Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/f692df-ff67-4655-8d88-fec04c495502/1/T73zcHs6Ep_CKwJnLjzUI2Lqk64.roa
File:                     T73zcHs6Ep_CKwJnLjzUI2Lqk64.roa (raw, json)
Hash identifier:          Q3Y+VkwX2oMhKJhHjrJ53ij+knYpPf4svYxgdosIZGQ=
Subject key identifier:   4F:BD:F3:70:7B:3A:12:9F:C2:2B:02:67:2E:3C:D4:23:62:EA:93:AE
Certificate issuer:       /CN=a4522397ec0d1499201af0fa9ea2a04b7d5cfa6a
Certificate serial:       019744573E87FAB22C7F0A0F8986698525B9
Authority key identifier: A4:52:23:97:EC:0D:14:99:20:1A:F0:FA:9E:A2:A0:4B:7D:5C:FA:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pFIjl-wNFJkgGvD6nqKgS31c-mo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/f692df-ff67-4655-8d88-fec04c495502/1/T73zcHs6Ep_CKwJnLjzUI2Lqk64.roa
Signing time:             Fri 06 Jun 2025 08:24:17 +0000
ROA not before:           Fri 06 Jun 2025 08:24:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213996
IP address blocks:        91.202.132.0/22 maxlen: 22
                          178.214.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/f692df-ff67-4655-8d88-fec04c495502/1/pFIjl-wNFJkgGvD6nqKgS31c-mo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/f692df-ff67-4655-8d88-fec04c495502/1/pFIjl-wNFJkgGvD6nqKgS31c-mo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pFIjl-wNFJkgGvD6nqKgS31c-mo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:57:3e:87:fa:b2:2c:7f:0a:0f:89:86:69:85:25:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4522397ec0d1499201af0fa9ea2a04b7d5cfa6a
        Validity
            Not Before: Jun  6 08:24:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4fbdf3707b3a129fc22b02672e3cd42362ea93ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e7:88:22:1c:16:ca:40:d5:8d:e7:97:90:f8:
                    e2:29:b5:70:3d:83:88:66:e4:62:a0:11:46:8b:1e:
                    91:1f:8b:5e:91:a4:06:74:49:80:90:ae:19:14:9b:
                    9a:08:b9:3b:56:b6:da:23:21:13:12:01:da:a1:03:
                    4c:04:54:b0:85:00:82:04:6c:b8:ce:32:bf:8b:07:
                    16:78:00:13:78:bb:dd:31:ac:b3:29:85:1c:eb:d6:
                    f0:18:e7:11:3f:f7:eb:a5:aa:f9:05:9f:d9:cd:ec:
                    43:49:3b:6a:1c:fb:7e:3c:b3:7d:04:30:29:63:3e:
                    d1:0b:56:58:7b:19:f1:5f:54:1e:48:f5:03:8e:08:
                    de:9d:6e:00:64:35:b8:4a:60:ac:d4:ee:f9:d4:aa:
                    5e:db:aa:bf:02:40:30:51:a0:28:11:3d:ed:aa:ce:
                    94:52:17:60:ef:a6:c5:d9:2b:1c:ee:3e:4e:19:aa:
                    56:8f:5e:da:c2:3c:d6:3c:57:71:16:73:49:95:57:
                    71:31:27:16:3e:75:34:28:3e:71:7c:3a:9c:fa:43:
                    93:32:d3:13:01:e9:e9:4f:a6:b8:e9:d9:b3:67:07:
                    69:86:fe:35:36:84:1d:06:2d:52:ab:a6:c6:d2:d7:
                    14:ac:c3:f9:63:62:b9:59:82:c1:2a:d4:8f:90:b5:
                    89:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:BD:F3:70:7B:3A:12:9F:C2:2B:02:67:2E:3C:D4:23:62:EA:93:AE
            X509v3 Authority Key Identifier:
                keyid:A4:52:23:97:EC:0D:14:99:20:1A:F0:FA:9E:A2:A0:4B:7D:5C:FA:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pFIjl-wNFJkgGvD6nqKgS31c-mo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f692df-ff67-4655-8d88-fec04c495502/1/T73zcHs6Ep_CKwJnLjzUI2Lqk64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/f692df-ff67-4655-8d88-fec04c495502/1/pFIjl-wNFJkgGvD6nqKgS31c-mo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.202.132.0/22
                  178.214.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:a2:1f:70:3f:b6:83:14:1f:0a:c2:c1:1e:5c:06:dd:46:30:
         48:36:bf:f7:54:b8:2a:6f:bb:3b:30:dd:a7:8f:f3:80:66:bb:
         6a:6e:ff:54:a4:ec:72:4d:ed:c7:e6:66:fc:39:d5:03:f1:e6:
         f8:7e:19:14:3e:d0:b1:d4:36:40:92:6f:de:8b:20:b8:e1:d4:
         f5:7e:a1:89:34:37:53:d3:6a:7b:91:94:70:85:f5:e8:49:2c:
         f0:42:61:4f:11:97:61:a2:3b:61:aa:e5:40:1c:92:9e:85:ca:
         2b:56:f9:35:d0:b2:dd:93:bd:76:f3:4b:03:88:65:48:3c:ae:
         55:62:dc:40:0c:a2:5c:d1:50:47:42:fb:81:a0:39:82:3a:43:
         8e:a0:1a:aa:35:49:0b:7a:f9:52:ce:80:2b:22:67:36:6c:5d:
         09:29:56:a6:58:0c:03:2a:36:ec:79:55:15:60:08:63:3d:b3:
         62:2d:2f:ea:25:c9:ae:10:86:0c:a6:92:b1:43:3d:f5:e5:98:
         8c:72:93:4d:ca:70:25:76:a6:9b:a7:0d:01:14:6c:c1:47:bb:
         9b:0b:b7:a7:0c:df:7f:d2:c1:e8:c3:95:dd:b9:17:7e:c4:22:
         1d:9e:1d:52:cc:83:29:0b:0f:fc:2a:0b:bd:86:ae:b0:7f:4d:
         77:d9:81:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdEVz6H+rIsfwoPiYZphSW5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0NTIyMzk3ZWMwZDE0OTkyMDFhZjBmYTllYTJhMDRiN2Q1
Y2ZhNmEwHhcNMjUwNjA2MDgyNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmJkZjM3MDdiM2ExMjlmYzIyYjAyNjcyZTNjZDQyMzYyZWE5M2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeeIIhwWykDVjeeXkPjiKbVwPYOI
ZuRioBFGix6RH4tekaQGdEmAkK4ZFJuaCLk7VrbaIyETEgHaoQNMBFSwhQCCBGy4
zjK/iwcWeAATeLvdMayzKYUc69bwGOcRP/frpar5BZ/ZzexDSTtqHPt+PLN9BDAp
Yz7RC1ZYexnxX1QeSPUDjgjenW4AZDW4SmCs1O751Kpe26q/AkAwUaAoET3tqs6U
Uhdg76bF2Ssc7j5OGapWj17awjzWPFdxFnNJlVdxMScWPnU0KD5xfDqc+kOTMtMT
AenpT6a46dmzZwdphv41NoQdBi1Sq6bG0tcUrMP5Y2K5WYLBKtSPkLWJGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFE+983B7OhKfwisCZy481CNi6pOuMB8GA1UdIwQY
MBaAFKRSI5fsDRSZIBrw+p6ioEt9XPpqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEZJamwtd05GSmtnR3ZENm5xS2dTMzFjLW1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS9mNjkyZGYtZmY2Ny00NjU1LThkODgt
ZmVjMDRjNDk1NTAyLzEvVDczemNIczZFcF9DS3dKbkxqelVJMkxxazY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS9mNjkyZGYtZmY2Ny00NjU1LThkODgtZmVjMDRjNDk1NTAy
LzEvcEZJamwtd05GSmtnR3ZENm5xS2dTMzFjLW1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8qEAwQC
stbMMA0GCSqGSIb3DQEBCwUAA4IBAQAJoh9wP7aDFB8KwsEeXAbdRjBINr/3VLgq
b7s7MN2nj/OAZrtqbv9UpOxyTe3H5mb8OdUD8eb4fhkUPtCx1DZAkm/eiyC44dT1
fqGJNDdT02p7kZRwhfXoSSzwQmFPEZdhojthquVAHJKehcorVvk10LLdk71280sD
iGVIPK5VYtxADKJc0VBHQvuBoDmCOkOOoBqqNUkLevlSzoArImc2bF0JKVamWAwD
KjbseVUVYAhjPbNiLS/qJcmuEIYMppKxQz315ZiMcpNNynAldqabpw0BFGzBR7ub
C7enDN9/0sHow5XduRd+xCIdnh1SzIMpCw/8Kgu9hq6wf0132YEU
-----END CERTIFICATE-----