Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/mDXhl4dprarAsNvti4q46_kKZpM.roa
File:                     mDXhl4dprarAsNvti4q46_kKZpM.roa (raw, json)
Hash identifier:          nO7loNJnNWEy7qYEFwacKqwIKjogQXV6dHPxMdw1y3g=
Subject key identifier:   98:35:E1:97:87:69:AD:AA:C0:B0:DB:ED:8B:8A:B8:EB:F9:0A:66:93
Certificate issuer:       /CN=f58acd43c0033b13b88bb397415583aa51d9303a
Certificate serial:       0198310C72A0C58EBEE388B2D463157188EB
Authority key identifier: F5:8A:CD:43:C0:03:3B:13:B8:8B:B3:97:41:55:83:AA:51:D9:30:3A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/mDXhl4dprarAsNvti4q46_kKZpM.roa
Signing time:             Tue 22 Jul 2025 07:32:35 +0000
ROA not before:           Tue 22 Jul 2025 07:32:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201729
IP address blocks:        91.137.84.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 Aug 2025 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:31:0c:72:a0:c5:8e:be:e3:88:b2:d4:63:15:71:88:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f58acd43c0033b13b88bb397415583aa51d9303a
        Validity
            Not Before: Jul 22 07:32:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9835e1978769adaac0b0dbed8b8ab8ebf90a6693
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:42:77:73:73:54:f6:e9:5d:4f:0a:23:bf:91:
                    99:ed:aa:5c:43:41:6c:44:28:b5:7a:5a:50:47:73:
                    6d:c1:3c:30:9f:10:2c:fa:a0:5c:30:d2:17:32:6e:
                    44:06:7c:28:c7:4f:6a:fe:60:b0:dc:67:a6:99:60:
                    56:eb:d5:01:43:0a:53:d9:6f:51:71:4a:00:a2:94:
                    13:78:40:2c:70:37:17:15:e0:64:53:4a:e1:70:0c:
                    44:34:77:37:f5:74:af:88:e9:cb:9c:b0:c7:a9:d9:
                    c0:12:93:43:87:fd:d8:25:6b:c1:25:5c:57:c8:ae:
                    82:ef:01:24:34:e7:69:2b:1a:a1:2e:ef:bb:a4:82:
                    6b:3e:ee:af:16:c9:dc:b4:bc:c2:91:74:c1:29:2b:
                    20:37:5a:8b:98:b3:7d:8a:bd:57:6a:9e:de:5c:6c:
                    f3:83:32:7c:8f:6d:77:ba:82:44:4d:46:de:2d:9c:
                    66:f8:c3:be:73:5e:86:98:83:bc:46:fd:46:26:a6:
                    f8:60:02:66:01:05:c3:de:ea:52:29:1a:1e:e7:99:
                    f7:ab:08:60:cf:d5:18:30:8a:51:70:0b:f6:79:af:
                    9f:10:64:2d:62:50:bc:01:d8:40:7a:9a:83:bd:34:
                    c0:04:cb:17:d4:fb:8f:2a:53:cd:88:93:52:47:9d:
                    76:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:35:E1:97:87:69:AD:AA:C0:B0:DB:ED:8B:8A:B8:EB:F9:0A:66:93
            X509v3 Authority Key Identifier:
