Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/cf318e-8951-4e1e-bbe3-16f43dba2abc/1/unxQV4Al2mLpnwI70qRpIDmTnOs.roa
File:                     unxQV4Al2mLpnwI70qRpIDmTnOs.roa (raw, json)
Hash identifier:          nWcMiPSfSb9yfnTzVXtb4VL1rzMEuoLvPQwzaYNt8PI=
Subject key identifier:   BA:7C:50:57:80:25:DA:62:E9:9F:02:3B:D2:A4:69:20:39:93:9C:EB
Certificate issuer:       /CN=daa33b5083799c49cf9edc00862b7c9c218c6613
Certificate serial:       0199339C1DE0E51EDB5503BDCF206DB1C653
Authority key identifier: DA:A3:3B:50:83:79:9C:49:CF:9E:DC:00:86:2B:7C:9C:21:8C:66:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2qM7UIN5nEnPntwAhit8nCGMZhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/cf318e-8951-4e1e-bbe3-16f43dba2abc/1/unxQV4Al2mLpnwI70qRpIDmTnOs.roa
Signing time:             Wed 10 Sep 2025 12:31:33 +0000
ROA not before:           Wed 10 Sep 2025 12:31:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42446
IP address blocks:        91.198.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/cf318e-8951-4e1e-bbe3-16f43dba2abc/1/2qM7UIN5nEnPntwAhit8nCGMZhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/cf318e-8951-4e1e-bbe3-16f43dba2abc/1/2qM7UIN5nEnPntwAhit8nCGMZhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2qM7UIN5nEnPntwAhit8nCGMZhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Sep 2025 21:38:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:9c:1d:e0:e5:1e:db:55:03:bd:cf:20:6d:b1:c6:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daa33b5083799c49cf9edc00862b7c9c218c6613
        Validity
            Not Before: Sep 10 12:31:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ba7c50578025da62e99f023bd2a4692039939ceb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e3:31:24:96:ec:58:90:df:80:2b:0d:00:7d:
                    da:e9:d2:2c:e7:5d:ae:d7:32:a8:d6:61:0f:7c:e4:
                    71:d1:b7:76:55:20:d0:c9:e7:ad:2b:b5:e1:c7:4f:
                    19:d0:b5:ea:fc:2d:8a:7b:4b:c4:83:f1:85:12:b9:
                    db:98:b7:df:58:76:03:52:34:1a:05:e0:fd:e3:1d:
                    d7:8f:78:50:2d:05:7f:2d:9f:6b:ac:a8:7a:11:d2:
                    7c:e0:45:9b:e7:dd:c8:2e:9b:7f:bc:45:97:28:9b:
                    38:ae:67:99:c7:2f:bc:61:1f:86:3f:3a:df:dd:f5:
                    f8:5f:f6:71:03:ff:db:59:cd:15:70:3f:56:2e:b6:
                    67:c2:3c:ee:89:75:1b:e4:e8:a6:be:88:3d:b4:67:
                    7e:dc:06:db:1e:9c:1d:28:5f:08:35:84:fa:ac:83:
                    3b:26:a6:1b:a0:fb:2c:41:7d:45:7b:14:b8:83:30:
                    43:03:82:ff:79:a9:e2:67:f3:d0:f6:8e:0f:61:86:
                    2e:87:49:c3:9c:90:4a:25:26:af:8f:77:cc:a3:63:
                    da:5b:71:e1:4d:e2:33:9a:9b:7c:24:38:b9:80:be:
                    7c:d5:9f:92:ca:78:d2:35:c5:86:f4:00:c3:7a:e8:
                    57:f9:53:1a:a6:10:60:2f:f3:d1:e5:d5:86:fa:28:
                    b6:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7C:50:57:80:25:DA:62:E9:9F:02:3B:D2:A4:69:20:39:93:9C:EB
            X509v3 Authority Key Identifier:
                keyid:DA:A3:3B:50:83:79:9C:49:CF:9E:DC:00:86:2B:7C:9C:21:8C:66:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2qM7UIN5nEnPntwAhit8nCGMZhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/cf318e-8951-4e1e-bbe3-16f43dba2abc/1/unxQV4Al2mLpnwI70qRpIDmTnOs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/cf318e-8951-4e1e-bbe3-16f43dba2abc/1/2qM7UIN5nEnPntwAhit8nCGMZhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:57:9a:55:eb:db:3b:50:d2:7d:97:01:29:42:7c:81:f9:85:
         fc:83:2f:02:d3:6e:36:81:d3:45:de:3b:3a:cb:db:bd:4b:12:
         c6:21:d7:31:84:25:4f:cf:35:19:cf:6b:c8:bf:03:80:f2:92:
         9b:71:f8:de:a0:ef:60:18:06:25:0a:b4:b5:78:7d:6a:09:79:
         10:60:64:7c:58:c7:61:9e:48:b6:6c:63:0c:ae:b5:c3:f7:7a:
         51:31:e8:45:dd:05:ba:8f:f2:18:8a:73:b4:dc:3a:46:d3:93:
         e0:c0:ab:66:44:06:0d:ba:c6:fc:d9:77:31:1d:5d:f6:3f:e5:
         6c:e5:ec:1f:c9:d2:d1:78:d4:13:a4:ff:73:fc:6c:8a:00:75:
         6b:01:cf:ac:4c:dc:f0:6a:31:99:54:25:0a:87:38:bc:17:ec:
         23:e6:a6:e1:78:28:d5:cd:08:0b:e8:4a:64:e3:8c:6d:04:17:
         80:8c:9a:de:e3:3c:bd:7d:99:9c:86:00:91:2d:4f:9a:a5:70:
         d6:35:14:60:76:9d:4b:53:3d:02:e9:09:47:fc:71:31:5e:d4:
         ed:de:b0:0f:28:a7:63:6a:b6:af:0d:1f:43:a8:61:14:95:0a:
         6a:ea:8b:f2:a8:92:50:b5:64:67:5f:c4:94:ce:d1:6a:22:86:
         dc:8f:66:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkznB3g5R7bVQO9zyBtscZTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYTMzYjUwODM3OTljNDljZjllZGMwMDg2MmI3YzljMjE4
YzY2MTMwHhcNMjUwOTEwMTIzMTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTdjNTA1NzgwMjVkYTYyZTk5ZjAyM2JkMmE0NjkyMDM5OTM5Y2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+MxJJbsWJDfgCsNAH3a6dIs512u
1zKo1mEPfORx0bd2VSDQyeetK7Xhx08Z0LXq/C2Ke0vEg/GFErnbmLffWHYDUjQa
BeD94x3Xj3hQLQV/LZ9rrKh6EdJ84EWb593ILpt/vEWXKJs4rmeZxy+8YR+GPzrf
3fX4X/ZxA//bWc0VcD9WLrZnwjzuiXUb5Oimvog9tGd+3AbbHpwdKF8INYT6rIM7
JqYboPssQX1FexS4gzBDA4L/eaniZ/PQ9o4PYYYuh0nDnJBKJSavj3fMo2PaW3Hh
TeIzmpt8JDi5gL581Z+SynjSNcWG9ADDeuhX+VMaphBgL/PR5dWG+ii2awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLp8UFeAJdpi6Z8CO9KkaSA5k5zrMB8GA1UdIwQY
MBaAFNqjO1CDeZxJz57cAIYrfJwhjGYTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnFNN1VJTjVuRW5QbnR3QWhpdDhuQ0dNWmhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jZjMxOGUtODk1MS00ZTFlLWJiZTMt
MTZmNDNkYmEyYWJjLzEvdW54UVY0QWwybUxwbndJNzBxUnBJRG1Ubk9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jZjMxOGUtODk1MS00ZTFlLWJiZTMtMTZmNDNkYmEyYWJj
LzEvMnFNN1VJTjVuRW5QbnR3QWhpdDhuQ0dNWmhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bkMA0G
CSqGSIb3DQEBCwUAA4IBAQB3V5pV69s7UNJ9lwEpQnyB+YX8gy8C0242gdNF3js6
y9u9SxLGIdcxhCVPzzUZz2vIvwOA8pKbcfjeoO9gGAYlCrS1eH1qCXkQYGR8WMdh
nki2bGMMrrXD93pRMehF3QW6j/IYinO03DpG05PgwKtmRAYNusb82XcxHV32P+Vs
5ewfydLReNQTpP9z/GyKAHVrAc+sTNzwajGZVCUKhzi8F+wj5qbheCjVzQgL6Epk
44xtBBeAjJre4zy9fZmchgCRLU+apXDWNRRgdp1LUz0C6QlH/HExXtTt3rAPKKdj
aravDR9DqGEUlQpq6ovyqJJQtWRnX8SUztFqIobcj2aB
-----END CERTIFICATE-----