Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/x60OSEezloRTjKUDNhc1YdvoNj8.roa
File:                     x60OSEezloRTjKUDNhc1YdvoNj8.roa (raw, json)
Hash identifier:          xGgHkVk7F4+PjL/OQIlJMGcazfMKxWYyfQg3dBf4zT8=
Subject key identifier:   C7:AD:0E:48:47:B3:96:84:53:8C:A5:03:36:17:35:61:DB:E8:36:3F
Certificate issuer:       /CN=3f47f75757413ccc172d3d1b826fae5ae9385a1b
Certificate serial:       01968266FFC7D34CA04E0B3C3939DFC4D290
Authority key identifier: 3F:47:F7:57:57:41:3C:CC:17:2D:3D:1B:82:6F:AE:5A:E9:38:5A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P0f3V1dBPMwXLT0bgm-uWuk4Whs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/x60OSEezloRTjKUDNhc1YdvoNj8.roa
Signing time:             Tue 29 Apr 2025 16:35:10 +0000
ROA not before:           Tue 29 Apr 2025 16:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208684
IP address blocks:        91.230.168.0/24 maxlen: 24
                          91.231.89.0/24 maxlen: 24
                          2a0b:2640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/P0f3V1dBPMwXLT0bgm-uWuk4Whs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/P0f3V1dBPMwXLT0bgm-uWuk4Whs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P0f3V1dBPMwXLT0bgm-uWuk4Whs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 19:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:82:66:ff:c7:d3:4c:a0:4e:0b:3c:39:39:df:c4:d2:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3f47f75757413ccc172d3d1b826fae5ae9385a1b
        Validity
            Not Before: Apr 29 16:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7ad0e4847b39684538ca50336173561dbe8363f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:07:39:d2:39:be:fb:8a:07:47:9f:ca:fc:35:
                    6f:a2:5c:ec:fe:cc:bb:fe:ea:21:58:5a:c2:5d:55:
                    a9:c8:af:d3:64:9b:db:10:c8:05:20:dc:1c:b8:6c:
                    56:ac:07:2f:a0:32:ae:b3:60:bb:3a:c1:07:fc:d9:
                    a8:53:04:a7:42:51:e4:85:4a:a0:0a:2c:1f:da:60:
                    77:2a:f2:11:d9:c0:78:6f:82:80:20:b4:39:63:eb:
                    ba:f8:7a:99:38:d2:2b:76:e8:35:71:53:24:02:5c:
                    ad:85:c8:3f:70:81:73:97:1b:c8:8c:f7:d3:43:5d:
                    cb:f2:58:e4:73:02:39:ab:b7:12:6e:ba:0a:aa:a5:
                    ab:38:9f:d5:01:fd:3a:6e:c6:af:fc:84:8d:d5:bc:
                    f2:be:cf:2c:33:bc:91:b3:21:83:d0:a6:20:e7:73:
                    ac:83:38:4f:35:85:03:13:9b:1e:60:b2:e3:8b:9a:
                    5b:3f:8f:08:29:9c:7a:aa:ac:35:c3:7e:f1:34:3c:
                    c2:73:63:b8:47:04:07:a4:59:0b:f9:15:71:09:e3:
                    58:ab:79:a4:95:34:4c:19:b6:70:2f:e8:19:06:15:
                    66:d5:96:ad:44:00:c7:94:bd:d2:b9:17:f8:da:ff:
                    f7:61:52:43:c0:ce:02:ca:68:48:e6:74:9c:40:eb:
                    60:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:AD:0E:48:47:B3:96:84:53:8C:A5:03:36:17:35:61:DB:E8:36:3F
            X509v3 Authority Key Identifier:
                keyid:3F:47:F7:57:57:41:3C:CC:17:2D:3D:1B:82:6F:AE:5A:E9:38:5A:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P0f3V1dBPMwXLT0bgm-uWuk4Whs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/x60OSEezloRTjKUDNhc1YdvoNj8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/9f88d8-8a6d-4c5c-b194-e155acc6b84e/1/P0f3V1dBPMwXLT0bgm-uWuk4Whs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.230.168.0/24
                  91.231.89.0/24
                IPv6:
                  2a0b:2640::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:fe:91:2f:9f:d7:e5:c0:3a:0d:08:da:98:c4:df:3a:78:1d:
         78:3f:33:b6:e6:df:8f:05:c1:87:8f:23:8b:d6:f1:eb:b0:2e:
         8b:30:92:f5:16:8f:ce:e0:11:6a:6c:73:77:09:00:b1:6a:bb:
         3b:09:1a:e1:e1:88:93:4e:fa:be:ce:35:c3:12:f8:9a:27:c3:
         27:06:bc:4c:52:61:b7:b1:1c:42:2c:06:79:93:4d:c8:cb:7f:
         f8:88:2a:9f:fb:4b:8f:5d:45:3b:d1:4b:d9:d1:ac:d2:36:51:
         a5:62:a4:2c:18:0a:b4:24:c8:34:11:27:89:78:11:83:0e:a0:
         19:2d:f8:73:4c:29:9f:d9:ab:31:5b:5e:56:36:1e:74:df:2c:
         36:8f:76:1c:0a:26:13:da:d7:16:c2:7e:b9:5d:2e:5f:6f:dd:
         bd:5b:1c:a5:a1:21:2b:aa:e8:c4:73:3e:0d:93:be:c6:fc:7d:
         c1:30:84:12:fc:78:ad:2e:98:dd:dc:a9:bf:ce:d7:14:ee:b8:
         d4:7b:ec:01:93:6c:42:15:a9:5b:32:12:85:26:2f:82:67:64:
         1a:a8:82:66:37:32:2b:8c:a2:a5:be:1f:86:56:0d:98:50:b0:
         c1:c4:d8:b7:02:4c:fd:00:f7:d1:e7:2d:88:9a:6c:04:35:ed:
         c4:d9:b8:e6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZaCZv/H00ygTgs8OTnfxNKQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmNDdmNzU3NTc0MTNjY2MxNzJkM2QxYjgyNmZhZTVhZTkz
ODVhMWIwHhcNMjUwNDI5MTYzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2FkMGU0ODQ3YjM5Njg0NTM4Y2E1MDMzNjE3MzU2MWRiZTgzNjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9wc50jm++4oHR5/K/DVvolzs/sy7
/uohWFrCXVWpyK/TZJvbEMgFINwcuGxWrAcvoDKus2C7OsEH/NmoUwSnQlHkhUqg
Ciwf2mB3KvIR2cB4b4KAILQ5Y+u6+HqZONIrdug1cVMkAlythcg/cIFzlxvIjPfT
Q13L8ljkcwI5q7cSbroKqqWrOJ/VAf06bsav/ISN1bzyvs8sM7yRsyGD0KYg53Os
gzhPNYUDE5seYLLji5pbP48IKZx6qqw1w37xNDzCc2O4RwQHpFkL+RVxCeNYq3mk
lTRMGbZwL+gZBhVm1ZatRADHlL3SuRf42v/3YVJDwM4CymhI5nScQOtgkQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMetDkhHs5aEU4ylAzYXNWHb6DY/MB8GA1UdIwQY
MBaAFD9H91dXQTzMFy09G4JvrlrpOFobMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDBmM1YxZEJQTXdYTFQwYmdtLXVXdWs0V2hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC85Zjg4ZDgtOGE2ZC00YzVjLWIxOTQt
ZTE1NWFjYzZiODRlLzEveDYwT1NFZXpsb1JUaktVRE5oYzFZZHZvTmo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC85Zjg4ZDgtOGE2ZC00YzVjLWIxOTQtZTE1NWFjYzZiODRl
LzEvUDBmM1YxZEJQTXdYTFQwYmdtLXVXdWs0V2hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAW+aoAwQA
W+dZMA0EAgACMAcDBQMqCyZAMA0GCSqGSIb3DQEBCwUAA4IBAQBB/pEvn9flwDoN
CNqYxN86eB14PzO25t+PBcGHjyOL1vHrsC6LMJL1Fo/O4BFqbHN3CQCxars7CRrh
4YiTTvq+zjXDEviaJ8MnBrxMUmG3sRxCLAZ5k03Iy3/4iCqf+0uPXUU70UvZ0azS
NlGlYqQsGAq0JMg0ESeJeBGDDqAZLfhzTCmf2asxW15WNh503yw2j3YcCiYT2tcW
wn65XS5fb929WxyloSErqujEcz4Nk77G/H3BMIQS/HitLpjd3Km/ztcU7rjUe+wB
k2xCFalbMhKFJi+CZ2QaqIJmNzIrjKKlvh+GVg2YULDBxNi3Akz9APfR5y2ImmwE
Ne3E2bjm
-----END CERTIFICATE-----