Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/cc00eb-56f6-41a7-8305-c299965bbc42/1/TDVjYLyHzwQNTTzVC6g7tLdpTZo.roa
File:                     TDVjYLyHzwQNTTzVC6g7tLdpTZo.roa (raw, json)
Hash identifier:          op6/PInYnACJ7ya55ltpX72UWTOB+p1Ct4BWq04tsFw=
Subject key identifier:   4C:35:63:60:BC:87:CF:04:0D:4D:3C:D5:0B:A8:3B:B4:B7:69:4D:9A
Certificate issuer:       /CN=31951e36ffd97c1d733a90a5af6fada85fd27782
Certificate serial:       019A54BD4B84C567412C3B4DE432896A7F68
Authority key identifier: 31:95:1E:36:FF:D9:7C:1D:73:3A:90:A5:AF:6F:AD:A8:5F:D2:77:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MZUeNv_ZfB1zOpClr2-tqF_Sd4I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/cc00eb-56f6-41a7-8305-c299965bbc42/1/TDVjYLyHzwQNTTzVC6g7tLdpTZo.roa
Signing time:             Wed 05 Nov 2025 15:58:03 +0000
ROA not before:           Wed 05 Nov 2025 15:58:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211934
IP address blocks:        91.212.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/cc00eb-56f6-41a7-8305-c299965bbc42/1/MZUeNv_ZfB1zOpClr2-tqF_Sd4I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/cc00eb-56f6-41a7-8305-c299965bbc42/1/MZUeNv_ZfB1zOpClr2-tqF_Sd4I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MZUeNv_ZfB1zOpClr2-tqF_Sd4I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 06:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:54:bd:4b:84:c5:67:41:2c:3b:4d:e4:32:89:6a:7f:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31951e36ffd97c1d733a90a5af6fada85fd27782
        Validity
            Not Before: Nov  5 15:58:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c356360bc87cf040d4d3cd50ba83bb4b7694d9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:bb:69:58:06:4e:0d:3c:a4:f0:04:8e:c0:a1:
                    7e:31:c5:2c:d8:dd:80:74:09:0e:db:bf:56:1b:7c:
                    3a:f4:60:06:d6:99:cb:ab:67:95:38:82:13:4a:c6:
                    e7:9d:80:3f:e6:c3:5b:e7:4f:99:93:a9:88:e3:b5:
                    e8:fe:8e:68:1b:e9:01:99:27:17:31:83:31:ab:9e:
                    9e:21:6d:89:9b:c6:f8:33:1c:e2:7a:b0:0d:07:68:
                    7d:1b:6c:a5:e1:4b:57:6c:38:77:a7:14:dc:8b:f3:
                    c5:20:ca:85:a8:72:ca:2b:f4:b1:43:ad:95:74:ab:
                    20:ea:2f:f1:5a:b0:f2:7d:6f:91:a9:c2:38:be:5c:
                    9c:9d:0e:b6:c6:4a:3b:69:9b:1b:a5:7e:57:57:0c:
                    ce:97:7d:33:ba:d4:b1:ec:57:43:23:a5:a5:a1:dc:
                    f5:9e:ac:f2:ec:d0:cc:28:fc:73:11:a3:4d:86:92:
                    b0:2e:a2:25:3b:82:be:a1:e2:1a:d8:54:8c:da:c7:
                    79:a8:88:95:4a:08:28:5a:ec:a6:30:96:66:b1:40:
                    cb:2d:e6:93:ad:38:d1:be:a1:e6:1d:60:aa:a5:bd:
                    f2:13:8e:23:f8:1f:4a:a0:62:64:24:8f:6c:ad:66:
                    62:ce:96:58:ad:23:31:88:0e:63:b9:89:72:20:6c:
                    b8:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:35:63:60:BC:87:CF:04:0D:4D:3C:D5:0B:A8:3B:B4:B7:69:4D:9A
            X509v3 Authority Key Identifier:
