Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/TwzZQrIn09c-90CtvFLCLT3vcWs.roa
File:                     TwzZQrIn09c-90CtvFLCLT3vcWs.roa (raw, json)
Hash identifier:          uBt9dC+yxyfdnRMBiRH64GG0vCjQQ3KJBUaUSBKn8oI=
Subject key identifier:   4F:0C:D9:42:B2:27:D3:D7:3E:F7:40:AD:BC:52:C2:2D:3D:EF:71:6B
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019744D2D7A919F8FCB775EAA7C46D00158B
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/TwzZQrIn09c-90CtvFLCLT3vcWs.roa
Signing time:             Fri 06 Jun 2025 10:39:17 +0000
ROA not before:           Fri 06 Jun 2025 10:39:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207301
IP address blocks:        91.197.70.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 20:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:44:d2:d7:a9:19:f8:fc:b7:75:ea:a7:c4:6d:00:15:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Jun  6 10:39:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f0cd942b227d3d73ef740adbc52c22d3def716b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d9:09:00:d9:c7:c9:91:16:22:3a:b1:d6:90:
                    5e:8c:04:9d:21:0b:73:7c:e5:cc:f4:9d:1a:3e:9d:
                    a9:30:c5:3f:c7:b8:31:e6:df:8f:14:41:c3:55:62:
                    ba:d8:2f:73:3b:f9:1b:bf:6e:1f:6d:bd:e1:36:05:
                    29:ff:a3:74:39:1d:12:e0:e0:45:11:3d:d6:7b:94:
                    d6:1c:35:06:46:06:de:e2:07:b4:da:36:5e:56:e2:
                    26:b6:db:7e:bb:6f:11:d7:79:f8:ba:2c:a8:5d:aa:
                    60:0e:3a:1f:51:2f:19:05:cf:f4:21:81:e1:eb:c5:
                    54:1c:58:22:ee:44:b0:d5:0b:4a:c2:cb:2e:e3:f9:
                    d9:4b:26:ba:ab:47:0b:39:af:98:0a:4b:61:9d:60:
                    17:c9:30:e7:50:c8:0e:d0:5a:af:d4:b7:0f:36:02:
                    ce:76:b3:c3:11:9f:6d:06:c1:8e:22:90:f4:53:b0:
                    ff:0d:cf:e6:09:32:d1:7a:56:a0:5a:b0:5b:34:22:
                    94:9e:7e:fe:75:c2:93:ea:00:55:e8:80:e1:98:70:
                    64:71:92:2f:17:36:b1:15:e7:17:3b:55:29:1f:ba:
                    1b:5d:5a:5d:a1:96:a7:22:e5:b2:d8:aa:50:13:c2:
                    63:09:5c:39:cb:f0:dd:b4:0b:ed:f1:ae:4f:ca:86:
                    18:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:0C:D9:42:B2:27:D3:D7:3E:F7:40:AD:BC:52:C2:2D:3D:EF:71:6B
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/TwzZQrIn09c-90CtvFLCLT3vcWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:71:4e:58:2c:23:44:b4:24:d2:09:e6:7c:8e:f8:62:b4:fe:
         d6:f9:e3:20:65:d9:0e:a8:f5:de:00:f9:dd:77:db:45:7c:98:
         8a:77:b7:22:27:a2:cd:f2:be:71:4e:f4:79:e9:68:55:97:45:
         67:4c:95:ae:04:40:03:24:81:08:4e:2c:c5:f3:04:86:a6:5e:
         87:78:d6:a2:52:b7:c4:9f:d3:15:79:70:d7:89:a9:0a:1d:7b:
         b0:e0:d0:4a:f0:2d:97:be:75:4a:39:da:8b:8a:3d:9a:c0:13:
         7b:05:4b:de:b0:63:c1:48:a5:c2:1e:29:91:b7:66:02:ca:d8:
         0a:dc:c1:1c:40:a4:6e:10:c5:ec:ea:f0:39:20:e8:5f:64:c9:
         30:bc:fb:d4:17:33:60:69:b6:3f:52:15:cc:38:0e:f4:da:1b:
         17:71:6b:8e:ab:c9:59:f7:ae:89:5d:6f:d4:50:8e:c8:9b:31:
         f3:8f:65:7e:12:0b:a8:1d:6e:bf:88:ec:45:35:77:45:1b:50:
         70:23:42:7e:5d:81:62:f1:c6:3a:34:04:46:21:c2:4b:ad:a1:
         b7:49:72:58:bb:90:24:00:8b:3d:33:8c:43:cb:3c:7f:25:b4:
         1d:c1:7c:ed:b3:df:5a:79:93:7f:da:c2:58:cd:e8:4a:d0:62:
         9a:42:b7:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdE0tepGfj8t3Xqp8RtABWLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjUwNjA2MTAzOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjBjZDk0MmIyMjdkM2Q3M2VmNzQwYWRiYzUyYzIyZDNkZWY3MTZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl9kJANnHyZEWIjqx1pBejASdIQtz
fOXM9J0aPp2pMMU/x7gx5t+PFEHDVWK62C9zO/kbv24fbb3hNgUp/6N0OR0S4OBF
ET3We5TWHDUGRgbe4ge02jZeVuImttt+u28R13n4uiyoXapgDjofUS8ZBc/0IYHh
68VUHFgi7kSw1QtKwssu4/nZSya6q0cLOa+YCkthnWAXyTDnUMgO0Fqv1LcPNgLO
drPDEZ9tBsGOIpD0U7D/Dc/mCTLRelagWrBbNCKUnn7+dcKT6gBV6IDhmHBkcZIv
FzaxFecXO1UpH7obXVpdoZanIuWy2KpQE8JjCVw5y/DdtAvt8a5PyoYYDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE8M2UKyJ9PXPvdArbxSwi0973FrMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvVHd6WlFySW4wOWMtOTBDdHZGTENMVDN2Y1dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8VGMA0G
CSqGSIb3DQEBCwUAA4IBAQAZcU5YLCNEtCTSCeZ8jvhitP7W+eMgZdkOqPXeAPnd
d9tFfJiKd7ciJ6LN8r5xTvR56WhVl0VnTJWuBEADJIEITizF8wSGpl6HeNaiUrfE
n9MVeXDXiakKHXuw4NBK8C2XvnVKOdqLij2awBN7BUvesGPBSKXCHimRt2YCytgK
3MEcQKRuEMXs6vA5IOhfZMkwvPvUFzNgabY/UhXMOA702hsXcWuOq8lZ966JXW/U
UI7ImzHzj2V+EguoHW6/iOxFNXdFG1BwI0J+XYFi8cY6NARGIcJLraG3SXJYu5Ak
AIs9M4xDyzx/JbQdwXzts99aeZN/2sJYzehK0GKaQrc6
-----END CERTIFICATE-----