Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/13276a-c575-479f-939f-cc4474c3211a/1/dO5qe6cxV0dMzJ8102AvpINSdMo.roa
File:                     dO5qe6cxV0dMzJ8102AvpINSdMo.roa (raw, json)
Hash identifier:          C4Rut7Vvkpw4iE7xeScMUUVHRIaOgC0yzl/9M7TJh5g=
Subject key identifier:   74:EE:6A:7B:A7:31:57:47:4C:CC:9F:35:D3:60:2F:A4:83:52:74:CA
Certificate issuer:       /CN=6e213db6d2b1e4f30b62ed1167e25223626360b9
Certificate serial:       019909A9F0F4BDABD8508CDF009296F98D67
Authority key identifier: 6E:21:3D:B6:D2:B1:E4:F3:0B:62:ED:11:67:E2:52:23:62:63:60:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/biE9ttKx5PMLYu0RZ-JSI2JjYLk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/13276a-c575-479f-939f-cc4474c3211a/1/dO5qe6cxV0dMzJ8102AvpINSdMo.roa
Signing time:             Tue 02 Sep 2025 09:02:36 +0000
ROA not before:           Tue 02 Sep 2025 09:02:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44090
IP address blocks:        91.213.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/13276a-c575-479f-939f-cc4474c3211a/1/biE9ttKx5PMLYu0RZ-JSI2JjYLk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/13276a-c575-479f-939f-cc4474c3211a/1/biE9ttKx5PMLYu0RZ-JSI2JjYLk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/biE9ttKx5PMLYu0RZ-JSI2JjYLk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 00:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:09:a9:f0:f4:bd:ab:d8:50:8c:df:00:92:96:f9:8d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e213db6d2b1e4f30b62ed1167e25223626360b9
        Validity
            Not Before: Sep  2 09:02:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74ee6a7ba73157474ccc9f35d3602fa4835274ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:27:b4:19:15:4d:3b:7d:01:63:5f:54:06:31:
                    5d:04:4f:f2:7a:84:9f:79:12:9a:55:1d:43:55:cd:
                    3c:37:b9:06:15:70:52:96:ff:fb:87:87:a1:cf:3e:
                    31:7a:61:b8:23:30:71:ce:7a:c0:ed:4a:1d:0f:38:
                    d3:8a:6a:97:25:4c:5f:f3:fe:16:bf:b5:47:50:aa:
                    cc:96:ce:97:95:39:48:ae:2a:ec:e8:2c:f3:d8:56:
                    c9:93:c2:0c:5e:3d:98:f1:62:ff:4f:20:2a:1a:8a:
                    0c:e6:5b:58:ee:36:a2:ce:35:61:0d:03:bb:5f:12:
                    c0:ea:2c:fc:55:d0:89:97:ba:9f:32:4e:fe:77:df:
                    93:86:bf:06:90:2d:a1:ba:de:3d:a9:bc:e0:bb:ed:
                    05:3b:40:1d:16:b0:e4:88:27:94:2c:44:a7:6f:b0:
                    fb:5c:77:ea:6c:e1:f1:3d:00:7b:a4:ed:7e:e1:61:
                    17:9c:6c:d5:af:f3:ea:61:66:e7:59:a2:dd:20:58:
                    bb:ea:3a:9f:e6:35:fc:77:1c:d6:02:07:f7:34:50:
                    80:98:90:7c:3c:ea:3d:7c:b1:1c:2d:29:3a:34:b6:
                    82:12:24:25:0e:ba:83:85:75:a2:d6:a4:2e:a7:64:
                    70:70:e9:5f:6b:30:bb:39:22:e7:da:c5:16:81:ad:
                    84:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:EE:6A:7B:A7:31:57:47:4C:CC:9F:35:D3:60:2F:A4:83:52:74:CA
            X509v3 Authority Key Identifier:
                keyid:6E:21:3D:B6:D2:B1:E4:F3:0B:62:ED:11:67:E2:52:23:62:63:60:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/biE9ttKx5PMLYu0RZ-JSI2JjYLk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/13276a-c575-479f-939f-cc4474c3211a/1/dO5qe6cxV0dMzJ8102AvpINSdMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/13276a-c575-479f-939f-cc4474c3211a/1/biE9ttKx5PMLYu0RZ-JSI2JjYLk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:32:af:20:41:3d:d7:0b:e6:c1:88:67:69:0c:2e:12:56:aa:
         c2:cf:90:1b:bf:05:7d:33:53:76:77:e4:82:d1:87:9d:1a:aa:
         46:e7:1d:c6:bf:41:4a:81:36:2b:2a:17:ef:fd:e7:ff:72:7d:
         31:cf:87:87:d7:1a:2f:8c:19:62:30:4b:1f:09:54:53:e0:e3:
         af:b6:3e:dc:31:10:5f:9c:b2:bf:d0:8a:fb:68:6d:7a:44:55:
         6c:8e:0a:94:6c:55:c0:12:e3:84:94:5e:ed:ff:45:a0:57:eb:
         24:82:5d:05:07:86:e3:51:c4:2f:0b:d2:41:b7:b9:d5:08:b2:
         11:81:04:32:18:ea:23:67:0d:f1:ea:aa:eb:ab:28:03:8c:06:
         0e:51:00:8c:6b:1f:5b:9a:91:26:53:bf:9e:b5:ab:3a:36:3d:
         80:31:f4:50:0e:fa:8c:2e:9d:36:99:5c:ea:ac:43:9a:33:b3:
         40:af:8c:7d:7f:1a:c3:db:a7:36:31:49:e3:6c:00:d4:42:0d:
         78:e6:75:ef:cc:1c:23:0c:1b:84:6e:c2:87:10:3a:80:b2:8b:
         81:23:59:42:69:24:99:5b:80:81:b1:0b:00:cf:24:ee:96:c1:
         67:69:6a:51:c2:78:69:76:59:20:b2:83:fe:11:7a:e9:68:c8:
         32:30:02:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkJqfD0vavYUIzfAJKW+Y1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlMjEzZGI2ZDJiMWU0ZjMwYjYyZWQxMTY3ZTI1MjIzNjI2
MzYwYjkwHhcNMjUwOTAyMDkwMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGVlNmE3YmE3MzE1NzQ3NGNjYzlmMzVkMzYwMmZhNDgzNTI3NGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxie0GRVNO30BY19UBjFdBE/yeoSf
eRKaVR1DVc08N7kGFXBSlv/7h4ehzz4xemG4IzBxznrA7UodDzjTimqXJUxf8/4W
v7VHUKrMls6XlTlIrirs6Czz2FbJk8IMXj2Y8WL/TyAqGooM5ltY7jaizjVhDQO7
XxLA6iz8VdCJl7qfMk7+d9+Thr8GkC2hut49qbzgu+0FO0AdFrDkiCeULESnb7D7
XHfqbOHxPQB7pO1+4WEXnGzVr/PqYWbnWaLdIFi76jqf5jX8dxzWAgf3NFCAmJB8
POo9fLEcLSk6NLaCEiQlDrqDhXWi1qQup2RwcOlfazC7OSLn2sUWga2E7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHTuanunMVdHTMyfNdNgL6SDUnTKMB8GA1UdIwQY
MBaAFG4hPbbSseTzC2LtEWfiUiNiY2C5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmlFOXR0S3g1UE1MWXUwUlotSlNJMkpqWUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8xMzI3NmEtYzU3NS00NzlmLTkzOWYt
Y2M0NDc0YzMyMTFhLzEvZE81cWU2Y3hWMGRNeko4MTAyQXZwSU5TZE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8xMzI3NmEtYzU3NS00NzlmLTkzOWYtY2M0NDc0YzMyMTFh
LzEvYmlFOXR0S3g1UE1MWXUwUlotSlNJMkpqWUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9VTMA0G
CSqGSIb3DQEBCwUAA4IBAQB3Mq8gQT3XC+bBiGdpDC4SVqrCz5AbvwV9M1N2d+SC
0YedGqpG5x3Gv0FKgTYrKhfv/ef/cn0xz4eH1xovjBliMEsfCVRT4OOvtj7cMRBf
nLK/0Ir7aG16RFVsjgqUbFXAEuOElF7t/0WgV+skgl0FB4bjUcQvC9JBt7nVCLIR
gQQyGOojZw3x6qrrqygDjAYOUQCMax9bmpEmU7+etas6Nj2AMfRQDvqMLp02mVzq
rEOaM7NAr4x9fxrD26c2MUnjbADUQg145nXvzBwjDBuEbsKHEDqAsouBI1lCaSSZ
W4CBsQsAzyTulsFnaWpRwnhpdlkgsoP+EXrpaMgyMAI/
-----END CERTIFICATE-----