Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/s5e-ZlSvSg6pPTZMod93h6uXFpI.roa
File:                     s5e-ZlSvSg6pPTZMod93h6uXFpI.roa (raw, json)
Hash identifier:          OsYWmyTzqnpOCUuLjSbv55rjF6rP9l3X0fvalm8CtqY=
Subject key identifier:   B3:97:BE:66:54:AF:4A:0E:A9:3D:36:4C:A1:DF:77:87:AB:97:16:92
Certificate issuer:       /CN=74ae8f1949ba7f4bc233e6c217a8418ca4e1132b
Certificate serial:       0199E6DB55BA356EFED404065C0EEF511BA1
Authority key identifier: 74:AE:8F:19:49:BA:7F:4B:C2:33:E6:C2:17:A8:41:8C:A4:E1:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dK6PGUm6f0vCM-bCF6hBjKThEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/s5e-ZlSvSg6pPTZMod93h6uXFpI.roa
Signing time:             Wed 15 Oct 2025 07:52:38 +0000
ROA not before:           Wed 15 Oct 2025 07:52:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196668
IP address blocks:        91.213.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/dK6PGUm6f0vCM-bCF6hBjKThEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/dK6PGUm6f0vCM-bCF6hBjKThEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dK6PGUm6f0vCM-bCF6hBjKThEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:db:55:ba:35:6e:fe:d4:04:06:5c:0e:ef:51:1b:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74ae8f1949ba7f4bc233e6c217a8418ca4e1132b
        Validity
            Not Before: Oct 15 07:52:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b397be6654af4a0ea93d364ca1df7787ab971692
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6c:57:47:d1:52:b5:21:45:86:8a:15:40:ca:
                    1a:2e:d1:dc:b2:25:14:72:db:ea:d7:92:34:ac:4b:
                    76:78:10:69:97:95:b7:1a:a6:61:01:54:a4:85:dc:
                    f1:75:77:66:50:b9:b6:bc:52:66:df:71:07:d4:19:
                    db:75:28:d8:1c:d6:fb:aa:63:8d:85:9f:62:55:2c:
                    fa:6c:2f:72:84:dc:50:d8:aa:58:7b:6d:1c:0f:35:
                    bd:2c:3c:8c:67:8d:bf:f7:ce:d5:0c:bf:61:32:f7:
                    0d:40:c8:65:93:85:b6:2e:97:4e:02:96:ae:7b:7d:
                    93:70:74:c5:08:cb:95:70:4a:a1:ed:02:fe:47:b0:
                    d2:64:17:f8:a0:df:b2:6e:cc:cc:8f:a3:96:df:4d:
                    81:36:a5:e5:45:ee:76:b8:3f:c7:35:4e:90:79:5e:
                    e3:3c:97:c0:21:66:9a:b0:85:c9:8e:20:56:fc:5f:
                    b9:17:c9:ee:43:ca:82:fa:09:26:16:ed:53:18:06:
                    b2:b7:f8:ff:29:2d:6b:50:88:5d:64:40:b3:00:07:
                    4d:92:9e:d6:ef:14:59:57:0a:f0:26:fc:70:66:6d:
                    55:da:64:8b:ee:d7:7a:cd:da:4d:5a:17:ad:04:7a:
                    01:4d:36:fc:93:f4:4d:a3:4c:68:68:5f:3c:0e:12:
                    f2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:97:BE:66:54:AF:4A:0E:A9:3D:36:4C:A1:DF:77:87:AB:97:16:92
            X509v3 Authority Key Identifier:
