Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/70abb0-7aec-44f5-8583-bebee24feca9/1/vGkLbSDH1uJpYJ7xzGoQmZeUqxg.roa
File:                     vGkLbSDH1uJpYJ7xzGoQmZeUqxg.roa (raw, json)
Hash identifier:          2OV0rpyTFmg8lfpImi7TfQmWayywKrEbAhbjG35gI2o=
Subject key identifier:   BC:69:0B:6D:20:C7:D6:E2:69:60:9E:F1:CC:6A:10:99:97:94:AB:18
Certificate issuer:       /CN=3981073c223f751e33d7d40e792f529d1430fa7f
Certificate serial:       01980D91156774DC2E7256572D328DA39B71
Authority key identifier: 39:81:07:3C:22:3F:75:1E:33:D7:D4:0E:79:2F:52:9D:14:30:FA:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OYEHPCI_dR4z19QOeS9SnRQw-n8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/70abb0-7aec-44f5-8583-bebee24feca9/1/vGkLbSDH1uJpYJ7xzGoQmZeUqxg.roa
Signing time:             Tue 15 Jul 2025 10:11:08 +0000
ROA not before:           Tue 15 Jul 2025 10:11:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41904
IP address blocks:        91.102.216.0/22 maxlen: 22
                          91.102.220.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/70abb0-7aec-44f5-8583-bebee24feca9/1/OYEHPCI_dR4z19QOeS9SnRQw-n8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/70abb0-7aec-44f5-8583-bebee24feca9/1/OYEHPCI_dR4z19QOeS9SnRQw-n8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OYEHPCI_dR4z19QOeS9SnRQw-n8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:91:15:67:74:dc:2e:72:56:57:2d:32:8d:a3:9b:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3981073c223f751e33d7d40e792f529d1430fa7f
        Validity
            Not Before: Jul 15 10:11:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc690b6d20c7d6e269609ef1cc6a10999794ab18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:b8:c1:06:68:c6:1f:78:a0:1b:88:86:cd:af:
                    c1:a6:b7:35:66:fb:ca:70:4a:3b:d8:d8:b0:c5:7b:
                    c4:17:73:79:f0:5c:dc:e8:0c:2e:b8:26:84:b9:12:
                    98:a6:ed:93:7a:07:ae:00:13:1b:de:f9:0a:fa:44:
                    2d:65:eb:7c:ee:70:7c:5d:70:a9:3a:24:e0:aa:60:
                    ac:d3:03:a7:8f:e5:a0:5c:bf:08:80:71:c4:cd:ca:
                    36:18:ae:e2:cb:28:f7:00:02:ca:08:3f:4f:8e:c3:
                    c3:a7:9e:6d:e1:45:40:00:54:58:fd:6a:29:61:e9:
                    6a:e4:e6:09:e0:3a:49:b6:de:4c:41:af:48:57:09:
                    41:6e:94:f3:8f:33:ae:ae:a0:10:5e:65:31:1d:27:
                    30:55:5d:4a:5d:6c:60:f1:8d:67:a8:15:93:7c:61:
                    6c:0b:7f:75:a0:d9:3f:e7:3f:be:8f:e7:23:c1:67:
                    bb:99:ef:50:45:a3:9d:35:b6:92:77:c5:81:37:ab:
                    3d:6b:b4:b7:35:4d:a7:a6:75:86:61:4a:16:09:fb:
                    cc:b2:e9:b7:a3:d2:69:b9:56:4a:51:29:84:51:a7:
                    d3:25:24:26:29:55:3d:98:82:20:5f:32:c0:f4:75:
                    76:7f:92:6c:49:32:bd:35:91:4d:93:f0:f9:e1:bd:
                    00:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:69:0B:6D:20:C7:D6:E2:69:60:9E:F1:CC:6A:10:99:97:94:AB:18
            X509v3 Authority Key Identifier:
                keyid:39:81:07:3C:22:3F:75:1E:33:D7:D4:0E:79:2F:52:9D:14:30:FA:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OYEHPCI_dR4z19QOeS9SnRQw-n8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/70abb0-7aec-44f5-8583-bebee24feca9/1/vGkLbSDH1uJpYJ7xzGoQmZeUqxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/70abb0-7aec-44f5-8583-bebee24feca9/1/OYEHPCI_dR4z19QOeS9SnRQw-n8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         af:f1:84:6c:3e:e2:d9:b6:1b:84:f0:e2:f3:4f:99:7a:32:ce:
         e2:e8:cc:f5:35:2d:e0:c1:37:4a:78:8e:94:4e:e6:1d:89:a6:
         31:75:40:bd:2b:47:bf:e0:0c:49:31:1c:35:ca:26:c8:02:8f:
         c9:f7:1c:54:67:f1:84:d3:c3:52:30:43:1e:7d:e3:a8:5a:5a:
         1c:1c:ee:80:4f:d9:0b:57:53:76:78:ee:0c:18:13:94:73:86:
         07:e7:ce:8a:c6:79:4d:cb:c5:74:e2:37:04:f4:6a:27:3d:c9:
         40:e0:e3:bc:ea:5d:5e:9a:54:29:80:78:bb:c6:1b:48:58:00:
         6a:58:fe:8b:55:d0:76:95:88:a3:8a:af:aa:06:e6:79:ad:1b:
         c3:e2:89:2e:8d:4c:56:c1:03:24:53:73:95:8c:e7:d4:9c:69:
         8b:43:3f:97:58:93:50:2a:28:c2:7c:a1:d0:60:e0:67:18:70:
         c9:bd:f6:a2:65:d8:9a:ed:39:00:60:8c:72:43:d4:53:31:07:
         33:ea:aa:55:be:22:62:00:a3:c9:3d:a3:0b:45:4a:4c:d3:ca:
         ac:46:db:8d:c0:7b:d9:dc:ab:08:83:73:e3:3b:a2:d2:21:cd:
         1e:3a:2a:90:ba:70:c3:62:ee:f8:36:e8:70:4f:3b:a9:74:fb:
         9d:77:42:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgNkRVndNwuclZXLTKNo5txMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ODEwNzNjMjIzZjc1MWUzM2Q3ZDQwZTc5MmY1MjlkMTQz
MGZhN2YwHhcNMjUwNzE1MTAxMTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzY5MGI2ZDIwYzdkNmUyNjk2MDllZjFjYzZhMTA5OTk3OTRhYjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbjBBmjGH3igG4iGza/Bprc1ZvvK
cEo72NiwxXvEF3N58Fzc6AwuuCaEuRKYpu2TegeuABMb3vkK+kQtZet87nB8XXCp
OiTgqmCs0wOnj+WgXL8IgHHEzco2GK7iyyj3AALKCD9PjsPDp55t4UVAAFRY/Wop
Yelq5OYJ4DpJtt5MQa9IVwlBbpTzjzOurqAQXmUxHScwVV1KXWxg8Y1nqBWTfGFs
C391oNk/5z++j+cjwWe7me9QRaOdNbaSd8WBN6s9a7S3NU2npnWGYUoWCfvMsum3
o9JpuVZKUSmEUafTJSQmKVU9mIIgXzLA9HV2f5JsSTK9NZFNk/D54b0AyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLxpC20gx9biaWCe8cxqEJmXlKsYMB8GA1UdIwQY
MBaAFDmBBzwiP3UeM9fUDnkvUp0UMPp/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1lFSFBDSV9kUjR6MTlRT2VTOVNuUlF3LW44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS83MGFiYjAtN2FlYy00NGY1LTg1ODMt
YmViZWUyNGZlY2E5LzEvdkdrTGJTREgxdUpwWUo3eHpHb1FtWmVVcXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS83MGFiYjAtN2FlYy00NGY1LTg1ODMtYmViZWUyNGZlY2E5
LzEvT1lFSFBDSV9kUjR6MTlRT2VTOVNuUlF3LW44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW2bYMA0G
CSqGSIb3DQEBCwUAA4IBAQCv8YRsPuLZthuE8OLzT5l6Ms7i6Mz1NS3gwTdKeI6U
TuYdiaYxdUC9K0e/4AxJMRw1yibIAo/J9xxUZ/GE08NSMEMefeOoWlocHO6AT9kL
V1N2eO4MGBOUc4YH586KxnlNy8V04jcE9GonPclA4OO86l1emlQpgHi7xhtIWABq
WP6LVdB2lYijiq+qBuZ5rRvD4okujUxWwQMkU3OVjOfUnGmLQz+XWJNQKijCfKHQ
YOBnGHDJvfaiZdia7TkAYIxyQ9RTMQcz6qpVviJiAKPJPaMLRUpM08qsRtuNwHvZ
3KsIg3PjO6LSIc0eOiqQunDDYu74NuhwTzupdPudd0J3
-----END CERTIFICATE-----