Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/AFsm5Hojd_mzqy4fDUGaBTUHip0.roa
File:                     AFsm5Hojd_mzqy4fDUGaBTUHip0.roa (raw, json)
Hash identifier:          /zyEWmbu24okUbXBK84y7eHw8Bd0tTWYuWt84qBvy9I=
Subject key identifier:   00:5B:26:E4:7A:23:77:F9:B3:AB:2E:1F:0D:41:9A:05:35:07:8A:9D
Certificate issuer:       /CN=dac633a14cac7c7a0922ffd980de5f278a3be267
Certificate serial:       019763FE93CA2F739BFCCC391CB56EC9301D
Authority key identifier: DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/AFsm5Hojd_mzqy4fDUGaBTUHip0.roa
Signing time:             Thu 12 Jun 2025 11:55:17 +0000
ROA not before:           Thu 12 Jun 2025 11:55:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        91.233.61.0/24 maxlen: 24
                          185.179.176.0/24 maxlen: 24
                          213.5.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:fe:93:ca:2f:73:9b:fc:cc:39:1c:b5:6e:c9:30:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac633a14cac7c7a0922ffd980de5f278a3be267
        Validity
            Not Before: Jun 12 11:55:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=005b26e47a2377f9b3ab2e1f0d419a0535078a9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:5d:c3:dd:22:7c:6d:88:27:bd:ed:12:7f:df:
                    20:e0:b4:c7:e3:f5:82:57:50:ba:b4:1d:c0:83:36:
                    10:da:bc:2c:8d:29:75:e6:01:bf:34:7b:e7:99:bf:
                    71:6f:87:fa:27:99:c0:20:18:e1:b8:58:4f:c1:59:
                    21:da:76:44:f3:7d:bd:cc:d7:3d:22:2c:b1:a5:c3:
                    5c:87:c5:1a:c6:d9:02:0c:50:1f:01:6e:cf:ec:ff:
                    e5:71:43:e5:9b:08:50:18:e4:79:16:ad:51:42:43:
                    d5:8a:ae:db:5d:c5:af:f1:2e:49:9b:80:9b:5c:15:
                    af:86:bb:e9:d3:bf:12:ec:17:07:5b:2d:dc:cf:73:
                    f0:38:ab:62:0a:36:71:3e:a6:0f:82:46:f7:b6:0f:
                    89:9d:98:5a:16:35:c2:6b:d5:88:6b:f3:95:09:86:
                    d5:71:97:7e:57:cc:7a:9d:a5:0e:ad:cd:3c:45:87:
                    28:db:8d:a0:62:44:6c:45:73:57:a4:92:01:68:1e:
                    24:74:aa:35:bc:91:44:68:e4:b9:f6:2d:c3:1d:e1:
                    ff:2e:f6:7c:7b:ca:99:3d:5d:26:c9:fc:f2:d8:07:
                    e9:db:25:6e:03:a1:e8:fc:f8:9d:5b:88:80:39:dc:
                    95:32:aa:44:0b:c7:80:26:ea:d4:1a:e2:65:b4:bb:
                    56:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:5B:26:E4:7A:23:77:F9:B3:AB:2E:1F:0D:41:9A:05:35:07:8A:9D
            X509v3 Authority Key Identifier:
                keyid:DA:C6:33:A1:4C:AC:7C:7A:09:22:FF:D9:80:DE:5F:27:8A:3B:E2:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sYzoUysfHoJIv_ZgN5fJ4o74mc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/AFsm5Hojd_mzqy4fDUGaBTUHip0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/c852b5-acc4-4d70-aeeb-24515a14c456/1/2sYzoUysfHoJIv_ZgN5fJ4o74mc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.61.0/24
