Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/585e61-9a49-45a9-91f7-df8adad897bf/1/B9IzXLL2ixuUY8NCctMry3Z9SSY.roa
File:                     B9IzXLL2ixuUY8NCctMry3Z9SSY.roa (raw, json)
Hash identifier:          LgY0TUvH+7Vh/0iBbmvFVKw12ZRzdi35NQADfuagyL0=
Subject key identifier:   07:D2:33:5C:B2:F6:8B:1B:94:63:C3:42:72:D3:2B:CB:76:7D:49:26
Certificate issuer:       /CN=0b69087cef600358ef98c1c97da07234dfd0e037
Certificate serial:       019779F7958E30D77FE95DC32F67A8EFE832
Authority key identifier: 0B:69:08:7C:EF:60:03:58:EF:98:C1:C9:7D:A0:72:34:DF:D0:E0:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C2kIfO9gA1jvmMHJfaByNN_Q4Dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/585e61-9a49-45a9-91f7-df8adad897bf/1/B9IzXLL2ixuUY8NCctMry3Z9SSY.roa
Signing time:             Mon 16 Jun 2025 18:19:17 +0000
ROA not before:           Mon 16 Jun 2025 18:19:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56926
IP address blocks:        91.229.28.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/585e61-9a49-45a9-91f7-df8adad897bf/1/C2kIfO9gA1jvmMHJfaByNN_Q4Dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/585e61-9a49-45a9-91f7-df8adad897bf/1/C2kIfO9gA1jvmMHJfaByNN_Q4Dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C2kIfO9gA1jvmMHJfaByNN_Q4Dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:79:f7:95:8e:30:d7:7f:e9:5d:c3:2f:67:a8:ef:e8:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b69087cef600358ef98c1c97da07234dfd0e037
        Validity
            Not Before: Jun 16 18:19:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07d2335cb2f68b1b9463c34272d32bcb767d4926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ad:93:b3:82:01:fd:49:3a:04:2a:3c:1d:90:
                    ea:2e:0b:ab:e4:48:5e:6e:61:44:21:ea:7d:1a:7d:
                    23:8e:2a:a4:40:72:45:59:33:eb:51:a9:9e:e7:52:
                    d6:d7:28:15:2b:1e:2e:bc:f6:8f:86:32:2c:be:64:
                    6d:46:9e:50:3d:64:00:34:99:97:75:f8:a0:09:36:
                    db:02:6c:17:a9:ef:be:bc:cd:64:b3:00:8b:81:b1:
                    ea:ae:17:6f:aa:ac:93:0e:b0:fa:89:ae:de:33:fa:
                    5a:03:16:21:6b:4e:81:79:49:a2:61:02:12:ca:f4:
                    8a:17:23:a6:60:b2:20:9a:b1:71:8e:9d:82:00:ec:
                    df:68:aa:ea:1a:4c:d8:61:3f:20:4b:f9:ec:65:70:
                    13:92:28:d4:a6:65:90:b7:47:0f:86:45:9d:ea:27:
                    55:34:84:ac:80:5a:67:7c:23:ad:f6:c3:a2:db:37:
                    5f:db:7d:1c:ae:36:12:9b:db:23:79:23:1c:5a:e3:
                    7a:44:65:cd:8f:1f:d5:5d:b9:b6:63:14:55:a4:f5:
                    50:21:28:1e:9f:01:15:ea:9b:00:56:6b:08:7c:5a:
                    b9:4f:19:04:73:b0:7c:fd:6d:fe:8b:37:2f:ea:ec:
                    1b:c2:b0:2a:8e:c7:6b:8a:46:c3:64:36:e6:48:c9:
                    e5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D2:33:5C:B2:F6:8B:1B:94:63:C3:42:72:D3:2B:CB:76:7D:49:26
            X509v3 Authority Key Identifier:
