Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/ah-NG29pky0jPHEcgeOL-kOfH0Q.roa
File:                     ah-NG29pky0jPHEcgeOL-kOfH0Q.roa (raw, json)
Hash identifier:          zKBnGYN4489QuBEbUaXwtDobGG4YVTXSMpaIv+wNvKw=
Subject key identifier:   6A:1F:8D:1B:6F:69:93:2D:23:3C:71:1C:81:E3:8B:FA:43:9F:1F:44
Certificate issuer:       /CN=e8534643ec4826b439417fdb3cb2c493e61f949e
Certificate serial:       0197307FE70B46877F49C0A75B397DED8895
Authority key identifier: E8:53:46:43:EC:48:26:B4:39:41:7F:DB:3C:B2:C4:93:E6:1F:94:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/ah-NG29pky0jPHEcgeOL-kOfH0Q.roa
Signing time:             Mon 02 Jun 2025 11:56:17 +0000
ROA not before:           Mon 02 Jun 2025 11:56:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44622
IP address blocks:        91.225.253.0/24 maxlen: 24
                          91.225.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 20:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:30:7f:e7:0b:46:87:7f:49:c0:a7:5b:39:7d:ed:88:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8534643ec4826b439417fdb3cb2c493e61f949e
        Validity
            Not Before: Jun  2 11:56:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a1f8d1b6f69932d233c711c81e38bfa439f1f44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:5b:c5:0f:c9:2c:d3:c5:43:e9:f2:24:4f:dd:
                    94:f8:16:72:19:8d:c5:50:89:3e:03:bf:d8:e3:67:
                    59:14:3e:23:23:fb:46:b2:66:c1:52:f6:59:67:d4:
                    ce:6b:fe:03:e2:22:72:55:15:13:dc:cb:32:b6:61:
                    84:cf:b9:16:1e:08:5d:26:4f:85:10:22:92:2f:02:
                    52:d3:b7:1d:77:a4:b2:c9:7a:75:8d:bf:38:07:67:
                    c8:55:2b:da:e8:05:be:1c:4a:e3:b4:f4:13:63:e4:
                    07:96:87:23:e3:61:11:39:90:90:91:4b:b7:73:16:
                    e6:0b:40:45:f7:85:e6:c4:de:3b:5a:51:61:49:06:
                    7f:0d:81:eb:75:6c:04:34:d2:e4:2e:28:8e:85:ac:
                    af:99:8d:1c:3d:4b:47:b5:5c:15:99:2b:d3:2f:07:
                    66:ab:30:15:5e:f1:c8:d0:60:84:51:7f:44:fd:cc:
                    8e:de:8c:ae:14:14:89:0d:4a:79:ad:e3:e5:2f:3e:
                    d9:4b:0f:ab:f5:ee:4c:54:c7:d7:0e:d0:60:2e:e1:
                    0b:58:c5:13:cc:df:f5:82:74:ca:4a:61:8f:9b:71:
                    56:de:75:74:ee:29:49:58:b2:ba:4e:d7:c3:b7:30:
                    bc:32:7b:2a:aa:9b:41:4a:7a:19:fb:b5:0b:6d:5e:
                    d5:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:1F:8D:1B:6F:69:93:2D:23:3C:71:1C:81:E3:8B:FA:43:9F:1F:44
            X509v3 Authority Key Identifier:
                keyid:E8:53:46:43:EC:48:26:B4:39:41:7F:DB:3C:B2:C4:93:E6:1F:94:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/ah-NG29pky0jPHEcgeOL-kOfH0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/83cae6-5bcb-48c4-8ebd-29de48ee00b9/1/6FNGQ-xIJrQ5QX_bPLLEk-YflJ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.225.253.0/24
