Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/1sean_EV9gz0RRAdSjhoVX8U59c.roa
File:                     1sean_EV9gz0RRAdSjhoVX8U59c.roa (raw, json)
Hash identifier:          7IzX2Oje7AVG7H1WaHSKbKj4BoZgEgCyLYyC1XwAE3w=
Subject key identifier:   D6:C7:9A:9F:F1:15:F6:0C:F4:45:10:1D:4A:38:68:55:7F:14:E7:D7
Certificate issuer:       /CN=20e23dd05849cc813255ab8d1b853fb9c45d8694
Certificate serial:       01992852A70067BDA4DC2F617AB9496A134E
Authority key identifier: 20:E2:3D:D0:58:49:CC:81:32:55:AB:8D:1B:85:3F:B9:C4:5D:86:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOI90FhJzIEyVauNG4U_ucRdhpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/1sean_EV9gz0RRAdSjhoVX8U59c.roa
Signing time:             Mon 08 Sep 2025 07:55:29 +0000
ROA not before:           Mon 08 Sep 2025 07:55:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        91.234.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/IOI90FhJzIEyVauNG4U_ucRdhpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/IOI90FhJzIEyVauNG4U_ucRdhpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOI90FhJzIEyVauNG4U_ucRdhpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 07:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:28:52:a7:00:67:bd:a4:dc:2f:61:7a:b9:49:6a:13:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e23dd05849cc813255ab8d1b853fb9c45d8694
        Validity
            Not Before: Sep  8 07:55:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6c79a9ff115f60cf445101d4a3868557f14e7d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:c7:1c:44:5c:89:c4:f4:a0:23:b0:52:18:ce:
                    92:bf:c9:5b:a5:80:9d:47:42:63:06:f7:dd:d1:3f:
                    91:6f:4b:cc:30:1a:ac:1c:1f:ff:ce:56:32:36:47:
                    ff:64:08:c3:e8:a0:e0:cd:92:32:13:9a:b2:e5:8e:
                    4d:51:24:ff:31:77:35:d7:7d:60:cc:fd:75:a9:eb:
                    58:b1:2c:3c:6c:ff:e2:ae:47:d4:b3:7e:94:89:ab:
                    42:a1:84:23:66:51:ef:9a:1f:a7:c9:88:f6:af:b8:
                    09:2d:e6:92:e2:ad:78:d7:ca:9a:83:a6:a8:6c:e5:
                    5f:f2:72:bd:ea:ae:c5:e1:5a:11:01:27:bc:cf:b8:
                    78:ab:a2:f7:b5:6a:f1:49:ec:c5:93:9c:78:51:9e:
                    34:e9:79:4e:91:8d:25:d3:ca:7f:f9:7d:0b:83:fc:
                    a4:1f:d3:a6:14:e3:cc:7d:93:4b:f4:97:fb:cd:83:
                    d2:a2:58:fb:6a:b0:67:e7:30:a2:fb:cf:3f:d2:1c:
                    8e:97:8d:d0:56:83:45:73:7b:f4:f4:fa:e3:08:63:
                    42:9f:d0:9f:a8:34:f9:71:d5:f6:0d:fb:ad:98:7e:
                    df:97:34:9e:17:19:15:3d:60:15:1a:fb:d8:c5:21:
                    14:26:8f:c5:e7:03:7a:48:fc:d2:4e:3a:3f:ae:6e:
                    ee:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:C7:9A:9F:F1:15:F6:0C:F4:45:10:1D:4A:38:68:55:7F:14:E7:D7
            X509v3 Authority Key Identifier:
