Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/oTJV7UQNW4Frhbnp-iOPDIxOi0c.roa
File:                     oTJV7UQNW4Frhbnp-iOPDIxOi0c.roa (raw, json)
Hash identifier:          7xRtMaqLg3Ad/2cU30eSFfbxnUqbSU5++XxDs5sKABI=
Subject key identifier:   A1:32:55:ED:44:0D:5B:81:6B:85:B9:E9:FA:23:8F:0C:8C:4E:8B:47
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0198C16AE3B1FADDE283B704108084A2E97F
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/oTJV7UQNW4Frhbnp-iOPDIxOi0c.roa
Signing time:             Tue 19 Aug 2025 08:21:04 +0000
ROA not before:           Tue 19 Aug 2025 08:21:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        91.109.44.0/24 maxlen: 24
                          91.109.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c1:6a:e3:b1:fa:dd:e2:83:b7:04:10:80:84:a2:e9:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Aug 19 08:21:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a13255ed440d5b816b85b9e9fa238f0c8c4e8b47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:2f:5f:ea:8b:c0:0b:b6:1e:f4:03:fa:b3:08:
                    79:7d:db:21:4f:92:f1:c9:1d:93:c2:32:d5:80:ab:
                    43:4f:91:a6:a4:c1:59:6c:31:db:34:82:4b:8e:c7:
                    3c:27:f2:dc:0f:81:56:23:c1:28:2a:c3:2a:93:c0:
                    d8:fd:c8:1f:7c:37:25:a8:8c:fb:81:92:df:eb:e2:
                    b1:1b:53:aa:6f:16:6a:be:a7:cb:e6:dc:f3:8a:95:
                    c9:71:5f:59:ff:73:44:eb:0f:bb:46:24:50:70:f1:
                    00:25:f9:ee:e2:aa:6a:3a:7a:e5:cf:a1:f2:e6:9c:
                    49:37:40:bf:e0:58:4e:58:85:df:75:a5:30:01:15:
                    25:f2:7a:6a:03:81:c6:ef:88:23:09:04:eb:72:33:
                    c3:97:3a:04:b2:29:3c:79:88:2c:17:aa:97:e5:95:
                    91:95:98:ab:95:37:29:f7:b6:18:4a:4c:b6:1a:50:
                    1e:42:a4:20:80:2e:9d:15:a8:7d:2f:77:03:fc:85:
                    be:ad:c1:c2:da:05:fc:a3:71:2e:83:4d:a0:e8:95:
                    79:1c:fd:b3:44:be:0d:ad:8a:71:51:51:33:d2:53:
                    c6:ea:75:c8:3c:fb:f7:d0:8f:39:38:31:42:19:d0:
                    6f:89:a4:e2:46:a8:4d:39:53:b7:ff:f1:01:1b:36:
                    7f:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:32:55:ED:44:0D:5B:81:6B:85:B9:E9:FA:23:8F:0C:8C:4E:8B:47
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/oTJV7UQNW4Frhbnp-iOPDIxOi0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         90:79:0f:9f:41:f0:e7:30:ca:1d:e5:b4:be:a9:61:3f:f0:59:
         3f:68:cf:00:2a:42:06:6b:9c:37:1f:3b:e9:9f:71:14:f2:b0:
         9e:a1:fa:6a:ea:2a:31:f2:b1:92:ff:49:30:1f:8d:15:61:31:
         4e:77:29:90:c7:10:fb:bb:c3:88:41:b0:41:78:8e:93:bb:5b:
         a5:2f:96:c5:f4:9d:cd:cb:73:6b:05:b3:03:bf:a6:df:66:ec:
         e9:27:a0:b7:3c:fd:66:df:b7:21:92:33:68:e1:1e:fe:41:c2:
         c4:95:79:92:af:73:05:3b:21:0d:2f:73:74:da:81:e1:86:6f:
         11:80:8d:b8:bf:3e:20:17:f5:13:85:9d:ff:70:a1:a5:35:89:
         46:e2:05:d9:2d:00:6e:03:1d:24:26:cd:63:16:9f:84:34:e3:
         81:c0:ab:59:2c:10:07:40:26:7d:2c:37:8d:9d:e9:db:68:9e:
         5b:38:26:49:cb:b7:a4:19:32:7e:ca:6c:d0:f3:c6:3e:cc:b5:
         32:1a:07:20:7e:dd:c8:62:76:70:ac:f5:cd:b9:cc:35:11:3e:
         77:ae:19:48:ff:eb:48:66:25:3c:49:85:ae:5a:a0:7a:c3:dd:
         a0:77:eb:e9:b2:79:4d:e8:be:6e:57:3f:35:bf:84:62:c3:27:
         3a:47:3f:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjBauOx+t3ig7cEEICEoul/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwODE5MDgyMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTMyNTVlZDQ0MGQ1YjgxNmI4NWI5ZTlmYTIzOGYwYzhjNGU4YjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyi9f6ovAC7Ye9AP6swh5fdshT5Lx
yR2TwjLVgKtDT5GmpMFZbDHbNIJLjsc8J/LcD4FWI8EoKsMqk8DY/cgffDclqIz7
gZLf6+KxG1OqbxZqvqfL5tzzipXJcV9Z/3NE6w+7RiRQcPEAJfnu4qpqOnrlz6Hy
5pxJN0C/4FhOWIXfdaUwARUl8npqA4HG74gjCQTrcjPDlzoEsik8eYgsF6qX5ZWR
lZirlTcp97YYSky2GlAeQqQggC6dFah9L3cD/IW+rcHC2gX8o3Eug02g6JV5HP2z
RL4NrYpxUVEz0lPG6nXIPPv30I85ODFCGdBviaTiRqhNOVO3//EBGzZ/zQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKEyVe1EDVuBa4W56fojjwyMTotHMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEvb1RKVjdVUU5XNEZyaGJucC1pT1BESXhPaTBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW20sMA0G
CSqGSIb3DQEBCwUAA4IBAQCQeQ+fQfDnMMod5bS+qWE/8Fk/aM8AKkIGa5w3Hzvp
n3EU8rCeofpq6iox8rGS/0kwH40VYTFOdymQxxD7u8OIQbBBeI6Tu1ulL5bF9J3N
y3NrBbMDv6bfZuzpJ6C3PP1m37chkjNo4R7+QcLElXmSr3MFOyENL3N02oHhhm8R
gI24vz4gF/UThZ3/cKGlNYlG4gXZLQBuAx0kJs1jFp+ENOOBwKtZLBAHQCZ9LDeN
nenbaJ5bOCZJy7ekGTJ+ymzQ88Y+zLUyGgcgft3IYnZwrPXNucw1ET53rhlI/+tI
ZiU8SYWuWqB6w92gd+vpsnlN6L5uVz81v4Riwyc6Rz+y
-----END CERTIFICATE-----