Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/k0HzLQZ3MkcTFmEAim7zDGvlvJ0.roa
File:                     k0HzLQZ3MkcTFmEAim7zDGvlvJ0.roa (raw, json)
Hash identifier:          MIgwLKWyMzfqXe5kvbowxxxZvthjppNFiSW7cLd35KI=
Subject key identifier:   93:41:F3:2D:06:77:32:47:13:16:61:00:8A:6E:F3:0C:6B:E5:BC:9D
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       0197B2809C7E808776BCB0ECBF356B0BA8E8
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/k0HzLQZ3MkcTFmEAim7zDGvlvJ0.roa
Signing time:             Fri 27 Jun 2025 17:47:42 +0000
ROA not before:           Fri 27 Jun 2025 17:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60707
IP address blocks:        91.228.12.0/24 maxlen: 24
                          91.228.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b2:80:9c:7e:80:87:76:bc:b0:ec:bf:35:6b:0b:a8:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Jun 27 17:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9341f32d06773247131661008a6ef30c6be5bc9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:6b:b7:46:f5:f6:66:3c:72:f4:a6:49:ee:df:
                    0d:43:ab:78:77:a3:ca:49:ba:1b:3d:34:fa:4b:ce:
                    8c:d8:00:c0:e1:41:a2:24:65:a1:0b:87:6e:9f:f5:
                    2b:22:e8:a6:79:b6:62:75:44:42:99:06:f0:27:2e:
                    23:46:19:2b:7e:32:a6:ed:b6:69:10:19:73:b7:91:
                    36:b5:77:ae:f1:2f:c7:df:ba:d0:ae:c2:c3:b2:e0:
                    e1:68:63:c1:9f:4f:b1:d0:1e:5e:40:04:97:0d:6b:
                    3b:d6:38:39:70:f4:a1:64:29:51:61:7c:03:e2:7d:
                    5a:76:9c:17:c4:1b:e6:bb:43:ce:77:49:a1:46:22:
                    c4:3a:c0:6a:e7:e6:70:62:0b:3f:2a:23:cd:93:2c:
                    3a:37:d9:6f:98:2e:27:81:42:f7:38:06:ce:eb:57:
                    97:fd:e0:f3:96:6a:3e:d0:23:9d:7b:28:e3:cc:5d:
                    3b:03:81:55:8d:28:55:86:7e:72:48:38:e8:7c:18:
                    29:35:f3:3f:50:b6:58:10:2a:93:2c:90:77:38:ed:
                    03:e4:4e:e1:8b:3e:40:7b:21:d0:cf:d0:3f:09:e7:
                    aa:c0:59:4a:c7:6c:7e:48:9d:32:b0:aa:2e:3d:b0:
                    6f:8f:f6:e9:c1:ed:30:23:75:a2:6a:44:83:d5:df:
                    cf:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:41:F3:2D:06:77:32:47:13:16:61:00:8A:6E:F3:0C:6B:E5:BC:9D
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/k0HzLQZ3MkcTFmEAim7zDGvlvJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.12.0/24
                  91.228.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:91:34:35:ba:20:79:63:96:00:7f:d7:90:13:ac:57:8b:e2:
         f8:1e:f2:f9:76:9f:f4:a4:a9:4d:da:04:b0:81:dc:62:cd:e7:
         78:1a:28:4e:4a:d5:2f:6e:17:d4:89:a4:88:e7:19:7b:a8:8f:
         93:5c:63:29:b0:c4:c6:70:55:43:c4:22:31:b7:c9:a8:4a:80:
         28:f4:ef:e9:0a:06:30:30:12:86:33:fd:d2:f4:71:2a:ef:e2:
         9d:02:8e:ce:87:e5:92:31:f8:c3:85:ec:9b:84:62:0d:a1:fe:
         ab:f1:d3:39:fb:25:10:b9:7f:0c:80:a7:d2:49:3b:79:fd:74:
         f9:1f:13:17:a9:d0:59:61:19:8e:4b:68:96:2b:1b:96:ee:a2:
         1d:03:ca:9c:e9:f0:77:84:70:64:09:d7:80:e9:93:c6:1c:e7:
         72:66:09:bc:32:73:e6:0c:af:f4:3c:70:66:ae:55:a2:6b:be:
         42:36:f2:c9:16:e0:76:e0:04:32:9e:01:0a:99:e0:2a:a6:44:
         9c:1b:0b:89:fb:f7:3d:71:b4:4b:8a:da:70:54:a0:f9:f6:b3:
         ec:d4:61:97:cc:20:ac:b3:e1:f7:85:59:26:1a:b8:0c:0c:db:
         80:ae:b4:c6:65:11:96:4e:6e:ab:87:1f:f7:07:9d:b3:8f:9a:
         25:09:f5:36
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZeygJx+gId2vLDsvzVrC6joMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjUwNjI3MTc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzQxZjMyZDA2NzczMjQ3MTMxNjYxMDA4YTZlZjMwYzZiZTViYzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGu3RvX2Zjxy9KZJ7t8NQ6t4d6PK
SbobPTT6S86M2ADA4UGiJGWhC4dun/UrIuimebZidURCmQbwJy4jRhkrfjKm7bZp
EBlzt5E2tXeu8S/H37rQrsLDsuDhaGPBn0+x0B5eQASXDWs71jg5cPShZClRYXwD
4n1adpwXxBvmu0POd0mhRiLEOsBq5+ZwYgs/KiPNkyw6N9lvmC4ngUL3OAbO61eX
/eDzlmo+0COdeyjjzF07A4FVjShVhn5ySDjofBgpNfM/ULZYECqTLJB3OO0D5E7h
iz5AeyHQz9A/CeeqwFlKx2x+SJ0ysKouPbBvj/bpwe0wI3WiakSD1d/PEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJNB8y0GdzJHExZhAIpu8wxr5bydMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvazBIekxRWjNNa2NURm1FQWltN3pER3ZsdkowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+QMAwQA
W+QOMA0GCSqGSIb3DQEBCwUAA4IBAQBskTQ1uiB5Y5YAf9eQE6xXi+L4HvL5dp/0
pKlN2gSwgdxized4GihOStUvbhfUiaSI5xl7qI+TXGMpsMTGcFVDxCIxt8moSoAo
9O/pCgYwMBKGM/3S9HEq7+KdAo7Oh+WSMfjDheybhGINof6r8dM5+yUQuX8MgKfS
STt5/XT5HxMXqdBZYRmOS2iWKxuW7qIdA8qc6fB3hHBkCdeA6ZPGHOdyZgm8MnPm
DK/0PHBmrlWia75CNvLJFuB24AQyngEKmeAqpkScGwuJ+/c9cbRLitpwVKD59rPs
1GGXzCCss+H3hVkmGrgMDNuArrTGZRGWTm6rhx/3B52zj5olCfU2
-----END CERTIFICATE-----