Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/m5KBBE427X6qmHT4bUj8U2aV0eI.roa
File:                     m5KBBE427X6qmHT4bUj8U2aV0eI.roa (raw, json)
Hash identifier:          ZtrJHg2KpM74Mz4iyk/Fn1FwoQYy02Myz+PPBnU2LX8=
Subject key identifier:   9B:92:81:04:4E:36:ED:7E:AA:98:74:F8:6D:48:FC:53:66:95:D1:E2
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       0197CBBF5319AC1BB061A86D925A46E4C144
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/m5KBBE427X6qmHT4bUj8U2aV0eI.roa
Signing time:             Wed 02 Jul 2025 15:26:42 +0000
ROA not before:           Wed 02 Jul 2025 15:26:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215419
IP address blocks:        91.132.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cb:bf:53:19:ac:1b:b0:61:a8:6d:92:5a:46:e4:c1:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jul  2 15:26:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b9281044e36ed7eaa9874f86d48fc536695d1e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7a:17:5f:2f:9b:c7:5a:f9:50:b5:2b:02:19:
                    a8:8a:e3:71:2a:d2:1b:08:73:69:5f:95:26:8e:51:
                    46:95:74:63:4a:a0:db:99:82:70:88:29:64:df:5e:
                    95:95:53:35:b3:4c:a5:ff:9a:c7:85:3f:57:ce:97:
                    e7:2f:2f:0c:88:86:00:79:77:94:ce:10:76:cc:a3:
                    2a:5e:0d:79:a4:23:f9:3e:5e:89:ae:a0:4f:b6:23:
                    94:37:f1:23:c2:7f:32:bc:c8:4b:8b:42:65:51:20:
                    da:aa:7a:a9:9f:ff:8a:b7:05:87:9d:e8:f0:e0:a8:
                    fe:5e:08:85:2a:47:b3:25:fb:c6:35:b8:ad:d5:1b:
                    17:3e:ea:58:73:93:32:2f:f9:39:08:7d:45:6d:8f:
                    4b:c4:6a:3f:dc:20:92:ee:11:36:4f:8e:84:32:c2:
                    19:4d:da:a2:6f:66:a1:86:47:e9:97:63:00:18:ad:
                    bc:d0:37:14:9e:b6:8d:dd:f2:60:e2:ec:93:ed:81:
                    33:81:b5:c1:c4:d4:da:61:5e:da:ca:fc:de:3c:19:
                    a9:0d:7b:cd:32:ba:7a:6c:53:1a:66:51:48:63:4c:
                    5f:43:5f:2f:34:c7:9b:5c:78:6b:d9:67:16:73:f7:
                    23:e6:1b:be:f9:8c:62:a9:63:9e:38:13:65:b0:8e:
                    b3:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:92:81:04:4E:36:ED:7E:AA:98:74:F8:6D:48:FC:53:66:95:D1:E2
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/m5KBBE427X6qmHT4bUj8U2aV0eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:c8:2d:e1:0c:fb:f3:69:e2:98:cf:3c:2c:36:07:75:74:3e:
         ec:c2:d3:c1:7a:93:b6:b4:eb:89:50:d2:fc:06:d0:51:4e:d5:
         07:18:3b:f2:22:ee:fb:fb:51:e3:a7:79:68:85:d3:24:60:e7:
         b7:75:42:d5:b0:b2:2b:68:48:c8:f8:d0:1d:ea:52:8e:15:4e:
         63:e0:71:b4:63:83:95:03:d1:a5:1d:32:41:25:5c:65:83:92:
         49:4a:40:2b:2b:70:8c:3b:2e:8f:dc:b0:0b:25:9e:f4:65:ee:
         38:b0:d9:58:4d:59:bf:e3:65:cc:41:76:46:30:2f:72:20:02:
         3f:f8:99:aa:ca:bb:13:65:7e:dd:0a:dd:c3:78:33:68:11:96:
         be:2e:db:b5:31:5b:0d:d5:42:4f:9b:90:75:f2:b4:14:8a:a8:
         f1:a6:57:97:70:d6:9e:30:f8:77:dc:e2:08:92:b8:51:0a:e5:
         37:09:fd:af:1d:d0:8e:69:1f:68:6e:f4:d2:4b:fa:f2:75:6f:
         f3:83:24:71:1f:79:7d:6f:b1:43:07:9a:0b:0f:0d:f1:d7:5c:
         eb:ee:69:81:67:22:ed:29:4a:ab:6b:48:9a:65:ca:e2:0c:56:
         0d:b3:33:e5:2f:65:6c:4f:72:84:ac:90:34:17:df:f2:0b:92:
         fe:36:a2:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfLv1MZrBuwYahtklpG5MFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNzAyMTUyNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjkyODEwNDRlMzZlZDdlYWE5ODc0Zjg2ZDQ4ZmM1MzY2OTVkMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXoXXy+bx1r5ULUrAhmoiuNxKtIb
CHNpX5UmjlFGlXRjSqDbmYJwiClk316VlVM1s0yl/5rHhT9XzpfnLy8MiIYAeXeU
zhB2zKMqXg15pCP5Pl6JrqBPtiOUN/Ejwn8yvMhLi0JlUSDaqnqpn/+KtwWHnejw
4Kj+XgiFKkezJfvGNbit1RsXPupYc5MyL/k5CH1FbY9LxGo/3CCS7hE2T46EMsIZ
Tdqib2ahhkfpl2MAGK280DcUnraN3fJg4uyT7YEzgbXBxNTaYV7ayvzePBmpDXvN
Mrp6bFMaZlFIY0xfQ18vNMebXHhr2WcWc/cj5hu++YxiqWOeOBNlsI6z1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJuSgQRONu1+qph0+G1I/FNmldHiMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvbTVLQkJFNDI3WDZxbUhUNGJVajhVMmFWMGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW4QyMA0G
CSqGSIb3DQEBCwUAA4IBAQA6yC3hDPvzaeKYzzwsNgd1dD7swtPBepO2tOuJUNL8
BtBRTtUHGDvyIu77+1Hjp3lohdMkYOe3dULVsLIraEjI+NAd6lKOFU5j4HG0Y4OV
A9GlHTJBJVxlg5JJSkArK3CMOy6P3LALJZ70Ze44sNlYTVm/42XMQXZGMC9yIAI/
+JmqyrsTZX7dCt3DeDNoEZa+Ltu1MVsN1UJPm5B18rQUiqjxpleXcNaeMPh33OII
krhRCuU3Cf2vHdCOaR9obvTSS/rydW/zgyRxH3l9b7FDB5oLDw3x11zr7mmBZyLt
KUqra0iaZcriDFYNszPlL2VsT3KErJA0F9/yC5L+NqLk
-----END CERTIFICATE-----