Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/d8a024-6c06-4f98-a834-e63362098c70/1/NM7UvKaTOGBhqz3Waw4Aop_d3I8.roa
File:                     NM7UvKaTOGBhqz3Waw4Aop_d3I8.roa (raw, json)
Hash identifier:          CuECrw6IivHOvgLxpf0LZMc5frIWOtpPKmC4FcLgXSc=
Subject key identifier:   34:CE:D4:BC:A6:93:38:60:61:AB:3D:D6:6B:0E:00:A2:9F:DD:DC:8F
Certificate issuer:       /CN=e43957deba816c9600ce0a4d07fca7d306efee61
Certificate serial:       0196ED50F344A875ACDBA87E546D090BD2DC
Authority key identifier: E4:39:57:DE:BA:81:6C:96:00:CE:0A:4D:07:FC:A7:D3:06:EF:EE:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5DlX3rqBbJYAzgpNB_yn0wbv7mE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/d8a024-6c06-4f98-a834-e63362098c70/1/NM7UvKaTOGBhqz3Waw4Aop_d3I8.roa
Signing time:             Tue 20 May 2025 10:50:27 +0000
ROA not before:           Tue 20 May 2025 10:50:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57569
IP address blocks:        91.233.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/d8a024-6c06-4f98-a834-e63362098c70/1/5DlX3rqBbJYAzgpNB_yn0wbv7mE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/d8a024-6c06-4f98-a834-e63362098c70/1/5DlX3rqBbJYAzgpNB_yn0wbv7mE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5DlX3rqBbJYAzgpNB_yn0wbv7mE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:50:f3:44:a8:75:ac:db:a8:7e:54:6d:09:0b:d2:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e43957deba816c9600ce0a4d07fca7d306efee61
        Validity
            Not Before: May 20 10:50:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34ced4bca693386061ab3dd66b0e00a29fdddc8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:f0:0e:f8:c9:9b:5d:4d:a3:6d:33:e8:4c:20:
                    e9:0e:4c:a6:60:e4:c9:9a:d6:76:2a:71:59:ac:22:
                    4c:52:d1:81:9b:f9:38:5b:ed:c8:bc:8d:0a:a3:b7:
                    c7:b1:20:f1:ff:ed:b8:65:69:03:3e:4e:d2:63:16:
                    7d:9e:63:bc:51:54:83:30:5e:29:9a:19:f3:86:f2:
                    8b:11:00:15:f2:c0:46:2c:31:b1:65:84:6c:c0:fb:
                    3d:db:9e:59:15:3f:cd:42:83:df:4a:ab:bf:da:73:
                    ac:eb:0b:06:78:05:2c:8d:23:ec:90:9b:6f:b3:b7:
                    3f:51:12:3d:c0:30:aa:f4:30:f6:44:fc:8f:f9:88:
                    e5:ff:fa:c7:cc:34:6c:7a:a7:37:47:60:de:16:8e:
                    5b:0e:d2:fd:a0:08:69:a7:66:7d:9f:ed:99:d4:48:
                    47:e1:57:d9:fa:17:8f:0a:05:b8:aa:3b:19:6e:91:
                    fe:71:1c:d8:ae:80:87:59:99:6c:53:a9:74:73:71:
                    4f:f8:17:11:cf:17:06:fc:23:fa:00:8d:12:0c:8e:
                    82:97:fc:a0:00:24:fb:85:ce:6f:df:7c:85:e3:71:
                    a3:a3:4a:0c:b9:92:eb:b5:9e:f6:ff:04:2d:97:32:
                    d9:92:d7:8b:66:1f:7f:db:ed:5e:17:c6:cc:67:4a:
                    01:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:CE:D4:BC:A6:93:38:60:61:AB:3D:D6:6B:0E:00:A2:9F:DD:DC:8F
            X509v3 Authority Key Identifier:
