Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/Nv0kB92sxyxJ8iWQHXtACpJ0soM.roa
File:                     Nv0kB92sxyxJ8iWQHXtACpJ0soM.roa (raw, json)
Hash identifier:          vC0SEDXDi4vVZ6DYzJA6LCPu7idkWT1+eje04+1NeFw=
Subject key identifier:   36:FD:24:07:DD:AC:C7:2C:49:F2:25:90:1D:7B:40:0A:92:74:B2:83
Certificate issuer:       /CN=e0f2f545ddb234e383d36b8a8d6b56a38dd72f89
Certificate serial:       01967B69CA809C45120F0A875C8FB4D510BA
Authority key identifier: E0:F2:F5:45:DD:B2:34:E3:83:D3:6B:8A:8D:6B:56:A3:8D:D7:2F:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4PL1Rd2yNOOD02uKjWtWo43XL4k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/Nv0kB92sxyxJ8iWQHXtACpJ0soM.roa
Signing time:             Mon 28 Apr 2025 08:00:52 +0000
ROA not before:           Mon 28 Apr 2025 08:00:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9009
IP address blocks:        91.207.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/4PL1Rd2yNOOD02uKjWtWo43XL4k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/4PL1Rd2yNOOD02uKjWtWo43XL4k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4PL1Rd2yNOOD02uKjWtWo43XL4k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 14:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7b:69:ca:80:9c:45:12:0f:0a:87:5c:8f:b4:d5:10:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0f2f545ddb234e383d36b8a8d6b56a38dd72f89
        Validity
            Not Before: Apr 28 08:00:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36fd2407ddacc72c49f225901d7b400a9274b283
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:83:f2:78:e6:f9:ed:c6:2b:de:57:13:78:00:
                    3d:94:0e:50:93:14:da:de:59:9c:11:71:b8:d7:f4:
                    f6:de:ca:1c:97:2d:d0:59:a4:3b:f7:34:b0:36:11:
                    b1:61:42:63:08:da:ad:eb:0e:77:10:b9:44:98:59:
                    47:79:2e:f6:bf:1e:a2:63:b7:d4:92:5e:78:a6:b5:
                    d1:cd:b1:f7:91:06:48:27:6a:c8:3d:8b:4f:3c:5d:
                    43:09:2b:61:e8:3b:b7:2c:8c:1e:b5:c0:20:e6:cb:
                    69:68:5f:f0:c1:71:f3:46:8b:03:77:79:63:2f:f6:
                    d6:2c:3a:c2:46:1a:dd:f3:dc:2c:c9:8e:53:b4:3e:
                    d5:a4:97:3e:65:b6:7d:08:21:0c:9a:55:c5:48:79:
                    00:b7:83:a8:7b:86:87:fd:92:2a:7a:60:ab:14:51:
                    8c:05:48:b0:be:27:c2:1e:a7:84:c0:26:f5:66:5f:
                    6e:39:cd:97:99:ba:bd:90:7e:aa:52:4f:fa:fb:b2:
                    37:7a:5a:7b:e6:34:9c:e0:15:05:94:39:4d:08:d2:
                    d3:82:af:68:f1:e8:b1:99:4a:23:e1:67:c8:2a:83:
                    e6:4e:a2:b1:13:03:e8:78:c9:af:cd:54:b3:3f:a7:
                    63:04:d3:0f:67:c4:80:c3:8d:51:90:30:a1:03:b3:
                    7b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:FD:24:07:DD:AC:C7:2C:49:F2:25:90:1D:7B:40:0A:92:74:B2:83
            X509v3 Authority Key Identifier:
                keyid:E0:F2:F5:45:DD:B2:34:E3:83:D3:6B:8A:8D:6B:56:A3:8D:D7:2F:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4PL1Rd2yNOOD02uKjWtWo43XL4k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/Nv0kB92sxyxJ8iWQHXtACpJ0soM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/c80c5a-fae2-466d-aa16-8ca6c33d14bb/1/4PL1Rd2yNOOD02uKjWtWo43XL4k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:1a:5e:ed:47:d5:04:7d:50:cc:5f:05:b2:16:1c:ea:74:64:
         54:8e:f1:e7:4e:11:7f:47:f3:e6:8c:55:91:63:70:93:45:f5:
         a9:e8:50:67:9f:fd:4c:27:83:5d:ca:0f:d2:1d:1c:d4:be:c3:
         53:41:f3:e4:f3:99:f6:ea:8a:04:89:41:8d:08:6a:7d:1d:1c:
         f9:c7:80:a1:6c:ba:34:1c:bc:75:72:3d:d1:ff:8f:c5:e7:d2:
         b9:4a:2f:0a:f9:6c:77:8f:63:78:60:b5:7f:e9:5b:82:5b:0e:
         e0:61:07:a0:ba:73:11:23:55:1d:5d:09:b8:d2:b3:54:e1:64:
         d0:4c:80:eb:20:f9:91:40:8f:43:1e:b9:77:02:5a:14:81:f7:
         1e:dc:7c:42:ee:57:d0:90:f2:b3:79:ed:86:8b:a6:26:1b:89:
         82:a5:4f:a2:65:8b:07:e0:ef:61:4b:89:4b:68:ab:e2:94:35:
         f7:75:47:89:a6:3c:5f:53:22:10:78:4f:d5:df:fb:98:2a:e3:
         67:3a:23:60:22:c4:28:83:46:eb:c0:7e:e7:39:98:63:bd:a0:
         51:b5:07:b8:87:96:f4:b5:1b:8e:55:af:d4:51:23:a0:cc:0e:
         10:c3:33:3a:11:d4:83:7b:45:20:96:7f:b3:e8:02:7e:4a:62:
         ad:b6:b7:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ7acqAnEUSDwqHXI+01RC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZjJmNTQ1ZGRiMjM0ZTM4M2QzNmI4YThkNmI1NmEzOGRk
NzJmODkwHhcNMjUwNDI4MDgwMDUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmZkMjQwN2RkYWNjNzJjNDlmMjI1OTAxZDdiNDAwYTkyNzRiMjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+oPyeOb57cYr3lcTeAA9lA5QkxTa
3lmcEXG41/T23socly3QWaQ79zSwNhGxYUJjCNqt6w53ELlEmFlHeS72vx6iY7fU
kl54prXRzbH3kQZIJ2rIPYtPPF1DCSth6Du3LIwetcAg5stpaF/wwXHzRosDd3lj
L/bWLDrCRhrd89wsyY5TtD7VpJc+ZbZ9CCEMmlXFSHkAt4Ooe4aH/ZIqemCrFFGM
BUiwvifCHqeEwCb1Zl9uOc2Xmbq9kH6qUk/6+7I3elp75jSc4BUFlDlNCNLTgq9o
8eixmUoj4WfIKoPmTqKxEwPoeMmvzVSzP6djBNMPZ8SAw41RkDChA7N7QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDb9JAfdrMcsSfIlkB17QAqSdLKDMB8GA1UdIwQY
MBaAFODy9UXdsjTjg9Nrio1rVqON1y+JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFBMMVJkMnlOT09EMDJ1S2pXdFdvNDNYTDRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9jODBjNWEtZmFlMi00NjZkLWFhMTYt
OGNhNmMzM2QxNGJiLzEvTnYwa0I5MnN4eXhKOGlXUUhYdEFDcEowc29NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9jODBjNWEtZmFlMi00NjZkLWFhMTYtOGNhNmMzM2QxNGJi
LzEvNFBMMVJkMnlOT09EMDJ1S2pXdFdvNDNYTDRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8/sMA0G
CSqGSIb3DQEBCwUAA4IBAQB8Gl7tR9UEfVDMXwWyFhzqdGRUjvHnThF/R/PmjFWR
Y3CTRfWp6FBnn/1MJ4Ndyg/SHRzUvsNTQfPk85n26ooEiUGNCGp9HRz5x4ChbLo0
HLx1cj3R/4/F59K5Si8K+Wx3j2N4YLV/6VuCWw7gYQegunMRI1UdXQm40rNU4WTQ
TIDrIPmRQI9DHrl3AloUgfce3HxC7lfQkPKzee2Gi6YmG4mCpU+iZYsH4O9hS4lL
aKvilDX3dUeJpjxfUyIQeE/V3/uYKuNnOiNgIsQog0brwH7nOZhjvaBRtQe4h5b0
tRuOVa/UUSOgzA4QwzM6EdSDe0Ugln+z6AJ+SmKttrfk
-----END CERTIFICATE-----