Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/26d1cb-e1a5-490c-81bc-aa34d1fff387/1/3OCyfd9-b0yR0abVJP1F9gKnVqM.roa
File:                     3OCyfd9-b0yR0abVJP1F9gKnVqM.roa (raw, json)
Hash identifier:          /G4JQWC4tt8/O3EYdqfvI2PzBBGKVWMhd1Rq8kOs3ds=
Subject key identifier:   DC:E0:B2:7D:DF:7E:6F:4C:91:D1:A6:D5:24:FD:45:F6:02:A7:56:A3
Certificate issuer:       /CN=bba3bdb2c7846fbf7d0087db4552eeb363df9ea5
Certificate serial:       019909AB043273FDB930CC0C9DAB4B4839A1
Authority key identifier: BB:A3:BD:B2:C7:84:6F:BF:7D:00:87:DB:45:52:EE:B3:63:DF:9E:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u6O9sseEb799AIfbRVLus2PfnqU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/26d1cb-e1a5-490c-81bc-aa34d1fff387/1/3OCyfd9-b0yR0abVJP1F9gKnVqM.roa
Signing time:             Tue 02 Sep 2025 09:03:46 +0000
ROA not before:           Tue 02 Sep 2025 09:03:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44090
IP address blocks:        91.227.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/26d1cb-e1a5-490c-81bc-aa34d1fff387/1/u6O9sseEb799AIfbRVLus2PfnqU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/26d1cb-e1a5-490c-81bc-aa34d1fff387/1/u6O9sseEb799AIfbRVLus2PfnqU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u6O9sseEb799AIfbRVLus2PfnqU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 00:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:ab:04:32:73:fd:b9:30:cc:0c:9d:ab:4b:48:39:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bba3bdb2c7846fbf7d0087db4552eeb363df9ea5
        Validity
            Not Before: Sep  2 09:03:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dce0b27ddf7e6f4c91d1a6d524fd45f602a756a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:88:da:d1:b6:ca:71:01:33:50:30:20:e9:5f:
                    39:aa:6d:0c:e7:bb:a1:01:f4:12:59:09:66:5d:87:
                    21:28:7a:c8:93:f1:b3:6a:6e:3c:b8:1e:fe:a2:02:
                    62:83:e9:0d:ca:f1:00:5b:88:71:60:d4:fc:42:8a:
                    51:e4:54:fa:e9:45:0f:74:f6:1d:a5:7f:c7:25:b3:
                    82:51:65:19:7c:df:1f:7e:79:b7:38:62:a7:30:20:
                    da:64:73:45:0a:06:72:62:28:86:91:47:ee:21:0a:
                    90:d3:75:ad:e1:c7:4a:41:30:2e:b2:1d:9c:be:e3:
                    a1:7c:17:14:4a:b8:47:0b:eb:d5:ee:4f:99:5a:1a:
                    f8:8b:94:63:9d:dc:f8:55:8e:44:53:fd:23:48:87:
                    4b:e8:a6:d4:a4:61:8d:63:b1:7c:20:17:2e:4d:0c:
                    35:d0:8f:e7:46:f7:73:5b:1a:65:3d:98:72:43:ff:
                    d2:71:6b:4c:37:09:53:cc:63:16:4c:fb:d0:b1:63:
                    14:54:cd:7d:fc:eb:76:27:5c:58:66:64:3d:cc:c0:
                    e4:52:1d:c2:66:45:68:ca:7b:5d:cc:f7:e3:38:47:
                    50:95:bf:54:ae:31:86:7c:dd:ef:a8:d0:5c:33:d4:
                    d4:63:72:31:14:59:af:2b:a5:9e:41:ae:51:7a:0a:
                    6c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:E0:B2:7D:DF:7E:6F:4C:91:D1:A6:D5:24:FD:45:F6:02:A7:56:A3
            X509v3 Authority Key Identifier:
