Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/4d700e-9f1e-4959-9cfd-b2b572e25afd/1/aw0urpJM4p93PhWqM7da0_3Fozc.roa
File:                     aw0urpJM4p93PhWqM7da0_3Fozc.roa (raw, json)
Hash identifier:          y+1M15neToXwBCTOLJI0dSNYHmOEXNHkxHoQ5Af6Zqc=
Subject key identifier:   6B:0D:2E:AE:92:4C:E2:9F:77:3E:15:AA:33:B7:5A:D3:FD:C5:A3:37
Certificate issuer:       /CN=fa1d54e1585ac097c3f91defc033dda5722ea1e6
Certificate serial:       0196EDA43C94430E2AB81BF0751DD212A21E
Authority key identifier: FA:1D:54:E1:58:5A:C0:97:C3:F9:1D:EF:C0:33:DD:A5:72:2E:A1:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-h1U4VhawJfD-R3vwDPdpXIuoeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/4d700e-9f1e-4959-9cfd-b2b572e25afd/1/aw0urpJM4p93PhWqM7da0_3Fozc.roa
Signing time:             Tue 20 May 2025 12:21:25 +0000
ROA not before:           Tue 20 May 2025 12:21:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47329
IP address blocks:        91.206.114.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/4d700e-9f1e-4959-9cfd-b2b572e25afd/1/1-h1U4VhawJfD-R3vwDPdpXIuoeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/4d700e-9f1e-4959-9cfd-b2b572e25afd/1/1-h1U4VhawJfD-R3vwDPdpXIuoeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-h1U4VhawJfD-R3vwDPdpXIuoeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:a4:3c:94:43:0e:2a:b8:1b:f0:75:1d:d2:12:a2:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa1d54e1585ac097c3f91defc033dda5722ea1e6
        Validity
            Not Before: May 20 12:21:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6b0d2eae924ce29f773e15aa33b75ad3fdc5a337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:38:43:ee:9d:09:36:12:b8:b8:c6:b7:9a:e2:
                    ff:eb:1d:8e:90:39:df:3d:a1:03:f4:70:07:0a:63:
                    8c:36:78:42:56:7e:2a:88:12:75:8f:9b:24:bc:99:
                    dc:b9:5f:a4:20:d9:4c:f4:9b:18:2f:ed:37:45:ec:
                    c3:f2:39:97:d2:28:55:18:bc:b9:78:d2:9c:ec:16:
                    0e:a6:1a:61:a3:f5:0a:41:45:5f:90:64:31:1a:64:
                    d5:db:ab:66:3c:ae:70:ef:c3:d7:9d:0b:59:6d:04:
                    e7:c5:81:8d:e6:60:d6:f4:9f:86:c4:25:12:f9:f0:
                    6c:78:c2:1f:d8:29:29:f9:9b:90:65:e0:f7:c6:e3:
                    63:66:f1:de:07:a1:31:90:26:b6:d8:7d:43:34:ea:
                    93:54:18:39:08:30:7b:89:5e:3b:6d:2e:5a:25:67:
                    5c:e8:1d:00:01:8a:84:69:d3:d6:90:a4:fa:99:c9:
                    40:cf:38:0d:1b:35:78:5d:32:e8:62:47:c8:25:15:
                    84:31:d3:d5:bb:9a:df:81:02:f6:3d:49:d2:87:94:
                    21:b7:9f:32:f9:2e:64:94:cd:6c:0e:0c:0a:1b:e2:
                    bb:81:34:0b:14:60:b0:09:63:4c:ea:e1:c3:a7:d7:
                    fc:3e:98:5a:54:61:7b:d8:78:2c:23:e4:c5:02:5e:
                    9e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:0D:2E:AE:92:4C:E2:9F:77:3E:15:AA:33:B7:5A:D3:FD:C5:A3:37
            X509v3 Authority Key Identifier:
                keyid:FA:1D:54:E1:58:5A:C0:97:C3:F9:1D:EF:C0:33:DD:A5:72:2E:A1:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-h1U4VhawJfD-R3vwDPdpXIuoeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/4d700e-9f1e-4959-9cfd-b2b572e25afd/1/aw0urpJM4p93PhWqM7da0_3Fozc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/4d700e-9f1e-4959-9cfd-b2b572e25afd/1/1-h1U4VhawJfD-R3vwDPdpXIuoeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.114.0/23

    Signature Algorithm: sha256WithRSAEncryption
         22:b7:0b:cb:d9:78:28:4e:91:71:89:19:dc:14:86:bf:b0:03:
         a8:45:d9:66:87:4b:45:77:fa:6c:ac:c5:39:db:2d:2e:20:e5:
         98:35:50:71:ff:15:fe:8c:8b:0f:93:b0:1f:fd:29:b2:e2:b0:
         23:42:a6:9c:52:e7:56:4c:91:e1:87:af:e8:e2:b8:5a:c7:d7:
         4f:d9:fe:ae:d4:17:d6:23:a4:fc:24:6c:52:c4:3d:e1:f9:1b:
         67:ff:f1:68:14:0a:96:71:ea:e3:b4:25:5d:cf:96:6c:af:12:
         c4:f0:94:9c:18:78:8e:9b:69:b0:1f:68:b7:16:a3:65:3e:ff:
         41:f0:bb:11:b9:f2:60:ec:81:7c:37:42:8c:d9:10:ed:a8:fb:
         1a:b2:fd:df:44:99:bb:48:cb:71:fd:4b:b9:8e:3f:b9:dd:7e:
         03:ab:26:7b:f8:d0:2d:c2:37:c5:5b:b0:6a:a2:00:85:ef:b8:
         5b:ea:07:a3:f6:8f:26:dd:8d:5b:54:9e:78:2c:40:cd:25:c5:
         06:8d:4b:ee:a5:40:d4:47:16:69:54:43:21:05:6a:8e:47:4e:
         1e:f8:04:84:34:df:78:51:dc:85:0c:2c:ca:4d:7b:a9:da:94:
         d7:80:fc:9c:a8:e0:2b:b7:a7:8a:24:f6:75:ca:7f:5c:86:ef:
         61:da:ef:3d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZbtpDyUQw4quBvwdR3SEqIeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhMWQ1NGUxNTg1YWMwOTdjM2Y5MWRlZmMwMzNkZGE1NzIy
ZWExZTYwHhcNMjUwNTIwMTIyMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjBkMmVhZTkyNGNlMjlmNzczZTE1YWEzM2I3NWFkM2ZkYzVhMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzhD7p0JNhK4uMa3muL/6x2OkDnf
PaED9HAHCmOMNnhCVn4qiBJ1j5skvJncuV+kINlM9JsYL+03RezD8jmX0ihVGLy5
eNKc7BYOphpho/UKQUVfkGQxGmTV26tmPK5w78PXnQtZbQTnxYGN5mDW9J+GxCUS
+fBseMIf2Ckp+ZuQZeD3xuNjZvHeB6ExkCa22H1DNOqTVBg5CDB7iV47bS5aJWdc
6B0AAYqEadPWkKT6mclAzzgNGzV4XTLoYkfIJRWEMdPVu5rfgQL2PUnSh5Qht58y
+S5klM1sDgwKG+K7gTQLFGCwCWNM6uHDp9f8PphaVGF72HgsI+TFAl6eeQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGsNLq6STOKfdz4VqjO3WtP9xaM3MB8GA1UdIwQY
MBaAFPodVOFYWsCXw/kd78Az3aVyLqHmMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1oMVU0Vmhhd0pmRC1SM3Z3RFBkcFhJdW9lWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTgvNGQ3MDBlLTlmMWUtNDk1OS05Y2Zk
LWIyYjU3MmUyNWFmZC8xL2F3MHVycEpNNHA5M1BoV3FNN2RhMF8zRm96Yy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTgvNGQ3MDBlLTlmMWUtNDk1OS05Y2ZkLWIyYjU3MmUyNWFm
ZC8xLzEtaDFVNFZoYXdKZkQtUjN2d0RQZHBYSXVvZVkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAFbznIw
DQYJKoZIhvcNAQELBQADggEBACK3C8vZeChOkXGJGdwUhr+wA6hF2WaHS0V3+mys
xTnbLS4g5Zg1UHH/Ff6Miw+TsB/9KbLisCNCppxS51ZMkeGHr+jiuFrH10/Z/q7U
F9YjpPwkbFLEPeH5G2f/8WgUCpZx6uO0JV3PlmyvEsTwlJwYeI6babAfaLcWo2U+
/0HwuxG58mDsgXw3QozZEO2o+xqy/d9EmbtIy3H9S7mOP7ndfgOrJnv40C3CN8Vb
sGqiAIXvuFvqB6P2jybdjVtUnngsQM0lxQaNS+6lQNRHFmlUQyEFao5HTh74BIQ0
33hR3IUMLMpNe6nalNeA/Jyo4Cu3p4ok9nXKf1yG72Ha7z0=
-----END CERTIFICATE-----