                  185.179.176.0/24
                  213.5.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:2c:bb:92:22:35:bb:d1:3e:08:9f:d4:05:90:bc:77:68:e9:
         6b:7a:db:1a:dd:3b:4a:e5:e2:ea:0b:84:a9:3f:87:13:0e:b3:
         e4:a1:28:dd:cf:fb:3b:8e:63:d1:17:13:2f:82:90:a2:7a:16:
         da:65:59:4d:ba:fb:a4:08:06:ae:f4:d9:46:45:08:61:73:e7:
         a5:ba:0a:bc:90:0b:a2:fc:d9:93:42:a2:fa:b2:9b:9e:5c:cc:
         e8:61:80:84:41:09:c1:0a:a1:25:b6:b9:1c:54:bd:f5:ba:b0:
         f3:c5:b2:07:a9:74:a5:e1:00:1f:d2:47:0c:c8:2d:7c:38:dc:
         57:66:a5:0c:8c:94:b4:64:f6:7c:7a:58:7d:31:37:51:3d:2e:
         be:47:aa:da:62:6c:36:42:79:a9:6a:bc:f6:43:de:1c:8d:8a:
         b7:18:77:ff:ee:28:af:32:1b:1b:eb:6d:2e:77:27:eb:58:f8:
         31:6a:a2:41:04:8e:dd:56:52:d7:a5:72:42:52:8b:bc:45:c6:
         56:6e:27:c4:05:e0:69:a1:53:e9:1b:d4:09:c5:b3:cf:61:2c:
         4f:cb:df:c3:4c:25:f4:a3:3e:3c:da:be:81:e6:f5:3d:30:74:
         8a:22:b7:bf:21:38:ae:61:f8:7c:fb:c0:f2:62:36:cf:e3:43:
         32:64:ba:4e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZdj/pPKL3Ob/Mw5HLVuyTAdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzYzM2ExNGNhYzdjN2EwOTIyZmZkOTgwZGU1ZjI3OGEz
YmUyNjcwHhcNMjUwNjEyMTE1NTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDViMjZlNDdhMjM3N2Y5YjNhYjJlMWYwZDQxOWEwNTM1MDc4YTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4F3D3SJ8bYgnve0Sf98g4LTH4/WC
V1C6tB3AgzYQ2rwsjSl15gG/NHvnmb9xb4f6J5nAIBjhuFhPwVkh2nZE8329zNc9
IiyxpcNch8UaxtkCDFAfAW7P7P/lcUPlmwhQGOR5Fq1RQkPViq7bXcWv8S5Jm4Cb
XBWvhrvp078S7BcHWy3cz3PwOKtiCjZxPqYPgkb3tg+JnZhaFjXCa9WIa/OVCYbV
cZd+V8x6naUOrc08RYco242gYkRsRXNXpJIBaB4kdKo1vJFEaOS59i3DHeH/LvZ8
e8qZPV0myfzy2Afp2yVuA6Ho/PidW4iAOdyVMqpEC8eAJurUGuJltLtWsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFABbJuR6I3f5s6suHw1BmgU1B4qdMB8GA1UdIwQY
MBaAFNrGM6FMrHx6CSL/2YDeXyeKO+JnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWIt
MjQ1MTVhMTRjNDU2LzEvQUZzbTVIb2pkX216cXk0ZkRVR2FCVFVIaXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9jODUyYjUtYWNjNC00ZDcwLWFlZWItMjQ1MTVhMTRjNDU2
LzEvMnNZem9VeXNmSG9KSXZfWmdONWZKNG83NG1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+k9AwQA
ubOwAwQA1QXiMA0GCSqGSIb3DQEBCwUAA4IBAQALLLuSIjW70T4In9QFkLx3aOlr
etsa3TtK5eLqC4SpP4cTDrPkoSjdz/s7jmPRFxMvgpCiehbaZVlNuvukCAau9NlG
RQhhc+elugq8kAui/NmTQqL6spueXMzoYYCEQQnBCqEltrkcVL31urDzxbIHqXSl
4QAf0kcMyC18ONxXZqUMjJS0ZPZ8elh9MTdRPS6+R6raYmw2Qnmparz2Q94cjYq3
GHf/7iivMhsb620udyfrWPgxaqJBBI7dVlLXpXJCUou8RcZWbifEBeBpoVPpG9QJ
xbPPYSxPy9/DTCX0oz482r6B5vU9MHSKIre/ITiuYfh8+8DyYjbP40MyZLpO
-----END CERTIFICATE-----