                keyid:20:E2:3D:D0:58:49:CC:81:32:55:AB:8D:1B:85:3F:B9:C4:5D:86:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOI90FhJzIEyVauNG4U_ucRdhpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/1sean_EV9gz0RRAdSjhoVX8U59c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/IOI90FhJzIEyVauNG4U_ucRdhpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:d0:1d:91:0d:85:41:09:c3:5f:ad:de:e2:eb:65:19:cc:b1:
         43:d7:1d:fb:81:59:18:0f:86:3f:21:e3:46:03:4b:05:61:8e:
         50:52:2c:8c:8b:0b:12:29:ba:10:ea:93:1c:61:86:85:79:63:
         4e:f6:2c:99:58:96:0f:67:d0:73:8d:dd:01:39:76:38:f6:6c:
         f3:83:65:53:98:99:56:76:62:6a:7e:a3:f6:60:12:01:0e:d7:
         4e:89:1c:54:f5:b9:c1:c3:8f:f1:63:44:ca:66:e5:03:c2:e2:
         30:7d:76:bf:36:9c:fd:1d:17:0c:ab:3a:58:2f:fd:1e:7d:b4:
         6d:6c:f0:43:f2:6f:1f:78:26:a8:a9:f8:e1:3f:ed:7a:cf:fc:
         4b:28:b3:d9:b3:56:49:12:c7:d8:04:c3:25:cf:5b:a2:d5:b6:
         37:89:c3:05:ec:2c:d3:58:44:99:f3:6a:21:e8:0d:a2:94:b5:
         c8:0c:82:b7:53:d0:74:e3:93:29:6b:13:84:73:78:8e:3f:0c:
         bf:b5:1d:1d:c2:41:6a:e9:d8:e9:24:b0:f6:6e:b3:8a:f7:b9:
         c9:e9:ac:e4:a2:5c:92:5c:72:f5:76:c3:3f:db:62:d0:d4:4a:
         39:3f:7b:c2:f8:53:b7:93:d7:72:28:ec:96:e9:cb:41:d6:9e:
         55:2e:1e:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkoUqcAZ72k3C9herlJahNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTIzZGQwNTg0OWNjODEzMjU1YWI4ZDFiODUzZmI5YzQ1
ZDg2OTQwHhcNMjUwOTA4MDc1NTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmM3OWE5ZmYxMTVmNjBjZjQ0NTEwMWQ0YTM4Njg1NTdmMTRlN2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv8ccRFyJxPSgI7BSGM6Sv8lbpYCd
R0JjBvfd0T+Rb0vMMBqsHB//zlYyNkf/ZAjD6KDgzZIyE5qy5Y5NUST/MXc1131g
zP11qetYsSw8bP/irkfUs36UiatCoYQjZlHvmh+nyYj2r7gJLeaS4q1418qag6ao
bOVf8nK96q7F4VoRASe8z7h4q6L3tWrxSezFk5x4UZ406XlOkY0l08p/+X0Lg/yk
H9OmFOPMfZNL9Jf7zYPSolj7arBn5zCi+88/0hyOl43QVoNFc3v09PrjCGNCn9Cf
qDT5cdX2DfutmH7flzSeFxkVPWAVGvvYxSEUJo/F5wN6SPzSTjo/rm7utwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbHmp/xFfYM9EUQHUo4aFV/FOfXMB8GA1UdIwQY
MBaAFCDiPdBYScyBMlWrjRuFP7nEXYaUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9JOTBGaEp6SUV5VmF1Tkc0VV91Y1JkaHBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9jMTY3MTctODU1ZC00MzkxLWI3OWYt
Yjg4OGEzMTI0NDU0LzEvMXNlYW5fRVY5Z3owUlJBZFNqaG9WWDhVNTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9jMTY3MTctODU1ZC00MzkxLWI3OWYtYjg4OGEzMTI0NDU0
LzEvSU9JOTBGaEp6SUV5VmF1Tkc0VV91Y1JkaHBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+qTMA0G
CSqGSIb3DQEBCwUAA4IBAQBV0B2RDYVBCcNfrd7i62UZzLFD1x37gVkYD4Y/IeNG
A0sFYY5QUiyMiwsSKboQ6pMcYYaFeWNO9iyZWJYPZ9Bzjd0BOXY49mzzg2VTmJlW
dmJqfqP2YBIBDtdOiRxU9bnBw4/xY0TKZuUDwuIwfXa/Npz9HRcMqzpYL/0efbRt
bPBD8m8feCaoqfjhP+16z/xLKLPZs1ZJEsfYBMMlz1ui1bY3icMF7CzTWESZ82oh
6A2ilLXIDIK3U9B045MpaxOEc3iOPwy/tR0dwkFq6djpJLD2brOK97nJ6azkolyS
XHL1dsM/22LQ1Eo5P3vC+FO3k9dyKOyW6ctB1p5VLh4s
-----END CERTIFICATE-----