Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/28d7cf-22f8-4363-ad02-a0ac49ad343f/1/sg6Ke3Csa6eOc_sincTW9jDFk9g.roa
File:                     sg6Ke3Csa6eOc_sincTW9jDFk9g.roa (raw, json)
Hash identifier:          JJ9uMfjWarSgHm6HNb7BDGcOt4jlyu+d939+XIEHnuI=
Subject key identifier:   B2:0E:8A:7B:70:AC:6B:A7:8E:73:FB:22:9D:C4:D6:F6:30:C5:93:D8
Certificate issuer:       /CN=2018ef08b55ddb20c8816a621a459cdb927b3201
Certificate serial:       0198A29B02CB67C02E6DB52AC0B1DE921151
Authority key identifier: 20:18:EF:08:B5:5D:DB:20:C8:81:6A:62:1A:45:9C:DB:92:7B:32:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IBjvCLVd2yDIgWpiGkWc25J7MgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/28d7cf-22f8-4363-ad02-a0ac49ad343f/1/sg6Ke3Csa6eOc_sincTW9jDFk9g.roa
Signing time:             Wed 13 Aug 2025 08:45:24 +0000
ROA not before:           Wed 13 Aug 2025 08:45:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        91.204.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/28d7cf-22f8-4363-ad02-a0ac49ad343f/1/IBjvCLVd2yDIgWpiGkWc25J7MgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/28d7cf-22f8-4363-ad02-a0ac49ad343f/1/IBjvCLVd2yDIgWpiGkWc25J7MgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IBjvCLVd2yDIgWpiGkWc25J7MgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a2:9b:02:cb:67:c0:2e:6d:b5:2a:c0:b1:de:92:11:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2018ef08b55ddb20c8816a621a459cdb927b3201
        Validity
            Not Before: Aug 13 08:45:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b20e8a7b70ac6ba78e73fb229dc4d6f630c593d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:b6:73:32:eb:0b:b3:a6:61:74:88:5a:52:b1:
                    d6:95:ba:e0:69:00:91:e4:53:d8:f7:d3:ff:fb:cb:
                    b1:5d:fb:11:4e:e7:67:52:fc:ba:94:a5:25:07:80:
                    cd:be:ef:d2:7c:e2:43:8e:06:8e:4c:af:18:f3:b8:
                    2a:b3:64:86:6c:b6:69:be:aa:8a:e2:35:be:e7:f9:
                    5d:27:dc:f6:30:23:22:0e:4b:14:3f:90:31:9f:bd:
                    0a:8c:dd:c3:e6:7f:67:fb:16:a0:f0:bd:80:c3:f3:
                    31:25:47:34:52:d8:f5:7a:c9:de:5e:1c:5c:c0:a8:
                    a6:b6:bf:cf:ca:0d:9a:dd:a3:0b:6b:9e:eb:00:93:
                    d0:f5:61:96:f3:76:7e:8b:08:61:b6:6f:1f:6d:28:
                    17:57:0d:35:b2:c4:d6:a9:ad:85:21:23:97:7a:e8:
                    9d:b3:f2:b3:82:08:c9:00:cd:dc:fb:bf:c8:8e:64:
                    e3:27:0b:15:78:bd:8a:7e:7f:e2:77:5a:d0:bd:9e:
                    47:2a:52:41:05:6b:b8:25:b6:50:36:1e:3f:d2:e4:
                    4a:32:56:6a:54:94:09:a0:2f:3b:b5:16:bf:fe:2e:
                    8c:a1:ce:d0:ac:35:d9:9f:bd:bd:f8:dc:73:0b:8b:
                    55:fc:ae:3b:e3:9a:6f:e3:f6:32:c3:9d:a0:4e:fd:
                    a0:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:0E:8A:7B:70:AC:6B:A7:8E:73:FB:22:9D:C4:D6:F6:30:C5:93:D8
            X509v3 Authority Key Identifier:
                keyid:20:18:EF:08:B5:5D:DB:20:C8:81:6A:62:1A:45:9C:DB:92:7B:32:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IBjvCLVd2yDIgWpiGkWc25J7MgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/28d7cf-22f8-4363-ad02-a0ac49ad343f/1/sg6Ke3Csa6eOc_sincTW9jDFk9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/28d7cf-22f8-4363-ad02-a0ac49ad343f/1/IBjvCLVd2yDIgWpiGkWc25J7MgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:02:15:ff:c2:53:b4:aa:ed:19:df:d8:37:18:71:51:93:79:
         c2:b1:8b:c2:1f:12:e0:47:c4:db:58:6d:a3:a0:00:e9:dd:2b:
         17:df:23:c2:c8:61:7c:74:e2:21:e3:2f:d5:55:cd:a4:d1:a5:
         f8:6f:53:d1:e0:c2:26:37:c1:76:66:21:84:83:a0:28:ca:66:
         1f:dd:f6:51:2c:43:4c:80:fa:7a:b3:dd:dc:b8:ff:7d:9d:25:
         94:77:14:20:f3:b5:e0:65:21:ca:52:88:bb:82:7d:c2:82:68:
         f3:5c:f0:11:36:bf:7f:2e:05:eb:03:d7:78:da:d9:ef:28:b3:
         28:e1:3f:80:93:a6:d1:53:2a:80:8c:1b:2f:60:47:2e:dc:60:
         1a:b9:71:2f:f6:ab:f3:6a:51:ed:42:4d:29:1c:2c:09:55:72:
         52:ba:cb:da:9d:bd:fc:e5:70:fe:ee:40:8c:a5:bf:ff:82:ac:
         2f:84:98:48:b5:46:47:8c:3c:52:91:03:d1:3b:2e:89:b0:49:
         cb:3a:80:84:4b:bd:0d:33:72:bf:42:03:45:c8:7e:d2:02:f4:
         d4:b5:22:0a:49:fe:5e:44:f8:00:4f:83:71:ff:e9:21:eb:fe:
         b3:7a:35:55:93:31:f6:c8:0e:d7:ba:85:59:22:1a:d6:62:42:
         07:c0:0d:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiimwLLZ8AubbUqwLHekhFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMThlZjA4YjU1ZGRiMjBjODgxNmE2MjFhNDU5Y2RiOTI3
YjMyMDEwHhcNMjUwODEzMDg0NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjBlOGE3YjcwYWM2YmE3OGU3M2ZiMjI5ZGM0ZDZmNjMwYzU5M2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxbZzMusLs6ZhdIhaUrHWlbrgaQCR
5FPY99P/+8uxXfsRTudnUvy6lKUlB4DNvu/SfOJDjgaOTK8Y87gqs2SGbLZpvqqK
4jW+5/ldJ9z2MCMiDksUP5Axn70KjN3D5n9n+xag8L2Aw/MxJUc0Utj1esneXhxc
wKimtr/Pyg2a3aMLa57rAJPQ9WGW83Z+iwhhtm8fbSgXVw01ssTWqa2FISOXeuid
s/KzggjJAM3c+7/IjmTjJwsVeL2Kfn/id1rQvZ5HKlJBBWu4JbZQNh4/0uRKMlZq
VJQJoC87tRa//i6Moc7QrDXZn729+NxzC4tV/K4745pv4/Yyw52gTv2gNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLIOintwrGunjnP7Ip3E1vYwxZPYMB8GA1UdIwQY
MBaAFCAY7wi1XdsgyIFqYhpFnNuSezIBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJqdkNMVmQyeURJZ1dwaUdrV2MyNUo3TWdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yOGQ3Y2YtMjJmOC00MzYzLWFkMDIt
YTBhYzQ5YWQzNDNmLzEvc2c2S2UzQ3NhNmVPY19zaW5jVFc5akRGazlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yOGQ3Y2YtMjJmOC00MzYzLWFkMDItYTBhYzQ5YWQzNDNm
LzEvSUJqdkNMVmQyeURJZ1dwaUdrV2MyNUo3TWdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8xTMA0G
CSqGSIb3DQEBCwUAA4IBAQCbAhX/wlO0qu0Z39g3GHFRk3nCsYvCHxLgR8TbWG2j
oADp3SsX3yPCyGF8dOIh4y/VVc2k0aX4b1PR4MImN8F2ZiGEg6AoymYf3fZRLENM
gPp6s93cuP99nSWUdxQg87XgZSHKUoi7gn3CgmjzXPARNr9/LgXrA9d42tnvKLMo
4T+Ak6bRUyqAjBsvYEcu3GAauXEv9qvzalHtQk0pHCwJVXJSusvanb385XD+7kCM
pb//gqwvhJhItUZHjDxSkQPROy6JsEnLOoCES70NM3K/QgNFyH7SAvTUtSIKSf5e
RPgAT4Nx/+kh6/6zejVVkzH2yA7XuoVZIhrWYkIHwA1F
-----END CERTIFICATE-----