Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/l3EQEBZnleFof5yb88UhTSSdRTM.roa
File:                     l3EQEBZnleFof5yb88UhTSSdRTM.roa (raw, json)
Hash identifier:          UQRjHQuRnFXbfdwyx6MJct5Sj+7na+HTqU/QptK8INI=
Subject key identifier:   97:71:10:10:16:67:95:E1:68:7F:9C:9B:F3:C5:21:4D:24:9D:45:33
Certificate issuer:       /CN=706745ad92353da8a80cb2e0d229d68c2ef53db2
Certificate serial:       0197ABD43E1BE6D5A341CAE2BEE26EF716C7
Authority key identifier: 70:67:45:AD:92:35:3D:A8:A8:0C:B2:E0:D2:29:D6:8C:2E:F5:3D:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cGdFrZI1PaioDLLg0inWjC71PbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/l3EQEBZnleFof5yb88UhTSSdRTM.roa
Signing time:             Thu 26 Jun 2025 10:41:42 +0000
ROA not before:           Thu 26 Jun 2025 10:41:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     32043
IP address blocks:        91.219.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/cGdFrZI1PaioDLLg0inWjC71PbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/cGdFrZI1PaioDLLg0inWjC71PbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cGdFrZI1PaioDLLg0inWjC71PbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ab:d4:3e:1b:e6:d5:a3:41:ca:e2:be:e2:6e:f7:16:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706745ad92353da8a80cb2e0d229d68c2ef53db2
        Validity
            Not Before: Jun 26 10:41:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=97711010166795e1687f9c9bf3c5214d249d4533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:cb:61:b1:18:44:c2:a5:c7:0c:d8:ad:c8:8b:
                    13:83:29:2d:34:34:a6:b9:a1:61:f4:26:2a:d4:39:
                    ee:7e:3a:d0:49:dc:dd:7a:3c:ab:1c:90:30:52:ad:
                    52:84:e3:55:22:5d:7d:2f:e7:36:c3:a9:f5:89:c8:
                    c4:ef:d1:0a:09:c1:b3:f3:40:57:1a:b9:a1:38:95:
                    e8:ce:72:52:0e:95:79:ad:7f:df:9f:42:19:e8:58:
                    3f:f4:21:e5:51:f9:fa:68:79:7e:11:ac:31:82:e8:
                    a8:fe:89:52:78:a1:30:07:8e:9e:ed:b3:e9:82:77:
                    95:a2:59:f8:d2:2d:22:a4:2c:ad:ee:99:63:0b:e2:
                    ed:88:67:35:ad:ff:68:a1:97:2a:b0:f4:a4:42:9a:
                    cc:8c:ea:02:60:e3:a6:93:ac:01:7f:a7:f7:61:d1:
                    2c:6c:fe:9f:f4:a4:7f:1b:2a:86:45:08:31:22:19:
                    e6:1f:c7:dc:c1:1b:c6:0c:5b:4d:76:fa:4b:cb:b8:
                    5d:fd:3a:f1:2d:46:b5:ad:73:1e:41:54:34:dd:78:
                    e5:9e:92:13:97:e4:c3:90:0f:f8:f8:c2:cd:f5:23:
                    aa:08:b6:97:03:19:a5:85:60:d6:f3:cf:b1:6e:2a:
                    22:26:32:49:19:15:57:7f:88:59:ba:4b:c7:75:bf:
                    5d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:71:10:10:16:67:95:E1:68:7F:9C:9B:F3:C5:21:4D:24:9D:45:33
            X509v3 Authority Key Identifier:
                keyid:70:67:45:AD:92:35:3D:A8:A8:0C:B2:E0:D2:29:D6:8C:2E:F5:3D:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cGdFrZI1PaioDLLg0inWjC71PbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/l3EQEBZnleFof5yb88UhTSSdRTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d0abd0-b114-4e3a-ae59-e21763c672fa/1/cGdFrZI1PaioDLLg0inWjC71PbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.219.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:81:ff:c4:9c:d8:53:d7:a4:4f:d2:cd:a2:0b:12:7b:5d:02:
         be:e3:67:b5:78:0b:6f:e6:b1:7b:c0:d4:a6:89:f3:e6:c8:bb:
         fc:55:ce:d2:c9:e0:2a:49:10:17:85:3e:3a:8a:e1:58:ef:25:
         bd:f5:49:c3:98:23:c8:c3:81:a7:6a:60:59:12:b7:c3:ab:10:
         1d:cd:4d:5d:a8:ee:16:bf:33:db:26:24:d9:e6:9b:22:c0:d5:
         7d:76:53:d8:58:8a:94:61:1f:28:d5:99:39:ec:29:0f:2c:9d:
         1f:31:41:83:96:06:b8:a6:97:19:d4:ba:00:4c:8d:9d:b4:09:
         99:62:1c:d6:5f:73:37:14:36:00:7d:a6:74:81:74:7d:9c:83:
         71:4c:bb:2d:a9:aa:d8:c1:83:17:19:69:7f:ca:53:9c:26:fa:
         3b:a0:43:4a:c8:02:a7:6d:8d:8b:af:62:38:2c:5f:c8:50:9a:
         56:78:44:66:ea:f1:f8:cb:ac:17:7b:0a:d8:84:ec:bf:0c:0e:
         72:b7:7a:8e:aa:40:08:44:92:a3:67:2c:c7:30:63:f3:a1:2f:
         11:98:54:2e:7e:f4:cb:c6:60:c0:f9:6f:9d:3e:de:df:2c:bf:
         3d:95:56:e0:38:05:63:84:35:0b:73:02:40:66:1e:71:30:94:
         8b:9a:a0:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZer1D4b5tWjQcrivuJu9xbHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNjc0NWFkOTIzNTNkYThhODBjYjJlMGQyMjlkNjhjMmVm
NTNkYjIwHhcNMjUwNjI2MTA0MTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzcxMTAxMDE2Njc5NWUxNjg3ZjljOWJmM2M1MjE0ZDI0OWQ0NTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMthsRhEwqXHDNityIsTgyktNDSm
uaFh9CYq1DnufjrQSdzdejyrHJAwUq1ShONVIl19L+c2w6n1icjE79EKCcGz80BX
GrmhOJXoznJSDpV5rX/fn0IZ6Fg/9CHlUfn6aHl+Eawxguio/olSeKEwB46e7bPp
gneVoln40i0ipCyt7pljC+LtiGc1rf9ooZcqsPSkQprMjOoCYOOmk6wBf6f3YdEs
bP6f9KR/GyqGRQgxIhnmH8fcwRvGDFtNdvpLy7hd/TrxLUa1rXMeQVQ03XjlnpIT
l+TDkA/4+MLN9SOqCLaXAxmlhWDW88+xbioiJjJJGRVXf4hZukvHdb9dFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdxEBAWZ5XhaH+cm/PFIU0knUUzMB8GA1UdIwQY
MBaAFHBnRa2SNT2oqAyy4NIp1owu9T2yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0dkRnJaSTFQYWlvRExMZzBpbldqQzcxUGJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kMGFiZDAtYjExNC00ZTNhLWFlNTkt
ZTIxNzYzYzY3MmZhLzEvbDNFUUVCWm5sZUZvZjV5Yjg4VWhUU1NkUlRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kMGFiZDAtYjExNC00ZTNhLWFlNTktZTIxNzYzYzY3MmZh
LzEvY0dkRnJaSTFQYWlvRExMZzBpbldqQzcxUGJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9sIMA0G
CSqGSIb3DQEBCwUAA4IBAQCYgf/EnNhT16RP0s2iCxJ7XQK+42e1eAtv5rF7wNSm
ifPmyLv8Vc7SyeAqSRAXhT46iuFY7yW99UnDmCPIw4GnamBZErfDqxAdzU1dqO4W
vzPbJiTZ5psiwNV9dlPYWIqUYR8o1Zk57CkPLJ0fMUGDlga4ppcZ1LoATI2dtAmZ
YhzWX3M3FDYAfaZ0gXR9nINxTLstqarYwYMXGWl/ylOcJvo7oENKyAKnbY2Lr2I4
LF/IUJpWeERm6vH4y6wXewrYhOy/DA5yt3qOqkAIRJKjZyzHMGPzoS8RmFQufvTL
xmDA+W+dPt7fLL89lVbgOAVjhDULcwJAZh5xMJSLmqA7
-----END CERTIFICATE-----