Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/02f85b-c4c5-4dfc-938f-71b938ae4ccd/1/Z6Ua_m1uC5vkIPTZcIRy60EkawI.roa
File:                     Z6Ua_m1uC5vkIPTZcIRy60EkawI.roa (raw, json)
Hash identifier:          MctTd7jsNaKXKyaY6wZK28mWbw3asQJpuRF6a3Ofl8I=
Subject key identifier:   67:A5:1A:FE:6D:6E:0B:9B:E4:20:F4:D9:70:84:72:EB:41:24:6B:02
Certificate issuer:       /CN=eaac288cf778eddd621e33645bf55d7e7a8a6e80
Certificate serial:       019638C1C954B7A6DA9B99093933142749A2
Authority key identifier: EA:AC:28:8C:F7:78:ED:DD:62:1E:33:64:5B:F5:5D:7E:7A:8A:6E:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qwojPd47d1iHjNkW_VdfnqKboA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/02f85b-c4c5-4dfc-938f-71b938ae4ccd/1/Z6Ua_m1uC5vkIPTZcIRy60EkawI.roa
Signing time:             Tue 15 Apr 2025 09:22:26 +0000
ROA not before:           Tue 15 Apr 2025 09:22:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57966
IP address blocks:        91.237.80.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/02f85b-c4c5-4dfc-938f-71b938ae4ccd/1/6qwojPd47d1iHjNkW_VdfnqKboA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/02f85b-c4c5-4dfc-938f-71b938ae4ccd/1/6qwojPd47d1iHjNkW_VdfnqKboA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qwojPd47d1iHjNkW_VdfnqKboA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 06:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:38:c1:c9:54:b7:a6:da:9b:99:09:39:33:14:27:49:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaac288cf778eddd621e33645bf55d7e7a8a6e80
        Validity
            Not Before: Apr 15 09:22:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67a51afe6d6e0b9be420f4d9708472eb41246b02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d4:2a:42:16:b1:f3:ab:40:07:46:fe:07:96:
                    b0:e4:95:7c:83:3b:81:01:ac:16:af:4a:fa:21:eb:
                    67:28:6f:f7:42:36:05:c4:c4:ae:eb:e3:a2:88:48:
                    93:17:27:f9:03:b6:b5:4c:02:c8:8a:48:37:e3:77:
                    15:7f:fc:e6:d7:ff:6c:c4:af:53:5e:03:ee:12:07:
                    7d:83:2f:9b:39:15:42:29:06:b5:db:c3:25:f6:21:
                    09:43:9e:a3:f3:9c:e8:f4:4b:29:00:1f:46:da:8f:
                    41:e2:b2:88:d9:5e:6b:58:3f:89:3b:3f:05:b0:ee:
                    91:3c:9a:a7:f4:44:fc:50:28:e2:e5:0f:52:9d:c3:
                    f5:21:69:09:46:34:5f:e2:86:8a:ab:27:25:5e:b8:
                    9d:68:a4:da:06:b4:aa:6e:da:3d:20:b4:80:27:ff:
                    83:3c:db:19:65:6b:d7:9a:18:f6:98:8f:a1:92:55:
                    91:08:cd:ed:89:13:3d:26:14:07:11:87:bb:3d:a2:
                    a6:c3:10:fb:83:75:14:7e:48:40:14:8f:06:c8:63:
                    a6:de:71:17:a4:7b:5a:63:72:ac:e7:1e:f5:20:4d:
                    f7:58:f4:bd:9f:9b:e9:0b:2d:b4:c4:27:46:27:ae:
                    bd:9b:f0:08:ea:08:fc:98:d5:08:53:89:56:31:69:
                    85:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:A5:1A:FE:6D:6E:0B:9B:E4:20:F4:D9:70:84:72:EB:41:24:6B:02
            X509v3 Authority Key Identifier:
                keyid:EA:AC:28:8C:F7:78:ED:DD:62:1E:33:64:5B:F5:5D:7E:7A:8A:6E:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qwojPd47d1iHjNkW_VdfnqKboA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/02f85b-c4c5-4dfc-938f-71b938ae4ccd/1/Z6Ua_m1uC5vkIPTZcIRy60EkawI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/02f85b-c4c5-4dfc-938f-71b938ae4ccd/1/6qwojPd47d1iHjNkW_VdfnqKboA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:60:a0:21:b1:2a:16:28:8f:de:e5:87:e5:89:53:45:44:70:
         e1:35:a7:67:c8:da:f2:78:f1:37:1e:19:3a:a6:b6:7d:21:10:
         6b:1a:09:cb:d1:09:cc:a8:72:39:3e:85:37:ce:0e:b9:4f:03:
         a3:43:92:6f:e9:7c:94:72:15:4f:9a:0b:88:cb:62:de:05:bc:
         5b:af:37:a0:8b:53:55:94:7a:06:38:08:8c:38:09:0c:ff:f6:
         46:92:b2:02:97:91:3d:8a:7a:3f:cb:1e:51:cc:40:cc:18:98:
         38:1e:61:f8:22:62:6f:26:12:6a:06:fe:f7:19:29:66:03:0e:
         94:15:92:db:00:c8:7f:b1:ac:f5:24:f5:44:26:13:e9:9b:1e:
         25:53:36:69:71:ad:35:42:53:1c:d0:75:4a:e7:68:5a:ad:b4:
         1a:b5:99:09:5c:bb:18:32:c2:29:7f:be:d4:29:6a:d7:71:7d:
         4d:ba:79:88:b7:d4:2b:db:be:a6:a1:30:a2:32:20:14:b2:c8:
         d2:1c:bb:ec:db:3f:da:06:e0:71:24:8b:72:84:57:e4:08:b6:
         84:ba:c4:06:44:f8:41:72:e3:66:16:58:25:6d:e3:f0:5d:55:
         dc:f2:18:70:38:db:2e:c5:cf:82:93:12:73:12:03:7a:16:89:
         cc:39:9d:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY4wclUt6bam5kJOTMUJ0miMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWMyODhjZjc3OGVkZGQ2MjFlMzM2NDViZjU1ZDdlN2E4
YTZlODAwHhcNMjUwNDE1MDkyMjI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2E1MWFmZTZkNmUwYjliZTQyMGY0ZDk3MDg0NzJlYjQxMjQ2YjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdQqQhax86tAB0b+B5aw5JV8gzuB
AawWr0r6IetnKG/3QjYFxMSu6+OiiEiTFyf5A7a1TALIikg343cVf/zm1/9sxK9T
XgPuEgd9gy+bORVCKQa128Ml9iEJQ56j85zo9EspAB9G2o9B4rKI2V5rWD+JOz8F
sO6RPJqn9ET8UCji5Q9SncP1IWkJRjRf4oaKqyclXridaKTaBrSqbto9ILSAJ/+D
PNsZZWvXmhj2mI+hklWRCM3tiRM9JhQHEYe7PaKmwxD7g3UUfkhAFI8GyGOm3nEX
pHtaY3Ks5x71IE33WPS9n5vpCy20xCdGJ669m/AI6gj8mNUIU4lWMWmFCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGelGv5tbgub5CD02XCEcutBJGsCMB8GA1UdIwQY
MBaAFOqsKIz3eO3dYh4zZFv1XX56im6AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnF3b2pQZDQ3ZDFpSGpOa1dfVmRmbnFLYm9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8wMmY4NWItYzRjNS00ZGZjLTkzOGYt
NzFiOTM4YWU0Y2NkLzEvWjZVYV9tMXVDNXZrSVBUWmNJUnk2MEVrYXdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8wMmY4NWItYzRjNS00ZGZjLTkzOGYtNzFiOTM4YWU0Y2Nk
LzEvNnF3b2pQZDQ3ZDFpSGpOa1dfVmRmbnFLYm9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+1QMA0G
CSqGSIb3DQEBCwUAA4IBAQB0YKAhsSoWKI/e5YfliVNFRHDhNadnyNryePE3Hhk6
prZ9IRBrGgnL0QnMqHI5PoU3zg65TwOjQ5Jv6XyUchVPmguIy2LeBbxbrzegi1NV
lHoGOAiMOAkM//ZGkrICl5E9ino/yx5RzEDMGJg4HmH4ImJvJhJqBv73GSlmAw6U
FZLbAMh/saz1JPVEJhPpmx4lUzZpca01QlMc0HVK52harbQatZkJXLsYMsIpf77U
KWrXcX1NunmIt9Qr276moTCiMiAUssjSHLvs2z/aBuBxJItyhFfkCLaEusQGRPhB
cuNmFlglbePwXVXc8hhwONsuxc+CkxJzEgN6FonMOZ3z
-----END CERTIFICATE-----