                keyid:31:95:1E:36:FF:D9:7C:1D:73:3A:90:A5:AF:6F:AD:A8:5F:D2:77:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MZUeNv_ZfB1zOpClr2-tqF_Sd4I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/cc00eb-56f6-41a7-8305-c299965bbc42/1/TDVjYLyHzwQNTTzVC6g7tLdpTZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/cc00eb-56f6-41a7-8305-c299965bbc42/1/MZUeNv_ZfB1zOpClr2-tqF_Sd4I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:a4:dc:4b:ff:28:d1:e7:37:70:29:4d:19:dc:b0:ed:58:c6:
         9a:56:49:4e:f5:63:6f:d1:83:d8:11:4f:01:78:21:c1:b8:66:
         9b:1f:32:d8:a2:fd:13:89:e0:6f:d9:93:c1:9b:c8:67:fb:9a:
         7e:c5:c4:f3:29:99:9e:7a:3e:a2:15:58:02:1a:3a:4b:e6:db:
         49:25:5c:17:56:9e:a3:b7:4a:3f:6d:05:f8:cc:39:83:7d:c7:
         d6:2c:a3:4c:31:b9:22:82:7d:5c:98:50:b8:a6:ef:7c:08:3c:
         53:cc:cf:a9:21:53:2f:9f:80:ef:84:40:6d:f1:d5:df:07:c0:
         25:33:cf:4d:f3:dc:9b:37:41:e4:09:21:35:54:21:b1:ae:62:
         06:a1:81:78:d8:68:82:7a:6f:39:b4:2e:95:33:a4:22:0a:4f:
         9d:f9:07:5d:af:98:11:25:4d:c0:e5:9a:69:3f:4f:00:db:05:
         50:a1:c3:4d:e9:46:ba:70:e9:0b:72:8b:e4:d2:c4:35:5e:8d:
         b3:3e:d4:47:a5:84:31:08:98:36:d4:6a:2b:b1:fb:49:38:2a:
         45:5e:5f:4b:28:3b:96:47:a7:e0:57:84:53:4a:34:5d:65:21:
         dd:81:04:00:26:2b:c4:c0:6d:08:fe:dd:31:05:cb:90:18:cf:
         fa:84:6b:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpUvUuExWdBLDtN5DKJan9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxOTUxZTM2ZmZkOTdjMWQ3MzNhOTBhNWFmNmZhZGE4NWZk
Mjc3ODIwHhcNMjUxMTA1MTU1ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzM1NjM2MGJjODdjZjA0MGQ0ZDNjZDUwYmE4M2JiNGI3Njk0ZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbtpWAZODTyk8ASOwKF+McUs2N2A
dAkO279WG3w69GAG1pnLq2eVOIITSsbnnYA/5sNb50+Zk6mI47Xo/o5oG+kBmScX
MYMxq56eIW2Jm8b4MxzierANB2h9G2yl4UtXbDh3pxTci/PFIMqFqHLKK/SxQ62V
dKsg6i/xWrDyfW+RqcI4vlycnQ62xko7aZsbpX5XVwzOl30zutSx7FdDI6Wlodz1
nqzy7NDMKPxzEaNNhpKwLqIlO4K+oeIa2FSM2sd5qIiVSggoWuymMJZmsUDLLeaT
rTjRvqHmHWCqpb3yE44j+B9KoGJkJI9srWZizpZYrSMxiA5juYlyIGy43wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEw1Y2C8h88EDU081QuoO7S3aU2aMB8GA1UdIwQY
MBaAFDGVHjb/2XwdczqQpa9vrahf0neCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVpVZU52X1pmQjF6T3BDbHIyLXRxRl9TZDRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9jYzAwZWItNTZmNi00MWE3LTgzMDUt
YzI5OTk2NWJiYzQyLzEvVERWallMeUh6d1FOVFR6VkM2Zzd0TGRwVFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9jYzAwZWItNTZmNi00MWE3LTgzMDUtYzI5OTk2NWJiYzQy
LzEvTVpVZU52X1pmQjF6T3BDbHIyLXRxRl9TZDRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9TmMA0G
CSqGSIb3DQEBCwUAA4IBAQChpNxL/yjR5zdwKU0Z3LDtWMaaVklO9WNv0YPYEU8B
eCHBuGabHzLYov0TieBv2ZPBm8hn+5p+xcTzKZmeej6iFVgCGjpL5ttJJVwXVp6j
t0o/bQX4zDmDfcfWLKNMMbkign1cmFC4pu98CDxTzM+pIVMvn4DvhEBt8dXfB8Al
M89N89ybN0HkCSE1VCGxrmIGoYF42GiCem85tC6VM6QiCk+d+Qddr5gRJU3A5Zpp
P08A2wVQocNN6Ua6cOkLcovk0sQ1Xo2zPtRHpYQxCJg21GorsftJOCpFXl9LKDuW
R6fgV4RTSjRdZSHdgQQAJivEwG0I/t0xBcuQGM/6hGs+
-----END CERTIFICATE-----