Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/k7E49zhbwS2LL9SW63yCCaT3dX4.roa
File:                     k7E49zhbwS2LL9SW63yCCaT3dX4.roa (raw, json)
Hash identifier:          QegyRf4r1BKDBLKon2i8d5TUFY3bBqA8ipMpNwRG+Xw=
Subject key identifier:   93:B1:38:F7:38:5B:C1:2D:8B:2F:D4:96:EB:7C:82:09:A4:F7:75:7E
Certificate issuer:       /CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
Certificate serial:       0197A135165F0621156B66435B21DC73AD36
Authority key identifier: FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/k7E49zhbwS2LL9SW63yCCaT3dX4.roa
Signing time:             Tue 24 Jun 2025 09:11:40 +0000
ROA not before:           Tue 24 Jun 2025 09:11:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6698
IP address blocks:        91.239.78.0/23 maxlen: 23
                          213.111.148.0/24 maxlen: 24
                          213.111.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:35:16:5f:06:21:15:6b:66:43:5b:21:dc:73:ad:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff7d8a79bad4f983d0c49895af50ea8a03ebc70d
        Validity
            Not Before: Jun 24 09:11:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93b138f7385bc12d8b2fd496eb7c8209a4f7757e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:fd:67:be:90:5e:74:6b:8d:e7:e0:0d:64:9e:
                    86:6d:f3:6f:4d:c3:72:33:51:37:92:12:b3:74:38:
                    a5:ea:47:3d:88:ca:ed:db:22:ab:67:6a:cc:50:ae:
                    8d:2b:63:c9:7b:d9:c9:2b:02:cb:71:f0:e7:24:66:
                    e6:57:a5:7d:a9:ff:ec:73:d1:b7:61:51:86:33:1f:
                    62:2e:84:4f:21:81:64:4b:aa:e8:85:9f:5e:21:fc:
                    80:2a:8a:5a:b3:77:34:20:ca:67:c7:2b:2f:42:7d:
                    34:56:f0:b0:37:fe:8c:4b:69:10:39:4d:b0:6a:13:
                    2d:34:3e:70:f6:8a:0e:ca:52:b7:7b:b6:10:58:14:
                    b6:5f:ed:53:d2:f4:68:64:58:70:68:77:97:ea:2e:
                    f5:13:6a:47:36:29:b3:6b:ae:e8:d1:31:51:1a:f2:
                    67:21:90:99:db:f9:27:4b:88:85:61:3c:38:04:6a:
                    35:39:82:d3:b0:da:b8:dc:08:2a:d2:b4:dc:aa:37:
                    14:a2:3a:b8:9f:91:fd:bd:83:4b:88:b9:fd:04:7c:
                    ff:fd:99:24:50:96:c5:c4:ae:e7:bd:fa:43:05:eb:
                    1d:ef:50:b4:68:21:d9:6c:e8:d4:e0:fd:b5:54:85:
                    be:e6:51:39:da:c5:c7:49:d8:04:21:2d:7a:ee:82:
                    94:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:B1:38:F7:38:5B:C1:2D:8B:2F:D4:96:EB:7C:82:09:A4:F7:75:7E
            X509v3 Authority Key Identifier:
                keyid:FF:7D:8A:79:BA:D4:F9:83:D0:C4:98:95:AF:50:EA:8A:03:EB:C7:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_32KebrU-YPQxJiVr1DqigPrxw0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/k7E49zhbwS2LL9SW63yCCaT3dX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/4424ef-68aa-4b70-b2cc-0873e3994d0e/1/_32KebrU-YPQxJiVr1DqigPrxw0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.78.0/23
                  213.111.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2d:9f:b2:f7:77:9b:8d:7b:d5:c2:0e:a7:cf:3d:d8:71:ca:e3:
         9b:36:5b:0d:54:38:06:ab:c7:51:24:c9:5c:7e:28:2e:4c:18:
         0a:2e:57:1e:88:87:21:86:7f:44:7e:6c:75:40:81:93:22:eb:
         69:56:c8:6e:0f:ce:48:be:c2:d1:e5:86:fe:41:68:53:d3:56:
         4b:46:ed:21:2b:58:eb:7f:4f:5b:45:3c:d2:d4:85:ab:d6:d0:
         b9:1c:18:88:7a:a2:84:3a:91:44:1b:55:84:59:53:65:a0:41:
         4c:9e:50:96:7b:b8:fd:9f:d8:9b:22:ae:f6:46:b4:83:e5:12:
         e4:3e:3e:76:ae:b3:e3:e1:82:85:e6:f8:05:58:52:14:75:fe:
         2a:a9:eb:e2:bd:8c:d1:ba:43:6f:85:30:19:9c:a4:22:05:ad:
         74:1c:46:38:be:85:f0:19:4b:68:21:ea:5b:d9:49:17:0f:bd:
         2c:16:e0:7d:56:66:96:b2:3e:b1:58:23:77:d6:45:9e:2f:f8:
         5a:be:6f:a7:8d:47:86:3f:e5:c1:7c:68:9f:47:c9:45:ea:1b:
         e5:57:e7:a2:01:65:a8:9b:c0:73:6f:37:3f:df:78:f5:97:27:
         db:aa:d3:c5:0b:6c:1f:a2:ee:2c:b2:e0:46:b7:63:68:d5:3f:
         79:8b:23:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZehNRZfBiEVa2ZDWyHcc602MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmN2Q4YTc5YmFkNGY5ODNkMGM0OTg5NWFmNTBlYThhMDNl
YmM3MGQwHhcNMjUwNjI0MDkxMTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2IxMzhmNzM4NWJjMTJkOGIyZmQ0OTZlYjdjODIwOWE0Zjc3NTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6v1nvpBedGuN5+ANZJ6GbfNvTcNy
M1E3khKzdDil6kc9iMrt2yKrZ2rMUK6NK2PJe9nJKwLLcfDnJGbmV6V9qf/sc9G3
YVGGMx9iLoRPIYFkS6rohZ9eIfyAKopas3c0IMpnxysvQn00VvCwN/6MS2kQOU2w
ahMtND5w9ooOylK3e7YQWBS2X+1T0vRoZFhwaHeX6i71E2pHNimza67o0TFRGvJn
IZCZ2/knS4iFYTw4BGo1OYLTsNq43Agq0rTcqjcUojq4n5H9vYNLiLn9BHz//Zkk
UJbFxK7nvfpDBesd71C0aCHZbOjU4P21VIW+5lE52sXHSdgEIS167oKUWwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJOxOPc4W8Etiy/Ulut8ggmk93V+MB8GA1UdIwQY
MBaAFP99inm61PmD0MSYla9Q6ooD68cNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2Mt
MDg3M2UzOTk0ZDBlLzEvazdFNDl6aGJ3UzJMTDlTVzYzeUNDYVQzZFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi80NDI0ZWYtNjhhYS00YjcwLWIyY2MtMDg3M2UzOTk0ZDBl
LzEvXzMyS2ViclUtWVBReEppVnIxRHFpZ1ByeHcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+9OAwQB
1W+UMA0GCSqGSIb3DQEBCwUAA4IBAQAtn7L3d5uNe9XCDqfPPdhxyuObNlsNVDgG
q8dRJMlcfiguTBgKLlceiIchhn9Efmx1QIGTIutpVshuD85IvsLR5Yb+QWhT01ZL
Ru0hK1jrf09bRTzS1IWr1tC5HBiIeqKEOpFEG1WEWVNloEFMnlCWe7j9n9ibIq72
RrSD5RLkPj52rrPj4YKF5vgFWFIUdf4qqevivYzRukNvhTAZnKQiBa10HEY4voXw
GUtoIepb2UkXD70sFuB9VmaWsj6xWCN31kWeL/havm+njUeGP+XBfGifR8lF6hvl
V+eiAWWom8Bzbzc/33j1lyfbqtPFC2wfou4ssuBGt2No1T95iyNB
-----END CERTIFICATE-----