Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/RdMb9DZXvill1bIjga0E0ALFTSE.roa
File:                     RdMb9DZXvill1bIjga0E0ALFTSE.roa (raw, json)
Hash identifier:          glVlBHXB1p3fuc6KcN7QeAF0s4whdubmLa4lXiIAO04=
Subject key identifier:   45:D3:1B:F4:36:57:BE:29:65:D5:B2:23:81:AD:04:D0:02:C5:4D:21
Certificate issuer:       /CN=b8ed3ebcd2155f9a178a103adab48fda8b2275a5
Certificate serial:       0197B53CFCFC5BDB85807E10028A328253F4
Authority key identifier: B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/RdMb9DZXvill1bIjga0E0ALFTSE.roa
Signing time:             Sat 28 Jun 2025 06:32:42 +0000
ROA not before:           Sat 28 Jun 2025 06:32:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31277
IP address blocks:        91.215.200.0/24 maxlen: 24
                          91.215.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b5:3c:fc:fc:5b:db:85:80:7e:10:02:8a:32:82:53:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8ed3ebcd2155f9a178a103adab48fda8b2275a5
        Validity
            Not Before: Jun 28 06:32:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45d31bf43657be2965d5b22381ad04d002c54d21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0e:e4:be:44:8f:32:09:92:6d:4b:c0:5e:f1:
                    40:25:66:f7:ed:9b:9a:f9:3a:f5:08:6b:b8:6a:bc:
                    cc:4c:4b:fa:2e:18:31:b3:4e:89:ae:b8:33:a9:54:
                    a9:1b:1c:ab:74:5f:7f:27:a6:26:ba:b5:0e:ff:be:
                    b7:5b:0e:05:78:6d:8c:e0:18:07:18:e9:42:48:61:
                    34:5c:f5:a1:49:e8:bd:81:56:c6:13:f2:17:2c:99:
                    b9:9c:fe:89:cc:58:bb:17:36:7a:1f:2c:c0:87:16:
                    82:5d:fa:5a:7f:5f:1a:df:22:66:ec:ad:2f:ca:58:
                    f0:a5:77:ae:6f:26:1a:d0:f4:76:de:c5:45:ff:55:
                    a6:92:ca:55:e2:ad:3e:10:65:ea:c1:95:68:ba:a3:
                    8e:73:aa:b6:0b:46:47:a9:78:44:74:ac:2a:9b:ba:
                    7b:91:05:b6:e6:88:ce:fc:d2:b6:4e:7f:0d:6a:d7:
                    ce:64:46:3e:92:52:d3:72:af:b7:98:1a:af:d7:ff:
                    5d:e0:ab:7f:19:21:a3:a2:f6:4f:12:94:61:df:02:
                    a2:98:5c:52:79:12:b7:e5:80:1e:4f:71:ae:a3:e5:
                    49:b3:eb:19:79:00:44:d6:f5:b0:4f:59:ff:d1:4c:
                    79:37:2a:91:60:2a:3e:f2:6a:7c:e0:63:f0:6a:11:
                    c2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:D3:1B:F4:36:57:BE:29:65:D5:B2:23:81:AD:04:D0:02:C5:4D:21
            X509v3 Authority Key Identifier:
                keyid:B8:ED:3E:BC:D2:15:5F:9A:17:8A:10:3A:DA:B4:8F:DA:8B:22:75:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uO0-vNIVX5oXihA62rSP2osidaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/RdMb9DZXvill1bIjga0E0ALFTSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/421c6d-535c-4c13-8da3-dea12dd8c7f4/1/uO0-vNIVX5oXihA62rSP2osidaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.200.0/24
