Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/o75SZJQB7BDg8jN7-wCLVZZU43Q.roa
File:                     o75SZJQB7BDg8jN7-wCLVZZU43Q.roa (raw, json)
Hash identifier:          YoHLDv7i0DiKAwLzD3DQQKrRMEjj+3O1YcFwumNi5CE=
Subject key identifier:   A3:BE:52:64:94:01:EC:10:E0:F2:33:7B:FB:00:8B:55:96:54:E3:74
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019712EEE24871467180656E8F2E54B3ED34
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/o75SZJQB7BDg8jN7-wCLVZZU43Q.roa
Signing time:             Tue 27 May 2025 18:08:54 +0000
ROA not before:           Tue 27 May 2025 18:08:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43278
IP address blocks:        91.192.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 04:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:12:ee:e2:48:71:46:71:80:65:6e:8f:2e:54:b3:ed:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: May 27 18:08:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3be52649401ec10e0f2337bfb008b559654e374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:34:b3:dd:18:d6:bd:a7:3d:1f:84:2d:8f:93:
                    09:58:57:b4:3d:92:8e:ae:fd:db:0d:b3:70:87:f5:
                    96:f7:85:ee:cb:a2:b4:bd:03:5c:4a:23:5c:4b:ac:
                    9d:e6:c4:d0:37:6e:bd:7f:ae:28:cc:f4:70:27:67:
                    e0:6a:c1:57:3b:7a:09:87:68:cc:3f:13:b0:8d:3d:
                    50:7c:75:b6:2b:e0:19:ab:18:99:da:81:a8:95:3b:
                    b9:84:12:ea:8d:57:ec:37:d4:d3:8e:60:df:5c:b8:
                    ca:17:d6:60:e9:5c:de:f8:76:4c:7d:1f:c5:42:5c:
                    58:55:13:98:c4:a8:b3:7d:42:7d:80:09:99:15:da:
                    12:1f:e4:4c:20:51:0c:3a:de:fc:45:ba:56:21:97:
                    b5:08:f4:30:2f:4b:1e:39:6d:12:ea:e5:d6:09:79:
                    c2:88:4f:ab:7a:ab:fc:fb:48:88:a2:fd:47:e8:ee:
                    ad:46:c9:8c:66:b4:45:0f:7c:18:fd:f7:e7:d5:67:
                    e9:a0:cf:aa:d6:11:9a:bd:49:82:5b:f8:55:e4:c6:
                    c5:bc:ca:bf:9a:3e:b5:92:0e:73:98:e9:31:ad:43:
                    5b:49:4a:2f:48:81:0c:54:e6:22:9b:e8:60:15:95:
                    ed:95:02:d5:20:61:0d:91:bd:bc:61:d0:77:7f:9c:
                    59:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:BE:52:64:94:01:EC:10:E0:F2:33:7B:FB:00:8B:55:96:54:E3:74
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/o75SZJQB7BDg8jN7-wCLVZZU43Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:d5:30:ca:28:b9:09:b4:7c:0b:1a:c9:77:38:74:1b:85:d7:
         22:30:77:2c:ce:1b:11:99:89:a9:27:58:c5:e7:c2:16:b5:cb:
         cd:33:dd:5c:8b:d0:50:f9:37:13:98:2b:fd:d8:3d:b8:76:7a:
         81:49:18:94:41:64:30:ff:45:f3:65:79:53:00:5c:e4:e0:b1:
         f3:aa:ff:07:73:30:ce:97:11:40:b4:72:eb:1f:84:13:c4:da:
         e2:35:df:c0:de:8e:42:2c:7b:25:3a:fe:73:e9:e2:8e:11:9d:
         87:62:2f:c4:4b:21:59:46:55:2f:0a:12:c0:d6:75:3b:14:4a:
         ab:e9:59:63:88:16:c3:21:64:3a:69:67:c8:0f:a3:90:76:a7:
         0f:84:5e:e7:59:93:20:96:4a:c2:d8:97:1d:4b:96:11:b8:04:
         61:9c:4c:77:f9:d2:1d:76:26:9b:8a:9d:8b:10:2e:b5:be:04:
         97:92:ae:fb:23:72:0e:70:b5:37:59:c7:9a:50:ac:74:53:18:
         ca:27:ce:f2:6c:d7:e1:6b:e9:c8:53:89:0f:c1:5e:62:24:ff:
         4e:4d:56:c8:c8:7f:bb:e6:ad:e1:03:26:95:a2:36:da:5f:ed:
         37:84:d3:1c:d7:c6:e2:bc:2c:21:b3:ad:62:dc:ae:17:ff:c8:
         55:3e:17:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcS7uJIcUZxgGVujy5Us+00MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwNTI3MTgwODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2JlNTI2NDk0MDFlYzEwZTBmMjMzN2JmYjAwOGI1NTk2NTRlMzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3TSz3RjWvac9H4Qtj5MJWFe0PZKO
rv3bDbNwh/WW94Xuy6K0vQNcSiNcS6yd5sTQN269f64ozPRwJ2fgasFXO3oJh2jM
PxOwjT1QfHW2K+AZqxiZ2oGolTu5hBLqjVfsN9TTjmDfXLjKF9Zg6Vze+HZMfR/F
QlxYVROYxKizfUJ9gAmZFdoSH+RMIFEMOt78RbpWIZe1CPQwL0seOW0S6uXWCXnC
iE+reqv8+0iIov1H6O6tRsmMZrRFD3wY/ffn1WfpoM+q1hGavUmCW/hV5MbFvMq/
mj61kg5zmOkxrUNbSUovSIEMVOYim+hgFZXtlQLVIGENkb28YdB3f5xZiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKO+UmSUAewQ4PIze/sAi1WWVON0MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvbzc1U1pKUUI3QkRnOGpONy13Q0xWWlpVNDNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8BdMA0G
CSqGSIb3DQEBCwUAA4IBAQBN1TDKKLkJtHwLGsl3OHQbhdciMHcszhsRmYmpJ1jF
58IWtcvNM91ci9BQ+TcTmCv92D24dnqBSRiUQWQw/0XzZXlTAFzk4LHzqv8HczDO
lxFAtHLrH4QTxNriNd/A3o5CLHslOv5z6eKOEZ2HYi/ESyFZRlUvChLA1nU7FEqr
6VljiBbDIWQ6aWfID6OQdqcPhF7nWZMglkrC2JcdS5YRuARhnEx3+dIddiabip2L
EC61vgSXkq77I3IOcLU3WceaUKx0UxjKJ87ybNfha+nIU4kPwV5iJP9OTVbIyH+7
5q3hAyaVojbaX+03hNMc18bivCwhs61i3K4X/8hVPhfm
-----END CERTIFICATE-----