Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/6f8157-8d76-4d3e-8938-7e53d1c558d9/1/2KNjtYfkkvpIBPVL-Dk7JZfM4jU.roa
File:                     2KNjtYfkkvpIBPVL-Dk7JZfM4jU.roa (raw, json)
Hash identifier:          YZgrPPEN8zGqhO8cwF6VGe00Dd89Opm5ALHWcKmIHgM=
Subject key identifier:   D8:A3:63:B5:87:E4:92:FA:48:04:F5:4B:F8:39:3B:25:97:CC:E2:35
Certificate issuer:       /CN=15c18a2908cebd9085e01266bb02fb8af2247735
Certificate serial:       0196EDA7AB1B635B6F963FD80FA20051496D
Authority key identifier: 15:C1:8A:29:08:CE:BD:90:85:E0:12:66:BB:02:FB:8A:F2:24:77:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FcGKKQjOvZCF4BJmuwL7ivIkdzU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/6f8157-8d76-4d3e-8938-7e53d1c558d9/1/2KNjtYfkkvpIBPVL-Dk7JZfM4jU.roa
Signing time:             Tue 20 May 2025 12:25:10 +0000
ROA not before:           Tue 20 May 2025 12:25:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43769
IP address blocks:        91.200.36.0/22 maxlen: 22
                          91.200.36.0/24 maxlen: 24
                          91.200.37.0/24 maxlen: 24
                          195.178.26.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/6f8157-8d76-4d3e-8938-7e53d1c558d9/1/FcGKKQjOvZCF4BJmuwL7ivIkdzU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/6f8157-8d76-4d3e-8938-7e53d1c558d9/1/FcGKKQjOvZCF4BJmuwL7ivIkdzU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FcGKKQjOvZCF4BJmuwL7ivIkdzU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 21:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:a7:ab:1b:63:5b:6f:96:3f:d8:0f:a2:00:51:49:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15c18a2908cebd9085e01266bb02fb8af2247735
        Validity
            Not Before: May 20 12:25:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8a363b587e492fa4804f54bf8393b2597cce235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:94:59:d8:2c:84:93:2d:10:87:7b:cc:29:25:
                    25:f4:e6:88:d8:10:db:9f:9f:56:5a:e8:2d:c3:4d:
                    17:4c:9e:a6:58:31:f1:32:1a:5f:11:92:12:43:58:
                    55:3e:af:94:d7:87:f9:80:2c:9e:30:6e:d4:24:68:
                    b8:66:05:22:79:b0:54:c2:4b:7f:4b:19:c5:fb:5b:
                    ff:3e:dd:10:11:f0:d0:11:b6:20:7d:ba:e3:65:aa:
                    38:b3:b2:46:78:c8:18:dc:6f:08:0f:e8:8f:09:94:
                    90:c0:c0:e9:11:6e:56:59:8b:f8:9f:90:f6:73:52:
                    28:ef:7e:e5:2e:cf:77:e2:67:24:08:c9:13:0f:de:
                    f9:20:0f:59:52:b3:45:c0:62:31:e9:e7:6b:29:c2:
                    34:f4:e8:7d:94:05:57:9c:c2:9f:65:25:37:6f:d7:
                    28:95:ef:eb:80:0b:19:69:74:05:0c:15:f4:70:02:
                    63:f5:f8:c9:9b:d9:8f:fd:3c:40:45:21:c9:34:52:
                    b8:08:d6:ae:b5:9e:95:77:ce:ba:da:48:0d:4f:45:
                    fa:17:d4:8a:c3:2a:12:84:4b:a2:7d:3e:4f:7e:f9:
                    66:77:d9:c9:da:a8:85:52:16:36:f8:68:d1:fd:d8:
                    c6:c1:58:20:47:e0:b0:b4:b6:e9:d3:3c:d7:7c:66:
                    0e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:A3:63:B5:87:E4:92:FA:48:04:F5:4B:F8:39:3B:25:97:CC:E2:35
