Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/dIRpTlRdZwkzOjzMpDEo5Bfz7bk.roa
File:                     dIRpTlRdZwkzOjzMpDEo5Bfz7bk.roa (raw, json)
Hash identifier:          C+FNl7OuHMU4htW0AknPyHxKy9e5ZPEt8r7b2jyiJx8=
Subject key identifier:   74:84:69:4E:54:5D:67:09:33:3A:3C:CC:A4:31:28:E4:17:F3:ED:B9
Certificate issuer:       /CN=834544e1a3e228c4d3647f62a9d8c96ace9e2c31
Certificate serial:       01990ED04D0867F93F4D2304CCF12E7CE85E
Authority key identifier: 83:45:44:E1:A3:E2:28:C4:D3:64:7F:62:A9:D8:C9:6A:CE:9E:2C:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0VE4aPiKMTTZH9iqdjJas6eLDE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/dIRpTlRdZwkzOjzMpDEo5Bfz7bk.roa
Signing time:             Wed 03 Sep 2025 09:02:36 +0000
ROA not before:           Wed 03 Sep 2025 09:02:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205431
IP address blocks:        91.207.74.0/23 maxlen: 23
                          2a0a:6a40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/g0VE4aPiKMTTZH9iqdjJas6eLDE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/g0VE4aPiKMTTZH9iqdjJas6eLDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0VE4aPiKMTTZH9iqdjJas6eLDE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0e:d0:4d:08:67:f9:3f:4d:23:04:cc:f1:2e:7c:e8:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=834544e1a3e228c4d3647f62a9d8c96ace9e2c31
        Validity
            Not Before: Sep  3 09:02:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7484694e545d6709333a3ccca43128e417f3edb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3e:c8:95:9f:3e:a2:9b:97:57:ee:04:30:bd:
                    66:b5:f5:91:a1:59:bf:16:20:6d:4c:30:02:28:08:
                    6f:ff:01:f3:8c:9d:f0:ae:5f:ff:fd:54:87:8d:76:
                    2c:4d:c6:67:2b:61:82:a0:7a:e0:2c:77:63:c8:68:
                    24:15:dc:60:8a:6c:e7:cf:32:f2:d0:ef:76:75:38:
                    cd:8b:6d:8d:a8:c7:26:a5:2b:05:29:7a:70:69:0b:
                    a7:39:10:a5:01:b5:e6:9f:ba:ee:01:08:b9:a4:87:
                    f8:bf:b4:10:65:d8:35:b2:6e:9d:8b:60:b0:48:8d:
                    88:06:f8:d5:b4:9e:44:03:e8:67:0a:39:d9:95:27:
                    f2:81:7b:01:f4:a5:a2:a5:85:d3:17:9c:c5:dc:93:
                    4f:97:80:b2:80:1e:66:29:58:98:c2:c8:ac:90:7d:
                    15:7d:82:af:6f:4b:c3:5d:ce:3e:61:a8:cd:5c:3e:
                    2b:45:23:0c:ab:56:16:db:d1:9e:00:5f:23:08:2a:
                    ad:87:fd:51:6c:2d:05:63:be:ec:3e:4e:15:96:63:
                    d3:54:bc:66:db:85:56:ab:01:f9:ac:7b:66:43:17:
                    82:36:53:76:d5:ec:8b:44:9b:2c:47:74:30:b7:06:
                    d7:5b:bc:02:c3:9c:bc:f3:3d:54:1e:41:5e:0b:7b:
                    7e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:84:69:4E:54:5D:67:09:33:3A:3C:CC:A4:31:28:E4:17:F3:ED:B9
            X509v3 Authority Key Identifier:
                keyid:83:45:44:E1:A3:E2:28:C4:D3:64:7F:62:A9:D8:C9:6A:CE:9E:2C:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0VE4aPiKMTTZH9iqdjJas6eLDE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/dIRpTlRdZwkzOjzMpDEo5Bfz7bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/g0VE4aPiKMTTZH9iqdjJas6eLDE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.74.0/23
                IPv6:
                  2a0a:6a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:b8:15:15:6a:0d:87:78:b1:24:24:a8:6a:4f:89:6d:f6:83:
         9a:27:40:b6:22:eb:7e:a3:a6:4c:17:9b:ec:37:03:5b:9a:8a:
         fa:c4:c4:64:d7:76:ae:48:d6:90:b6:bf:c9:55:d0:b6:2a:e3:
         8b:d5:c9:6b:9c:c1:3b:6b:d1:1b:b3:3d:de:28:a9:a3:1e:53:
         2c:b3:3b:82:a1:43:13:bb:20:96:64:cf:e4:44:ad:ba:06:a9:
         d6:68:81:0a:60:22:74:c2:e6:ad:5f:f1:8a:87:80:c7:e1:b5:
         c7:f5:09:55:33:5e:9f:8c:ee:d4:c9:c8:c2:00:00:50:ed:d9:
         8e:fd:32:9d:67:7e:7e:b9:b1:41:97:c5:72:26:af:78:a8:aa:
         fd:b4:26:c8:71:84:e5:d2:db:e1:a9:9f:92:1a:95:b0:ab:51:
         a5:39:90:e7:d0:62:75:8a:2e:44:47:e5:56:2f:fa:85:45:49:
         b6:d5:01:12:b5:3a:fa:fd:f4:f6:6e:c1:93:bd:4d:f6:f0:1b:
         a5:89:af:be:0d:af:1c:0d:ee:47:d5:0d:a5:03:9c:21:6e:ec:
         25:4c:fc:63:9d:4d:0f:e9:47:e7:32:0e:76:9c:35:98:15:0c:
         1c:3c:4a:01:ab:b0:fe:49:fc:13:89:45:ea:b0:f0:32:f6:69:
         4f:a5:3e:2e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkO0E0IZ/k/TSMEzPEufOheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDU0NGUxYTNlMjI4YzRkMzY0N2Y2MmE5ZDhjOTZhY2U5
ZTJjMzEwHhcNMjUwOTAzMDkwMjM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDg0Njk0ZTU0NWQ2NzA5MzMzYTNjY2NhNDMxMjhlNDE3ZjNlZGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsz7IlZ8+opuXV+4EML1mtfWRoVm/
FiBtTDACKAhv/wHzjJ3wrl///VSHjXYsTcZnK2GCoHrgLHdjyGgkFdxgimznzzLy
0O92dTjNi22NqMcmpSsFKXpwaQunORClAbXmn7ruAQi5pIf4v7QQZdg1sm6di2Cw
SI2IBvjVtJ5EA+hnCjnZlSfygXsB9KWipYXTF5zF3JNPl4CygB5mKViYwsiskH0V
fYKvb0vDXc4+YajNXD4rRSMMq1YW29GeAF8jCCqth/1RbC0FY77sPk4VlmPTVLxm
24VWqwH5rHtmQxeCNlN21eyLRJssR3QwtwbXW7wCw5y88z1UHkFeC3t+QQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHSEaU5UXWcJMzo8zKQxKOQX8+25MB8GA1UdIwQY
MBaAFINFROGj4ijE02R/YqnYyWrOniwxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBWRTRhUGlLTVRUWkg5aXFkakphczZlTERFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9iMmVhYTgtODk4Yi00ZjMzLWFmYjkt
ODkyNjdlNTI4MDA5LzEvZElScFRsUmRad2t6T2p6TXBERW81QmZ6N2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9iMmVhYTgtODk4Yi00ZjMzLWFmYjktODkyNjdlNTI4MDA5
LzEvZzBWRTRhUGlLTVRUWkg5aXFkakphczZlTERFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW89KMA0E
AgACMAcDBQAqCmpAMA0GCSqGSIb3DQEBCwUAA4IBAQAAuBUVag2HeLEkJKhqT4lt
9oOaJ0C2Iut+o6ZMF5vsNwNbmor6xMRk13auSNaQtr/JVdC2KuOL1clrnME7a9Eb
sz3eKKmjHlMsszuCoUMTuyCWZM/kRK26BqnWaIEKYCJ0wuatX/GKh4DH4bXH9QlV
M16fjO7UycjCAABQ7dmO/TKdZ35+ubFBl8VyJq94qKr9tCbIcYTl0tvhqZ+SGpWw
q1GlOZDn0GJ1ii5ER+VWL/qFRUm21QEStTr6/fT2bsGTvU328Bulia++Da8cDe5H
1Q2lA5whbuwlTPxjnU0P6UfnMg52nDWYFQwcPEoBq7D+SfwTiUXqsPAy9mlPpT4u
-----END CERTIFICATE-----