Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/09rZaDf9P6R4diZdTpqbdJFmS5g.roa
File:                     09rZaDf9P6R4diZdTpqbdJFmS5g.roa (raw, json)
Hash identifier:          nJaLySku8ZYvCwVFCoV24PH4wOMxHH06lLCXG71Fdv0=
Subject key identifier:   D3:DA:D9:68:37:FD:3F:A4:78:76:26:5D:4E:9A:9B:74:91:66:4B:98
Certificate issuer:       /CN=3d0483538737453e2f57ffb57499c3922e83636d
Certificate serial:       0197E446ECB321113AD66AE4208759A61831
Authority key identifier: 3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/09rZaDf9P6R4diZdTpqbdJFmS5g.roa
Signing time:             Mon 07 Jul 2025 09:45:42 +0000
ROA not before:           Mon 07 Jul 2025 09:45:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198584
IP address blocks:        91.245.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:46:ec:b3:21:11:3a:d6:6a:e4:20:87:59:a6:18:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d0483538737453e2f57ffb57499c3922e83636d
        Validity
            Not Before: Jul  7 09:45:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3dad96837fd3fa47876265d4e9a9b7491664b98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:dd:13:62:56:56:2a:62:be:99:27:45:8b:8c:
                    a7:de:75:ce:59:2d:02:fa:ed:b3:1a:7f:00:95:8d:
                    97:60:55:39:d2:85:ef:a5:9c:d1:37:c5:0e:c2:89:
                    90:77:a5:b8:74:c5:4c:c5:99:1e:ef:b6:2d:f2:28:
                    0a:fe:4c:7c:5e:9e:48:7c:a6:6c:5a:6d:51:67:2e:
                    db:be:6d:70:8a:7d:1c:f7:9b:ab:6f:3b:be:38:ee:
                    15:45:02:56:14:fb:e2:c4:4d:21:18:7d:01:27:6f:
                    05:4c:70:8a:1d:84:36:af:2d:3d:ca:63:14:c0:f3:
                    3d:82:4e:85:0c:c1:6f:82:07:11:a6:7c:bb:b4:71:
                    47:5f:71:b1:25:f7:ff:29:4c:3a:01:a4:f4:4b:ae:
                    a5:6b:0d:b7:65:1a:64:72:45:5b:63:86:b5:26:d1:
                    fc:18:2a:23:1c:17:e2:6b:67:b6:54:49:04:f1:2f:
                    9d:09:bc:fc:59:17:c8:18:3a:ce:2f:61:c7:f2:b3:
                    d1:9d:8d:d3:c2:56:14:46:80:16:1b:42:ed:b6:33:
                    11:0f:70:e3:f6:01:42:16:19:d7:e3:f7:cd:28:4a:
                    08:c0:57:4d:5a:e3:e7:71:8e:05:cc:76:63:45:81:
                    c2:f6:99:22:2f:8f:f2:04:f9:a6:cf:1c:a7:b1:8b:
                    00:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:DA:D9:68:37:FD:3F:A4:78:76:26:5D:4E:9A:9B:74:91:66:4B:98
            X509v3 Authority Key Identifier:
                keyid:3D:04:83:53:87:37:45:3E:2F:57:FF:B5:74:99:C3:92:2E:83:63:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PQSDU4c3RT4vV_-1dJnDki6DY20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/09rZaDf9P6R4diZdTpqbdJFmS5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/e106c3-0b1f-4010-86f1-65a46c8e41e9/1/PQSDU4c3RT4vV_-1dJnDki6DY20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.245.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:3f:9c:ab:38:ab:4b:a4:34:d9:97:c5:1f:9f:ca:bd:87:5e:
         bc:04:09:89:b7:bf:5d:a7:47:06:38:ff:c6:af:2a:0f:30:e2:
         b7:a9:14:1e:10:d0:fd:d0:12:e6:95:95:f1:af:0f:2f:bf:2d:
         3f:95:18:50:51:73:7f:71:d1:0f:c9:e6:c6:bf:dd:05:8d:77:
         16:96:85:32:36:50:cf:97:a4:d0:61:9d:71:40:22:84:2c:f5:
         98:cf:1b:db:29:9c:a2:95:95:79:13:b3:7a:12:ff:f7:42:21:
         bc:ec:34:4d:9b:d9:1a:3a:b5:26:44:83:44:fc:99:95:b9:d7:
         c1:b7:2c:17:b8:68:c9:82:11:03:c2:82:d2:28:73:a0:dd:78:
         8c:a6:83:59:d6:53:48:0e:a5:7f:24:1b:7a:b0:5f:69:d4:29:
         5f:e6:60:6a:3d:10:3d:75:0c:a3:4a:17:4a:06:37:1d:57:b4:
         ce:19:ab:28:0f:27:cb:b6:dc:bc:9f:1f:f9:8a:b6:70:d1:ad:
         a0:31:a9:90:ac:fd:8a:60:2b:63:63:da:5b:0e:c3:ff:43:ed:
         46:19:7e:9c:65:1c:72:d6:6e:ad:d4:fe:db:9e:af:33:88:f8:
         25:fc:99:07:06:19:06:b9:1d:1f:d5:5e:bc:2a:b1:b8:65:31:
         fc:03:af:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfkRuyzIRE61mrkIIdZphgxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkMDQ4MzUzODczNzQ1M2UyZjU3ZmZiNTc0OTljMzkyMmU4
MzYzNmQwHhcNMjUwNzA3MDk0NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2RhZDk2ODM3ZmQzZmE0Nzg3NjI2NWQ0ZTlhOWI3NDkxNjY0Yjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyt0TYlZWKmK+mSdFi4yn3nXOWS0C
+u2zGn8AlY2XYFU50oXvpZzRN8UOwomQd6W4dMVMxZke77Yt8igK/kx8Xp5IfKZs
Wm1RZy7bvm1win0c95urbzu+OO4VRQJWFPvixE0hGH0BJ28FTHCKHYQ2ry09ymMU
wPM9gk6FDMFvggcRpny7tHFHX3GxJff/KUw6AaT0S66law23ZRpkckVbY4a1JtH8
GCojHBfia2e2VEkE8S+dCbz8WRfIGDrOL2HH8rPRnY3TwlYURoAWG0LttjMRD3Dj
9gFCFhnX4/fNKEoIwFdNWuPncY4FzHZjRYHC9pkiL4/yBPmmzxynsYsA/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPa2Wg3/T+keHYmXU6am3SRZkuYMB8GA1UdIwQY
MBaAFD0Eg1OHN0U+L1f/tXSZw5Iug2NtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEt
NjVhNDZjOGU0MWU5LzEvMDlyWmFEZjlQNlI0ZGlaZFRwcWJkSkZtUzVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS9lMTA2YzMtMGIxZi00MDEwLTg2ZjEtNjVhNDZjOGU0MWU5
LzEvUFFTRFU0YzNSVDR2Vl8tMWRKbkRraTZEWTIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/XcMA0G
CSqGSIb3DQEBCwUAA4IBAQCGP5yrOKtLpDTZl8Ufn8q9h168BAmJt79dp0cGOP/G
ryoPMOK3qRQeEND90BLmlZXxrw8vvy0/lRhQUXN/cdEPyebGv90FjXcWloUyNlDP
l6TQYZ1xQCKELPWYzxvbKZyilZV5E7N6Ev/3QiG87DRNm9kaOrUmRINE/JmVudfB
tywXuGjJghEDwoLSKHOg3XiMpoNZ1lNIDqV/JBt6sF9p1Clf5mBqPRA9dQyjShdK
BjcdV7TOGasoDyfLtty8nx/5irZw0a2gMamQrP2KYCtjY9pbDsP/Q+1GGX6cZRxy
1m6t1P7bnq8ziPgl/JkHBhkGuR0f1V68KrG4ZTH8A6+1
-----END CERTIFICATE-----