Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/9BTsC-VY_sKGkh2euSED3WOM9ZI.roa
File:                     9BTsC-VY_sKGkh2euSED3WOM9ZI.roa (raw, json)
Hash identifier:          viXsjra2jhTZdPzpqdc9qlQE8a3DDErudBN55tMe3Wg=
Subject key identifier:   F4:14:EC:0B:E5:58:FE:C2:86:92:1D:9E:B9:21:03:DD:63:8C:F5:92
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       019788A683022FB5B2F4366DADFE6168AF07
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/9BTsC-VY_sKGkh2euSED3WOM9ZI.roa
Signing time:             Thu 19 Jun 2025 14:45:03 +0000
ROA not before:           Thu 19 Jun 2025 14:45:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        91.102.160.0/23 maxlen: 23
                          91.102.164.0/24 maxlen: 24
                          91.102.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:88:a6:83:02:2f:b5:b2:f4:36:6d:ad:fe:61:68:af:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Jun 19 14:45:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f414ec0be558fec286921d9eb92103dd638cf592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:d4:83:4b:28:0f:d7:21:ec:f5:f0:40:37:94:
                    50:78:5e:cc:a7:ca:26:7b:cb:37:de:7c:69:8f:fd:
                    de:f5:e0:86:10:70:1a:73:25:b8:aa:92:dc:c0:5b:
                    fc:e1:f4:8f:c9:3c:7e:5b:4d:60:40:4e:0f:6f:3b:
                    6b:8a:6f:fb:bf:dd:ba:3f:7d:8c:0f:40:22:2a:60:
                    0c:3e:cf:25:a6:d5:f3:af:38:dc:2e:d5:84:a5:65:
                    c7:2a:0b:d1:e1:e2:21:4e:8a:3e:5b:cd:35:2a:09:
                    0a:0e:e8:15:f7:fb:2a:3d:c0:4f:c0:67:f4:15:5f:
                    d7:7f:03:86:64:7b:42:a6:58:fa:c1:40:ed:de:f4:
                    5d:c5:cd:04:5c:19:e7:ba:1d:b0:5b:25:44:fe:60:
                    1e:b6:7e:3f:1e:26:2b:0c:e3:34:57:f4:24:fc:a0:
                    e4:04:01:54:3e:fa:03:bc:ec:50:30:24:a1:cc:0e:
                    85:9a:c3:12:b4:a7:3a:de:bd:d6:50:e7:06:df:cb:
                    d4:83:c5:4a:62:63:3a:52:a2:4f:27:43:61:72:2f:
                    a5:f5:83:cf:2c:26:54:73:31:cb:34:43:23:94:e0:
                    27:c4:ba:aa:16:5d:be:1d:cc:79:85:7e:bf:3d:0f:
                    02:ef:2c:bc:54:e2:9e:9b:fb:af:dc:0e:0e:1b:a3:
                    39:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:14:EC:0B:E5:58:FE:C2:86:92:1D:9E:B9:21:03:DD:63:8C:F5:92
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/9BTsC-VY_sKGkh2euSED3WOM9ZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.160.0/23
                  91.102.164.0/24
                  91.102.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:52:32:88:a4:78:0e:3d:b7:58:f5:cc:18:1a:0e:8c:98:4d:
         04:af:44:a5:41:46:18:49:70:23:d7:fe:4e:b5:32:13:0e:f7:
         1c:c4:c3:29:a4:9b:1c:34:07:43:a3:88:04:c5:62:3f:80:db:
         0a:e3:c3:a3:6f:4b:ee:62:b4:83:4b:f9:83:fc:cd:0b:13:7c:
         f8:e4:d1:e3:bd:62:8e:87:d2:74:8e:3c:7a:64:a5:3b:6b:85:
         3b:98:ec:b4:8b:18:bf:06:50:45:0f:e5:99:02:f3:5d:8f:b5:
         a7:4a:ad:c5:f2:81:e7:23:7f:34:71:32:c9:81:79:21:e9:2a:
         62:59:55:89:a7:62:8e:61:a8:93:19:02:bc:56:65:74:f3:2c:
         37:64:f1:a2:50:61:3b:4a:44:7b:91:97:67:c5:a0:04:94:e7:
         af:0b:91:04:2f:81:95:5b:fa:91:48:3b:98:61:4d:f1:1d:77:
         2c:3c:29:7f:5c:77:a5:f0:0e:b6:a8:1e:fe:c6:ea:c9:29:9a:
         50:6f:74:82:af:cc:05:30:2b:e4:f0:84:20:01:cc:f3:3a:26:
         f6:80:6d:26:58:67:e2:af:4e:4b:69:da:5a:f5:1c:a5:81:44:
         63:14:03:de:b5:97:ac:db:a8:44:b9:b6:82:8b:9d:88:c3:6c:
         a0:b8:c7:ae
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZeIpoMCL7Wy9DZtrf5haK8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjUwNjE5MTQ0NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDE0ZWMwYmU1NThmZWMyODY5MjFkOWViOTIxMDNkZDYzOGNmNTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6NSDSygP1yHs9fBAN5RQeF7Mp8om
e8s33nxpj/3e9eCGEHAacyW4qpLcwFv84fSPyTx+W01gQE4Pbztrim/7v926P32M
D0AiKmAMPs8lptXzrzjcLtWEpWXHKgvR4eIhToo+W801KgkKDugV9/sqPcBPwGf0
FV/XfwOGZHtCplj6wUDt3vRdxc0EXBnnuh2wWyVE/mAetn4/HiYrDOM0V/Qk/KDk
BAFUPvoDvOxQMCShzA6FmsMStKc63r3WUOcG38vUg8VKYmM6UqJPJ0Nhci+l9YPP
LCZUczHLNEMjlOAnxLqqFl2+Hcx5hX6/PQ8C7yy8VOKem/uv3A4OG6M5ywIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPQU7AvlWP7ChpIdnrkhA91jjPWSMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvOUJUc0MtVllfc0tHa2gyZXVTRUQzV09NOVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBW2agAwQA
W2akAwQAW2anMA0GCSqGSIb3DQEBCwUAA4IBAQAHUjKIpHgOPbdY9cwYGg6MmE0E
r0SlQUYYSXAj1/5OtTITDvccxMMppJscNAdDo4gExWI/gNsK48Ojb0vuYrSDS/mD
/M0LE3z45NHjvWKOh9J0jjx6ZKU7a4U7mOy0ixi/BlBFD+WZAvNdj7WnSq3F8oHn
I380cTLJgXkh6SpiWVWJp2KOYaiTGQK8VmV08yw3ZPGiUGE7SkR7kZdnxaAElOev
C5EEL4GVW/qRSDuYYU3xHXcsPCl/XHel8A62qB7+xurJKZpQb3SCr8wFMCvk8IQg
AczzOib2gG0mWGfir05Ladpa9RylgURjFAPetZes26hEubaCi52Iw2yguMeu
-----END CERTIFICATE-----