Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/E52umvqQxMGeGlf8rcBzmv4TZFw.roa
File:                     E52umvqQxMGeGlf8rcBzmv4TZFw.roa (raw, json)
Hash identifier:          iaD+YtA9V26rQvNJHgJOjik59FjzPZV6xeLKbH/v0iE=
Subject key identifier:   13:9D:AE:9A:FA:90:C4:C1:9E:1A:57:FC:AD:C0:73:9A:FE:13:64:5C
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019A2B2B34ABDACB352612D65CE57441F10D
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/E52umvqQxMGeGlf8rcBzmv4TZFw.roa
Signing time:             Tue 28 Oct 2025 14:14:03 +0000
ROA not before:           Tue 28 Oct 2025 14:14:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208185
IP address blocks:        91.223.110.0/24 maxlen: 24
                          195.211.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2b:2b:34:ab:da:cb:35:26:12:d6:5c:e5:74:41:f1:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct 28 14:14:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=139dae9afa90c4c19e1a57fcadc0739afe13645c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:62:2e:e9:45:b6:d0:fb:81:12:e6:7d:75:da:
                    59:ec:1e:33:a1:2d:95:a6:7e:e7:08:1d:0e:59:21:
                    56:41:bf:2e:12:cd:a5:55:a8:31:c0:dd:ed:3a:91:
                    6e:61:47:95:ae:81:df:85:52:65:d3:02:ef:be:83:
                    55:91:f6:a7:16:f3:fb:51:40:1a:05:94:f3:39:9b:
                    a9:04:3c:ef:8f:ca:f2:7d:7d:cd:f7:b7:71:35:e4:
                    f7:f1:67:3c:7c:c4:db:a8:e8:f9:2d:ab:c9:3b:25:
                    9a:a2:74:9c:73:46:37:a5:0c:9e:b8:25:ab:4f:de:
                    7b:bf:f1:8e:23:7c:59:2e:67:8f:60:55:6f:4e:c4:
                    16:75:1b:e8:59:78:7a:19:23:03:50:ba:56:d7:30:
                    d8:82:3b:74:46:98:7c:98:7e:08:6f:7e:98:1e:fe:
                    f1:5d:c6:4e:c4:ee:9f:96:d8:f8:8a:ec:66:d8:63:
                    52:6a:70:5d:bd:bb:2d:b9:7b:fb:c6:0b:96:94:c9:
                    5e:ed:b1:fc:72:a9:49:ce:67:dd:12:de:b7:23:20:
                    fb:92:6c:49:8e:88:44:2e:42:7a:75:a8:df:bc:bf:
                    13:5f:c4:8f:36:b6:a9:53:fd:ee:1a:23:73:d2:e8:
                    17:aa:10:25:67:7a:24:5e:73:8a:ce:05:9c:c0:ad:
                    96:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:9D:AE:9A:FA:90:C4:C1:9E:1A:57:FC:AD:C0:73:9A:FE:13:64:5C
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/E52umvqQxMGeGlf8rcBzmv4TZFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.110.0/24
                  195.211.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:05:f7:d7:47:3b:66:98:a3:a5:68:f7:cf:88:4c:d2:9d:63:
         fc:34:68:e8:84:72:94:c3:66:c6:8f:7b:70:95:33:60:36:76:
         a6:3e:f0:e9:c2:e7:89:0e:d2:f0:67:30:6b:e6:23:01:b0:00:
         e7:27:95:fe:46:33:b4:cb:49:e0:47:55:a3:fa:1b:69:36:16:
         33:b3:25:df:e6:51:ed:8f:ea:11:90:34:8f:70:10:d2:4a:af:
         4d:01:88:aa:70:d1:ce:c9:3d:14:99:2b:52:08:3d:eb:dd:7a:
         7d:ad:b5:b0:fe:30:36:8f:e6:6a:58:0b:b4:03:0d:a5:37:07:
         be:f2:d8:7d:57:28:60:27:33:a6:f7:2f:4f:62:a8:40:55:58:
         4e:a4:7b:2b:40:00:f4:9d:6e:86:c6:10:c0:a8:69:e5:6e:b6:
         18:19:46:14:b7:d5:1c:03:c4:60:6d:b6:da:9d:42:69:36:ab:
         28:49:1e:0c:cf:ae:3a:20:9a:5f:ed:fd:7e:ff:0e:96:51:58:
         6d:bc:bd:58:97:3e:dd:fe:6f:e7:07:6c:9c:24:7d:dd:4f:7f:
         5e:5b:af:4e:91:4b:66:8d:50:c8:9a:89:16:5e:9e:c5:1c:13:
         8a:7c:95:83:a0:98:c9:b1:e2:53:82:38:0e:4d:f7:8d:9a:61:
         06:71:72:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZorKzSr2ss1JhLWXOV0QfENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUxMDI4MTQxNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzlkYWU5YWZhOTBjNGMxOWUxYTU3ZmNhZGMwNzM5YWZlMTM2NDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWIu6UW20PuBEuZ9ddpZ7B4zoS2V
pn7nCB0OWSFWQb8uEs2lVagxwN3tOpFuYUeVroHfhVJl0wLvvoNVkfanFvP7UUAa
BZTzOZupBDzvj8ryfX3N97dxNeT38Wc8fMTbqOj5LavJOyWaonScc0Y3pQyeuCWr
T957v/GOI3xZLmePYFVvTsQWdRvoWXh6GSMDULpW1zDYgjt0Rph8mH4Ib36YHv7x
XcZOxO6fltj4iuxm2GNSanBdvbstuXv7xguWlMle7bH8cqlJzmfdEt63IyD7kmxJ
johELkJ6dajfvL8TX8SPNrapU/3uGiNz0ugXqhAlZ3okXnOKzgWcwK2WJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBOdrpr6kMTBnhpX/K3Ac5r+E2RcMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvRTUydW12cVF4TUdlR2xmOHJjQnptdjRUWkZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW99uAwQA
w9O8MA0GCSqGSIb3DQEBCwUAA4IBAQA0BffXRztmmKOlaPfPiEzSnWP8NGjohHKU
w2bGj3twlTNgNnamPvDpwueJDtLwZzBr5iMBsADnJ5X+RjO0y0ngR1Wj+htpNhYz
syXf5lHtj+oRkDSPcBDSSq9NAYiqcNHOyT0UmStSCD3r3Xp9rbWw/jA2j+ZqWAu0
Aw2lNwe+8th9VyhgJzOm9y9PYqhAVVhOpHsrQAD0nW6GxhDAqGnlbrYYGUYUt9Uc
A8RgbbbanUJpNqsoSR4Mz646IJpf7f1+/w6WUVhtvL1Ylz7d/m/nB2ycJH3dT39e
W69OkUtmjVDImokWXp7FHBOKfJWDoJjJseJTgjgOTfeNmmEGcXKb
-----END CERTIFICATE-----