Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/845dbc-c764-49fa-b9aa-5961d346a172/1/Bw1UT74k-dOGeuGPKO4Kh8QWil8.roa
File:                     Bw1UT74k-dOGeuGPKO4Kh8QWil8.roa (raw, json)
Hash identifier:          hfrkdnxNY3IQTF5ruyFfonVNss2RvXrobwb71f8Yp7U=
Subject key identifier:   07:0D:54:4F:BE:24:F9:D3:86:7A:E1:8F:28:EE:0A:87:C4:16:8A:5F
Certificate issuer:       /CN=90c0f155c8267ec81e1083b7dfb93f34e9b901ae
Certificate serial:       019A2FF458BF3E5C8C02E15D90CAA3F9D727
Authority key identifier: 90:C0:F1:55:C8:26:7E:C8:1E:10:83:B7:DF:B9:3F:34:E9:B9:01:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kMDxVcgmfsgeEIO337k_NOm5Aa4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/845dbc-c764-49fa-b9aa-5961d346a172/1/Bw1UT74k-dOGeuGPKO4Kh8QWil8.roa
Signing time:             Wed 29 Oct 2025 12:32:13 +0000
ROA not before:           Wed 29 Oct 2025 12:32:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56914
IP address blocks:        91.228.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/845dbc-c764-49fa-b9aa-5961d346a172/1/kMDxVcgmfsgeEIO337k_NOm5Aa4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/845dbc-c764-49fa-b9aa-5961d346a172/1/kMDxVcgmfsgeEIO337k_NOm5Aa4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kMDxVcgmfsgeEIO337k_NOm5Aa4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 06:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2f:f4:58:bf:3e:5c:8c:02:e1:5d:90:ca:a3:f9:d7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90c0f155c8267ec81e1083b7dfb93f34e9b901ae
        Validity
            Not Before: Oct 29 12:32:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=070d544fbe24f9d3867ae18f28ee0a87c4168a5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a5:60:4e:c0:11:5e:52:66:8d:1f:23:72:53:
                    22:3f:3b:df:35:84:cf:e8:8c:d6:80:05:50:09:85:
                    e1:c5:c2:19:c0:ba:5a:23:59:0b:bf:88:e1:9b:9d:
                    43:c4:d4:69:b9:75:71:aa:14:7f:0a:83:65:ef:36:
                    24:bf:9b:4f:ef:8a:e0:d4:23:03:01:a7:1f:88:04:
                    e0:e6:e7:be:87:0b:40:87:26:28:61:14:a5:0d:89:
                    a2:2f:5c:eb:2e:0a:59:f8:3b:e4:b5:0b:2c:17:5d:
                    68:4e:48:82:c3:71:e9:5f:5f:d0:87:e7:e1:a8:64:
                    2d:5c:0a:34:7e:c1:60:46:0d:00:17:13:5e:8e:79:
                    41:68:de:50:50:5e:4d:09:74:fd:89:9f:c5:f1:f3:
                    22:6a:c1:69:a5:4d:58:d7:39:55:0b:1e:3f:35:3f:
                    74:c1:7c:d1:35:5f:13:d5:64:0a:31:75:32:42:8e:
                    0c:e9:54:a0:b1:17:a1:1e:4b:c5:b4:62:af:f3:40:
                    1f:95:e9:7e:82:34:82:45:17:e0:a1:a5:3f:77:b6:
                    a8:bf:d7:30:81:f5:72:af:02:52:ec:11:ac:d6:04:
                    1b:4f:be:48:e6:cb:d4:00:69:ef:88:a7:5d:ce:63:
                    cc:9b:09:c2:c4:97:6c:3f:88:49:70:5a:51:52:67:
                    45:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:0D:54:4F:BE:24:F9:D3:86:7A:E1:8F:28:EE:0A:87:C4:16:8A:5F
            X509v3 Authority Key Identifier:
                keyid:90:C0:F1:55:C8:26:7E:C8:1E:10:83:B7:DF:B9:3F:34:E9:B9:01:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kMDxVcgmfsgeEIO337k_NOm5Aa4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/845dbc-c764-49fa-b9aa-5961d346a172/1/Bw1UT74k-dOGeuGPKO4Kh8QWil8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/845dbc-c764-49fa-b9aa-5961d346a172/1/kMDxVcgmfsgeEIO337k_NOm5Aa4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:52:52:1b:70:f5:e9:d2:6a:3c:29:1e:d4:6d:5f:d5:10:d7:
         6c:23:7c:79:a9:af:40:94:95:12:60:68:8c:fd:b8:78:88:7f:
         ec:22:23:c3:35:56:28:5a:e3:3a:da:df:6e:2c:5e:fb:1a:1c:
         11:e7:5d:e4:11:40:fe:be:80:a4:a7:6c:8e:ee:b9:10:03:01:
         8f:84:bd:b4:86:c2:42:52:2f:8a:51:a0:0d:7b:64:dd:71:99:
         0c:29:c6:4b:ec:0f:0a:56:97:fd:9c:2f:3a:74:ea:f6:4c:7a:
         d1:a4:69:5e:3b:b8:0f:bc:8e:02:b7:ce:01:48:0c:e9:fb:34:
         59:8b:ab:21:b4:74:89:40:c3:28:fa:2a:d9:45:1e:32:4d:25:
         e6:e1:8c:11:d4:76:6a:f3:e6:36:ae:07:7d:f5:25:da:ac:c9:
         7a:05:34:08:3b:15:26:5f:70:19:df:9b:68:52:b1:5b:b8:70:
         27:ac:f9:20:a5:db:78:39:4e:cd:c0:59:57:76:d0:4b:33:f9:
         77:c9:03:7d:89:c0:d5:60:04:e6:27:e9:36:c4:6a:49:6a:4d:
         dc:01:cf:5f:d7:9d:17:4d:96:27:ac:f1:7d:0c:f9:5b:de:bb:
         17:71:57:3c:66:cb:67:0b:76:7b:50:67:53:89:87:ca:c5:90:
         d0:cb:59:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZov9Fi/PlyMAuFdkMqj+dcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYzBmMTU1YzgyNjdlYzgxZTEwODNiN2RmYjkzZjM0ZTli
OTAxYWUwHhcNMjUxMDI5MTIzMjEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzBkNTQ0ZmJlMjRmOWQzODY3YWUxOGYyOGVlMGE4N2M0MTY4YTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6VgTsARXlJmjR8jclMiPzvfNYTP
6IzWgAVQCYXhxcIZwLpaI1kLv4jhm51DxNRpuXVxqhR/CoNl7zYkv5tP74rg1CMD
AacfiATg5ue+hwtAhyYoYRSlDYmiL1zrLgpZ+DvktQssF11oTkiCw3HpX1/Qh+fh
qGQtXAo0fsFgRg0AFxNejnlBaN5QUF5NCXT9iZ/F8fMiasFppU1Y1zlVCx4/NT90
wXzRNV8T1WQKMXUyQo4M6VSgsRehHkvFtGKv80Aflel+gjSCRRfgoaU/d7aov9cw
gfVyrwJS7BGs1gQbT75I5svUAGnviKddzmPMmwnCxJdsP4hJcFpRUmdFkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcNVE++JPnThnrhjyjuCofEFopfMB8GA1UdIwQY
MBaAFJDA8VXIJn7IHhCDt9+5PzTpuQGuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva01EeFZjZ21mc2dlRUlPMzM3a19OT201QWE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS84NDVkYmMtYzc2NC00OWZhLWI5YWEt
NTk2MWQzNDZhMTcyLzEvQncxVVQ3NGstZE9HZXVHUEtPNEtoOFFXaWw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS84NDVkYmMtYzc2NC00OWZhLWI5YWEtNTk2MWQzNDZhMTcy
LzEva01EeFZjZ21mc2dlRUlPMzM3a19OT201QWE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+T4MA0G
CSqGSIb3DQEBCwUAA4IBAQA8UlIbcPXp0mo8KR7UbV/VENdsI3x5qa9AlJUSYGiM
/bh4iH/sIiPDNVYoWuM62t9uLF77GhwR513kEUD+voCkp2yO7rkQAwGPhL20hsJC
Ui+KUaANe2TdcZkMKcZL7A8KVpf9nC86dOr2THrRpGleO7gPvI4Ct84BSAzp+zRZ
i6shtHSJQMMo+irZRR4yTSXm4YwR1HZq8+Y2rgd99SXarMl6BTQIOxUmX3AZ35to
UrFbuHAnrPkgpdt4OU7NwFlXdtBLM/l3yQN9icDVYATmJ+k2xGpJak3cAc9f150X
TZYnrPF9DPlb3rsXcVc8ZstnC3Z7UGdTiYfKxZDQy1nL
-----END CERTIFICATE-----