Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/RYaLU7P7StEvfIaG8O_HUuwrXWg.roa
File:                     RYaLU7P7StEvfIaG8O_HUuwrXWg.roa (raw, json)
Hash identifier:          YEpuYm5zeKipnH1+lgwVkLpZPGAKbbKNqPvP2OUt0Mc=
Subject key identifier:   45:86:8B:53:B3:FB:4A:D1:2F:7C:86:86:F0:EF:C7:52:EC:2B:5D:68
Certificate issuer:       /CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
Certificate serial:       0199EECEDF6A7D017C86B5096564327F508C
Authority key identifier: 9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/RYaLU7P7StEvfIaG8O_HUuwrXWg.roa
Signing time:             Thu 16 Oct 2025 20:55:58 +0000
ROA not before:           Thu 16 Oct 2025 20:55:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64445
IP address blocks:        91.193.55.0/24 maxlen: 24
                          2a12:e6c0::/32 maxlen: 64
                          2a12:e6c0:c50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ee:ce:df:6a:7d:01:7c:86:b5:09:65:64:32:7f:50:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
        Validity
            Not Before: Oct 16 20:55:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=45868b53b3fb4ad12f7c8686f0efc752ec2b5d68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:96:bd:f2:dc:70:74:2a:cf:bd:00:76:ad:60:
                    58:13:dd:f3:9e:80:f4:56:d1:7f:fd:3c:74:70:c2:
                    3d:48:b4:67:1a:15:6a:31:82:db:d9:9d:8e:7e:18:
                    17:01:f8:e5:a9:6d:b8:d5:a0:39:45:42:0d:e8:a7:
                    1c:91:07:20:25:92:87:a0:bd:d4:26:91:f1:38:f3:
                    9d:2e:3e:63:dd:10:52:34:37:81:b2:b4:f7:de:56:
                    85:39:75:dd:32:55:c6:0b:02:ec:f9:83:7d:e2:f0:
                    ff:53:e4:94:87:c1:79:03:55:8f:86:2c:0a:18:68:
                    c7:3e:c3:7c:69:fd:d3:e4:b8:13:d4:ad:60:08:55:
                    16:09:48:91:1a:1f:2c:98:fc:25:1e:ad:dd:51:2a:
                    90:31:03:8c:56:c1:bb:87:a0:c5:29:5b:3b:55:df:
                    b7:00:8d:7f:29:b2:6f:b2:39:59:85:69:df:ec:8b:
                    85:ec:26:4c:82:2f:31:df:13:5c:98:e1:51:ec:ba:
                    f2:c5:df:90:39:15:64:ee:51:4e:d3:8d:be:ab:09:
                    50:b3:06:7f:74:27:0d:81:df:ed:14:fb:00:1e:db:
                    83:f9:b0:84:50:5c:87:1d:13:87:10:60:40:2f:95:
                    d3:8c:68:0c:b0:5a:4f:bc:8d:b2:af:24:95:01:3c:
                    24:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:86:8B:53:B3:FB:4A:D1:2F:7C:86:86:F0:EF:C7:52:EC:2B:5D:68
            X509v3 Authority Key Identifier:
                keyid:9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/RYaLU7P7StEvfIaG8O_HUuwrXWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.55.0/24
                IPv6:
                  2a12:e6c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:2e:ed:c7:81:97:18:1a:e8:94:ed:96:bd:e6:de:66:31:27:
         3e:b9:d8:fb:66:62:ea:5c:6f:93:6b:03:3a:ed:60:d5:e6:6f:
         eb:f0:51:df:8a:e0:31:b3:92:b9:90:c9:05:eb:eb:5a:eb:76:
         17:79:1d:b3:03:e2:b1:77:6a:0c:4e:58:a1:56:a1:cd:59:dd:
         6a:50:0f:05:27:f2:7a:2b:2b:c4:8f:fc:a0:2b:23:4e:e9:da:
         69:9a:83:a3:44:b0:71:6c:f7:a0:87:e7:35:5d:1a:eb:04:22:
         1b:6c:98:e3:de:8c:e3:59:2c:ec:32:fe:18:80:88:7b:f0:3b:
         27:91:45:a0:2a:fb:c7:ef:27:10:e6:2c:38:e5:8c:04:c8:9a:
         df:e8:7d:ce:0b:83:b4:83:72:38:01:b0:91:d1:fc:9e:3b:6c:
         29:cd:85:9f:35:91:d0:38:13:82:3c:35:f3:42:47:d6:9c:5e:
         af:54:83:ba:24:8e:5b:d4:41:a3:35:24:0d:ad:3c:80:e4:f6:
         63:19:e9:7f:03:02:9d:b9:9a:a4:e0:41:7d:fb:38:35:94:ab:
         f0:5b:32:f1:ec:9b:4a:29:16:ea:43:4d:f4:a6:3b:e6:15:b8:
         58:de:c2:5e:5e:41:1f:20:98:b9:56:62:d8:7f:b3:6b:13:e0:
         fd:e1:97:5f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnuzt9qfQF8hrUJZWQyf1CMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMTUzM2M0NzAyYzJjY2I1YTllMGU4N2FiMjdhZDU2YjE1
ZjJjNzYwHhcNMjUxMDE2MjA1NTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTg2OGI1M2IzZmI0YWQxMmY3Yzg2ODZmMGVmYzc1MmVjMmI1ZDY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhJa98txwdCrPvQB2rWBYE93znoD0
VtF//Tx0cMI9SLRnGhVqMYLb2Z2OfhgXAfjlqW241aA5RUIN6KcckQcgJZKHoL3U
JpHxOPOdLj5j3RBSNDeBsrT33laFOXXdMlXGCwLs+YN94vD/U+SUh8F5A1WPhiwK
GGjHPsN8af3T5LgT1K1gCFUWCUiRGh8smPwlHq3dUSqQMQOMVsG7h6DFKVs7Vd+3
AI1/KbJvsjlZhWnf7IuF7CZMgi8x3xNcmOFR7Lryxd+QORVk7lFO042+qwlQswZ/
dCcNgd/tFPsAHtuD+bCEUFyHHROHEGBAL5XTjGgMsFpPvI2yrySVATwkHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEWGi1Oz+0rRL3yGhvDvx1LsK11oMB8GA1UdIwQY
MBaAFJ4VM8RwLCzLWp4Oh6snrVaxXyx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTkt
MWE4MzFiNTk5YzE4LzEvUllhTFU3UDdTdEV2ZklhRzhPX0hVdXdyWFdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTktMWE4MzFiNTk5YzE4
LzEvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8E3MA0E
AgACMAcDBQAqEubAMA0GCSqGSIb3DQEBCwUAA4IBAQAHLu3HgZcYGuiU7Za95t5m
MSc+udj7ZmLqXG+TawM67WDV5m/r8FHfiuAxs5K5kMkF6+ta63YXeR2zA+Kxd2oM
TlihVqHNWd1qUA8FJ/J6KyvEj/ygKyNO6dppmoOjRLBxbPegh+c1XRrrBCIbbJjj
3ozjWSzsMv4YgIh78DsnkUWgKvvH7ycQ5iw45YwEyJrf6H3OC4O0g3I4AbCR0fye
O2wpzYWfNZHQOBOCPDXzQkfWnF6vVIO6JI5b1EGjNSQNrTyA5PZjGel/AwKduZqk
4EF9+zg1lKvwWzLx7JtKKRbqQ030pjvmFbhY3sJeXkEfIJi5VmLYf7NrE+D94Zdf
-----END CERTIFICATE-----