Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/SEMQLfPoFtmMG9uMdSXJeyNo3nk.roa
File:                     SEMQLfPoFtmMG9uMdSXJeyNo3nk.roa (raw, json)
Hash identifier:          ZD2o8n/XFRcCzyhjjBouPx+0N/ySWQHovrDaz6PBT8Q=
Subject key identifier:   48:43:10:2D:F3:E8:16:D9:8C:1B:DB:8C:75:25:C9:7B:23:68:DE:79
Certificate issuer:       /CN=90b8a15466c3ff1e915d780a10b0baa9ad694860
Certificate serial:       01977E00823279B7F7A7FB8E825C4F3DFC42
Authority key identifier: 90:B8:A1:54:66:C3:FF:1E:91:5D:78:0A:10:B0:BA:A9:AD:69:48:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kLihVGbD_x6RXXgKELC6qa1pSGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/SEMQLfPoFtmMG9uMdSXJeyNo3nk.roa
Signing time:             Tue 17 Jun 2025 13:07:31 +0000
ROA not before:           Tue 17 Jun 2025 13:07:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197979
IP address blocks:        91.231.24.0/24 maxlen: 24
                          91.231.25.0/24 maxlen: 24
                          91.231.26.0/24 maxlen: 24
                          91.231.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/kLihVGbD_x6RXXgKELC6qa1pSGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/kLihVGbD_x6RXXgKELC6qa1pSGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kLihVGbD_x6RXXgKELC6qa1pSGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 17:19:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:00:82:32:79:b7:f7:a7:fb:8e:82:5c:4f:3d:fc:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90b8a15466c3ff1e915d780a10b0baa9ad694860
        Validity
            Not Before: Jun 17 13:07:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4843102df3e816d98c1bdb8c7525c97b2368de79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:5a:b6:0b:f7:f8:63:78:f9:97:aa:5d:24:dd:
                    31:93:d7:be:97:a6:23:ba:14:05:06:51:0f:e1:19:
                    16:4d:1f:e2:2b:dc:9b:77:bd:66:2d:a7:49:dc:06:
                    47:a0:78:b0:1d:4f:40:6f:e3:21:2e:f1:38:4e:10:
                    0b:ce:ca:90:b7:9c:53:96:2b:42:1f:58:eb:80:60:
                    b4:47:9c:7b:c3:72:ce:22:4f:0a:15:fb:28:d9:cd:
                    2f:ae:1e:a6:09:70:03:d7:e4:9a:27:5f:42:26:9e:
                    61:21:28:9f:cf:fb:7b:54:7b:8c:5a:96:72:fc:f9:
                    66:72:46:0c:2c:41:f7:3b:ad:4e:94:20:65:62:03:
                    1b:d5:d8:0b:5d:15:fd:69:da:5f:31:e2:8d:4d:0a:
                    ba:4e:d2:df:67:f2:52:ae:5c:cd:4a:03:55:d2:40:
                    6f:3b:6d:9a:29:4a:f0:d3:5a:88:f4:2d:2b:94:46:
                    03:81:d3:6b:cb:57:76:12:7f:e5:88:fb:78:90:44:
                    3b:a7:3c:5f:a5:0c:d5:9f:5d:50:4c:da:5a:95:a1:
                    6a:7a:d6:1b:e4:40:8b:86:fe:5c:82:8b:77:ab:ea:
                    d6:02:70:6d:af:d3:b9:79:85:75:19:02:72:9f:92:
                    ba:73:07:be:60:74:ec:19:ba:d1:21:ba:73:fd:e2:
                    83:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:43:10:2D:F3:E8:16:D9:8C:1B:DB:8C:75:25:C9:7B:23:68:DE:79