                keyid:0B:69:08:7C:EF:60:03:58:EF:98:C1:C9:7D:A0:72:34:DF:D0:E0:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C2kIfO9gA1jvmMHJfaByNN_Q4Dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/585e61-9a49-45a9-91f7-df8adad897bf/1/B9IzXLL2ixuUY8NCctMry3Z9SSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/585e61-9a49-45a9-91f7-df8adad897bf/1/C2kIfO9gA1jvmMHJfaByNN_Q4Dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:f3:62:04:b3:02:9d:35:a2:ea:0c:16:02:78:96:26:f4:a0:
         df:46:9a:bc:0f:44:d3:47:51:6a:d5:e9:b1:88:0d:b9:69:57:
         00:72:ba:11:e7:bf:e3:66:cb:9d:72:f5:63:86:57:24:83:49:
         8f:b5:80:6b:9b:1b:0a:96:55:da:b2:5e:89:64:39:d8:29:6b:
         d4:56:41:1a:30:66:74:8c:0e:33:ec:aa:86:22:0d:1b:17:48:
         23:44:6d:24:f3:0e:c4:cc:82:58:56:e0:ab:67:42:52:c3:d0:
         3f:35:8f:6b:4b:a1:58:da:bd:f3:cb:20:df:5a:1e:75:4f:de:
         b7:dc:88:36:cf:24:9b:5f:fe:e4:09:40:52:01:72:c0:4c:0a:
         a7:7d:50:23:66:8d:00:c9:e7:8d:54:32:a3:bf:94:fd:d6:97:
         e9:5b:a9:96:18:40:4b:70:92:f3:ba:24:11:83:03:9d:b4:bb:
         9d:ea:dd:54:3f:85:f1:03:b4:ac:b9:cb:4a:3f:8c:20:63:a4:
         f3:09:1e:c7:3c:0b:37:46:4b:c0:73:91:b6:33:49:3d:57:8a:
         c0:9e:59:f6:8c:2d:ab:00:f3:93:64:c9:5d:0e:31:01:f3:04:
         aa:b9:77:de:b9:00:c7:8f:04:16:08:40:b8:d8:be:ca:32:e1:
         39:3a:a0:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd595WOMNd/6V3DL2eo7+gyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNjkwODdjZWY2MDAzNThlZjk4YzFjOTdkYTA3MjM0ZGZk
MGUwMzcwHhcNMjUwNjE2MTgxOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2QyMzM1Y2IyZjY4YjFiOTQ2M2MzNDI3MmQzMmJjYjc2N2Q0OTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAva2Ts4IB/Uk6BCo8HZDqLgur5Ehe
bmFEIep9Gn0jjiqkQHJFWTPrUame51LW1ygVKx4uvPaPhjIsvmRtRp5QPWQANJmX
dfigCTbbAmwXqe++vM1kswCLgbHqrhdvqqyTDrD6ia7eM/paAxYha06BeUmiYQIS
yvSKFyOmYLIgmrFxjp2CAOzfaKrqGkzYYT8gS/nsZXATkijUpmWQt0cPhkWd6idV
NISsgFpnfCOt9sOi2zdf230crjYSm9sjeSMcWuN6RGXNjx/VXbm2YxRVpPVQISge
nwEV6psAVmsIfFq5TxkEc7B8/W3+izcv6uwbwrAqjsdrikbDZDbmSMnl4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfSM1yy9osblGPDQnLTK8t2fUkmMB8GA1UdIwQY
MBaAFAtpCHzvYANY75jByX2gcjTf0OA3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzJrSWZPOWdBMWp2bU1ISmZhQnlOTl9RNERjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81ODVlNjEtOWE0OS00NWE5LTkxZjct
ZGY4YWRhZDg5N2JmLzEvQjlJelhMTDJpeHVVWThOQ2N0TXJ5M1o5U1NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81ODVlNjEtOWE0OS00NWE5LTkxZjctZGY4YWRhZDg5N2Jm
LzEvQzJrSWZPOWdBMWp2bU1ISmZhQnlOTl9RNERjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+UcMA0G
CSqGSIb3DQEBCwUAA4IBAQAc82IEswKdNaLqDBYCeJYm9KDfRpq8D0TTR1Fq1emx
iA25aVcAcroR57/jZsudcvVjhlckg0mPtYBrmxsKllXasl6JZDnYKWvUVkEaMGZ0
jA4z7KqGIg0bF0gjRG0k8w7EzIJYVuCrZ0JSw9A/NY9rS6FY2r3zyyDfWh51T963
3Ig2zySbX/7kCUBSAXLATAqnfVAjZo0AyeeNVDKjv5T91pfpW6mWGEBLcJLzuiQR
gwOdtLud6t1UP4XxA7SsuctKP4wgY6TzCR7HPAs3RkvAc5G2M0k9V4rAnln2jC2r
APOTZMldDjEB8wSquXfeuQDHjwQWCEC42L7KMuE5OqBI
-----END CERTIFICATE-----