Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/urb5X6FZTn2N4AEWZ0Cy7IBMSok.roa
File:                     urb5X6FZTn2N4AEWZ0Cy7IBMSok.roa (raw, json)
Hash identifier:          eIx/+Q92OyfUmXFhGwGHYbaFXYNN5+3nl+duuXigAjY=
Subject key identifier:   BA:B6:F9:5F:A1:59:4E:7D:8D:E0:01:16:67:40:B2:EC:80:4C:4A:89
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019787FA9EDA97C565C12A0C7AC0900CCE7E
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/urb5X6FZTn2N4AEWZ0Cy7IBMSok.roa
Signing time:             Thu 19 Jun 2025 11:37:18 +0000
ROA not before:           Thu 19 Jun 2025 11:37:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9098
IP address blocks:        91.191.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 13:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:87:fa:9e:da:97:c5:65:c1:2a:0c:7a:c0:90:0c:ce:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jun 19 11:37:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bab6f95fa1594e7d8de001166740b2ec804c4a89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:55:5c:d7:b4:b0:40:99:be:13:f4:8f:db:82:
                    cc:da:85:50:36:f9:2b:43:12:ed:c0:98:95:0f:a2:
                    c9:21:25:7f:fd:b5:3d:dd:53:75:a6:a5:82:86:03:
                    56:df:66:99:82:74:e8:86:b3:cf:ba:d4:82:70:3b:
                    a2:e0:75:40:5c:a7:98:33:79:98:8e:84:8e:4a:18:
                    2a:f4:01:7d:83:86:f9:e4:32:aa:3e:4c:bb:a0:34:
                    10:fd:4d:42:06:8e:75:08:a7:e5:53:b1:a1:c8:b6:
                    c7:2a:fd:3e:86:1e:5d:40:8d:8b:c2:65:00:15:2c:
                    37:fa:78:3f:98:7c:06:8c:4f:7a:24:03:c5:50:a6:
                    36:24:57:da:4e:66:4e:a5:8d:d8:8c:60:e9:84:43:
                    9b:ab:b0:28:5c:ce:97:63:2a:22:70:68:a9:62:c0:
                    01:8e:19:e5:eb:40:f6:37:1c:fc:d0:50:d4:56:65:
                    20:ff:6a:a4:e6:af:b3:83:62:c4:9c:ef:6c:75:3a:
                    c6:ca:18:e7:e0:04:f6:af:93:d0:ba:6d:bf:fb:f2:
                    ee:df:52:e1:64:51:1a:49:bf:23:ec:42:22:2a:3b:
                    03:bb:d6:22:89:be:8f:d2:44:49:49:ee:84:ee:07:
                    52:2a:07:d5:99:95:cb:3f:b1:4b:9f:17:0d:e8:f6:
                    7b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:B6:F9:5F:A1:59:4E:7D:8D:E0:01:16:67:40:B2:EC:80:4C:4A:89
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/urb5X6FZTn2N4AEWZ0Cy7IBMSok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.191.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:03:6d:c5:a9:15:9c:1c:d1:dc:f7:24:a1:fa:9b:6a:0a:ab:
         a4:be:ff:4a:7a:a4:4f:09:c4:19:e8:f2:44:6a:e9:1d:c7:38:
         ec:8d:72:d9:39:53:1f:fc:87:af:96:88:8b:f8:84:07:c7:8b:
         4f:f9:60:8a:14:aa:78:34:23:71:87:52:9c:e1:be:9c:a2:3e:
         70:20:6c:45:14:60:64:0c:01:d9:bc:5b:89:1b:65:43:47:5e:
         3a:ec:51:cb:cb:dd:e1:e0:8e:dd:89:6e:6b:61:b0:62:3a:d3:
         a7:28:34:43:19:84:1a:62:a5:98:17:b0:88:cf:27:9a:e2:41:
         dd:4a:c9:9a:0b:57:30:ce:61:ef:0f:f4:e0:4f:56:73:a2:b7:
         ca:09:21:6d:e6:23:d6:f6:79:c8:88:05:11:97:99:e0:8f:f8:
         4b:2d:a4:23:f9:e4:af:2a:86:8e:55:9b:60:e8:f1:67:51:d6:
         56:78:b4:a5:fc:65:42:e1:0e:66:f7:6c:93:50:f0:d4:db:1c:
         f1:cc:31:43:fb:23:32:d7:f6:c6:01:34:40:ff:66:e2:74:8c:
         84:fc:fa:e4:a9:5d:34:38:16:c6:e0:a4:74:be:35:99:03:2c:
         e1:dc:9a:e6:07:dd:f7:c8:ce:33:7d:aa:48:e7:1c:64:b1:ed:
         5d:d1:a1:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeH+p7al8VlwSoMesCQDM5+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjUwNjE5MTEzNzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWI2Zjk1ZmExNTk0ZTdkOGRlMDAxMTY2NzQwYjJlYzgwNGM0YTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1Vc17SwQJm+E/SP24LM2oVQNvkr
QxLtwJiVD6LJISV//bU93VN1pqWChgNW32aZgnTohrPPutSCcDui4HVAXKeYM3mY
joSOShgq9AF9g4b55DKqPky7oDQQ/U1CBo51CKflU7GhyLbHKv0+hh5dQI2LwmUA
FSw3+ng/mHwGjE96JAPFUKY2JFfaTmZOpY3YjGDphEObq7AoXM6XYyoicGipYsAB
jhnl60D2Nxz80FDUVmUg/2qk5q+zg2LEnO9sdTrGyhjn4AT2r5PQum2/+/Lu31Lh
ZFEaSb8j7EIiKjsDu9Yiib6P0kRJSe6E7gdSKgfVmZXLP7FLnxcN6PZ7zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLq2+V+hWU59jeABFmdAsuyATEqJMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvdXJiNVg2RlpUbjJONEFFV1owQ3k3SUJNU29rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW7+/MA0G
CSqGSIb3DQEBCwUAA4IBAQBiA23FqRWcHNHc9ySh+ptqCqukvv9KeqRPCcQZ6PJE
aukdxzjsjXLZOVMf/IevloiL+IQHx4tP+WCKFKp4NCNxh1Kc4b6coj5wIGxFFGBk
DAHZvFuJG2VDR1467FHLy93h4I7diW5rYbBiOtOnKDRDGYQaYqWYF7CIzyea4kHd
SsmaC1cwzmHvD/TgT1ZzorfKCSFt5iPW9nnIiAURl5ngj/hLLaQj+eSvKoaOVZtg
6PFnUdZWeLSl/GVC4Q5m92yTUPDU2xzxzDFD+yMy1/bGATRA/2bidIyE/PrkqV00
OBbG4KR0vjWZAyzh3JrmB933yM4zfapI5xxkse1d0aGZ
-----END CERTIFICATE-----