                  91.215.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:dc:54:71:19:cb:d2:e7:f8:94:61:fc:fa:30:6c:a7:1b:55:
         d1:3a:af:9d:96:12:b2:36:b5:7e:3e:80:4f:d9:85:ee:73:c7:
         94:d9:ad:69:91:8f:08:f2:90:6e:ab:b0:55:a9:65:6a:15:69:
         3b:63:42:90:b4:c4:b0:40:b8:aa:dd:eb:20:d9:25:26:6a:05:
         56:62:60:b0:27:cf:c9:90:9d:2f:38:f1:a5:92:74:8b:69:6e:
         45:95:ea:de:34:68:40:b0:17:15:0f:73:d7:22:82:66:4f:1e:
         d1:58:01:ea:73:6b:98:b4:6d:55:ca:30:7d:fe:35:db:53:77:
         d4:58:84:4e:5b:bc:1c:37:3e:a7:43:31:6b:23:9a:3e:bd:77:
         35:2b:d3:c7:fe:9b:21:4b:0f:87:87:8b:c4:ee:09:e8:d3:1f:
         1d:4d:e6:fc:25:6f:d6:a8:5d:88:30:1e:57:1c:46:79:ec:a3:
         09:aa:9a:c3:4e:55:1b:ed:98:7e:43:29:b6:a9:d0:d2:23:55:
         29:5d:9c:f2:9c:a7:3f:f3:2e:48:2c:e1:48:69:65:33:cf:94:
         19:4f:a5:48:ff:ac:73:d7:8e:87:fa:68:a8:4d:99:45:e9:92:
         50:42:c2:0b:c4:9b:9a:de:8f:80:12:cb:36:f4:18:06:6d:0d:
         5c:4b:93:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZe1PPz8W9uFgH4QAooyglP0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4ZWQzZWJjZDIxNTVmOWExNzhhMTAzYWRhYjQ4ZmRhOGIy
Mjc1YTUwHhcNMjUwNjI4MDYzMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWQzMWJmNDM2NTdiZTI5NjVkNWIyMjM4MWFkMDRkMDAyYzU0ZDIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsg7kvkSPMgmSbUvAXvFAJWb37Zua
+Tr1CGu4arzMTEv6Lhgxs06JrrgzqVSpGxyrdF9/J6YmurUO/763Ww4FeG2M4BgH
GOlCSGE0XPWhSei9gVbGE/IXLJm5nP6JzFi7FzZ6HyzAhxaCXfpaf18a3yJm7K0v
yljwpXeubyYa0PR23sVF/1WmkspV4q0+EGXqwZVouqOOc6q2C0ZHqXhEdKwqm7p7
kQW25ojO/NK2Tn8NatfOZEY+klLTcq+3mBqv1/9d4Kt/GSGjovZPEpRh3wKimFxS
eRK35YAeT3Guo+VJs+sZeQBE1vWwT1n/0Ux5NyqRYCo+8mp84GPwahHC+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEXTG/Q2V74pZdWyI4GtBNACxU0hMB8GA1UdIwQY
MBaAFLjtPrzSFV+aF4oQOtq0j9qLInWlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdU8wLXZOSVZYNW9YaWhBNjJyU1Ayb3NpZGFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi80MjFjNmQtNTM1Yy00YzEzLThkYTMt
ZGVhMTJkZDhjN2Y0LzEvUmRNYjlEWlh2aWxsMWJJamdhMEUwQUxGVFNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi80MjFjNmQtNTM1Yy00YzEzLThkYTMtZGVhMTJkZDhjN2Y0
LzEvdU8wLXZOSVZYNW9YaWhBNjJyU1Ayb3NpZGFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9fIAwQA
W9fLMA0GCSqGSIb3DQEBCwUAA4IBAQAm3FRxGcvS5/iUYfz6MGynG1XROq+dlhKy
NrV+PoBP2YXuc8eU2a1pkY8I8pBuq7BVqWVqFWk7Y0KQtMSwQLiq3esg2SUmagVW
YmCwJ8/JkJ0vOPGlknSLaW5FlereNGhAsBcVD3PXIoJmTx7RWAHqc2uYtG1VyjB9
/jXbU3fUWIROW7wcNz6nQzFrI5o+vXc1K9PH/pshSw+Hh4vE7gno0x8dTeb8JW/W
qF2IMB5XHEZ57KMJqprDTlUb7Zh+Qym2qdDSI1UpXZzynKc/8y5ILOFIaWUzz5QZ
T6VI/6xz146H+mioTZlF6ZJQQsILxJua3o+AEss29BgGbQ1cS5Od
-----END CERTIFICATE-----