Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/Ef8_zrRgEL0CLqM-IuSA3dX-ctc.roa
File:                     Ef8_zrRgEL0CLqM-IuSA3dX-ctc.roa (raw, json)
Hash identifier:          xDWi6ors7AjB8a/zdFVsFoCBfh3PoH6v4N9RTJZoFCo=
Subject key identifier:   11:FF:3F:CE:B4:60:10:BD:02:2E:A3:3E:22:E4:80:DD:D5:FE:72:D7
Certificate issuer:       /CN=c853fb7988a42f39838b1c7f9f0400692e9295d7
Certificate serial:       0199ACE963A47D2110ECC8EF99F6807AC03C
Authority key identifier: C8:53:FB:79:88:A4:2F:39:83:8B:1C:7F:9F:04:00:69:2E:92:95:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFP7eYikLzmDixx_nwQAaS6Sldc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/Ef8_zrRgEL0CLqM-IuSA3dX-ctc.roa
Signing time:             Sat 04 Oct 2025 01:50:00 +0000
ROA not before:           Sat 04 Oct 2025 01:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49427
IP address blocks:        91.214.108.0/23 maxlen: 23
                          91.214.110.0/24 maxlen: 24
                          91.214.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/yFP7eYikLzmDixx_nwQAaS6Sldc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/yFP7eYikLzmDixx_nwQAaS6Sldc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFP7eYikLzmDixx_nwQAaS6Sldc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ac:e9:63:a4:7d:21:10:ec:c8:ef:99:f6:80:7a:c0:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c853fb7988a42f39838b1c7f9f0400692e9295d7
        Validity
            Not Before: Oct  4 01:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11ff3fceb46010bd022ea33e22e480ddd5fe72d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:55:67:92:86:22:e3:a1:2f:62:ad:37:60:34:
                    42:ab:ab:1e:1b:fc:ae:db:db:a1:2c:90:a6:cd:55:
                    c4:02:fc:91:81:8b:2a:8e:2a:70:db:f3:1b:52:89:
                    f6:a3:a1:97:70:3b:f4:ca:26:fd:31:07:38:81:7e:
                    76:d7:3c:97:ad:bc:1a:d8:3a:a6:ee:a5:0a:c5:44:
                    5c:2e:cb:81:09:e9:70:51:0c:9f:6e:37:b0:f8:e2:
                    65:49:77:d6:8c:f7:5a:aa:8a:b4:d9:2b:de:50:93:
                    86:d3:3c:3f:10:d4:50:34:e1:6a:a8:04:79:b9:52:
                    e5:10:02:9d:99:76:c9:d3:58:28:32:36:2f:e8:27:
                    e2:82:3d:0d:ed:93:5e:a6:b0:ed:6c:f8:4b:f8:f8:
                    05:88:ed:de:06:ea:15:20:95:84:a8:a6:e3:9d:0c:
                    d5:64:89:9d:3b:53:45:7f:c4:88:c6:40:2d:29:05:
                    21:1c:26:ed:13:8f:8e:90:36:b7:33:bd:3e:83:8b:
                    b9:e3:28:92:57:d4:07:cd:14:11:2c:c3:5e:ed:f4:
                    2b:de:87:42:c3:31:15:79:dd:ac:a0:18:db:92:33:
                    c5:13:3f:ac:35:13:61:e1:3e:6f:fa:7b:a5:4a:46:
                    25:78:20:0a:0c:2e:38:b3:79:cb:2f:18:5f:d9:29:
                    a2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:FF:3F:CE:B4:60:10:BD:02:2E:A3:3E:22:E4:80:DD:D5:FE:72:D7
            X509v3 Authority Key Identifier:
                keyid:C8:53:FB:79:88:A4:2F:39:83:8B:1C:7F:9F:04:00:69:2E:92:95:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFP7eYikLzmDixx_nwQAaS6Sldc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/Ef8_zrRgEL0CLqM-IuSA3dX-ctc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/yFP7eYikLzmDixx_nwQAaS6Sldc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bc:80:42:e1:9f:68:a7:49:97:d1:38:78:66:1f:70:bb:b5:d1:
         a5:8c:83:8b:cd:d0:fd:23:d2:3d:d2:d6:1a:f1:47:40:5c:e6:
         36:59:a0:1f:e3:fb:f1:c8:41:14:76:ab:25:69:6d:97:24:85:
         c4:3e:fd:84:d7:f2:1b:6f:66:89:35:05:00:b5:c8:93:2c:2a:
         62:a2:50:a8:5e:f3:9e:3e:9f:25:31:ba:25:4d:bf:0d:6e:4c:
         6d:6b:36:ad:8a:49:df:f0:c2:21:7e:90:20:ed:ea:75:66:c9:
         1a:83:2d:5f:ae:ad:8f:d5:74:f3:37:f1:67:fa:01:11:6d:8e:
         9c:9b:51:02:8d:a3:30:61:fa:87:f8:c7:30:8f:08:64:df:be:
         4c:ce:77:4c:e6:de:1a:10:85:7a:06:75:85:39:86:45:78:ca:
         d5:e8:b5:f3:e5:19:6c:b5:fe:12:af:18:48:00:80:1a:11:02:
         0a:23:80:a0:ec:ba:2d:65:de:43:42:62:a7:42:7d:eb:86:f2:
         2f:5c:73:e0:31:3f:c2:fa:d8:ab:3f:20:f4:14:01:fc:28:c8:
         bc:37:db:e9:e8:3e:aa:0a:dd:8c:88:07:f6:ef:3e:85:db:da:
         81:57:ab:be:f1:61:66:d6:59:ec:2a:61:ad:72:0e:2a:36:83:
         7d:15:e2:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZms6WOkfSEQ7MjvmfaAesA8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTNmYjc5ODhhNDJmMzk4MzhiMWM3ZjlmMDQwMDY5MmU5
Mjk1ZDcwHhcNMjUxMDA0MDE1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWZmM2ZjZWI0NjAxMGJkMDIyZWEzM2UyMmU0ODBkZGQ1ZmU3MmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjlVnkoYi46EvYq03YDRCq6seG/yu
29uhLJCmzVXEAvyRgYsqjipw2/MbUon2o6GXcDv0yib9MQc4gX521zyXrbwa2Dqm
7qUKxURcLsuBCelwUQyfbjew+OJlSXfWjPdaqoq02SveUJOG0zw/ENRQNOFqqAR5
uVLlEAKdmXbJ01goMjYv6Cfigj0N7ZNeprDtbPhL+PgFiO3eBuoVIJWEqKbjnQzV
ZImdO1NFf8SIxkAtKQUhHCbtE4+OkDa3M70+g4u54yiSV9QHzRQRLMNe7fQr3odC
wzEVed2soBjbkjPFEz+sNRNh4T5v+nulSkYleCAKDC44s3nLLxhf2Smi4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBH/P860YBC9Ai6jPiLkgN3V/nLXMB8GA1UdIwQY
MBaAFMhT+3mIpC85g4scf58EAGkukpXXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZQN2VZaWtMem1EaXh4X253UUFhUzZTbGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wYzYxYTYtZTBmYS00MDE3LTk1ODIt
MWU3YmRiN2YzMGY2LzEvRWY4X3pyUmdFTDBDTHFNLUl1U0EzZFgtY3RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wYzYxYTYtZTBmYS00MDE3LTk1ODItMWU3YmRiN2YzMGY2
LzEveUZQN2VZaWtMem1EaXh4X253UUFhUzZTbGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9ZsMA0G
CSqGSIb3DQEBCwUAA4IBAQC8gELhn2inSZfROHhmH3C7tdGljIOLzdD9I9I90tYa
8UdAXOY2WaAf4/vxyEEUdqslaW2XJIXEPv2E1/Ibb2aJNQUAtciTLCpiolCoXvOe
Pp8lMbolTb8Nbkxtazatiknf8MIhfpAg7ep1Zskagy1frq2P1XTzN/Fn+gERbY6c
m1ECjaMwYfqH+Mcwjwhk375MzndM5t4aEIV6BnWFOYZFeMrV6LXz5Rlstf4SrxhI
AIAaEQIKI4Cg7LotZd5DQmKnQn3rhvIvXHPgMT/C+tirPyD0FAH8KMi8N9vp6D6q
Ct2MiAf27z6F29qBV6u+8WFm1lnsKmGtcg4qNoN9FeJN
-----END CERTIFICATE-----