                keyid:E4:39:57:DE:BA:81:6C:96:00:CE:0A:4D:07:FC:A7:D3:06:EF:EE:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5DlX3rqBbJYAzgpNB_yn0wbv7mE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d8a024-6c06-4f98-a834-e63362098c70/1/NM7UvKaTOGBhqz3Waw4Aop_d3I8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/d8a024-6c06-4f98-a834-e63362098c70/1/5DlX3rqBbJYAzgpNB_yn0wbv7mE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:0b:e7:09:de:65:a8:35:0b:19:4a:63:d5:a7:89:48:9a:ed:
         e8:74:3a:43:90:4d:22:44:a7:a0:96:52:7b:72:5d:89:e8:9f:
         f1:c5:53:44:03:63:73:05:17:a4:8e:cc:58:d8:5b:38:6b:72:
         35:e9:7b:75:f5:12:a9:22:5d:4c:67:1a:ce:73:15:e3:20:2b:
         2f:c0:4f:43:b1:6d:0a:1c:e6:91:3c:bb:b9:d0:67:65:a3:67:
         fc:9b:ce:75:da:86:87:d8:f9:8f:a0:eb:e9:7b:0e:20:0b:71:
         55:72:19:bf:c1:7d:4a:22:5e:31:8b:49:06:a1:f7:8c:e2:a3:
         e4:5b:21:08:e6:ae:e2:c2:5e:cc:0e:70:8f:fc:0b:fa:6c:9d:
         26:6b:9b:26:4f:4d:24:90:7b:ef:00:04:ef:ec:fa:da:f1:45:
         3c:70:d0:7e:4a:40:04:29:1e:1f:32:a9:f6:3d:d4:d1:5b:6f:
         4e:e9:b6:36:88:2c:c6:f2:75:a5:6a:34:11:6c:96:f2:a8:dd:
         54:e9:e8:5d:9e:35:d9:12:be:cb:b2:0b:6c:a1:97:19:96:d8:
         9f:6b:8e:60:e7:f5:9d:8d:e4:53:3e:a3:76:95:5b:6e:ec:15:
         65:d8:88:23:22:a4:75:e2:98:89:16:f3:67:ee:0f:4c:50:42:
         0d:42:25:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbtUPNEqHWs26h+VG0JC9LcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0Mzk1N2RlYmE4MTZjOTYwMGNlMGE0ZDA3ZmNhN2QzMDZl
ZmVlNjEwHhcNMjUwNTIwMTA1MDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGNlZDRiY2E2OTMzODYwNjFhYjNkZDY2YjBlMDBhMjlmZGRkYzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArvAO+MmbXU2jbTPoTCDpDkymYOTJ
mtZ2KnFZrCJMUtGBm/k4W+3IvI0Ko7fHsSDx/+24ZWkDPk7SYxZ9nmO8UVSDMF4p
mhnzhvKLEQAV8sBGLDGxZYRswPs9255ZFT/NQoPfSqu/2nOs6wsGeAUsjSPskJtv
s7c/URI9wDCq9DD2RPyP+Yjl//rHzDRseqc3R2DeFo5bDtL9oAhpp2Z9n+2Z1EhH
4VfZ+hePCgW4qjsZbpH+cRzYroCHWZlsU6l0c3FP+BcRzxcG/CP6AI0SDI6Cl/yg
ACT7hc5v33yF43Gjo0oMuZLrtZ72/wQtlzLZkteLZh9/2+1eF8bMZ0oBwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDTO1LymkzhgYas91msOAKKf3dyPMB8GA1UdIwQY
MBaAFOQ5V966gWyWAM4KTQf8p9MG7+5hMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNURsWDNycUJiSllBemdwTkJfeW4wd2J2N21FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9kOGEwMjQtNmMwNi00Zjk4LWE4MzQt
ZTYzMzYyMDk4YzcwLzEvTk03VXZLYVRPR0JocXozV2F3NEFvcF9kM0k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9kOGEwMjQtNmMwNi00Zjk4LWE4MzQtZTYzMzYyMDk4Yzcw
LzEvNURsWDNycUJiSllBemdwTkJfeW4wd2J2N21FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+kSMA0G
CSqGSIb3DQEBCwUAA4IBAQCpC+cJ3mWoNQsZSmPVp4lImu3odDpDkE0iRKegllJ7
cl2J6J/xxVNEA2NzBRekjsxY2Fs4a3I16Xt19RKpIl1MZxrOcxXjICsvwE9DsW0K
HOaRPLu50Gdlo2f8m8512oaH2PmPoOvpew4gC3FVchm/wX1KIl4xi0kGofeM4qPk
WyEI5q7iwl7MDnCP/Av6bJ0ma5smT00kkHvvAATv7Pra8UU8cNB+SkAEKR4fMqn2
PdTRW29O6bY2iCzG8nWlajQRbJbyqN1U6ehdnjXZEr7LsgtsoZcZltifa45g5/Wd
jeRTPqN2lVtu7BVl2IgjIqR14piJFvNn7g9MUEINQiW8
-----END CERTIFICATE-----