Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/U7qdvgQTZuazD7khWQNd3uaoOL0.roa
File:                     U7qdvgQTZuazD7khWQNd3uaoOL0.roa (raw, json)
Hash identifier:          Fj9WtkU6QlHWuY1U49vHtYwI5RRHEp1X8dmWs3lWyeE=
Subject key identifier:   53:BA:9D:BE:04:13:66:E6:B3:0F:B9:21:59:03:5D:DE:E6:A8:38:BD
Certificate issuer:       /CN=2f2709cb399c4e168ccbda16db136b5bc8b96dd6
Certificate serial:       01980DD3EB62506EF5665901609690F9673D
Authority key identifier: 2F:27:09:CB:39:9C:4E:16:8C:CB:DA:16:DB:13:6B:5B:C8:B9:6D:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/U7qdvgQTZuazD7khWQNd3uaoOL0.roa
Signing time:             Tue 15 Jul 2025 11:24:08 +0000
ROA not before:           Tue 15 Jul 2025 11:24:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198657
IP address blocks:        91.237.236.0/22 maxlen: 22
                          2001:67c:2b7c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:d3:eb:62:50:6e:f5:66:59:01:60:96:90:f9:67:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2709cb399c4e168ccbda16db136b5bc8b96dd6
        Validity
            Not Before: Jul 15 11:24:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53ba9dbe041366e6b30fb92159035ddee6a838bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a2:b8:3c:78:9b:b4:75:26:52:7e:93:cc:5c:
                    2e:da:90:3b:66:98:fb:2d:1d:d5:05:e3:6c:ca:f3:
                    ce:42:37:44:af:66:62:7c:a1:97:3b:db:ba:ec:c0:
                    df:d7:00:00:3a:92:81:d5:f8:40:fc:59:42:3c:49:
                    4e:d7:c1:4d:2a:c3:2c:29:a5:27:4c:f6:88:f3:eb:
                    dd:20:1d:99:52:cd:18:a6:e2:b7:2f:e2:9a:f3:1b:
                    29:03:b9:37:3d:36:73:40:4c:80:c8:fe:ad:75:64:
                    c4:3c:f2:6f:98:1b:f2:ae:09:2e:85:e3:48:59:9b:
                    59:e7:32:2d:84:18:74:a0:bd:4e:79:a1:7e:17:91:
                    c6:63:b6:f6:82:a0:6a:70:a0:f8:ff:0b:8e:8a:97:
                    32:8a:10:1a:0c:26:4e:30:2f:db:25:08:9a:fd:32:
                    e2:cb:f9:a3:7e:67:91:b2:a9:63:be:05:9f:62:b5:
                    3d:87:90:58:ab:ae:20:a7:37:c0:f8:84:b8:42:94:
                    f5:fa:da:1b:02:14:3d:a4:b0:f5:41:80:bf:be:08:
                    28:40:08:16:74:d1:a2:28:8d:bf:0f:91:60:80:16:
                    74:45:cd:bf:5d:4e:0f:52:ca:a9:e8:24:bf:b6:47:
                    8f:f7:0d:55:37:cc:c2:ac:10:61:25:48:43:4e:73:
                    a3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:BA:9D:BE:04:13:66:E6:B3:0F:B9:21:59:03:5D:DE:E6:A8:38:BD
            X509v3 Authority Key Identifier:
                keyid:2F:27:09:CB:39:9C:4E:16:8C:CB:DA:16:DB:13:6B:5B:C8:B9:6D:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LycJyzmcThaMy9oW2xNrW8i5bdY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/U7qdvgQTZuazD7khWQNd3uaoOL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/f83781-2949-48c7-8900-20167cd42b82/1/LycJyzmcThaMy9oW2xNrW8i5bdY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.236.0/22
