Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/wvSIKLseDCti9NDqb3hBoHBh3tM.roa
File:                     wvSIKLseDCti9NDqb3hBoHBh3tM.roa (raw, json)
Hash identifier:          JuhvfPP6PYd4BnfxxERmMrnoz56rmfAtM3i5xnGfuRs=
Subject key identifier:   C2:F4:88:28:BB:1E:0C:2B:62:F4:D0:EA:6F:78:41:A0:70:61:DE:D3
Certificate issuer:       /CN=c853fb7988a42f39838b1c7f9f0400692e9295d7
Certificate serial:       0199ACE5BA8F1295112C13A6C85645742D79
Authority key identifier: C8:53:FB:79:88:A4:2F:39:83:8B:1C:7F:9F:04:00:69:2E:92:95:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yFP7eYikLzmDixx_nwQAaS6Sldc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/wvSIKLseDCti9NDqb3hBoHBh3tM.roa
Signing time:             Sat 04 Oct 2025 01:46:00 +0000
ROA not before:           Sat 04 Oct 2025 01:46:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        91.214.108.0/24 maxlen: 24
                          91.214.109.0/24 maxlen: 24
                          91.214.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/yFP7eYikLzmDixx_nwQAaS6Sldc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/yFP7eYikLzmDixx_nwQAaS6Sldc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yFP7eYikLzmDixx_nwQAaS6Sldc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ac:e5:ba:8f:12:95:11:2c:13:a6:c8:56:45:74:2d:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c853fb7988a42f39838b1c7f9f0400692e9295d7
        Validity
            Not Before: Oct  4 01:46:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c2f48828bb1e0c2b62f4d0ea6f7841a07061ded3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b0:17:e2:93:ff:44:bc:87:bc:26:49:c5:07:
                    52:2e:70:cb:e6:4a:7f:52:d8:df:ca:92:4e:a9:cd:
                    7a:55:b8:2c:bb:ad:44:11:6c:06:3c:fc:2b:89:3c:
                    d4:80:9d:f8:c0:cb:7b:63:aa:4c:e8:58:28:07:d2:
                    62:8d:e4:00:23:6e:b4:96:15:41:e6:8a:15:7f:dc:
                    83:d5:94:c8:6d:8d:3d:f2:90:bb:df:e4:10:03:98:
                    b6:88:13:19:e6:0f:50:ed:9e:3c:8b:39:86:19:c9:
                    f5:90:83:3c:06:01:a8:34:45:7e:14:24:79:64:68:
                    23:b4:d7:d4:37:ba:64:e1:c1:6b:99:f9:88:ef:c0:
                    3d:c2:c1:c6:bd:b6:e5:8a:4c:1b:56:f2:c5:5a:fc:
                    49:ed:ae:3b:0c:da:33:f9:ce:10:bf:c5:3e:ad:87:
                    04:c2:c7:51:18:65:73:60:79:58:dd:31:19:23:5e:
                    aa:a4:58:a2:7f:b1:0f:3d:32:70:c2:86:9a:32:59:
                    79:4f:22:4f:83:52:a1:a1:16:be:be:32:9b:d4:56:
                    2b:9d:65:27:e3:1b:52:29:e2:db:28:46:91:6c:3d:
                    34:21:fc:16:48:9c:a8:c5:8b:bb:2e:d3:0d:bf:e4:
                    19:82:f4:5a:66:03:83:c9:b4:94:fe:42:0a:7e:55:
                    53:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:F4:88:28:BB:1E:0C:2B:62:F4:D0:EA:6F:78:41:A0:70:61:DE:D3
            X509v3 Authority Key Identifier:
                keyid:C8:53:FB:79:88:A4:2F:39:83:8B:1C:7F:9F:04:00:69:2E:92:95:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yFP7eYikLzmDixx_nwQAaS6Sldc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/wvSIKLseDCti9NDqb3hBoHBh3tM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/0c61a6-e0fa-4017-9582-1e7bdb7f30f6/1/yFP7eYikLzmDixx_nwQAaS6Sldc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.108.0-91.214.110.255

    Signature Algorithm: sha256WithRSAEncryption
         6b:39:95:10:1a:66:85:70:d0:3e:9c:12:01:00:ec:55:d4:3a:
         68:89:28:82:a1:bc:f5:67:f9:99:45:00:8b:31:e5:db:12:89:
         42:a9:4e:98:1f:f3:11:aa:3d:00:7c:6e:9e:c3:55:3f:9c:d1:
         ad:c8:b4:a3:f1:d6:b8:b4:03:f8:e4:3a:67:9d:44:05:21:91:
         d5:8e:13:65:f8:7a:28:5e:40:8c:e4:cf:56:8b:90:73:df:84:
         ff:6c:95:ff:8b:8e:e6:ec:68:3c:0a:f0:33:f9:25:22:79:14:
         3c:df:24:20:b3:d4:d3:cf:be:53:2d:93:e8:b3:57:db:21:89:
         14:38:ba:b4:f4:21:71:ca:3f:8e:74:c1:c5:0e:b5:e3:f1:5a:
         7f:f6:c8:0d:c1:c8:f1:94:ce:45:89:cd:69:8d:fe:e8:5f:da:
         b7:a0:bb:c0:11:02:37:54:19:5d:af:95:88:86:93:91:71:b9:
         f2:f4:7b:82:2d:d5:43:8e:9c:00:fb:b9:eb:7a:df:d9:81:a0:
         d6:e8:29:97:d6:1e:3e:c9:66:5b:ad:81:2a:60:0c:93:37:92:
         85:f4:c0:90:c1:8a:fd:ad:58:ef:92:61:43:3c:84:29:c8:19:
         f2:10:c0:43:46:74:65:3f:52:04:6a:ee:cd:27:26:6f:b1:51:
         e8:2f:59:ef
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZms5bqPEpURLBOmyFZFdC15MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NTNmYjc5ODhhNDJmMzk4MzhiMWM3ZjlmMDQwMDY5MmU5
Mjk1ZDcwHhcNMjUxMDA0MDE0NjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmY0ODgyOGJiMWUwYzJiNjJmNGQwZWE2Zjc4NDFhMDcwNjFkZWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLAX4pP/RLyHvCZJxQdSLnDL5kp/
UtjfypJOqc16Vbgsu61EEWwGPPwriTzUgJ34wMt7Y6pM6FgoB9JijeQAI260lhVB
5ooVf9yD1ZTIbY098pC73+QQA5i2iBMZ5g9Q7Z48izmGGcn1kIM8BgGoNEV+FCR5
ZGgjtNfUN7pk4cFrmfmI78A9wsHGvbblikwbVvLFWvxJ7a47DNoz+c4Qv8U+rYcE
wsdRGGVzYHlY3TEZI16qpFiif7EPPTJwwoaaMll5TyJPg1KhoRa+vjKb1FYrnWUn
4xtSKeLbKEaRbD00IfwWSJyoxYu7LtMNv+QZgvRaZgODybSU/kIKflVTFwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFML0iCi7HgwrYvTQ6m94QaBwYd7TMB8GA1UdIwQY
MBaAFMhT+3mIpC85g4scf58EAGkukpXXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUZQN2VZaWtMem1EaXh4X253UUFhUzZTbGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wYzYxYTYtZTBmYS00MDE3LTk1ODIt
MWU3YmRiN2YzMGY2LzEvd3ZTSUtMc2VEQ3RpOU5EcWIzaEJvSEJoM3RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wYzYxYTYtZTBmYS00MDE3LTk1ODItMWU3YmRiN2YzMGY2
LzEveUZQN2VZaWtMem1EaXh4X253UUFhUzZTbGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJb1mwD
BABb1m4wDQYJKoZIhvcNAQELBQADggEBAGs5lRAaZoVw0D6cEgEA7FXUOmiJKIKh
vPVn+ZlFAIsx5dsSiUKpTpgf8xGqPQB8bp7DVT+c0a3ItKPx1ri0A/jkOmedRAUh
kdWOE2X4eiheQIzkz1aLkHPfhP9slf+LjubsaDwK8DP5JSJ5FDzfJCCz1NPPvlMt
k+izV9shiRQ4urT0IXHKP450wcUOtePxWn/2yA3ByPGUzkWJzWmN/uhf2regu8AR
AjdUGV2vlYiGk5FxufL0e4It1UOOnAD7uet639mBoNboKZfWHj7JZlutgSpgDJM3
koX0wJDBiv2tWO+SYUM8hCnIGfIQwENGdGU/UgRq7s0nJm+xUegvWe8=
-----END CERTIFICATE-----