Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/59f895-5c50-436a-9707-7dd57e736746/1/S0h9COCL9yDPAz3dul4Z5VK_88Q.roa
File:                     S0h9COCL9yDPAz3dul4Z5VK_88Q.roa (raw, json)
Hash identifier:          xAF8HzsYzOEotQ+1gvdFYGccAU/IelrIejunqeu7D98=
Subject key identifier:   4B:48:7D:08:E0:8B:F7:20:CF:03:3D:DD:BA:5E:19:E5:52:BF:F3:C4
Certificate issuer:       /CN=c0f42f73ff2bcc4885b1200bd02ee7e29f608e2b
Certificate serial:       0197640E24420781CF4735AAD57ECB875F7C
Authority key identifier: C0:F4:2F:73:FF:2B:CC:48:85:B1:20:0B:D0:2E:E7:E2:9F:60:8E:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wPQvc_8rzEiFsSAL0C7n4p9gjis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/59f895-5c50-436a-9707-7dd57e736746/1/S0h9COCL9yDPAz3dul4Z5VK_88Q.roa
Signing time:             Thu 12 Jun 2025 12:12:17 +0000
ROA not before:           Thu 12 Jun 2025 12:12:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198330
IP address blocks:        91.223.240.0/24 maxlen: 24
                          185.74.200.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/59f895-5c50-436a-9707-7dd57e736746/1/wPQvc_8rzEiFsSAL0C7n4p9gjis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/59f895-5c50-436a-9707-7dd57e736746/1/wPQvc_8rzEiFsSAL0C7n4p9gjis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wPQvc_8rzEiFsSAL0C7n4p9gjis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Jun 2025 15:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:0e:24:42:07:81:cf:47:35:aa:d5:7e:cb:87:5f:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c0f42f73ff2bcc4885b1200bd02ee7e29f608e2b
        Validity
            Not Before: Jun 12 12:12:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b487d08e08bf720cf033dddba5e19e552bff3c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bb:39:7f:79:81:c7:8f:23:4a:71:b7:a5:8b:
                    5d:42:6e:2f:fe:af:d9:9e:85:c3:1f:5b:95:03:70:
                    46:96:35:f6:72:36:e3:80:6a:b1:70:bf:64:29:eb:
                    de:9f:e5:b6:59:45:49:96:ff:80:20:f0:be:b0:a1:
                    a0:57:03:3e:20:40:2b:5b:d4:d8:9e:78:53:02:9d:
                    2f:fe:f9:1f:9b:76:57:2a:93:14:8f:80:7f:cf:d6:
                    aa:59:eb:9a:d0:7f:4b:6a:db:2d:bf:b1:19:7b:f2:
                    b4:87:ee:94:3a:93:71:bd:86:f7:19:d8:8c:40:36:
                    6f:a0:0e:93:45:4f:32:95:75:6e:77:9c:22:e6:9a:
                    3f:5d:72:0a:8f:50:6f:88:4f:f3:1f:9d:94:e8:f6:
                    60:e3:72:ad:60:67:33:40:bc:1e:5d:73:fe:4c:b3:
                    2f:a2:eb:27:7a:1e:c9:09:26:cf:7d:ee:02:51:88:
                    8c:00:09:16:b3:b8:0e:70:3c:98:27:e3:8c:62:06:
                    8f:ae:f0:c6:1f:e2:53:81:9e:eb:d7:e7:d4:58:55:
                    c4:ca:47:34:c7:71:26:50:eb:7c:26:31:ba:78:c3:
                    85:34:dc:db:cf:3f:6a:17:4a:8f:b4:aa:25:8e:3e:
                    cc:d1:74:fb:92:99:20:9d:c6:98:d5:9a:12:4f:5b:
                    fc:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:48:7D:08:E0:8B:F7:20:CF:03:3D:DD:BA:5E:19:E5:52:BF:F3:C4
            X509v3 Authority Key Identifier:
                keyid:C0:F4:2F:73:FF:2B:CC:48:85:B1:20:0B:D0:2E:E7:E2:9F:60:8E:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wPQvc_8rzEiFsSAL0C7n4p9gjis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/59f895-5c50-436a-9707-7dd57e736746/1/S0h9COCL9yDPAz3dul4Z5VK_88Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/59f895-5c50-436a-9707-7dd57e736746/1/wPQvc_8rzEiFsSAL0C7n4p9gjis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.240.0/24
                  185.74.200.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b2:e7:cb:36:e5:3f:27:d7:c9:13:f1:0a:59:53:59:93:98:72:
         c5:c3:7a:b2:cb:d6:de:c9:ef:33:e4:4e:70:d2:9d:bf:a3:c9:
         b1:14:9c:f3:f7:4b:04:08:96:3c:e9:54:ed:b6:8d:ca:ee:6c:
         39:e9:61:b9:ee:82:c6:a1:31:04:0d:86:f4:a2:e2:2e:e9:cb:
         eb:28:3d:2a:51:bc:82:41:49:45:a0:13:4b:70:53:ba:5a:49:
         a5:a7:85:9b:e9:38:7c:fc:69:15:ab:d7:bc:2e:d2:e5:ff:9d:
         8d:ec:41:d1:58:2f:b5:72:56:84:94:6e:9a:af:57:06:f6:e2:
         41:74:98:b1:b6:cf:f5:a2:63:b1:a5:b0:4b:0b:d2:6e:a4:95:
         08:7b:74:a5:9a:4a:dc:93:1b:c1:43:05:da:d0:83:11:79:24:
         64:fe:b9:13:42:76:c2:f6:5f:63:ea:29:f0:36:d3:bc:3e:21:
         d1:9c:9f:d7:37:ed:72:0f:f0:06:0e:d9:8a:ae:5c:4d:10:fe:
         05:74:14:bb:5d:98:31:70:10:65:a3:75:d7:5d:1f:73:0e:20:
         a4:41:af:78:34:e1:e3:87:e5:b2:63:f9:05:b4:7d:d5:b1:b7:
         d6:0c:89:e0:37:97:3a:53:ee:5a:23:06:d0:5a:f2:6d:1d:82:
         36:72:93:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdkDiRCB4HPRzWq1X7Lh198MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMwZjQyZjczZmYyYmNjNDg4NWIxMjAwYmQwMmVlN2UyOWY2
MDhlMmIwHhcNMjUwNjEyMTIxMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjQ4N2QwOGUwOGJmNzIwY2YwMzNkZGRiYTVlMTllNTUyYmZmM2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApLs5f3mBx48jSnG3pYtdQm4v/q/Z
noXDH1uVA3BGljX2cjbjgGqxcL9kKeven+W2WUVJlv+AIPC+sKGgVwM+IEArW9TY
nnhTAp0v/vkfm3ZXKpMUj4B/z9aqWeua0H9Latstv7EZe/K0h+6UOpNxvYb3GdiM
QDZvoA6TRU8ylXVud5wi5po/XXIKj1BviE/zH52U6PZg43KtYGczQLweXXP+TLMv
ousneh7JCSbPfe4CUYiMAAkWs7gOcDyYJ+OMYgaPrvDGH+JTgZ7r1+fUWFXEykc0
x3EmUOt8JjG6eMOFNNzbzz9qF0qPtKoljj7M0XT7kpkgncaY1ZoST1v8dwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEtIfQjgi/cgzwM93bpeGeVSv/PEMB8GA1UdIwQY
MBaAFMD0L3P/K8xIhbEgC9Au5+KfYI4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1BRdmNfOHJ6RWlGc1NBTDBDN240cDlnamlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC81OWY4OTUtNWM1MC00MzZhLTk3MDct
N2RkNTdlNzM2NzQ2LzEvUzBoOUNPQ0w5eURQQXozZHVsNFo1VktfODhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC81OWY4OTUtNWM1MC00MzZhLTk3MDctN2RkNTdlNzM2NzQ2
LzEvd1BRdmNfOHJ6RWlGc1NBTDBDN240cDlnamlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9/wAwQC
uUrIMA0GCSqGSIb3DQEBCwUAA4IBAQCy58s25T8n18kT8QpZU1mTmHLFw3qyy9be
ye8z5E5w0p2/o8mxFJzz90sECJY86VTtto3K7mw56WG57oLGoTEEDYb0ouIu6cvr
KD0qUbyCQUlFoBNLcFO6Wkmlp4Wb6Th8/GkVq9e8LtLl/52N7EHRWC+1claElG6a
r1cG9uJBdJixts/1omOxpbBLC9JupJUIe3SlmkrckxvBQwXa0IMReSRk/rkTQnbC
9l9j6inwNtO8PiHRnJ/XN+1yD/AGDtmKrlxNEP4FdBS7XZgxcBBlo3XXXR9zDiCk
Qa94NOHjh+WyY/kFtH3VsbfWDIngN5c6U+5aIwbQWvJtHYI2cpM0
-----END CERTIFICATE-----