Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/df6ORV0T3_b0RdsmM3_USMPqdsg.roa
File:                     df6ORV0T3_b0RdsmM3_USMPqdsg.roa (raw, json)
Hash identifier:          q2PmH++N3IE0kcfGnwBqmXQjUmmTRWDH+eBviEbSMVk=
Subject key identifier:   75:FE:8E:45:5D:13:DF:F6:F4:45:DB:26:33:7F:D4:48:C3:EA:76:C8
Certificate issuer:       /CN=e39557250543e4476af88c4612d4a89531313b57
Certificate serial:       019A0CD2F51D8EF6D32A3A3E8DFC29865D4F
Authority key identifier: E3:95:57:25:05:43:E4:47:6A:F8:8C:46:12:D4:A8:95:31:31:3B:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/45VXJQVD5Edq-IxGEtSolTExO1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/df6ORV0T3_b0RdsmM3_USMPqdsg.roa
Signing time:             Wed 22 Oct 2025 16:49:03 +0000
ROA not before:           Wed 22 Oct 2025 16:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210648
IP address blocks:        91.223.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/45VXJQVD5Edq-IxGEtSolTExO1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/45VXJQVD5Edq-IxGEtSolTExO1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/45VXJQVD5Edq-IxGEtSolTExO1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Oct 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0c:d2:f5:1d:8e:f6:d3:2a:3a:3e:8d:fc:29:86:5d:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e39557250543e4476af88c4612d4a89531313b57
        Validity
            Not Before: Oct 22 16:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75fe8e455d13dff6f445db26337fd448c3ea76c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:1f:3a:0c:17:c9:c8:82:20:a3:b5:2c:45:be:
                    1d:1d:f3:86:e7:f0:13:0e:86:43:62:63:23:35:81:
                    46:a4:eb:bf:b2:f3:57:c2:6d:e2:75:ba:b8:11:95:
                    37:e0:62:d5:41:68:1b:45:66:a3:43:42:f3:9a:d0:
                    86:e5:75:c0:6a:8c:03:5b:21:16:8c:9c:40:eb:87:
                    e3:03:eb:70:2b:83:f3:ea:83:95:24:4a:cc:86:3d:
                    13:dd:c1:3b:66:d6:a4:78:43:84:ed:b5:ab:30:ca:
                    cf:cb:6c:c6:94:9f:1a:8b:61:7f:d6:08:87:db:d0:
                    65:61:02:b9:16:5a:30:4d:36:18:89:53:9b:45:13:
                    93:84:81:3d:5e:68:2a:6b:4b:fc:bf:2e:56:4d:82:
                    7e:c7:5b:05:62:ef:0a:eb:d7:aa:21:71:5b:3f:d0:
                    14:2d:d7:65:c8:2b:c4:16:27:32:3f:9b:d7:da:28:
                    2c:57:3c:80:2a:6b:d0:c2:f4:81:ce:06:de:18:24:
                    10:f5:3f:7e:a8:d9:fc:34:d9:a5:ba:91:d8:28:fb:
                    e2:ef:5c:3b:79:d7:aa:47:d4:d1:06:14:21:4f:68:
                    05:a4:c3:b4:6c:dc:2b:40:d9:f8:c3:16:d9:06:1f:
                    9d:61:9c:52:c3:e7:17:be:26:5b:86:00:19:bf:06:
                    0a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:FE:8E:45:5D:13:DF:F6:F4:45:DB:26:33:7F:D4:48:C3:EA:76:C8
            X509v3 Authority Key Identifier:
                keyid:E3:95:57:25:05:43:E4:47:6A:F8:8C:46:12:D4:A8:95:31:31:3B:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/45VXJQVD5Edq-IxGEtSolTExO1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/df6ORV0T3_b0RdsmM3_USMPqdsg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/29d264-b941-47a4-9ec5-20695193ac07/1/45VXJQVD5Edq-IxGEtSolTExO1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:f0:32:07:d5:1b:3b:c2:d7:a9:64:1c:70:5c:dd:bb:73:70:
         a3:70:fc:02:32:36:fd:49:8a:b9:f3:b7:1c:da:d7:d1:1b:f1:
         e4:6e:53:90:7c:66:b7:69:f8:67:52:e5:f7:8d:7a:e5:b6:fa:
         9e:ad:b2:18:8a:fb:87:5d:c2:e3:0e:05:99:7e:29:5a:25:36:
         00:76:0b:04:1d:ec:24:8e:44:70:ca:ba:a7:1a:6a:dd:b3:ad:
         46:60:63:a9:59:b3:29:bf:0c:b9:2d:47:fa:8c:46:fc:0f:f9:
         dc:7b:d0:9d:1c:d7:08:98:6b:8b:ac:87:11:71:f4:b3:23:43:
         a7:29:a6:a5:04:49:0a:10:6d:e9:81:4b:1e:6e:97:ed:56:22:
         cc:fc:c2:d1:a0:ba:4d:cd:c7:fd:86:c9:95:d2:c3:33:de:fb:
         db:57:47:7d:42:b8:75:13:95:95:07:83:fc:2b:aa:15:3a:55:
         13:51:de:71:a6:07:99:d5:6c:9a:18:90:c0:e6:d6:2f:0b:b7:
         05:0e:28:05:33:3b:a0:1a:43:ce:2c:52:2d:f2:48:8c:4e:ad:
         af:4a:a0:05:a8:e3:e5:eb:c7:5d:4a:cb:22:2e:e6:2e:bc:c9:
         cc:c3:08:b4:a5:e7:be:43:ee:7e:40:3b:2a:e7:bd:ac:8b:40:
         4e:a5:3e:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoM0vUdjvbTKjo+jfwphl1PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzOTU1NzI1MDU0M2U0NDc2YWY4OGM0NjEyZDRhODk1MzEz
MTNiNTcwHhcNMjUxMDIyMTY0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWZlOGU0NTVkMTNkZmY2ZjQ0NWRiMjYzMzdmZDQ0OGMzZWE3NmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmh86DBfJyIIgo7UsRb4dHfOG5/AT
DoZDYmMjNYFGpOu/svNXwm3idbq4EZU34GLVQWgbRWajQ0LzmtCG5XXAaowDWyEW
jJxA64fjA+twK4Pz6oOVJErMhj0T3cE7ZtakeEOE7bWrMMrPy2zGlJ8ai2F/1giH
29BlYQK5FlowTTYYiVObRROThIE9Xmgqa0v8vy5WTYJ+x1sFYu8K69eqIXFbP9AU
LddlyCvEFicyP5vX2igsVzyAKmvQwvSBzgbeGCQQ9T9+qNn8NNmlupHYKPvi71w7
edeqR9TRBhQhT2gFpMO0bNwrQNn4wxbZBh+dYZxSw+cXviZbhgAZvwYKfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHX+jkVdE9/29EXbJjN/1EjD6nbIMB8GA1UdIwQY
MBaAFOOVVyUFQ+RHaviMRhLUqJUxMTtXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDVWWEpRVkQ1RWRxLUl4R0V0U29sVEV4TzFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC8yOWQyNjQtYjk0MS00N2E0LTllYzUt
MjA2OTUxOTNhYzA3LzEvZGY2T1JWMFQzX2IwUmRzbU0zX1VTTVBxZHNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC8yOWQyNjQtYjk0MS00N2E0LTllYzUtMjA2OTUxOTNhYzA3
LzEvNDVWWEpRVkQ1RWRxLUl4R0V0U29sVEV4TzFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9/nMA0G
CSqGSIb3DQEBCwUAA4IBAQCv8DIH1Rs7wtepZBxwXN27c3CjcPwCMjb9SYq587cc
2tfRG/HkblOQfGa3afhnUuX3jXrltvqerbIYivuHXcLjDgWZfilaJTYAdgsEHewk
jkRwyrqnGmrds61GYGOpWbMpvwy5LUf6jEb8D/nce9CdHNcImGuLrIcRcfSzI0On
KaalBEkKEG3pgUsebpftViLM/MLRoLpNzcf9hsmV0sMz3vvbV0d9Qrh1E5WVB4P8
K6oVOlUTUd5xpgeZ1WyaGJDA5tYvC7cFDigFMzugGkPOLFIt8kiMTq2vSqAFqOPl
68ddSssiLuYuvMnMwwi0pee+Q+5+QDsq572si0BOpT5k
-----END CERTIFICATE-----