            X509v3 Authority Key Identifier:
                keyid:90:B8:A1:54:66:C3:FF:1E:91:5D:78:0A:10:B0:BA:A9:AD:69:48:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kLihVGbD_x6RXXgKELC6qa1pSGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/SEMQLfPoFtmMG9uMdSXJeyNo3nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/kLihVGbD_x6RXXgKELC6qa1pSGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9c:90:22:3e:d9:d4:75:ea:b5:db:0b:10:d7:76:bb:2e:3d:45:
         cb:14:6f:d6:43:47:5f:c2:63:f7:19:84:60:98:00:8c:59:52:
         e9:71:81:1b:7d:6b:66:ec:43:34:ca:55:ae:84:1c:43:3b:73:
         2c:3f:71:63:5c:9a:b5:8f:30:64:77:76:11:41:34:20:67:a0:
         b6:80:79:20:a3:70:81:b9:69:b0:49:85:a8:62:06:cd:7f:2d:
         69:72:05:a5:44:38:9f:14:8b:13:b6:e1:66:4a:8c:52:77:5d:
         a8:90:74:97:e6:e1:80:22:5f:89:31:cb:78:2d:16:bd:a2:9c:
         5b:63:47:f6:20:38:c0:5e:79:73:83:2a:99:60:13:83:5c:07:
         ac:19:8f:42:49:94:18:8f:d5:b0:e2:6e:5f:8c:99:39:56:fe:
         04:86:27:d0:da:06:fb:dd:74:3c:d5:92:2c:ae:90:14:f6:b8:
         18:26:12:0e:bb:4d:ba:da:e4:0c:8d:d4:91:b8:27:9b:73:c6:
         ab:88:1d:48:70:96:2f:f2:79:e2:97:5e:4e:7a:ea:94:dd:7b:
         3d:b3:c1:92:b1:14:6f:6a:61:d9:ab:66:14:e6:17:83:76:fd:
         77:44:59:ab:99:40:d9:68:d3:c4:1d:dd:38:fe:31:14:e0:1b:
         fd:ad:5f:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd+AIIyebf3p/uOglxPPfxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYjhhMTU0NjZjM2ZmMWU5MTVkNzgwYTEwYjBiYWE5YWQ2
OTQ4NjAwHhcNMjUwNjE3MTMwNzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODQzMTAyZGYzZTgxNmQ5OGMxYmRiOGM3NTI1Yzk3YjIzNjhkZTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlq2C/f4Y3j5l6pdJN0xk9e+l6Yj
uhQFBlEP4RkWTR/iK9ybd71mLadJ3AZHoHiwHU9Ab+MhLvE4ThALzsqQt5xTlitC
H1jrgGC0R5x7w3LOIk8KFfso2c0vrh6mCXAD1+SaJ19CJp5hISifz/t7VHuMWpZy
/PlmckYMLEH3O61OlCBlYgMb1dgLXRX9adpfMeKNTQq6TtLfZ/JSrlzNSgNV0kBv
O22aKUrw01qI9C0rlEYDgdNry1d2En/liPt4kEQ7pzxfpQzVn11QTNpalaFqetYb
5ECLhv5cgot3q+rWAnBtr9O5eYV1GQJyn5K6cwe+YHTsGbrRIbpz/eKDrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEhDEC3z6BbZjBvbjHUlyXsjaN55MB8GA1UdIwQY
MBaAFJC4oVRmw/8ekV14ChCwuqmtaUhgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0xpaFZHYkRfeDZSWFhnS0VMQzZxYTFwU0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9hMmRmNDQtMzhiMi00ZDEyLTgzNDct
NzhlOTk3ODY5OTUyLzEvU0VNUUxmUG9GdG1NRzl1TWRTWEpleU5vM25rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9hMmRmNDQtMzhiMi00ZDEyLTgzNDctNzhlOTk3ODY5OTUy
LzEva0xpaFZHYkRfeDZSWFhnS0VMQzZxYTFwU0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW+cYMA0G
CSqGSIb3DQEBCwUAA4IBAQCckCI+2dR16rXbCxDXdrsuPUXLFG/WQ0dfwmP3GYRg
mACMWVLpcYEbfWtm7EM0ylWuhBxDO3MsP3FjXJq1jzBkd3YRQTQgZ6C2gHkgo3CB
uWmwSYWoYgbNfy1pcgWlRDifFIsTtuFmSoxSd12okHSX5uGAIl+JMct4LRa9opxb
Y0f2IDjAXnlzgyqZYBODXAesGY9CSZQYj9Ww4m5fjJk5Vv4EhifQ2gb73XQ81ZIs
rpAU9rgYJhIOu0262uQMjdSRuCebc8ariB1IcJYv8nnil15OeuqU3Xs9s8GSsRRv
amHZq2YU5heDdv13RFmrmUDZaNPEHd04/jEU4Bv9rV8D
-----END CERTIFICATE-----