Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/vvhvE6BMZMFQ1G4AEbYHHR_JKn4.roa
File:                     vvhvE6BMZMFQ1G4AEbYHHR_JKn4.roa (raw, json)
Hash identifier:          kxXe/kCsq1l7fHe6/tvS8feYMvtFQTY38JduUQRo50I=
Subject key identifier:   BE:F8:6F:13:A0:4C:64:C1:50:D4:6E:00:11:B6:07:1D:1F:C9:2A:7E
Certificate issuer:       /CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
Certificate serial:       0195BDF4C54486EE6F1084DD9C48123488D4
Authority key identifier: 90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/vvhvE6BMZMFQ1G4AEbYHHR_JKn4.roa
Signing time:             Sat 22 Mar 2025 13:04:49 +0000
ROA not before:           Sat 22 Mar 2025 13:04:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213058
IP address blocks:        91.209.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bd:f4:c5:44:86:ee:6f:10:84:dd:9c:48:12:34:88:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9098153bde0e34584bac91fa1868d7ef24d68bcf
        Validity
            Not Before: Mar 22 13:04:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bef86f13a04c64c150d46e0011b6071d1fc92a7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:35:b8:d2:97:ba:82:b3:37:57:62:ad:62:04:
                    ff:27:32:b9:2e:aa:95:eb:3a:f9:39:a9:80:1e:1e:
                    76:98:0e:1b:53:a0:47:eb:bf:7d:ce:5e:b2:d9:b7:
                    d3:0f:49:18:8a:ce:fe:0a:5d:55:15:33:4c:26:6c:
                    50:9f:cc:8b:f0:f6:40:b0:73:c4:cb:2f:03:be:a6:
                    4f:c9:23:a6:80:0b:7e:58:b7:80:78:70:21:6c:f4:
                    5a:e4:5b:e5:d0:9a:23:c3:d0:4b:49:69:b4:3d:4f:
                    56:41:d8:0a:50:98:23:35:91:fa:2e:95:09:a4:e2:
                    14:08:2e:80:17:9f:a0:e1:9b:ce:1e:79:3e:36:90:
                    15:57:ff:c1:ae:59:13:11:ed:eb:f8:b0:14:bd:db:
                    53:bd:86:85:16:7f:a1:c5:8e:5f:95:1a:1d:dd:8b:
                    ac:f5:9d:33:97:f0:67:4c:84:72:63:69:5d:c8:87:
                    d7:c1:78:31:76:0e:3d:19:eb:19:5f:b7:2a:07:55:
                    cb:11:2d:49:2b:38:f5:12:8f:27:b4:61:2b:45:7c:
                    4d:4e:04:f1:02:c3:c4:ac:fb:cb:c7:38:5c:fe:74:
                    ec:de:1a:7e:e1:92:0c:06:2b:37:f9:8e:8c:5f:19:
                    b8:a3:61:32:9b:ec:c4:af:88:42:c1:ca:ce:63:7c:
                    49:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:F8:6F:13:A0:4C:64:C1:50:D4:6E:00:11:B6:07:1D:1F:C9:2A:7E
            X509v3 Authority Key Identifier:
                keyid:90:98:15:3B:DE:0E:34:58:4B:AC:91:FA:18:68:D7:EF:24:D6:8B:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kJgVO94ONFhLrJH6GGjX7yTWi88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/vvhvE6BMZMFQ1G4AEbYHHR_JKn4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/ba9003-d433-4095-84b7-2f933d9896e0/1/kJgVO94ONFhLrJH6GGjX7yTWi88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:2e:cb:dc:2d:24:d1:69:5e:74:e5:f6:10:0c:d2:44:1d:17:
         58:d4:47:cb:2f:bb:af:4e:b5:dc:83:42:42:90:23:b0:25:36:
         87:55:da:9e:76:af:4d:5a:a7:22:5b:7d:c5:dc:9e:8e:1c:86:
         79:74:81:c3:4a:a9:d7:7c:91:e2:4c:9e:c7:c5:e8:dd:57:11:
         80:fe:99:5f:88:46:a4:7f:84:1e:2e:ec:16:48:f3:b0:22:08:
         7d:9b:49:ce:53:b4:27:3d:3c:c1:67:7c:fa:d5:a7:72:33:a3:
         d7:14:3d:71:7b:a6:d5:b2:cf:5c:72:f1:49:f4:aa:59:77:09:
         e1:d4:16:95:b8:3e:c7:1b:b1:6b:d2:61:6f:5d:33:4b:60:fb:
         cd:db:10:b2:a4:0d:c8:49:ff:94:5f:48:66:52:ce:75:eb:8f:
         e3:73:98:90:68:63:94:9a:85:96:5c:52:d7:32:99:2c:f5:26:
         09:cf:11:0d:a5:90:ae:cd:39:46:cb:5e:d6:b6:0b:1e:5f:8e:
         f7:d1:01:28:d2:3f:d3:85:15:31:9a:a9:2c:73:c1:31:59:9e:
         07:bb:6c:db:80:9d:3c:2c:43:63:f3:fe:5c:4d:9b:33:a6:9e:
         de:4b:f6:5d:dc:e4:86:0e:64:ae:9c:1b:bf:4f:a3:4b:64:b6:
         3a:47:65:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW99MVEhu5vEITdnEgSNIjUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwOTgxNTNiZGUwZTM0NTg0YmFjOTFmYTE4NjhkN2VmMjRk
NjhiY2YwHhcNMjUwMzIyMTMwNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWY4NmYxM2EwNGM2NGMxNTBkNDZlMDAxMWI2MDcxZDFmYzkyYTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zW40pe6grM3V2KtYgT/JzK5LqqV
6zr5OamAHh52mA4bU6BH6799zl6y2bfTD0kYis7+Cl1VFTNMJmxQn8yL8PZAsHPE
yy8DvqZPySOmgAt+WLeAeHAhbPRa5Fvl0Jojw9BLSWm0PU9WQdgKUJgjNZH6LpUJ
pOIUCC6AF5+g4ZvOHnk+NpAVV//BrlkTEe3r+LAUvdtTvYaFFn+hxY5flRod3Yus
9Z0zl/BnTIRyY2ldyIfXwXgxdg49GesZX7cqB1XLES1JKzj1Eo8ntGErRXxNTgTx
AsPErPvLxzhc/nTs3hp+4ZIMBis3+Y6MXxm4o2Eym+zEr4hCwcrOY3xJrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL74bxOgTGTBUNRuABG2Bx0fySp+MB8GA1UdIwQY
MBaAFJCYFTveDjRYS6yR+hho1+8k1ovPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0pnVk85NE9ORmhMckpINkdHalg3eVRXaTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9iYTkwMDMtZDQzMy00MDk1LTg0Yjct
MmY5MzNkOTg5NmUwLzEvdnZodkU2Qk1aTUZRMUc0QUViWUhIUl9KS240LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9iYTkwMDMtZDQzMy00MDk1LTg0YjctMmY5MzNkOTg5NmUw
LzEva0pnVk85NE9ORmhMckpINkdHalg3eVRXaTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FGMA0G
CSqGSIb3DQEBCwUAA4IBAQALLsvcLSTRaV505fYQDNJEHRdY1EfLL7uvTrXcg0JC
kCOwJTaHVdqedq9NWqciW33F3J6OHIZ5dIHDSqnXfJHiTJ7HxejdVxGA/plfiEak
f4QeLuwWSPOwIgh9m0nOU7QnPTzBZ3z61adyM6PXFD1xe6bVss9ccvFJ9KpZdwnh
1BaVuD7HG7Fr0mFvXTNLYPvN2xCypA3ISf+UX0hmUs5164/jc5iQaGOUmoWWXFLX
Mpks9SYJzxENpZCuzTlGy17WtgseX4730QEo0j/ThRUxmqksc8ExWZ4Hu2zbgJ08
LENj8/5cTZszpp7eS/Zd3OSGDmSunBu/T6NLZLY6R2V5
-----END CERTIFICATE-----