Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/rBSzUOINd2m6Fe0adonryiHnJmQ.roa
File:                     rBSzUOINd2m6Fe0adonryiHnJmQ.roa (raw, json)
Hash identifier:          7uuLF1A7YhEI7aXW9wxB80gtnkWtzrOwm2g4cLYcmzo=
Subject key identifier:   AC:14:B3:50:E2:0D:77:69:BA:15:ED:1A:76:89:EB:CA:21:E7:26:64
Certificate issuer:       /CN=8c96c66af331c985b859d403b36974c0632e1ef2
Certificate serial:       01979BFCC69E09ACBA004D63E692BE2F1746
Authority key identifier: 8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/rBSzUOINd2m6Fe0adonryiHnJmQ.roa
Signing time:             Mon 23 Jun 2025 08:52:03 +0000
ROA not before:           Mon 23 Jun 2025 08:52:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49544
IP address blocks:        91.233.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9b:fc:c6:9e:09:ac:ba:00:4d:63:e6:92:be:2f:17:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c96c66af331c985b859d403b36974c0632e1ef2
        Validity
            Not Before: Jun 23 08:52:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac14b350e20d7769ba15ed1a7689ebca21e72664
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:38:15:4e:15:fd:47:6f:af:fe:01:29:5d:bd:
                    22:2d:75:e3:2b:24:88:0d:30:4a:2f:c0:5a:d1:c2:
                    72:fc:79:6a:8f:b1:21:d4:94:3b:e6:5c:f5:bc:88:
                    de:a4:fe:21:09:ad:a9:07:af:19:c2:3e:31:74:cd:
                    98:8e:33:08:78:99:c2:b8:90:81:aa:7f:fd:76:cb:
                    98:b2:9b:c3:27:c0:e6:b0:2f:dc:7f:da:8b:27:78:
                    b5:11:d8:a1:42:5e:37:ca:04:4d:28:6f:12:6a:a8:
                    96:69:61:b7:9e:01:b5:23:89:83:ac:1e:b7:77:39:
                    73:48:c8:1f:ff:db:33:34:8f:98:52:37:08:5b:dc:
                    90:be:9b:a2:20:4f:0b:16:83:ae:a2:87:d1:26:93:
                    26:a0:a0:01:7c:54:f0:fc:61:45:21:42:0e:54:65:
                    b7:b1:e1:9a:b8:57:0c:80:e4:9d:83:33:dc:c4:d9:
                    e6:d1:34:1a:c0:3a:a4:72:ed:21:63:a8:cc:c2:0e:
                    ce:a6:8a:86:c6:e8:2f:c3:a5:3f:00:be:57:c2:54:
                    28:ed:86:d0:45:00:ba:ad:d8:97:36:f3:a9:b0:da:
                    5e:3e:b5:43:ab:a7:ab:ab:bd:0f:a5:c9:7e:74:b5:
                    66:d0:57:45:95:ab:2b:a4:93:06:da:40:fb:ae:dc:
                    fe:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:14:B3:50:E2:0D:77:69:BA:15:ED:1A:76:89:EB:CA:21:E7:26:64
            X509v3 Authority Key Identifier:
                keyid:8C:96:C6:6A:F3:31:C9:85:B8:59:D4:03:B3:69:74:C0:63:2E:1E:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jJbGavMxyYW4WdQDs2l0wGMuHvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/rBSzUOINd2m6Fe0adonryiHnJmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/97e057-0f60-4aaf-9a48-83a44310a964/1/jJbGavMxyYW4WdQDs2l0wGMuHvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:53:b5:ac:46:d4:04:3e:17:bd:8f:28:bd:2b:c0:5d:87:b3:
         da:41:bf:80:d0:38:78:ad:81:d2:d5:30:e4:f4:e1:ee:57:a0:
         74:f3:5d:0e:f8:3f:09:a8:d1:38:82:bd:a3:f4:3a:0d:3e:7b:
         f6:f4:d7:b6:ea:cf:8d:ba:ca:2b:de:a8:bf:f8:5c:bb:0d:ae:
         b0:85:e2:66:b6:5a:01:c3:94:41:d7:49:7d:a2:c7:da:20:37:
         85:0b:96:89:4e:f2:17:dc:ee:1f:6a:65:86:9d:6c:90:19:2d:
         9b:50:5b:e5:00:31:13:89:81:84:5e:bf:22:6d:1d:0f:45:41:
         74:b9:ef:61:26:4d:dd:8e:05:7d:5f:e2:f0:27:1b:64:d8:a4:
         4f:79:5b:de:97:dc:ac:c2:87:4c:89:12:7b:2f:17:ba:ba:c9:
         17:41:de:22:b4:a9:3e:89:e5:04:c8:1e:bf:92:ce:bb:0f:47:
         67:df:47:79:09:91:96:c4:9d:d9:a3:24:18:a7:02:4e:d7:12:
         55:5e:bf:bc:76:3b:fb:bf:d4:a3:19:a7:f2:43:62:ef:12:3b:
         cf:dc:e0:ff:e4:53:e6:34:ef:f8:1c:41:18:7e:ee:4d:82:13:
         e0:9b:83:df:42:ff:58:5f:6a:c7:cd:98:13:35:d8:e5:be:f9:
         e5:0e:5c:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeb/MaeCay6AE1j5pK+LxdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjOTZjNjZhZjMzMWM5ODViODU5ZDQwM2IzNjk3NGMwNjMy
ZTFlZjIwHhcNMjUwNjIzMDg1MjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzE0YjM1MGUyMGQ3NzY5YmExNWVkMWE3Njg5ZWJjYTIxZTcyNjY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TgVThX9R2+v/gEpXb0iLXXjKySI
DTBKL8Ba0cJy/Hlqj7Eh1JQ75lz1vIjepP4hCa2pB68Zwj4xdM2YjjMIeJnCuJCB
qn/9dsuYspvDJ8DmsC/cf9qLJ3i1EdihQl43ygRNKG8SaqiWaWG3ngG1I4mDrB63
dzlzSMgf/9szNI+YUjcIW9yQvpuiIE8LFoOuoofRJpMmoKABfFTw/GFFIUIOVGW3
seGauFcMgOSdgzPcxNnm0TQawDqkcu0hY6jMwg7OpoqGxugvw6U/AL5XwlQo7YbQ
RQC6rdiXNvOpsNpePrVDq6erq70Ppcl+dLVm0FdFlasrpJMG2kD7rtz+OQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwUs1DiDXdpuhXtGnaJ68oh5yZkMB8GA1UdIwQY
MBaAFIyWxmrzMcmFuFnUA7NpdMBjLh7yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgt
ODNhNDQzMTBhOTY0LzEvckJTelVPSU5kMm02RmUwYWRvbnJ5aUhuSm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC85N2UwNTctMGY2MC00YWFmLTlhNDgtODNhNDQzMTBhOTY0
LzEvakpiR2F2TXh5WVc0V2RRRHMybDB3R011SHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+lDMA0G
CSqGSIb3DQEBCwUAA4IBAQA3U7WsRtQEPhe9jyi9K8Bdh7PaQb+A0Dh4rYHS1TDk
9OHuV6B0810O+D8JqNE4gr2j9DoNPnv29Ne26s+Nusor3qi/+Fy7Da6wheJmtloB
w5RB10l9osfaIDeFC5aJTvIX3O4famWGnWyQGS2bUFvlADETiYGEXr8ibR0PRUF0
ue9hJk3djgV9X+LwJxtk2KRPeVvel9yswodMiRJ7Lxe6uskXQd4itKk+ieUEyB6/
ks67D0dn30d5CZGWxJ3ZoyQYpwJO1xJVXr+8djv7v9SjGafyQ2LvEjvP3OD/5FPm
NO/4HEEYfu5NghPgm4PfQv9YX2rHzZgTNdjlvvnlDlyj
-----END CERTIFICATE-----