                keyid:74:AE:8F:19:49:BA:7F:4B:C2:33:E6:C2:17:A8:41:8C:A4:E1:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dK6PGUm6f0vCM-bCF6hBjKThEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/s5e-ZlSvSg6pPTZMod93h6uXFpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/dK6PGUm6f0vCM-bCF6hBjKThEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:30:f9:2e:ab:49:d4:5c:b3:ae:f6:3e:59:04:13:8b:d0:92:
         fd:36:92:0e:aa:99:50:c9:54:86:fb:db:29:57:6e:2c:a8:2c:
         a4:4d:3d:8e:15:ac:d3:e4:bc:90:3d:ce:88:8d:6e:c0:c4:4f:
         f3:f8:65:ba:c0:69:0d:cb:aa:d0:5a:1c:ad:fd:c6:23:e8:e6:
         d1:cc:0e:c8:4d:07:a8:2c:4b:45:48:a7:72:65:a1:33:3f:90:
         32:fd:a0:5d:5b:d7:9a:9e:d6:d8:18:33:a5:17:2a:cd:af:66:
         09:4e:3a:43:f0:66:4b:5f:6f:ea:f6:f4:65:61:2f:8a:ce:81:
         e5:4c:5d:6a:77:ea:6f:d3:f8:00:b3:75:79:0f:86:a2:92:e1:
         c9:5c:a6:19:3c:5a:d4:ec:a6:46:ca:7d:fd:89:4d:55:b9:0b:
         9e:9c:c7:2e:d2:2f:d0:4c:12:74:a4:c1:7a:eb:a3:2a:e0:34:
         4d:c0:89:eb:50:c5:b0:71:6a:03:32:10:00:e8:2f:70:1e:08:
         f4:e7:b3:10:83:14:53:c2:59:98:b3:f6:be:9b:e6:42:92:ca:
         ae:cb:c2:38:b1:b7:70:a6:fb:98:3c:b2:bc:c6:d3:86:2b:79:
         89:73:cc:54:3f:e8:33:1d:a7:07:2f:24:0c:f6:ba:c9:a6:81:
         eb:f4:a7:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnm21W6NW7+1AQGXA7vURuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YWU4ZjE5NDliYTdmNGJjMjMzZTZjMjE3YTg0MThjYTRl
MTEzMmIwHhcNMjUxMDE1MDc1MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzk3YmU2NjU0YWY0YTBlYTkzZDM2NGNhMWRmNzc4N2FiOTcxNjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02xXR9FStSFFhooVQMoaLtHcsiUU
ctvq15I0rEt2eBBpl5W3GqZhAVSkhdzxdXdmULm2vFJm33EH1BnbdSjYHNb7qmON
hZ9iVSz6bC9yhNxQ2KpYe20cDzW9LDyMZ42/987VDL9hMvcNQMhlk4W2LpdOApau
e32TcHTFCMuVcEqh7QL+R7DSZBf4oN+ybszMj6OW302BNqXlRe52uD/HNU6QeV7j
PJfAIWaasIXJjiBW/F+5F8nuQ8qC+gkmFu1TGAayt/j/KS1rUIhdZECzAAdNkp7W
7xRZVwrwJvxwZm1V2mSL7td6zdpNWhetBHoBTTb8k/RNo0xoaF88DhLyeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOXvmZUr0oOqT02TKHfd4erlxaSMB8GA1UdIwQY
MBaAFHSujxlJun9LwjPmwheoQYyk4RMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEs2UEdVbTZmMHZDTS1iQ0Y2aEJqS1RoRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy84NTA3YmUtZThkNC00NWUyLTllYTkt
MTUxNGZhZTE1MTA3LzEvczVlLVpsU3ZTZzZwUFRaTW9kOTNoNnVYRnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy84NTA3YmUtZThkNC00NWUyLTllYTktMTUxNGZhZTE1MTA3
LzEvZEs2UEdVbTZmMHZDTS1iQ0Y2aEJqS1RoRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9XeMA0G
CSqGSIb3DQEBCwUAA4IBAQBDMPkuq0nUXLOu9j5ZBBOL0JL9NpIOqplQyVSG+9sp
V24sqCykTT2OFazT5LyQPc6IjW7AxE/z+GW6wGkNy6rQWhyt/cYj6ObRzA7ITQeo
LEtFSKdyZaEzP5Ay/aBdW9eantbYGDOlFyrNr2YJTjpD8GZLX2/q9vRlYS+KzoHl
TF1qd+pv0/gAs3V5D4aikuHJXKYZPFrU7KZGyn39iU1VuQuenMcu0i/QTBJ0pMF6
66Mq4DRNwInrUMWwcWoDMhAA6C9wHgj057MQgxRTwlmYs/a+m+ZCksquy8I4sbdw
pvuYPLK8xtOGK3mJc8xUP+gzHacHLyQM9rrJpoHr9KfG
-----END CERTIFICATE-----