                keyid:BB:A3:BD:B2:C7:84:6F:BF:7D:00:87:DB:45:52:EE:B3:63:DF:9E:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u6O9sseEb799AIfbRVLus2PfnqU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/26d1cb-e1a5-490c-81bc-aa34d1fff387/1/3OCyfd9-b0yR0abVJP1F9gKnVqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/26d1cb-e1a5-490c-81bc-aa34d1fff387/1/u6O9sseEb799AIfbRVLus2PfnqU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:84:fe:63:17:37:34:16:9b:1d:a9:8c:6e:fd:e0:a2:3f:47:
         f7:70:24:af:59:eb:4b:c9:6a:0f:44:07:72:3c:d8:34:24:39:
         bb:ae:88:99:e4:e4:cf:59:f5:6d:fd:c5:6c:12:03:4a:e0:6d:
         8d:eb:93:d8:ea:9d:46:7d:dd:95:e6:91:e4:5c:95:1a:a2:7c:
         8b:c9:d6:cb:52:6f:1e:bc:38:24:fc:10:db:ef:2e:f7:d5:39:
         ef:b9:e7:81:ad:f0:9f:2b:90:89:5d:35:ae:00:de:21:af:21:
         04:f0:29:62:00:35:cb:8a:a2:19:c8:90:b8:ff:11:da:66:92:
         7f:d4:fd:cb:12:9a:ef:a8:4c:81:3e:16:dc:bf:95:a1:5a:41:
         9f:1e:29:e3:a2:5f:60:a4:b4:d0:ae:76:1a:86:75:02:c9:f8:
         22:ab:f0:08:87:48:a5:d2:d4:25:11:04:eb:20:c6:8e:8e:13:
         90:fc:fc:a9:e6:98:e6:73:fd:c3:dd:7c:70:d0:24:a5:5e:bf:
         c1:fc:00:ce:8c:6a:1c:29:76:c1:c2:57:f9:68:70:8f:bd:13:
         25:e7:2e:aa:da:11:15:05:bd:97:ae:54:b3:3b:99:44:bc:97:
         a7:de:3e:f6:1a:22:5f:65:b0:72:89:22:d4:1c:d9:4d:e7:c5:
         5e:56:66:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkJqwQyc/25MMwMnatLSDmhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYTNiZGIyYzc4NDZmYmY3ZDAwODdkYjQ1NTJlZWIzNjNk
ZjllYTUwHhcNMjUwOTAyMDkwMzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2UwYjI3ZGRmN2U2ZjRjOTFkMWE2ZDUyNGZkNDVmNjAyYTc1NmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Yja0bbKcQEzUDAg6V85qm0M57uh
AfQSWQlmXYchKHrIk/Gzam48uB7+ogJig+kNyvEAW4hxYNT8QopR5FT66UUPdPYd
pX/HJbOCUWUZfN8ffnm3OGKnMCDaZHNFCgZyYiiGkUfuIQqQ03Wt4cdKQTAush2c
vuOhfBcUSrhHC+vV7k+ZWhr4i5Rjndz4VY5EU/0jSIdL6KbUpGGNY7F8IBcuTQw1
0I/nRvdzWxplPZhyQ//ScWtMNwlTzGMWTPvQsWMUVM19/Ot2J1xYZmQ9zMDkUh3C
ZkVoyntdzPfjOEdQlb9UrjGGfN3vqNBcM9TUY3IxFFmvK6WeQa5RegpsHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzgsn3ffm9MkdGm1ST9RfYCp1ajMB8GA1UdIwQY
MBaAFLujvbLHhG+/fQCH20VS7rNj356lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTZPOXNzZUViNzk5QUlmYlJWTHVzMlBmbnFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My8yNmQxY2ItZTFhNS00OTBjLTgxYmMt
YWEzNGQxZmZmMzg3LzEvM09DeWZkOS1iMHlSMGFiVkpQMUY5Z0tuVnFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My8yNmQxY2ItZTFhNS00OTBjLTgxYmMtYWEzNGQxZmZmMzg3
LzEvdTZPOXNzZUViNzk5QUlmYlJWTHVzMlBmbnFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+MbMA0G
CSqGSIb3DQEBCwUAA4IBAQAEhP5jFzc0FpsdqYxu/eCiP0f3cCSvWetLyWoPRAdy
PNg0JDm7roiZ5OTPWfVt/cVsEgNK4G2N65PY6p1Gfd2V5pHkXJUaonyLydbLUm8e
vDgk/BDb7y731TnvueeBrfCfK5CJXTWuAN4hryEE8CliADXLiqIZyJC4/xHaZpJ/
1P3LEprvqEyBPhbcv5WhWkGfHinjol9gpLTQrnYahnUCyfgiq/AIh0il0tQlEQTr
IMaOjhOQ/Pyp5pjmc/3D3Xxw0CSlXr/B/ADOjGocKXbBwlf5aHCPvRMl5y6q2hEV
Bb2XrlSzO5lEvJen3j72GiJfZbByiSLUHNlN58VeVmY3
-----END CERTIFICATE-----