Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/lpP2NtJrOsnyJY4GK-9DeCM-P_Q.roa
File:                     lpP2NtJrOsnyJY4GK-9DeCM-P_Q.roa (raw, json)
Hash identifier:          CsUk7QdVZqmzvlB30KB4KWvPaPIZZBhOOH3ZXiNwIvg=
Subject key identifier:   96:93:F6:36:D2:6B:3A:C9:F2:25:8E:06:2B:EF:43:78:23:3E:3F:F4
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       0198E797395B7257999B920F8E69298845D8
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/lpP2NtJrOsnyJY4GK-9DeCM-P_Q.roa
Signing time:             Tue 26 Aug 2025 18:15:04 +0000
ROA not before:           Tue 26 Aug 2025 18:15:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        91.190.184.0/24 maxlen: 24
                          194.152.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 01:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e7:97:39:5b:72:57:99:9b:92:0f:8e:69:29:88:45:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Aug 26 18:15:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9693f636d26b3ac9f2258e062bef4378233e3ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:65:32:11:d9:e2:6d:c1:08:87:c4:7e:94:a2:
                    32:a7:59:b9:39:52:7e:89:29:69:91:59:99:5d:eb:
                    3f:6b:06:ff:c8:ed:07:eb:03:fb:44:6c:32:de:7f:
                    c1:ea:43:47:c1:26:99:ee:09:35:47:bd:2a:56:ac:
                    0e:32:0e:b2:a0:56:dd:94:f4:3a:2c:86:4e:23:2e:
                    4f:68:0a:cb:e0:db:d1:8c:f1:0a:48:b4:21:bd:00:
                    48:5d:92:8a:66:73:90:9b:a9:b6:5b:9f:ae:25:55:
                    df:1d:1c:28:f6:72:a9:c4:e4:f9:98:ae:a8:74:9c:
                    89:ad:f6:28:f4:01:9f:07:e2:ee:49:64:47:06:4b:
                    3e:9e:df:f4:51:bc:31:de:7a:14:82:b5:8c:73:01:
                    6f:2a:73:8e:4a:fc:cb:43:36:86:26:5f:1b:5d:66:
                    12:ec:1d:a8:c6:e0:a0:8b:c0:91:15:6c:6c:d2:65:
                    8c:8d:d5:60:ed:d1:c2:bb:5a:bd:3f:41:df:99:ea:
                    32:3b:d0:42:38:f2:53:56:e1:e4:64:f3:26:23:b6:
                    72:81:3a:c4:aa:67:67:05:58:7a:c8:16:b6:03:89:
                    aa:d7:db:a8:92:d3:1c:d9:85:1a:c2:31:57:31:88:
                    c8:8a:c4:65:78:74:a8:6a:ac:81:9e:40:7d:56:b2:
                    f3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:93:F6:36:D2:6B:3A:C9:F2:25:8E:06:2B:EF:43:78:23:3E:3F:F4
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/lpP2NtJrOsnyJY4GK-9DeCM-P_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.184.0/24
                  194.152.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:97:f4:59:db:cc:8f:df:b9:c1:ae:15:8c:00:5c:1b:e7:78:
         e1:80:7c:00:03:06:da:9e:72:01:60:27:13:2f:3f:d0:d3:bd:
         88:03:dc:43:44:37:14:c2:3e:ae:a1:8a:23:06:1c:f7:51:70:
         d4:ac:a9:0d:ca:0d:d2:80:66:42:b9:a0:9e:5f:61:97:6b:76:
         cc:b8:88:c8:b3:68:8d:dc:77:35:8b:a0:fa:6a:2d:fa:c3:3d:
         c7:52:f6:3f:65:a1:b8:9e:ec:70:69:c0:84:14:e8:a3:26:b9:
         9c:d1:24:4a:a9:1f:51:e8:d8:d6:af:14:a8:bb:dd:d6:0f:d8:
         43:29:73:11:7f:d2:73:3a:2f:81:ef:d0:79:79:27:cd:72:0d:
         34:4f:8a:98:91:a1:71:bc:8e:2a:0a:5d:81:e4:52:34:b3:6b:
         41:14:35:c4:6f:bf:b2:40:ae:1e:f3:05:26:6c:4c:53:72:7a:
         fd:09:9c:bf:ab:a5:bb:00:16:5e:1a:43:d5:0d:30:ad:75:3c:
         89:43:b6:1c:f7:6a:04:7d:1b:3f:80:2b:bb:56:e3:6d:bb:5b:
         51:87:5c:75:e9:1a:b7:ea:38:0a:3d:8c:b3:1a:97:94:0c:b7:
         e8:3b:ec:98:3f:d1:f1:54:79:41:f2:e8:1c:69:e3:f2:b3:ea:
         10:c4:1d:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZjnlzlbcleZm5IPjmkpiEXYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjUwODI2MTgxNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjkzZjYzNmQyNmIzYWM5ZjIyNThlMDYyYmVmNDM3ODIzM2UzZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GUyEdnibcEIh8R+lKIyp1m5OVJ+
iSlpkVmZXes/awb/yO0H6wP7RGwy3n/B6kNHwSaZ7gk1R70qVqwOMg6yoFbdlPQ6
LIZOIy5PaArL4NvRjPEKSLQhvQBIXZKKZnOQm6m2W5+uJVXfHRwo9nKpxOT5mK6o
dJyJrfYo9AGfB+LuSWRHBks+nt/0Ubwx3noUgrWMcwFvKnOOSvzLQzaGJl8bXWYS
7B2oxuCgi8CRFWxs0mWMjdVg7dHCu1q9P0HfmeoyO9BCOPJTVuHkZPMmI7ZygTrE
qmdnBVh6yBa2A4mq19uoktMc2YUawjFXMYjIisRleHSoaqyBnkB9VrLzNQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJaT9jbSazrJ8iWOBivvQ3gjPj/0MB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvbHBQMk50SnJPc255Slk0R0stOURlQ00tUF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW764AwQA
wpiFMA0GCSqGSIb3DQEBCwUAA4IBAQAml/RZ28yP37nBrhWMAFwb53jhgHwAAwba
nnIBYCcTLz/Q072IA9xDRDcUwj6uoYojBhz3UXDUrKkNyg3SgGZCuaCeX2GXa3bM
uIjIs2iN3Hc1i6D6ai36wz3HUvY/ZaG4nuxwacCEFOijJrmc0SRKqR9R6NjWrxSo
u93WD9hDKXMRf9JzOi+B79B5eSfNcg00T4qYkaFxvI4qCl2B5FI0s2tBFDXEb7+y
QK4e8wUmbExTcnr9CZy/q6W7ABZeGkPVDTCtdTyJQ7Yc92oEfRs/gCu7VuNtu1tR
h1x16Rq36jgKPYyzGpeUDLfoO+yYP9HxVHlB8ugcaePys+oQxB0Y
-----END CERTIFICATE-----