Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/mIBJl9eoU_j1YkwejnL3f7_PaOM.roa
File:                     mIBJl9eoU_j1YkwejnL3f7_PaOM.roa (raw, json)
Hash identifier:          U0R+9CgbKiH0HvNP0GuJ4qfu1BImk+ORA4q3h37Yp7w=
Subject key identifier:   98:80:49:97:D7:A8:53:F8:F5:62:4C:1E:8E:72:F7:7F:BF:CF:68:E3
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       0198C2F3A69151C4ABA1577B72E2DAF59FB1
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/mIBJl9eoU_j1YkwejnL3f7_PaOM.roa
Signing time:             Tue 19 Aug 2025 15:30:04 +0000
ROA not before:           Tue 19 Aug 2025 15:30:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        192.109.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 21 Aug 2025 14:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c2:f3:a6:91:51:c4:ab:a1:57:7b:72:e2:da:f5:9f:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Aug 19 15:30:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98804997d7a853f8f5624c1e8e72f77fbfcf68e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:fb:7e:3b:bc:75:74:5d:11:68:88:e5:64:cd:
                    28:4b:98:cd:1c:9e:3d:f7:4e:a1:70:8c:37:5f:72:
                    8c:e9:f8:ba:3b:4e:20:ed:cc:40:95:70:16:54:6a:
                    cc:32:16:55:67:97:c9:b0:5f:bc:95:92:60:f2:9c:
                    60:1f:a0:d3:1b:e0:a2:c3:0b:65:42:51:a9:86:27:
                    d3:59:aa:c0:99:ba:40:22:05:33:30:c1:e2:3b:21:
                    b7:53:6b:1d:b6:40:6d:b7:9d:df:3a:0a:e9:aa:be:
                    2f:e7:94:eb:e6:e3:af:26:c5:e2:7d:3d:28:26:32:
                    db:77:c5:be:06:51:20:86:e6:31:09:33:72:54:ed:
                    5c:15:7e:8b:95:88:e4:cf:52:b0:1f:36:54:d4:63:
                    23:43:34:db:87:32:2c:e8:d1:ed:0f:99:f4:f4:d5:
                    06:66:ce:71:63:67:f9:45:71:11:e7:9f:3d:2d:db:
                    74:21:94:67:f2:96:83:51:f6:fd:64:97:5a:4b:c0:
                    2b:20:6f:b5:c4:c6:e3:de:86:f6:e7:09:27:57:93:
                    bb:eb:6d:51:33:e7:1e:90:96:9c:83:aa:c5:01:22:
                    ef:55:6e:51:ce:c2:31:33:6f:bd:54:03:ff:5d:42:
                    68:22:6e:21:2f:f7:2b:a8:48:94:c3:66:86:da:72:
                    9b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:80:49:97:D7:A8:53:F8:F5:62:4C:1E:8E:72:F7:7F:BF:CF:68:E3
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/mIBJl9eoU_j1YkwejnL3f7_PaOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.109.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:19:6a:f9:8f:dc:97:5c:f3:fb:31:28:0e:86:df:3e:27:e7:
         33:1c:ee:f2:0b:ef:57:6f:51:c8:f0:fc:c6:8d:a4:62:37:af:
         d6:da:82:58:e3:dd:2d:0a:22:18:28:16:db:58:02:e2:6e:b7:
         69:1f:cc:cb:55:b0:98:24:2d:57:54:a4:01:da:fe:55:34:e7:
         8f:9a:bb:9d:d4:eb:c3:00:41:0f:a0:69:7c:98:06:38:d0:cf:
         24:6e:69:6b:43:7c:0d:70:8b:6b:67:4c:f3:5e:c9:ea:7a:c8:
         0c:dc:44:97:44:88:c3:75:a1:8b:ab:c0:84:50:4e:ac:be:4e:
         c2:ca:9f:bb:35:ca:01:a0:19:32:e0:63:ab:23:25:59:53:83:
         c7:bb:bc:f8:4f:df:a4:b8:ee:4a:2f:a5:e6:ac:b7:84:55:a2:
         c8:7c:7e:11:0c:ea:ae:4d:4e:d6:49:e0:6e:64:82:ca:e4:6f:
         b9:fa:f2:bb:e9:cb:b6:32:91:ab:74:ec:e1:49:9c:5b:24:85:
         e6:7d:33:22:d0:9f:4a:ea:e2:c9:27:c0:88:9d:8c:2d:d0:e7:
         33:32:ad:6d:d7:b4:57:f7:20:0b:20:e3:0d:4b:25:64:a9:9f:
         a5:9e:6b:27:9a:68:3f:5a:5f:81:21:c5:39:7a:8f:c5:dc:33:
         85:dd:9f:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjC86aRUcSroVd7cuLa9Z+xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwODE5MTUzMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODgwNDk5N2Q3YTg1M2Y4ZjU2MjRjMWU4ZTcyZjc3ZmJmY2Y2OGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9vt+O7x1dF0RaIjlZM0oS5jNHJ49
906hcIw3X3KM6fi6O04g7cxAlXAWVGrMMhZVZ5fJsF+8lZJg8pxgH6DTG+Ciwwtl
QlGphifTWarAmbpAIgUzMMHiOyG3U2sdtkBtt53fOgrpqr4v55Tr5uOvJsXifT0o
JjLbd8W+BlEghuYxCTNyVO1cFX6LlYjkz1KwHzZU1GMjQzTbhzIs6NHtD5n09NUG
Zs5xY2f5RXER5589Ldt0IZRn8paDUfb9ZJdaS8ArIG+1xMbj3ob25wknV5O7621R
M+cekJacg6rFASLvVW5RzsIxM2+9VAP/XUJoIm4hL/crqEiUw2aG2nKb3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJiASZfXqFP49WJMHo5y93+/z2jjMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvbUlCSmw5ZW9VX2oxWWt3ZWpuTDNmN19QYU9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwG3NMA0G
CSqGSIb3DQEBCwUAA4IBAQBQGWr5j9yXXPP7MSgOht8+J+czHO7yC+9Xb1HI8PzG
jaRiN6/W2oJY490tCiIYKBbbWALibrdpH8zLVbCYJC1XVKQB2v5VNOePmrud1OvD
AEEPoGl8mAY40M8kbmlrQ3wNcItrZ0zzXsnqesgM3ESXRIjDdaGLq8CEUE6svk7C
yp+7NcoBoBky4GOrIyVZU4PHu7z4T9+kuO5KL6XmrLeEVaLIfH4RDOquTU7WSeBu
ZILK5G+5+vK76cu2MpGrdOzhSZxbJIXmfTMi0J9K6uLJJ8CInYwt0OczMq1t17RX
9yALIOMNSyVkqZ+lnmsnmmg/Wl+BIcU5eo/F3DOF3Z8d
-----END CERTIFICATE-----