Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/2a7fd4-5de0-4a11-a253-dff3bcee6b66/1/N9bR_mBXXHjDIFBVaDKi9gxaXJ0.roa
File:                     N9bR_mBXXHjDIFBVaDKi9gxaXJ0.roa (raw, json)
Hash identifier:          t/vnY4c9w46jNFfl6Ql0aCTX7Py6QOE0v9MYkC3oE08=
Subject key identifier:   37:D6:D1:FE:60:57:5C:78:C3:20:50:55:68:32:A2:F6:0C:5A:5C:9D
Certificate issuer:       /CN=816aa91ab1274e475397b907a655f91e9d605e0e
Certificate serial:       01981345B630996C9778DDDCAC3F67C62CA1
Authority key identifier: 81:6A:A9:1A:B1:27:4E:47:53:97:B9:07:A6:55:F9:1E:9D:60:5E:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gWqpGrEnTkdTl7kHplX5Hp1gXg4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/2a7fd4-5de0-4a11-a253-dff3bcee6b66/1/N9bR_mBXXHjDIFBVaDKi9gxaXJ0.roa
Signing time:             Wed 16 Jul 2025 12:46:32 +0000
ROA not before:           Wed 16 Jul 2025 12:46:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47376
IP address blocks:        91.198.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/2a7fd4-5de0-4a11-a253-dff3bcee6b66/1/gWqpGrEnTkdTl7kHplX5Hp1gXg4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/2a7fd4-5de0-4a11-a253-dff3bcee6b66/1/gWqpGrEnTkdTl7kHplX5Hp1gXg4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gWqpGrEnTkdTl7kHplX5Hp1gXg4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 02:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:13:45:b6:30:99:6c:97:78:dd:dc:ac:3f:67:c6:2c:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=816aa91ab1274e475397b907a655f91e9d605e0e
        Validity
            Not Before: Jul 16 12:46:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37d6d1fe60575c78c32050556832a2f60c5a5c9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3c:78:d7:c3:6e:4c:77:5e:81:38:37:1d:73:
                    3a:10:78:80:6c:f8:bf:0a:b7:ed:af:9b:e6:a1:4b:
                    5c:66:3f:26:34:f3:3e:0e:fa:b6:33:bc:fb:43:b7:
                    86:a3:87:5a:0f:0c:fe:c7:8b:17:ea:36:1c:b0:a7:
                    7a:6b:23:75:3a:a2:93:ba:60:cb:bb:51:93:45:83:
                    57:8e:76:2c:3d:2d:4a:05:be:fd:73:35:44:34:7e:
                    bb:85:49:37:74:86:86:96:ba:13:10:2f:05:e3:49:
                    6f:b0:9c:2e:2f:be:1f:da:38:d5:03:95:0f:61:b3:
                    dd:06:bd:8d:cc:e7:00:8d:5d:cc:b2:b4:10:6b:a4:
                    71:7f:51:db:8f:20:d0:6d:72:eb:07:f3:a9:90:7f:
                    f4:03:c9:8c:b8:1a:12:24:94:f0:32:be:d1:e1:d7:
                    34:d6:6f:ce:11:75:6a:b6:56:7d:f9:e9:e6:4c:ee:
                    eb:91:72:83:b7:97:bb:3b:1f:37:61:c7:75:ef:ba:
                    38:52:9a:59:36:da:eb:36:4a:06:b1:04:24:04:94:
                    e4:f6:48:66:91:e6:1f:ae:78:82:fd:af:47:52:12:
                    0b:ae:54:48:2f:f4:96:5b:33:83:db:c7:a6:60:8b:
                    a5:f8:1b:29:67:34:f4:cd:a0:7d:bd:0f:30:12:f9:
                    bd:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:D6:D1:FE:60:57:5C:78:C3:20:50:55:68:32:A2:F6:0C:5A:5C:9D
            X509v3 Authority Key Identifier:
                keyid:81:6A:A9:1A:B1:27:4E:47:53:97:B9:07:A6:55:F9:1E:9D:60:5E:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gWqpGrEnTkdTl7kHplX5Hp1gXg4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/2a7fd4-5de0-4a11-a253-dff3bcee6b66/1/N9bR_mBXXHjDIFBVaDKi9gxaXJ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/2a7fd4-5de0-4a11-a253-dff3bcee6b66/1/gWqpGrEnTkdTl7kHplX5Hp1gXg4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:d8:3d:e6:3d:a6:49:5f:0b:01:37:dc:02:a8:73:9d:de:6a:
         36:13:4a:9a:b9:8b:74:78:6b:6e:04:34:17:e2:0a:7d:d3:77:
         99:44:76:09:4a:de:da:95:c2:9f:4c:9c:79:4a:93:b2:d8:99:
         d2:4e:47:00:06:62:c7:33:38:92:1f:40:92:1a:c0:78:d8:2f:
         a0:72:57:86:61:21:c9:14:8d:e1:50:c9:78:6f:09:45:36:c9:
         d4:73:6e:e9:e7:0d:97:f0:ce:42:d6:14:18:8a:73:52:25:e5:
         8c:6c:6a:c5:d1:49:2a:48:63:41:4c:0e:4c:68:ad:ae:8c:d0:
         87:26:37:a7:a2:06:14:02:45:63:d4:65:73:02:e6:7f:1d:5b:
         24:fb:da:a4:f6:e7:bd:76:a8:76:c2:e4:08:56:f1:d1:f5:73:
         35:7a:7f:c9:e9:60:98:45:ff:f7:83:92:46:35:18:da:b7:7c:
         0c:2c:a1:33:a4:c9:3b:f1:7d:a2:60:e5:ef:92:3b:9c:f8:b7:
         2a:b7:f3:aa:07:bd:f1:bc:95:8b:33:7d:4f:c9:96:51:a7:90:
         61:4a:61:30:66:cf:75:55:d2:a8:fa:2a:56:cd:e6:d8:7e:51:
         73:9b:92:59:7c:f6:9e:19:39:5e:dc:df:81:86:f1:bb:a8:51:
         c8:8b:07:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgTRbYwmWyXeN3crD9nxiyhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNmFhOTFhYjEyNzRlNDc1Mzk3YjkwN2E2NTVmOTFlOWQ2
MDVlMGUwHhcNMjUwNzE2MTI0NjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2Q2ZDFmZTYwNTc1Yzc4YzMyMDUwNTU2ODMyYTJmNjBjNWE1YzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDx418NuTHdegTg3HXM6EHiAbPi/
Crftr5vmoUtcZj8mNPM+Dvq2M7z7Q7eGo4daDwz+x4sX6jYcsKd6ayN1OqKTumDL
u1GTRYNXjnYsPS1KBb79czVENH67hUk3dIaGlroTEC8F40lvsJwuL74f2jjVA5UP
YbPdBr2NzOcAjV3MsrQQa6Rxf1HbjyDQbXLrB/OpkH/0A8mMuBoSJJTwMr7R4dc0
1m/OEXVqtlZ9+enmTO7rkXKDt5e7Ox83Ycd177o4UppZNtrrNkoGsQQkBJTk9khm
keYfrniC/a9HUhILrlRIL/SWWzOD28emYIul+BspZzT0zaB9vQ8wEvm9jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDfW0f5gV1x4wyBQVWgyovYMWlydMB8GA1UdIwQY
MBaAFIFqqRqxJ05HU5e5B6ZV+R6dYF4OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1dxcEdyRW5Ua2RUbDdrSHBsWDVIcDFnWGc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi8yYTdmZDQtNWRlMC00YTExLWEyNTMt
ZGZmM2JjZWU2YjY2LzEvTjliUl9tQlhYSGpESUZCVmFES2k5Z3hhWEowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi8yYTdmZDQtNWRlMC00YTExLWEyNTMtZGZmM2JjZWU2YjY2
LzEvZ1dxcEdyRW5Ua2RUbDdrSHBsWDVIcDFnWGc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZuMA0G
CSqGSIb3DQEBCwUAA4IBAQBA2D3mPaZJXwsBN9wCqHOd3mo2E0qauYt0eGtuBDQX
4gp903eZRHYJSt7alcKfTJx5SpOy2JnSTkcABmLHMziSH0CSGsB42C+gcleGYSHJ
FI3hUMl4bwlFNsnUc27p5w2X8M5C1hQYinNSJeWMbGrF0UkqSGNBTA5MaK2ujNCH
JjenogYUAkVj1GVzAuZ/HVsk+9qk9ue9dqh2wuQIVvHR9XM1en/J6WCYRf/3g5JG
NRjat3wMLKEzpMk78X2iYOXvkjuc+Lcqt/OqB73xvJWLM31PyZZRp5BhSmEwZs91
VdKo+ipWzebYflFzm5JZfPaeGTle3N+BhvG7qFHIiwel
-----END CERTIFICATE-----