Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/dGULqhrcL_ANSs7BLhleecesMvA.roa
File:                     dGULqhrcL_ANSs7BLhleecesMvA.roa (raw, json)
Hash identifier:          eOOIkAUS4EOg9hUCyRisXwLNCWdAEMdVK4NcFcmfEBA=
Subject key identifier:   74:65:0B:AA:1A:DC:2F:F0:0D:4A:CE:C1:2E:19:5E:79:C7:AC:32:F0
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       0198E798236B696974790C2CB461DEEDC112
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/dGULqhrcL_ANSs7BLhleecesMvA.roa
Signing time:             Tue 26 Aug 2025 18:16:04 +0000
ROA not before:           Tue 26 Aug 2025 18:16:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5650
IP address blocks:        91.190.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e7:98:23:6b:69:69:74:79:0c:2c:b4:61:de:ed:c1:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Aug 26 18:16:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74650baa1adc2ff00d4acec12e195e79c7ac32f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c2:5c:62:5d:20:b9:1b:5c:5f:1c:47:10:e6:
                    cf:6d:87:fa:44:48:c9:71:5d:ca:a1:4c:9a:cb:3c:
                    51:b8:51:7e:de:13:20:92:28:40:f3:e9:7c:b8:51:
                    51:2d:f6:bb:3c:cf:bf:cd:69:bb:6d:77:0f:82:ad:
                    7e:cd:f2:10:17:1d:33:21:b7:97:5f:03:20:9a:0b:
                    68:d6:15:be:75:fc:72:04:b4:08:bd:da:5b:8a:a4:
                    99:f2:e4:ab:3f:f4:3c:63:4a:27:30:b7:f3:77:42:
                    a3:0c:5d:33:21:36:c0:33:70:6d:72:a8:3a:f8:cf:
                    49:cd:d0:b0:85:24:ce:c2:62:0f:4f:e2:be:03:b0:
                    d2:c6:24:00:b2:d3:3e:77:90:8b:48:c3:3d:3f:b2:
                    e8:c9:56:15:74:fc:88:cc:f9:9d:f9:ef:3b:47:19:
                    a3:6c:c0:ee:d2:8e:3a:d5:89:7e:af:39:f6:ca:86:
                    9f:26:83:96:90:4e:e1:44:4c:54:e7:2b:8c:68:fc:
                    9f:ae:95:c5:b2:93:17:9d:61:85:b3:bd:18:a4:95:
                    22:e5:39:76:8c:16:15:af:1e:e0:26:bd:88:5a:1e:
                    3c:db:a3:76:22:af:81:2f:90:5d:5f:68:e2:49:a9:
                    64:da:8c:7b:5c:26:4b:b2:5e:25:c0:fb:67:e7:35:
                    00:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:65:0B:AA:1A:DC:2F:F0:0D:4A:CE:C1:2E:19:5E:79:C7:AC:32:F0
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/dGULqhrcL_ANSs7BLhleecesMvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:8f:24:43:2c:1f:42:f3:29:f6:ad:45:33:57:c3:7f:5a:34:
         6b:f7:7f:5c:55:c9:61:e5:e2:a8:32:78:8d:1b:07:5f:81:7d:
         fa:4b:55:3b:84:d7:0a:13:1a:af:e2:83:5b:66:52:14:db:01:
         3b:a2:cc:6e:87:dc:9e:30:c1:de:54:44:67:ac:25:60:7d:98:
         a1:4d:58:a9:15:4e:18:ff:b2:6f:88:84:28:f9:1d:71:96:60:
         d7:ee:04:7c:ca:74:01:d9:bb:3d:88:b8:36:f1:4b:cb:8b:92:
         51:13:07:eb:04:3c:51:a6:74:0c:17:1b:88:8d:34:6b:0e:a8:
         87:9b:2e:60:20:01:0e:8a:cf:77:04:02:d8:19:20:a1:c4:4d:
         c2:03:ca:5b:47:58:8b:81:65:9f:9b:2f:52:7d:9f:37:55:3b:
         e9:2f:1c:b4:82:c6:1c:79:45:c7:0f:39:8b:a5:a0:55:b6:b7:
         f3:14:09:8b:0d:de:55:7e:8d:5d:9f:da:c5:2a:d5:48:d8:56:
         0b:ef:24:30:d6:02:2b:e2:46:48:0d:56:a8:a1:ae:0d:1e:24:
         f7:ac:da:c0:0d:b1:a8:12:9d:75:fb:e3:23:a2:c6:45:19:2f:
         ea:b3:a6:66:81:4f:96:a9:76:5d:b1:29:f2:21:18:0b:8c:c7:
         2e:78:0d:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjnmCNraWl0eQwstGHe7cESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjUwODI2MTgxNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDY1MGJhYTFhZGMyZmYwMGQ0YWNlYzEyZTE5NWU3OWM3YWMzMmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cJcYl0guRtcXxxHEObPbYf6REjJ
cV3KoUyayzxRuFF+3hMgkihA8+l8uFFRLfa7PM+/zWm7bXcPgq1+zfIQFx0zIbeX
XwMgmgto1hW+dfxyBLQIvdpbiqSZ8uSrP/Q8Y0onMLfzd0KjDF0zITbAM3Btcqg6
+M9JzdCwhSTOwmIPT+K+A7DSxiQAstM+d5CLSMM9P7LoyVYVdPyIzPmd+e87Rxmj
bMDu0o461Yl+rzn2yoafJoOWkE7hRExU5yuMaPyfrpXFspMXnWGFs70YpJUi5Tl2
jBYVrx7gJr2IWh4826N2Iq+BL5BdX2jiSalk2ox7XCZLsl4lwPtn5zUAQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHRlC6oa3C/wDUrOwS4ZXnnHrDLwMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvZEdVTHFocmNMX0FOU3M3QkxobGVlY2VzTXZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW764MA0G
CSqGSIb3DQEBCwUAA4IBAQAkjyRDLB9C8yn2rUUzV8N/WjRr939cVclh5eKoMniN
GwdfgX36S1U7hNcKExqv4oNbZlIU2wE7osxuh9yeMMHeVERnrCVgfZihTVipFU4Y
/7JviIQo+R1xlmDX7gR8ynQB2bs9iLg28UvLi5JREwfrBDxRpnQMFxuIjTRrDqiH
my5gIAEOis93BALYGSChxE3CA8pbR1iLgWWfmy9SfZ83VTvpLxy0gsYceUXHDzmL
paBVtrfzFAmLDd5Vfo1dn9rFKtVI2FYL7yQw1gIr4kZIDVaooa4NHiT3rNrADbGo
Ep11++MjosZFGS/qs6ZmgU+WqXZdsSnyIRgLjMcueA0j
-----END CERTIFICATE-----