                IPv6:
                  2001:67c:2b7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:09:fa:26:8f:79:7b:b0:2d:7c:59:f8:6b:a5:a9:c8:30:5e:
         05:f7:1b:86:e3:ff:7d:07:43:37:00:62:31:49:4d:de:eb:c5:
         18:6e:46:c6:7f:99:1a:42:fe:d2:48:b3:a3:8a:0e:a7:b8:25:
         86:59:ba:84:81:25:e7:f2:d9:66:89:9e:71:73:a7:fb:f9:30:
         d3:1c:44:5f:0f:ad:71:55:eb:fd:3f:e2:aa:69:63:7b:e8:7d:
         77:a0:4f:08:84:d7:c4:d1:34:03:78:cc:51:94:79:92:f3:24:
         20:2f:13:2d:19:54:ea:22:1a:d4:19:82:40:f1:a4:99:06:e7:
         5b:cc:9b:57:8c:b3:fe:a4:d9:c5:7a:b0:6a:90:a0:71:fb:44:
         8d:e7:4b:be:e9:a6:20:49:43:5d:8b:f6:9a:70:f2:56:d1:49:
         05:e7:78:0a:d3:e7:9b:c1:4d:1d:42:30:f2:ab:19:cd:1a:fb:
         7e:ee:4d:78:78:a3:81:d7:64:cc:2a:30:f8:86:b1:02:0f:af:
         ab:a0:a3:0f:ff:95:92:d4:45:73:ac:6b:f4:ee:d1:09:bc:ba:
         6b:42:7b:1c:87:6e:86:0e:bd:e2:f2:be:3e:78:d0:8c:c9:9d:
         38:ce:29:4e:97:61:23:54:9e:dc:f9:ab:b5:50:57:40:a2:78:
         52:08:bd:0d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZgN0+tiUG71ZlkBYJaQ+Wc9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMjcwOWNiMzk5YzRlMTY4Y2NiZGExNmRiMTM2YjViYzhi
OTZkZDYwHhcNMjUwNzE1MTEyNDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2JhOWRiZTA0MTM2NmU2YjMwZmI5MjE1OTAzNWRkZWU2YTgzOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraK4PHibtHUmUn6TzFwu2pA7Zpj7
LR3VBeNsyvPOQjdEr2ZifKGXO9u67MDf1wAAOpKB1fhA/FlCPElO18FNKsMsKaUn
TPaI8+vdIB2ZUs0YpuK3L+Ka8xspA7k3PTZzQEyAyP6tdWTEPPJvmBvyrgkuheNI
WZtZ5zIthBh0oL1OeaF+F5HGY7b2gqBqcKD4/wuOipcyihAaDCZOMC/bJQia/TLi
y/mjfmeRsqljvgWfYrU9h5BYq64gpzfA+IS4QpT1+tobAhQ9pLD1QYC/vggoQAgW
dNGiKI2/D5FggBZ0Rc2/XU4PUsqp6CS/tkeP9w1VN8zCrBBhJUhDTnOjNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFO6nb4EE2bmsw+5IVkDXd7mqDi9MB8GA1UdIwQY
MBaAFC8nCcs5nE4WjMvaFtsTa1vIuW3WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHljSnl6bWNUaGFNeTlvVzJ4TnJXOGk1YmRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC9mODM3ODEtMjk0OS00OGM3LTg5MDAt
MjAxNjdjZDQyYjgyLzEvVTdxZHZnUVRadWF6RDdraFdRTmQzdWFvT0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC9mODM3ODEtMjk0OS00OGM3LTg5MDAtMjAxNjdjZDQyYjgy
LzEvTHljSnl6bWNUaGFNeTlvVzJ4TnJXOGk1YmRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCW+3sMA8E
AgACMAkDBwAgAQZ8K3wwDQYJKoZIhvcNAQELBQADggEBAGwJ+iaPeXuwLXxZ+Gul
qcgwXgX3G4bj/30HQzcAYjFJTd7rxRhuRsZ/mRpC/tJIs6OKDqe4JYZZuoSBJefy
2WaJnnFzp/v5MNMcRF8PrXFV6/0/4qppY3vofXegTwiE18TRNAN4zFGUeZLzJCAv
Ey0ZVOoiGtQZgkDxpJkG51vMm1eMs/6k2cV6sGqQoHH7RI3nS77ppiBJQ12L9ppw
8lbRSQXneArT55vBTR1CMPKrGc0a+37uTXh4o4HXZMwqMPiGsQIPr6ugow//lZLU
RXOsa/Tu0Qm8umtCexyHboYOveLyvj540IzJnTjOKU6XYSNUntz5q7VQV0CieFII
vQ0=
-----END CERTIFICATE-----