Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/O2ig3X7VNdoIgqEvSRSWulSevo4.roa
File:                     O2ig3X7VNdoIgqEvSRSWulSevo4.roa (raw, json)
Hash identifier:          b2vyXh49fwCqIp7fN7Ci84lv9+cxy1rLXbG95tTjerQ=
Subject key identifier:   3B:68:A0:DD:7E:D5:35:DA:08:82:A1:2F:49:14:96:BA:54:9E:BE:8E
Certificate issuer:       /CN=e39557250543e4476af88c4612d4a89531313b57
Certificate serial:       019A0CD20A43FA6DF61C01154193BC0FDC07
Authority key identifier: E3:95:57:25:05:43:E4:47:6A:F8:8C:46:12:D4:A8:95:31:31:3B:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/45VXJQVD5Edq-IxGEtSolTExO1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/O2ig3X7VNdoIgqEvSRSWulSevo4.roa
Signing time:             Wed 22 Oct 2025 16:48:03 +0000
ROA not before:           Wed 22 Oct 2025 16:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3301
IP address blocks:        91.227.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/45VXJQVD5Edq-IxGEtSolTExO1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/45VXJQVD5Edq-IxGEtSolTExO1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/45VXJQVD5Edq-IxGEtSolTExO1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Oct 2025 15:57:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0c:d2:0a:43:fa:6d:f6:1c:01:15:41:93:bc:0f:dc:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e39557250543e4476af88c4612d4a89531313b57
        Validity
            Not Before: Oct 22 16:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3b68a0dd7ed535da0882a12f491496ba549ebe8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:dc:2a:5f:ef:d9:c2:55:af:ec:c4:09:33:20:
                    93:fe:57:23:50:27:71:3a:ad:d0:20:3a:e2:fd:ac:
                    d3:cc:ab:da:9b:32:c9:99:a6:0a:ef:c8:b5:4d:94:
                    d4:e0:b8:d2:dc:72:14:c7:24:78:95:1d:f4:0f:ad:
                    97:c8:e2:cf:5f:66:90:5d:5e:b2:2b:10:f3:50:85:
                    2f:44:b1:24:69:15:27:3e:7c:93:4e:ab:a2:55:f4:
                    13:1c:b8:b5:a8:9c:06:87:0a:c1:4f:0b:26:9f:65:
                    4b:c7:4a:67:27:1b:54:af:64:ba:e4:f3:10:48:2a:
                    62:c0:47:0e:bb:e7:75:11:20:d9:4e:27:ea:a8:eb:
                    b1:f8:c3:d6:07:ee:55:3f:4e:ab:41:e3:4d:05:ac:
                    2f:7c:4e:57:88:1e:63:ea:d0:4b:47:fa:25:15:81:
                    5e:73:64:19:66:52:57:aa:e4:6a:13:12:6d:55:62:
                    14:6b:8e:77:64:9e:3f:b2:0b:91:2a:27:4f:f8:26:
                    0a:62:40:7d:df:ee:b5:8e:06:a3:63:dc:c2:7a:9a:
                    3c:e3:03:93:76:8f:25:4d:07:d3:94:4c:2d:0d:a8:
                    23:ef:c4:49:c3:3f:16:a0:42:f1:f9:04:b7:62:f2:
                    b1:1b:ff:9a:d7:4f:0e:4d:4a:7f:51:8b:27:e3:40:
                    18:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:68:A0:DD:7E:D5:35:DA:08:82:A1:2F:49:14:96:BA:54:9E:BE:8E
            X509v3 Authority Key Identifier:
                keyid:E3:95:57:25:05:43:E4:47:6A:F8:8C:46:12:D4:A8:95:31:31:3B:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/45VXJQVD5Edq-IxGEtSolTExO1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/O2ig3X7VNdoIgqEvSRSWulSevo4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/45VXJQVD5Edq-IxGEtSolTExO1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:9d:c2:85:c4:a8:04:3b:70:e6:ef:58:75:76:20:d3:a2:13:
         15:b9:df:2a:5f:d5:11:18:54:f3:0c:04:80:ff:ff:98:04:88:
         55:43:e0:c4:aa:72:79:37:6e:1a:8a:54:4e:27:18:a7:85:4f:
         43:32:fa:6f:3c:1b:e2:b3:0a:3f:77:76:04:b9:6a:8f:1c:a6:
         b5:17:3b:d6:13:39:81:84:a6:42:14:09:6c:73:46:e7:e8:a2:
         f0:72:4b:b1:a9:e9:86:72:a9:40:e4:24:a5:54:e3:ce:0c:4b:
         0c:3b:b0:ba:49:47:5a:19:f2:cc:ca:78:da:67:97:88:5d:79:
         3f:15:8e:c7:e1:f2:ec:bd:53:6a:2b:c0:d3:83:a7:e5:fa:9c:
         6a:45:95:90:88:7b:f5:4f:b3:bf:ef:d0:38:15:47:ee:73:97:
         92:8d:4d:a0:01:aa:eb:fa:d1:2c:4b:e1:4f:91:fe:b9:f2:15:
         00:53:22:f5:a1:fb:e7:d8:83:36:e9:23:fd:3d:3c:c8:99:72:
         a6:1f:88:13:dd:62:37:69:33:de:6a:c4:bc:ca:fc:d3:be:68:
         f7:67:ca:69:f0:7b:8a:08:4a:4b:e4:d4:52:f6:3a:9f:90:a2:
         c2:d3:fb:42:d9:87:88:2c:d7:be:f6:f6:e1:ae:f9:bb:cb:75:
         2d:a2:50:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoM0gpD+m32HAEVQZO8D9wHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOTU1NzI1MDU0M2U0NDc2YWY4OGM0NjEyZDRhODk1MzEz
MTNiNTcwHhcNMjUxMDIyMTY0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjY4YTBkZDdlZDUzNWRhMDg4MmExMmY0OTE0OTZiYTU0OWViZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dwqX+/ZwlWv7MQJMyCT/lcjUCdx
Oq3QIDri/azTzKvamzLJmaYK78i1TZTU4LjS3HIUxyR4lR30D62XyOLPX2aQXV6y
KxDzUIUvRLEkaRUnPnyTTquiVfQTHLi1qJwGhwrBTwsmn2VLx0pnJxtUr2S65PMQ
SCpiwEcOu+d1ESDZTifqqOux+MPWB+5VP06rQeNNBawvfE5XiB5j6tBLR/olFYFe
c2QZZlJXquRqExJtVWIUa453ZJ4/sguRKidP+CYKYkB93+61jgajY9zCepo84wOT
do8lTQfTlEwtDagj78RJwz8WoELx+QS3YvKxG/+a108OTUp/UYsn40AYLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtooN1+1TXaCIKhL0kUlrpUnr6OMB8GA1UdIwQY
MBaAFOOVVyUFQ+RHaviMRhLUqJUxMTtXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDVWWEpRVkQ1RWRxLUl4R0V0U29sVEV4TzFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8yOWQyNjQtYjk0MS00N2E0LTllYzUt
MjA2OTUxOTNhYzA3LzEvTzJpZzNYN1ZOZG9JZ3FFdlNSU1d1bFNldm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8yOWQyNjQtYjk0MS00N2E0LTllYzUtMjA2OTUxOTNhYzA3
LzEvNDVWWEpRVkQ1RWRxLUl4R0V0U29sVEV4TzFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+MxMA0G
CSqGSIb3DQEBCwUAA4IBAQAnncKFxKgEO3Dm71h1diDTohMVud8qX9URGFTzDASA
//+YBIhVQ+DEqnJ5N24ailROJxinhU9DMvpvPBviswo/d3YEuWqPHKa1FzvWEzmB
hKZCFAlsc0bn6KLwckuxqemGcqlA5CSlVOPODEsMO7C6SUdaGfLMynjaZ5eIXXk/
FY7H4fLsvVNqK8DTg6fl+pxqRZWQiHv1T7O/79A4FUfuc5eSjU2gAarr+tEsS+FP
kf658hUAUyL1ofvn2IM26SP9PTzImXKmH4gT3WI3aTPeasS8yvzTvmj3Z8pp8HuK
CEpL5NRS9jqfkKLC0/tC2YeILNe+9vbhrvm7y3UtolA3
-----END CERTIFICATE-----