Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/49CKyADgLLIvTuESaHIzqHu2gtg.roa
File:                     49CKyADgLLIvTuESaHIzqHu2gtg.roa (raw, json)
Hash identifier:          5CuCUUa8X7/ocW7RyLEv8Vb6VI17HgQju5mFySfuyAs=
Subject key identifier:   E3:D0:8A:C8:00:E0:2C:B2:2F:4E:E1:12:68:72:33:A8:7B:B6:82:D8
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       01984166AE11506B990F6F69CD3B52CA6EB5
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/49CKyADgLLIvTuESaHIzqHu2gtg.roa
Signing time:             Fri 25 Jul 2025 11:45:05 +0000
ROA not before:           Fri 25 Jul 2025 11:45:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206411
IP address blocks:        91.190.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 11:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:41:66:ae:11:50:6b:99:0f:6f:69:cd:3b:52:ca:6e:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Jul 25 11:45:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3d08ac800e02cb22f4ee112687233a87bb682d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:de:3d:c5:86:61:43:c4:82:04:14:ab:63:c0:
                    77:83:0b:f2:8f:34:6e:90:6b:fc:9d:76:7c:eb:93:
                    3b:b1:7f:63:02:4a:7b:b5:a5:fb:f0:98:c1:be:58:
                    97:a4:b5:59:c8:7a:95:79:10:7d:5b:94:e3:69:21:
                    d8:f6:00:5a:cd:97:fe:c6:b4:12:e4:27:90:87:49:
                    78:4a:1b:f6:17:b4:47:33:93:57:75:0b:a7:31:f5:
                    4d:7d:cd:f2:46:bb:e4:de:79:ce:ab:99:14:82:60:
                    4c:20:39:2e:d4:73:9b:3e:15:6a:d9:3c:14:8d:25:
                    37:f2:ee:9b:fd:b7:95:ed:2c:46:7a:82:22:55:1d:
                    85:ba:13:e8:e6:5f:48:1f:8d:95:9a:16:78:72:d1:
                    c9:66:6a:9f:d2:0f:39:60:cd:68:a7:1c:88:84:13:
                    17:e1:1e:09:f7:71:34:ca:aa:11:bb:2e:a2:f5:fd:
                    f2:25:b6:98:27:f3:91:38:53:d0:81:24:a7:fc:ba:
                    65:2f:ee:6f:87:d0:18:76:3a:5d:4f:64:dd:a3:36:
                    d6:7d:d1:89:43:15:e7:9e:96:77:a2:e5:54:08:11:
                    ac:10:d8:ce:b7:0c:dc:91:6c:df:1b:1c:a8:26:21:
                    bd:5d:1f:47:87:7a:0e:79:05:80:e0:81:2b:e5:30:
                    3e:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:D0:8A:C8:00:E0:2C:B2:2F:4E:E1:12:68:72:33:A8:7B:B6:82:D8
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/49CKyADgLLIvTuESaHIzqHu2gtg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:3b:ae:1b:6e:13:8b:ed:57:a2:61:64:bd:b2:92:e2:4a:97:
         04:c3:fb:06:59:dd:f7:1e:3d:eb:ad:16:85:10:72:a4:d9:5d:
         f5:e7:b0:d1:c7:46:16:b5:52:37:27:8b:61:2a:32:d5:4c:8c:
         c1:fe:ec:34:3f:4a:7a:de:76:39:ca:a7:40:0a:ca:b1:eb:81:
         c4:e1:9d:e9:aa:1a:d8:4f:96:8c:a5:23:a4:f3:f9:b6:b3:cb:
         13:c1:8c:41:e0:49:0d:21:49:6d:6d:ab:ec:6f:cb:70:de:3c:
         9b:ba:20:dd:18:69:da:7a:15:49:c3:e7:66:53:9c:1f:50:ad:
         22:73:5f:ba:8c:27:8e:99:8e:54:0c:29:67:6c:5f:22:9c:e2:
         59:6d:fd:80:c6:83:c7:a5:29:91:65:1d:10:c6:49:0a:eb:e7:
         30:2d:68:a4:ad:83:e4:f2:d9:37:74:34:3d:96:d9:ce:bd:ea:
         de:b4:65:8f:8f:33:f7:83:06:40:54:7f:31:1b:87:87:6d:9a:
         76:05:39:ae:9f:d7:ba:d6:a7:d1:06:3d:14:d3:67:01:7e:ac:
         6f:02:9d:96:41:b8:2d:6d:94:a4:70:8f:80:96:34:49:94:24:
         72:dd:d3:56:ab:13:3e:99:23:98:fa:c5:31:a8:06:5b:11:b2:
         2a:2a:19:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhBZq4RUGuZD29pzTtSym61MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjUwNzI1MTE0NTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2QwOGFjODAwZTAyY2IyMmY0ZWUxMTI2ODcyMzNhODdiYjY4MmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3N49xYZhQ8SCBBSrY8B3gwvyjzRu
kGv8nXZ865M7sX9jAkp7taX78JjBvliXpLVZyHqVeRB9W5TjaSHY9gBazZf+xrQS
5CeQh0l4Shv2F7RHM5NXdQunMfVNfc3yRrvk3nnOq5kUgmBMIDku1HObPhVq2TwU
jSU38u6b/beV7SxGeoIiVR2FuhPo5l9IH42VmhZ4ctHJZmqf0g85YM1opxyIhBMX
4R4J93E0yqoRuy6i9f3yJbaYJ/OROFPQgSSn/LplL+5vh9AYdjpdT2TdozbWfdGJ
QxXnnpZ3ouVUCBGsENjOtwzckWzfGxyoJiG9XR9Hh3oOeQWA4IEr5TA+UQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOPQisgA4CyyL07hEmhyM6h7toLYMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvNDlDS3lBRGdMTEl2VHVFU2FISXpxSHUyZ3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW765MA0G
CSqGSIb3DQEBCwUAA4IBAQBZO64bbhOL7VeiYWS9spLiSpcEw/sGWd33Hj3rrRaF
EHKk2V3157DRx0YWtVI3J4thKjLVTIzB/uw0P0p63nY5yqdACsqx64HE4Z3pqhrY
T5aMpSOk8/m2s8sTwYxB4EkNIUltbavsb8tw3jybuiDdGGnaehVJw+dmU5wfUK0i
c1+6jCeOmY5UDClnbF8inOJZbf2AxoPHpSmRZR0QxkkK6+cwLWikrYPk8tk3dDQ9
ltnOveretGWPjzP3gwZAVH8xG4eHbZp2BTmun9e61qfRBj0U02cBfqxvAp2WQbgt
bZSkcI+AljRJlCRy3dNWqxM+mSOY+sUxqAZbEbIqKhmr
-----END CERTIFICATE-----