Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/f5ed1c-3797-400d-b72f-804cda5243b3/1/gLvldii-qJB8VCnJaWDvi5QbXt8.roa
File:                     gLvldii-qJB8VCnJaWDvi5QbXt8.roa (raw, json)
Hash identifier:          9RxPQGeD0pT2vqVcsjjJurQ/oZ8JH2GkOiJjJQsHTb0=
Subject key identifier:   80:BB:E5:76:28:BE:A8:90:7C:54:29:C9:69:60:EF:8B:94:1B:5E:DF
Certificate issuer:       /CN=9f6c98d597b781b7a10c7e0edb1c48f6b81a5f8b
Certificate serial:       0197A75AE10BB160CD348D583A6A4EA31960
Authority key identifier: 9F:6C:98:D5:97:B7:81:B7:A1:0C:7E:0E:DB:1C:48:F6:B8:1A:5F:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n2yY1Ze3gbehDH4O2xxI9rgaX4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/f5ed1c-3797-400d-b72f-804cda5243b3/1/gLvldii-qJB8VCnJaWDvi5QbXt8.roa
Signing time:             Wed 25 Jun 2025 13:50:40 +0000
ROA not before:           Wed 25 Jun 2025 13:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        91.198.255.0/24 maxlen: 24
                          193.36.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/f5ed1c-3797-400d-b72f-804cda5243b3/1/n2yY1Ze3gbehDH4O2xxI9rgaX4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/f5ed1c-3797-400d-b72f-804cda5243b3/1/n2yY1Ze3gbehDH4O2xxI9rgaX4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n2yY1Ze3gbehDH4O2xxI9rgaX4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 01:02:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a7:5a:e1:0b:b1:60:cd:34:8d:58:3a:6a:4e:a3:19:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f6c98d597b781b7a10c7e0edb1c48f6b81a5f8b
        Validity
            Not Before: Jun 25 13:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80bbe57628bea8907c5429c96960ef8b941b5edf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:28:41:35:14:54:05:50:c6:d7:c6:42:c6:7f:
                    c5:f8:7e:c1:da:15:76:93:cc:38:28:b0:65:e6:c1:
                    5e:1d:33:4c:c7:a7:79:56:e8:94:46:8f:6f:e8:f1:
                    9e:cc:a6:23:6b:a2:e6:fc:9e:db:a3:1d:07:90:51:
                    bd:b7:a3:3b:98:28:95:d6:4f:36:be:30:8a:01:bb:
                    52:c7:ee:14:85:ff:15:e1:cf:14:2f:39:78:69:74:
                    de:4d:cc:fa:59:75:64:82:fc:c7:be:33:d4:dd:67:
                    13:f6:d0:f1:81:de:ce:51:95:e3:f7:6c:08:5a:67:
                    40:2c:fe:0f:89:62:18:4d:b0:87:c6:8b:06:89:e3:
                    af:4c:bb:59:56:32:6b:57:8b:30:6f:00:a2:db:7b:
                    73:10:08:f3:8e:c1:2d:1f:38:ab:b9:33:4b:7d:9f:
                    e0:b2:80:85:a3:b7:1d:3a:ec:8d:ee:7d:96:dc:82:
                    f5:ee:8c:63:c0:25:b5:57:4f:cc:46:b0:fe:cd:b1:
                    0b:ef:ef:2d:ad:a2:14:a2:03:60:53:f5:a7:d2:4a:
                    ee:51:ac:7d:8d:e5:4a:30:3d:06:b8:ff:3b:30:a9:
                    9b:16:4f:79:a7:90:1f:1e:76:78:34:1f:23:4a:29:
                    7a:a0:21:66:1e:f2:0f:a3:b8:8c:1d:f7:49:e6:14:
                    73:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:BB:E5:76:28:BE:A8:90:7C:54:29:C9:69:60:EF:8B:94:1B:5E:DF
            X509v3 Authority Key Identifier:
                keyid:9F:6C:98:D5:97:B7:81:B7:A1:0C:7E:0E:DB:1C:48:F6:B8:1A:5F:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n2yY1Ze3gbehDH4O2xxI9rgaX4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/f5ed1c-3797-400d-b72f-804cda5243b3/1/gLvldii-qJB8VCnJaWDvi5QbXt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/f5ed1c-3797-400d-b72f-804cda5243b3/1/n2yY1Ze3gbehDH4O2xxI9rgaX4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.255.0/24
                  193.36.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c8:fe:e8:37:5c:2e:58:7b:d7:df:1a:d9:de:19:87:33:c9:ac:
         d4:5d:41:1c:57:ca:00:21:43:05:e2:0e:63:2f:ce:ef:78:d7:
         2f:7d:f6:65:b7:ef:df:8e:c5:61:16:94:51:72:f3:82:84:60:
         90:21:a0:68:7d:38:fd:f3:b5:3d:b2:78:d8:c1:43:07:cb:bd:
         2c:9c:5b:e7:41:67:a2:85:1a:66:20:0f:d6:36:38:1a:83:f6:
         90:88:c1:09:d5:1b:b9:a5:7a:47:9b:5e:de:20:6d:e7:00:bb:
         29:1f:82:5a:40:ce:42:65:e1:51:cc:84:79:70:df:ff:2a:77:
         00:73:9e:0e:b2:ff:b6:30:34:f0:ee:a6:78:96:3d:42:14:c5:
         c5:7e:a3:e8:17:4a:46:fb:64:99:ca:47:ca:8b:b3:1b:85:8b:
         c0:5e:77:11:47:82:03:64:b2:b2:da:7b:89:05:1f:8e:2f:1a:
         4f:23:20:a0:ad:e6:9d:67:c6:5c:45:69:d8:5c:4d:8a:fe:cb:
         52:f6:cb:0c:3c:50:32:88:cf:24:03:d9:14:c2:e0:1f:2e:00:
         58:3f:f5:52:5f:f4:20:98:b2:6f:3c:03:4e:b0:63:d4:98:2d:
         a8:43:6d:f2:fb:84:d5:f8:d1:9f:00:0a:f4:cf:95:00:37:a4:
         97:a0:b5:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZenWuELsWDNNI1YOmpOoxlgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNmM5OGQ1OTdiNzgxYjdhMTBjN2UwZWRiMWM0OGY2Yjgx
YTVmOGIwHhcNMjUwNjI1MTM1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGJiZTU3NjI4YmVhODkwN2M1NDI5Yzk2OTYwZWY4Yjk0MWI1ZWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ihBNRRUBVDG18ZCxn/F+H7B2hV2
k8w4KLBl5sFeHTNMx6d5VuiURo9v6PGezKYja6Lm/J7box0HkFG9t6M7mCiV1k82
vjCKAbtSx+4Uhf8V4c8ULzl4aXTeTcz6WXVkgvzHvjPU3WcT9tDxgd7OUZXj92wI
WmdALP4PiWIYTbCHxosGieOvTLtZVjJrV4swbwCi23tzEAjzjsEtHziruTNLfZ/g
soCFo7cdOuyN7n2W3IL17oxjwCW1V0/MRrD+zbEL7+8traIUogNgU/Wn0kruUax9
jeVKMD0GuP87MKmbFk95p5AfHnZ4NB8jSil6oCFmHvIPo7iMHfdJ5hRz7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIC75XYovqiQfFQpyWlg74uUG17fMB8GA1UdIwQY
MBaAFJ9smNWXt4G3oQx+DtscSPa4Gl+LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjJ5WTFaZTNnYmVoREg0TzJ4eEk5cmdhWDRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9mNWVkMWMtMzc5Ny00MDBkLWI3MmYt
ODA0Y2RhNTI0M2IzLzEvZ0x2bGRpaS1xSkI4VkNuSmFXRHZpNVFiWHQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9mNWVkMWMtMzc5Ny00MDBkLWI3MmYtODA0Y2RhNTI0M2Iz
LzEvbjJ5WTFaZTNnYmVoREg0TzJ4eEk5cmdhWDRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8b/AwQA
wSQiMA0GCSqGSIb3DQEBCwUAA4IBAQDI/ug3XC5Ye9ffGtneGYczyazUXUEcV8oA
IUMF4g5jL87veNcvffZlt+/fjsVhFpRRcvOChGCQIaBofTj987U9snjYwUMHy70s
nFvnQWeihRpmIA/WNjgag/aQiMEJ1Ru5pXpHm17eIG3nALspH4JaQM5CZeFRzIR5
cN//KncAc54Osv+2MDTw7qZ4lj1CFMXFfqPoF0pG+2SZykfKi7MbhYvAXncRR4ID
ZLKy2nuJBR+OLxpPIyCgreadZ8ZcRWnYXE2K/stS9ssMPFAyiM8kA9kUwuAfLgBY
P/VSX/QgmLJvPANOsGPUmC2oQ23y+4TV+NGfAAr0z5UAN6SXoLV9
-----END CERTIFICATE-----