                  91.225.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:83:af:81:d1:d3:97:0f:38:18:21:32:0f:81:23:e3:df:60:
         43:93:1d:6e:cf:fc:ec:8e:b6:5d:4b:cb:0c:e0:fe:24:5a:0d:
         b1:87:44:88:9b:ff:ea:23:4b:55:a1:f6:25:d9:ee:7e:5f:20:
         7e:2d:71:74:6b:5a:9a:a2:66:ee:91:8f:d4:38:fe:6a:ab:ff:
         68:99:2c:e0:bc:65:c7:97:ab:83:e1:d1:6c:a0:ba:35:55:08:
         20:d3:f8:2b:c0:00:02:0b:11:46:0c:f1:03:1c:65:da:71:94:
         58:30:54:ac:bb:b9:33:4a:98:d9:7e:ed:1d:ba:43:b6:77:f6:
         6c:fa:ec:00:a4:89:d1:fe:27:0e:c3:ec:71:64:92:46:42:e8:
         4a:fc:ae:04:be:a4:df:9d:3f:7a:b2:4a:8e:2c:81:bb:a6:61:
         c9:a2:a0:e5:fc:68:6c:59:45:cf:56:4e:52:20:98:f7:67:8f:
         20:e4:1a:c4:0a:83:62:5b:07:60:7f:ce:70:11:83:bb:b2:f2:
         f6:42:99:bd:9d:15:1d:22:60:5f:a0:95:1d:ea:bf:f1:6f:1e:
         d2:65:31:1e:a4:45:3f:74:69:eb:9b:ce:9a:d5:a2:7c:f3:6b:
         71:2b:81:ae:ec:4f:f2:0f:31:07:54:47:91:1f:eb:8b:5a:1f:
         98:b1:12:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcwf+cLRod/ScCnWzl97YiVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NTM0NjQzZWM0ODI2YjQzOTQxN2ZkYjNjYjJjNDkzZTYx
Zjk0OWUwHhcNMjUwNjAyMTE1NjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTFmOGQxYjZmNjk5MzJkMjMzYzcxMWM4MWUzOGJmYTQzOWYxZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVvFD8ks08VD6fIkT92U+BZyGY3F
UIk+A7/Y42dZFD4jI/tGsmbBUvZZZ9TOa/4D4iJyVRUT3MsytmGEz7kWHghdJk+F
ECKSLwJS07cdd6SyyXp1jb84B2fIVSva6AW+HErjtPQTY+QHlocj42EROZCQkUu3
cxbmC0BF94XmxN47WlFhSQZ/DYHrdWwENNLkLiiOhayvmY0cPUtHtVwVmSvTLwdm
qzAVXvHI0GCEUX9E/cyO3oyuFBSJDUp5rePlLz7ZSw+r9e5MVMfXDtBgLuELWMUT
zN/1gnTKSmGPm3FW3nV07ilJWLK6TtfDtzC8MnsqqptBSnoZ+7ULbV7VDwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGofjRtvaZMtIzxxHIHji/pDnx9EMB8GA1UdIwQY
MBaAFOhTRkPsSCa0OUF/2zyyxJPmH5SeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkZOR1EteElKclE1UVhfYlBMTEVrLVlmbEo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi84M2NhZTYtNWJjYi00OGM0LThlYmQt
MjlkZTQ4ZWUwMGI5LzEvYWgtTkcyOXBreTBqUEhFY2dlT0wta09mSDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi84M2NhZTYtNWJjYi00OGM0LThlYmQtMjlkZTQ4ZWUwMGI5
LzEvNkZOR1EteElKclE1UVhfYlBMTEVrLVlmbEo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+H9AwQA
W+H/MA0GCSqGSIb3DQEBCwUAA4IBAQAMg6+B0dOXDzgYITIPgSPj32BDkx1uz/zs
jrZdS8sM4P4kWg2xh0SIm//qI0tVofYl2e5+XyB+LXF0a1qaombukY/UOP5qq/9o
mSzgvGXHl6uD4dFsoLo1VQgg0/grwAACCxFGDPEDHGXacZRYMFSsu7kzSpjZfu0d
ukO2d/Zs+uwApInR/icOw+xxZJJGQuhK/K4EvqTfnT96skqOLIG7pmHJoqDl/Ghs
WUXPVk5SIJj3Z48g5BrECoNiWwdgf85wEYO7svL2Qpm9nRUdImBfoJUd6r/xbx7S
ZTEepEU/dGnrm86a1aJ882txK4Gu7E/yDzEHVEeRH+uLWh+YsRJa
-----END CERTIFICATE-----