                keyid:F5:8A:CD:43:C0:03:3B:13:B8:8B:B3:97:41:55:83:AA:51:D9:30:3A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/mDXhl4dprarAsNvti4q46_kKZpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/0e66e9-cf2d-40df-aaae-cf2d58d0e0ee/1/9YrNQ8ADOxO4i7OXQVWDqlHZMDo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.137.84.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:57:75:b1:2d:86:f4:36:ed:26:53:29:e4:26:b5:64:b2:d8:
         e9:38:3d:41:d5:ba:f7:78:6b:a6:01:02:62:12:e4:fb:89:32:
         5e:a0:4e:1c:78:84:e5:77:8b:c5:55:00:f2:5c:66:a2:71:4e:
         15:29:70:b4:cd:f7:a7:85:67:a6:dc:7c:4d:a1:35:0c:d6:f8:
         17:d5:71:4a:05:1b:ca:06:ab:67:ec:08:81:f3:ce:28:87:e1:
         d2:45:a6:95:cd:94:93:3a:e4:dc:11:9d:2e:46:e2:c3:34:44:
         e9:7f:8c:cc:4a:51:46:30:f5:07:31:dc:28:81:6f:29:10:76:
         2e:e7:6f:44:a6:31:ce:2b:96:01:ab:69:68:de:e7:c6:f8:48:
         86:ca:f9:0c:d6:b7:a3:7b:f7:c1:e6:60:92:c9:9a:cf:8b:da:
         ee:72:40:8a:9b:a3:bc:d9:d8:64:ef:02:49:f2:a3:96:70:2e:
         5a:0d:f8:11:98:dd:ad:c9:02:c1:55:41:bb:f4:c3:fe:52:6b:
         68:11:42:6c:1b:19:4f:8b:89:bd:5a:a1:b8:02:56:9b:22:26:
         a8:bc:7d:bd:e4:99:dc:20:6b:59:87:22:d9:06:49:f1:0f:fe:
         e1:ed:01:67:a5:bc:d5:7a:f0:40:a8:cc:dc:70:d1:c9:6c:e4:
         7d:6f:6f:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgxDHKgxY6+44iy1GMVcYjrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1OGFjZDQzYzAwMzNiMTNiODhiYjM5NzQxNTU4M2FhNTFk
OTMwM2EwHhcNMjUwNzIyMDczMjM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODM1ZTE5Nzg3NjlhZGFhYzBiMGRiZWQ4YjhhYjhlYmY5MGE2NjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzEJ3c3NU9uldTwojv5GZ7apcQ0Fs
RCi1elpQR3NtwTwwnxAs+qBcMNIXMm5EBnwox09q/mCw3GemmWBW69UBQwpT2W9R
cUoAopQTeEAscDcXFeBkU0rhcAxENHc39XSviOnLnLDHqdnAEpNDh/3YJWvBJVxX
yK6C7wEkNOdpKxqhLu+7pIJrPu6vFsnctLzCkXTBKSsgN1qLmLN9ir1Xap7eXGzz
gzJ8j213uoJETUbeLZxm+MO+c16GmIO8Rv1GJqb4YAJmAQXD3upSKRoe55n3qwhg
z9UYMIpRcAv2ea+fEGQtYlC8AdhAepqDvTTABMsX1PuPKlPNiJNSR512oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJg14ZeHaa2qwLDb7YuKuOv5CmaTMB8GA1UdIwQY
MBaAFPWKzUPAAzsTuIuzl0FVg6pR2TA6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVlyTlE4QURPeE80aTdPWFFWV0RxbEhaTURvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8wZTY2ZTktY2YyZC00MGRmLWFhYWUt
Y2YyZDU4ZDBlMGVlLzEvbURYaGw0ZHByYXJBc052dGk0cTQ2X2tLWnBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8wZTY2ZTktY2YyZC00MGRmLWFhYWUtY2YyZDU4ZDBlMGVl
LzEvOVlyTlE4QURPeE80aTdPWFFWV0RxbEhaTURvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW4lUMA0G
CSqGSIb3DQEBCwUAA4IBAQBEV3WxLYb0Nu0mUynkJrVkstjpOD1B1br3eGumAQJi
EuT7iTJeoE4ceITld4vFVQDyXGaicU4VKXC0zfenhWem3HxNoTUM1vgX1XFKBRvK
Bqtn7AiB884oh+HSRaaVzZSTOuTcEZ0uRuLDNETpf4zMSlFGMPUHMdwogW8pEHYu
529EpjHOK5YBq2lo3ufG+EiGyvkM1reje/fB5mCSyZrPi9ruckCKm6O82dhk7wJJ
8qOWcC5aDfgRmN2tyQLBVUG79MP+UmtoEUJsGxlPi4m9WqG4AlabIiaovH295Jnc
IGtZhyLZBknxD/7h7QFnpbzVevBAqMzccNHJbOR9b2+w
-----END CERTIFICATE-----