Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/91ZCHXFl5UUzytD2oCxDOo7Vf-U.roa
File:                     91ZCHXFl5UUzytD2oCxDOo7Vf-U.roa (raw, json)
Hash identifier:          GiWWhZLSNM54YFftILgBMiQnN9xd6n0FvV41BvORBF0=
Subject key identifier:   F7:56:42:1D:71:65:E5:45:33:CA:D0:F6:A0:2C:43:3A:8E:D5:7F:E5
Certificate issuer:       /CN=4e0f31c6efdb9a445b8f172f0be0dfd5142be000
Certificate serial:       01981766D11D9E20FD67309977CEC675F779
Authority key identifier: 4E:0F:31:C6:EF:DB:9A:44:5B:8F:17:2F:0B:E0:DF:D5:14:2B:E0:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/91ZCHXFl5UUzytD2oCxDOo7Vf-U.roa
Signing time:             Thu 17 Jul 2025 08:01:10 +0000
ROA not before:           Thu 17 Jul 2025 08:01:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214095
IP address blocks:        185.73.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:66:d1:1d:9e:20:fd:67:30:99:77:ce:c6:75:f7:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e0f31c6efdb9a445b8f172f0be0dfd5142be000
        Validity
            Not Before: Jul 17 08:01:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f756421d7165e54533cad0f6a02c433a8ed57fe5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:11:f1:3f:5f:0a:9a:cb:e3:66:26:61:6b:78:
                    1d:d7:b2:58:70:1e:3a:6c:37:b1:8c:b4:49:ae:17:
                    87:2d:73:c0:a4:ca:9e:b7:20:c4:39:7b:f7:84:58:
                    74:62:96:12:29:1a:4f:05:4d:83:45:c5:4d:d1:22:
                    f6:4a:95:30:c2:93:3d:d7:14:15:64:44:e8:f0:72:
                    4f:de:f1:66:02:cf:e6:22:bf:aa:fb:08:f9:93:03:
                    cd:55:b3:3a:65:1d:17:4c:07:b8:df:d8:a9:cc:3b:
                    30:8a:be:d9:e9:27:e5:c0:1d:2c:1e:d1:2d:27:77:
                    fb:d6:a3:11:22:0b:27:d4:96:0e:38:cc:f8:43:c7:
                    32:03:f9:d0:99:c5:e5:1c:7f:c9:77:aa:8a:20:10:
                    e0:8f:5a:51:55:c3:55:a6:7f:a5:6a:43:fe:96:e1:
                    25:3b:cf:5f:a3:a6:bc:70:d1:6b:c1:80:01:92:f3:
                    26:1d:4e:c6:8d:cb:03:24:c4:bd:11:2c:89:7a:85:
                    e2:a1:3f:53:28:82:49:f0:c0:d0:21:e5:8f:8a:79:
                    c2:2a:b1:d0:f9:43:9c:c6:00:f2:4b:d2:2c:ef:c3:
                    56:49:95:36:21:e5:0f:95:cc:b4:4b:c4:b7:71:44:
                    f5:9d:04:05:88:70:4a:f5:7b:2b:eb:0c:bb:00:a8:
                    b6:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:56:42:1D:71:65:E5:45:33:CA:D0:F6:A0:2C:43:3A:8E:D5:7F:E5
            X509v3 Authority Key Identifier:
                keyid:4E:0F:31:C6:EF:DB:9A:44:5B:8F:17:2F:0B:E0:DF:D5:14:2B:E0:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/91ZCHXFl5UUzytD2oCxDOo7Vf-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/aca790-6329-414a-bed5-bad2cb480912/1/Tg8xxu_bmkRbjxcvC-Df1RQr4AA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.73.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:14:d4:bc:63:54:1d:05:09:3f:f0:2d:8e:55:1a:be:87:07:
         cd:a1:3c:61:15:25:50:09:7a:75:ef:7a:c8:ed:b7:86:3e:14:
         c3:71:2e:68:41:0a:73:f1:59:af:38:0a:3b:73:0f:0f:c3:51:
         2e:e3:87:e0:37:8b:98:99:da:ef:65:75:62:43:34:95:47:36:
         4b:12:d1:0f:e3:32:0b:9b:bd:01:d2:82:aa:3b:ed:5c:b9:db:
         5d:e4:a3:13:8e:1d:e4:ca:18:d3:e9:a9:e1:9f:3a:95:6a:84:
         ce:83:8b:03:ea:69:eb:bb:9e:58:0e:a3:70:32:8e:37:ca:1d:
         99:35:fb:ce:6f:4b:e7:8f:f5:2d:36:cb:b9:ff:24:b2:3b:11:
         10:ed:c8:76:35:fa:b6:8a:d3:d5:40:2b:fc:8b:ad:2e:1d:87:
         16:0e:22:4a:c7:9a:18:17:6f:7c:8f:a2:f6:78:3e:41:c2:4d:
         f4:36:ed:d9:8a:46:13:8d:53:70:a5:a3:21:c9:a1:5c:aa:c1:
         e5:5b:7a:20:b3:bb:13:cc:72:0a:12:42:a6:6b:45:17:36:f0:
         63:b9:ce:1e:b5:af:a6:38:ef:2c:a3:0d:d7:27:a0:76:ef:64:
         17:45:b0:4e:cf:fe:87:cc:6f:ac:e5:3a:47:33:5f:ad:ff:89:
         ff:41:8d:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgXZtEdniD9ZzCZd87Gdfd5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMGYzMWM2ZWZkYjlhNDQ1YjhmMTcyZjBiZTBkZmQ1MTQy
YmUwMDAwHhcNMjUwNzE3MDgwMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzU2NDIxZDcxNjVlNTQ1MzNjYWQwZjZhMDJjNDMzYThlZDU3ZmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhHxP18KmsvjZiZha3gd17JYcB46
bDexjLRJrheHLXPApMqetyDEOXv3hFh0YpYSKRpPBU2DRcVN0SL2SpUwwpM91xQV
ZETo8HJP3vFmAs/mIr+q+wj5kwPNVbM6ZR0XTAe439ipzDswir7Z6SflwB0sHtEt
J3f71qMRIgsn1JYOOMz4Q8cyA/nQmcXlHH/Jd6qKIBDgj1pRVcNVpn+lakP+luEl
O89fo6a8cNFrwYABkvMmHU7GjcsDJMS9ESyJeoXioT9TKIJJ8MDQIeWPinnCKrHQ
+UOcxgDyS9Is78NWSZU2IeUPlcy0S8S3cUT1nQQFiHBK9Xsr6wy7AKi2gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPdWQh1xZeVFM8rQ9qAsQzqO1X/lMB8GA1UdIwQY
MBaAFE4PMcbv25pEW48XLwvg39UUK+AAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGc4eHh1X2Jta1JianhjdkMtRGYxUlFyNEFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9hY2E3OTAtNjMyOS00MTRhLWJlZDUt
YmFkMmNiNDgwOTEyLzEvOTFaQ0hYRmw1VVV6eXREMm9DeERPbzdWZi1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9hY2E3OTAtNjMyOS00MTRhLWJlZDUtYmFkMmNiNDgwOTEy
LzEvVGc4eHh1X2Jta1JianhjdkMtRGYxUlFyNEFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUlWMA0G
CSqGSIb3DQEBCwUAA4IBAQBwFNS8Y1QdBQk/8C2OVRq+hwfNoTxhFSVQCXp173rI
7beGPhTDcS5oQQpz8VmvOAo7cw8Pw1Eu44fgN4uYmdrvZXViQzSVRzZLEtEP4zIL
m70B0oKqO+1cudtd5KMTjh3kyhjT6anhnzqVaoTOg4sD6mnru55YDqNwMo43yh2Z
NfvOb0vnj/UtNsu5/ySyOxEQ7ch2Nfq2itPVQCv8i60uHYcWDiJKx5oYF298j6L2
eD5Bwk30Nu3ZikYTjVNwpaMhyaFcqsHlW3ogs7sTzHIKEkKma0UXNvBjuc4eta+m
OO8sow3XJ6B272QXRbBOz/6HzG+s5TpHM1+t/4n/QY2I
-----END CERTIFICATE-----