Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/vFgo2fcMFH1qOUYrkjlx17yCv1M.roa
File:                     vFgo2fcMFH1qOUYrkjlx17yCv1M.roa (raw, json)
Hash identifier:          2YQo4Uqir13EMfjJ9TnN1NRVWIzLXUPu2su8ibLa58Y=
Subject key identifier:   BC:58:28:D9:F7:0C:14:7D:6A:39:46:2B:92:39:71:D7:BC:82:BF:53
Certificate issuer:       /CN=2d597268a57534f8cf1b63b794eef0d77c7b43a2
Certificate serial:       0198E59CD96208A8C5272C21A9309E9992D5
Authority key identifier: 2D:59:72:68:A5:75:34:F8:CF:1B:63:B7:94:EE:F0:D7:7C:7B:43:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LVlyaKV1NPjPG2O3lO7w13x7Q6I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/vFgo2fcMFH1qOUYrkjlx17yCv1M.roa
Signing time:             Tue 26 Aug 2025 09:01:58 +0000
ROA not before:           Tue 26 Aug 2025 09:01:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47405
IP address blocks:        91.206.34.0/24 maxlen: 24
                          2001:67c:7e8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/LVlyaKV1NPjPG2O3lO7w13x7Q6I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/LVlyaKV1NPjPG2O3lO7w13x7Q6I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LVlyaKV1NPjPG2O3lO7w13x7Q6I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e5:9c:d9:62:08:a8:c5:27:2c:21:a9:30:9e:99:92:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2d597268a57534f8cf1b63b794eef0d77c7b43a2
        Validity
            Not Before: Aug 26 09:01:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc5828d9f70c147d6a39462b923971d7bc82bf53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:8d:1d:51:9e:84:14:e1:17:93:7d:b5:56:06:
                    e2:1c:e6:6a:4e:6b:19:23:2c:f7:6c:fe:67:fb:fb:
                    cf:cc:59:a0:17:37:3b:05:a8:ae:64:a4:4c:41:e9:
                    8d:39:40:8d:13:68:76:ab:e7:a3:f2:2c:7a:1b:2c:
                    9b:be:6a:c8:52:18:96:fa:2e:ce:07:06:d5:cd:d0:
                    f2:18:5e:da:a0:9b:f6:c1:ea:2b:44:80:b2:44:81:
                    96:48:22:97:68:95:02:23:05:2c:f3:19:3b:ec:4e:
                    01:9d:31:69:43:0c:15:9b:b4:ac:77:29:b2:fe:d7:
                    b6:0f:b0:2e:e6:89:29:e5:f7:05:9c:44:0a:82:6a:
                    6c:56:a7:80:80:08:f9:c5:9d:f3:fe:d8:7d:9b:59:
                    47:eb:d6:73:cd:0e:de:9b:11:27:e3:29:87:c5:c4:
                    50:65:92:05:2e:03:3a:c3:65:a4:45:9b:f1:16:0d:
                    16:5a:f5:63:4d:68:18:32:f3:93:e3:ea:cd:f6:0a:
                    8e:73:37:6d:b8:c4:56:87:70:ef:7e:d2:5a:b6:e8:
                    11:62:d6:97:41:45:19:6d:27:bc:40:16:db:b7:aa:
                    d1:ce:ea:db:01:2b:1c:e1:38:46:4b:48:08:3c:55:
                    ba:6f:46:d2:8c:bf:c7:75:21:e3:5d:fc:7c:2c:38:
                    46:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:58:28:D9:F7:0C:14:7D:6A:39:46:2B:92:39:71:D7:BC:82:BF:53
            X509v3 Authority Key Identifier:
                keyid:2D:59:72:68:A5:75:34:F8:CF:1B:63:B7:94:EE:F0:D7:7C:7B:43:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LVlyaKV1NPjPG2O3lO7w13x7Q6I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/vFgo2fcMFH1qOUYrkjlx17yCv1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/71b428-ce82-4e91-ba09-4e0481dc7d1c/1/LVlyaKV1NPjPG2O3lO7w13x7Q6I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.34.0/24
                IPv6:
                  2001:67c:7e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:80:92:13:5d:3a:b6:e4:af:8d:45:28:ae:29:78:2d:81:fa:
         bb:c5:7a:35:e8:a1:5b:30:3d:4e:fc:94:b4:27:b3:65:71:0c:
         d1:89:d1:c9:ef:ee:1d:93:d9:d1:71:57:a4:d0:83:4a:da:25:
         c9:23:76:a6:12:1c:0e:14:d6:3a:19:5a:1b:de:f8:42:43:2b:
         5f:ee:94:ec:6a:25:bd:28:7b:f2:dc:8f:d9:92:c7:fe:b1:5e:
         66:c1:97:dd:63:2c:3e:46:2b:2a:60:39:d9:16:04:de:bd:c8:
         c1:6e:96:e9:3c:0b:f1:05:4b:4a:a6:24:78:64:77:d6:c6:80:
         50:c0:62:ec:8f:a3:3e:09:fe:80:d0:01:20:c8:4b:c1:c5:cc:
         c4:25:bc:05:71:55:ce:6d:f1:dc:32:f6:78:9a:2c:c8:cd:a0:
         c5:40:f8:a1:e2:0c:41:30:dc:91:85:57:fa:58:be:66:7c:50:
         cf:f8:e1:78:c0:8b:e3:ee:f0:c5:2f:0e:3d:63:e9:48:57:ec:
         45:50:62:0d:54:5a:76:98:23:42:a5:5a:0e:e4:a5:ca:35:ca:
         38:9f:20:56:a8:4b:7b:7c:d8:87:f0:cb:a3:5c:a1:7a:30:86:
         84:ba:78:63:17:e9:90:db:26:eb:4a:34:b6:98:b2:cd:ad:25:
         e5:e3:48:cb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZjlnNliCKjFJywhqTCemZLVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJkNTk3MjY4YTU3NTM0ZjhjZjFiNjNiNzk0ZWVmMGQ3N2M3
YjQzYTIwHhcNMjUwODI2MDkwMTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzU4MjhkOWY3MGMxNDdkNmEzOTQ2MmI5MjM5NzFkN2JjODJiZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmY0dUZ6EFOEXk321VgbiHOZqTmsZ
Iyz3bP5n+/vPzFmgFzc7BaiuZKRMQemNOUCNE2h2q+ej8ix6GyybvmrIUhiW+i7O
BwbVzdDyGF7aoJv2weorRICyRIGWSCKXaJUCIwUs8xk77E4BnTFpQwwVm7Ssdymy
/te2D7Au5okp5fcFnEQKgmpsVqeAgAj5xZ3z/th9m1lH69ZzzQ7emxEn4ymHxcRQ
ZZIFLgM6w2WkRZvxFg0WWvVjTWgYMvOT4+rN9gqOczdtuMRWh3DvftJatugRYtaX
QUUZbSe8QBbbt6rRzurbASsc4ThGS0gIPFW6b0bSjL/HdSHjXfx8LDhGvQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLxYKNn3DBR9ajlGK5I5cde8gr9TMB8GA1UdIwQY
MBaAFC1ZcmildTT4zxtjt5Tu8Nd8e0OiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFZseWFLVjFOUGpQRzJPM2xPN3cxM3g3UTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS83MWI0MjgtY2U4Mi00ZTkxLWJhMDkt
NGUwNDgxZGM3ZDFjLzEvdkZnbzJmY01GSDFxT1VZcmtqbHgxN3lDdjFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS83MWI0MjgtY2U4Mi00ZTkxLWJhMDktNGUwNDgxZGM3ZDFj
LzEvTFZseWFLVjFOUGpQRzJPM2xPN3cxM3g3UTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW84iMA8E
AgACMAkDBwAgAQZ8B+gwDQYJKoZIhvcNAQELBQADggEBAEyAkhNdOrbkr41FKK4p
eC2B+rvFejXooVswPU78lLQns2VxDNGJ0cnv7h2T2dFxV6TQg0raJckjdqYSHA4U
1joZWhve+EJDK1/ulOxqJb0oe/Lcj9mSx/6xXmbBl91jLD5GKypgOdkWBN69yMFu
luk8C/EFS0qmJHhkd9bGgFDAYuyPoz4J/oDQASDIS8HFzMQlvAVxVc5t8dwy9nia
LMjNoMVA+KHiDEEw3JGFV/pYvmZ8UM/44XjAi+Pu8MUvDj1j6UhX7EVQYg1UWnaY
I0KlWg7kpco1yjifIFaoS3t82Ifwy6NcoXowhoS6eGMX6ZDbJutKNLaYss2tJeXj
SMs=
-----END CERTIFICATE-----