bc:e2:65:fc:1c:ce:df:b2:14:
         0d:73:5c:37:55:34:f7:fd:c6:91:99:f3:85:54:61:0d:27:9b:
         9f:c3:bf:e5:cd:d5:c0:e5:72:9f:c1:5a:88:8c:56:3e:cf:e5:
         c3:99:50:7a:c7:da:d3:9f:78:73:cc:51:eb:23:63:da:1b:84:
         75:83:ed:b5:07:0a:17:a5:c8:28:60:46:8a:f8:b6:87:20:8e:
         5a:4d:c2:dd:5f:bf:33:9e:5a:a3:57:b5:fc:59:27:c2:15:14:
         ed:19:55:81:8c:a8:da:6c:c4:3b:7f:38:99:3e:34:3a:03:1c:
         89:b9:20:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc3FWMKLyHtgndpz5sW6E9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxOGY1NjZjOGZmOTUxMmE1NzQ4Y2MxNDg5ZjA5MzVjMjVk
OGM0YWIwHhcNMjUwNjAzMTgzNzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTY2YmExOTg1YWNlNTM3Njg5YmE0ZjY0NzVlMTI0ZDc4OTRiNGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUbzwrB6kynjU9gulH6uV0GvrwaD
dMbFhzQ4sszKve6YSz9P4jE5wzDQd+TU5WZkaZPZbkRMUSTCN2cM0hrqwVs0zH3w
1RbJnBEVtBB38UXNjGyqAiaRUXeXRnF88urH1btbmDDYDdrjWfYkPoI19yf10jcX
aAPYwRsSi/ht8kmYxwNftAcxh5/kkrWo2eiSnFmFBeXew2TL5ixTUJIQnFHvFHo1
vPswyXaUC9HxjtUNm6dRKIahc0bGMgBy8TQLYxzJ8Zw2zvdJb4S7kB2uyEjNnRkt
X7+hXK5IMr/bpev0DR8+Lop0N7ZBmKf9vSFwFC6bS9I6QPy8BKRFavPIdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB5muhmFrOU3aJuk9kdeEk14lLS6MB8GA1UdIwQY
MBaAFJGPVmyP+VEqV0jMFInwk1wl2MSrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1k5V2JJXzVVU3BYU013VWlmQ1RYQ1hZeEtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi81YTU4Y2MtZjlmZS00OWU2LWJiOGEt
YTVmMTFiYzM1ZjMxLzEvSG1hNkdZV3M1VGRvbTZUMlIxNFNUWGlVdExvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi81YTU4Y2MtZjlmZS00OWU2LWJiOGEtYTVmMTFiYzM1ZjMx
LzEva1k5V2JJXzVVU3BYU013VWlmQ1RYQ1hZeEtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+9oMA0G
CSqGSIb3DQEBCwUAA4IBAQAZK19V0u7BuNcUFx0QjA6vRC8/yDNv4gngi6AXUqdx
YYfgOJQD0lkbWwFj4Ts/D/ZQMmTiqv/5Bu9+b3cuCMtlTwYztWjAJkOYMWTpY3Xl
GYJnXX4gihcJZvKckgubiQU/lAmmHxWHBtHq4fE4gVSpAjxLgHNLwfrXiHljptCx
A54CPxUexsi84mX8HM7fshQNc1w3VTT3/caRmfOFVGENJ5ufw7/lzdXA5XKfwVqI
jFY+z+XDmVB6x9rTn3hzzFHrI2PaG4R1g+21BwoXpcgoYEaK+LaHII5aTcLdX78z
nlqjV7X8WSfCFRTtGVWBjKjabMQ7fziZPjQ6AxyJuSAL
-----END CERTIFICATE-----