            X509v3 Authority Key Identifier:
                keyid:15:C1:8A:29:08:CE:BD:90:85:E0:12:66:BB:02:FB:8A:F2:24:77:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FcGKKQjOvZCF4BJmuwL7ivIkdzU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/6f8157-8d76-4d3e-8938-7e53d1c558d9/1/2KNjtYfkkvpIBPVL-Dk7JZfM4jU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/6f8157-8d76-4d3e-8938-7e53d1c558d9/1/FcGKKQjOvZCF4BJmuwL7ivIkdzU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.36.0/22
                  195.178.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:cd:d6:fe:40:65:8c:ed:a2:9c:86:32:d3:9c:9e:07:c8:9f:
         60:37:54:a6:41:a5:66:67:1e:f1:53:0e:03:0b:31:de:f5:cf:
         31:e9:d1:a0:d8:f6:aa:1b:8d:75:d0:f0:aa:70:06:e4:c1:d8:
         ee:55:7c:95:30:e3:14:fd:5b:3d:da:fb:0d:32:ff:68:1d:af:
         af:e0:16:12:26:1a:9a:d1:4a:c9:7c:c4:44:3b:cf:b6:01:e7:
         28:76:f6:1f:e5:17:a9:ff:77:35:bc:1f:67:2f:9d:a8:29:40:
         97:31:b4:02:f5:09:c8:e5:49:e6:e1:bb:52:59:93:01:e2:61:
         b1:7a:5e:65:cb:6d:bd:cf:ae:40:14:a3:51:d3:c9:00:fa:c4:
         24:c8:0c:a9:75:65:b2:51:a1:54:76:23:3d:15:c7:07:2c:6a:
         d4:3f:4e:aa:51:ae:95:61:b8:6b:ee:33:5f:7a:ae:76:60:3f:
         7c:5f:a5:e6:b5:9d:40:05:9a:10:2d:63:b1:c1:ab:b2:f5:af:
         85:8f:30:a6:2c:5c:a7:b3:42:d5:4b:e2:b2:75:41:63:ed:c1:
         67:16:7d:12:9e:ad:1c:41:97:5a:85:99:ec:a7:2f:fa:a8:e8:
         80:b7:7f:94:cb:4c:63:c8:a6:63:00:e9:39:cc:ec:6e:07:3a:
         da:32:0e:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbtp6sbY1tvlj/YD6IAUUltMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1YzE4YTI5MDhjZWJkOTA4NWUwMTI2NmJiMDJmYjhhZjIy
NDc3MzUwHhcNMjUwNTIwMTIyNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGEzNjNiNTg3ZTQ5MmZhNDgwNGY1NGJmODM5M2IyNTk3Y2NlMjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ZRZ2CyEky0Qh3vMKSUl9OaI2BDb
n59WWugtw00XTJ6mWDHxMhpfEZISQ1hVPq+U14f5gCyeMG7UJGi4ZgUiebBUwkt/
SxnF+1v/Pt0QEfDQEbYgfbrjZao4s7JGeMgY3G8ID+iPCZSQwMDpEW5WWYv4n5D2
c1Io737lLs934mckCMkTD975IA9ZUrNFwGIx6edrKcI09Oh9lAVXnMKfZSU3b9co
le/rgAsZaXQFDBX0cAJj9fjJm9mP/TxARSHJNFK4CNautZ6Vd8662kgNT0X6F9SK
wyoShEuifT5Pfvlmd9nJ2qiFUhY2+GjR/djGwVggR+CwtLbp0zzXfGYOkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNijY7WH5JL6SAT1S/g5OyWXzOI1MB8GA1UdIwQY
MBaAFBXBiikIzr2QheASZrsC+4ryJHc1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmNHS0tRak92WkNGNEJKbXV3TDdpdklrZHpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC82ZjgxNTctOGQ3Ni00ZDNlLTg5Mzgt
N2U1M2QxYzU1OGQ5LzEvMktOanRZZmtrdnBJQlBWTC1EazdKWmZNNGpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC82ZjgxNTctOGQ3Ni00ZDNlLTg5MzgtN2U1M2QxYzU1OGQ5
LzEvRmNHS0tRak92WkNGNEJKbXV3TDdpdklrZHpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW8gkAwQB
w7IaMA0GCSqGSIb3DQEBCwUAA4IBAQCbzdb+QGWM7aKchjLTnJ4HyJ9gN1SmQaVm
Zx7xUw4DCzHe9c8x6dGg2PaqG4110PCqcAbkwdjuVXyVMOMU/Vs92vsNMv9oHa+v
4BYSJhqa0UrJfMREO8+2AecodvYf5Rep/3c1vB9nL52oKUCXMbQC9QnI5Unm4btS
WZMB4mGxel5ly229z65AFKNR08kA+sQkyAypdWWyUaFUdiM9FccHLGrUP06qUa6V
Ybhr7jNfeq52YD98X6XmtZ1ABZoQLWOxwauy9a+FjzCmLFyns0LVS+KydUFj7cFn
Fn0Snq0cQZdahZnspy/6qOiAt3+Uy0xjyKZjAOk5zOxuBzraMg5n
-----END CERTIFICATE-----