Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/yxG7yWv__YoAWY_L9hRp3vU2XYs.roa
File:                     yxG7yWv__YoAWY_L9hRp3vU2XYs.roa (raw, json)
Hash identifier:          CSF3TOKK7qqalDdJcfVVvwt3T7McADmGuQ+vP8UJZjk=
Subject key identifier:   CB:11:BB:C9:6B:FF:FD:8A:00:59:8F:CB:F6:14:69:DE:F5:36:5D:8B
Certificate issuer:       /CN=d08da9cf00d4d58b854ffc62010f235b06df354a
Certificate serial:       0198C16AE37F527C848B4B96416DE0CC0DB6
Authority key identifier: D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/yxG7yWv__YoAWY_L9hRp3vU2XYs.roa
Signing time:             Tue 19 Aug 2025 08:21:04 +0000
ROA not before:           Tue 19 Aug 2025 08:21:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64267
IP address blocks:        91.109.44.0/24 maxlen: 24
                          91.109.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:c1:6a:e3:7f:52:7c:84:8b:4b:96:41:6d:e0:cc:0d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d08da9cf00d4d58b854ffc62010f235b06df354a
        Validity
            Not Before: Aug 19 08:21:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb11bbc96bfffd8a00598fcbf61469def5365d8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:a0:a8:b1:ef:57:5c:58:78:ef:92:01:c9:f0:
                    49:7b:d9:ff:fd:73:49:3d:a7:28:9d:ab:dd:5c:26:
                    f0:5a:ef:74:7c:a9:c6:18:e1:74:36:1c:e2:f8:c7:
                    c5:a0:55:3a:dd:52:52:c2:03:0f:49:4c:19:20:0a:
                    f3:a4:5e:1a:b5:25:41:ed:d1:c1:14:9a:25:2e:76:
                    11:12:2a:ed:46:f7:44:22:27:37:fd:3f:37:8a:a4:
                    06:58:f2:e9:49:61:b2:cc:fa:9a:49:1a:4d:82:0d:
                    35:2b:7c:1c:7e:e8:08:74:06:83:94:a8:40:92:4f:
                    95:7e:c5:3e:cc:11:18:b0:07:d8:05:67:14:30:3f:
                    7d:27:69:02:b4:99:2b:f6:75:88:a2:7c:c3:ce:65:
                    45:18:2a:0c:45:17:11:cf:f3:85:e4:cc:2c:25:0a:
                    bb:24:e1:b3:81:5d:e4:fc:48:71:c3:21:a4:3c:b8:
                    8e:b5:9b:27:eb:b7:c4:22:df:7e:a7:46:6c:a5:c1:
                    0b:ce:2e:88:23:2d:1a:13:cd:80:65:7a:7c:d6:02:
                    01:8b:83:41:c1:0d:0f:3e:84:06:25:24:96:b9:f1:
                    96:f0:d2:e7:48:ca:48:af:1e:d5:8c:0f:f8:52:69:
                    21:f0:f4:05:e5:31:9a:0e:47:45:32:9f:39:bb:b9:
                    9b:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:11:BB:C9:6B:FF:FD:8A:00:59:8F:CB:F6:14:69:DE:F5:36:5D:8B
            X509v3 Authority Key Identifier:
                keyid:D0:8D:A9:CF:00:D4:D5:8B:85:4F:FC:62:01:0F:23:5B:06:DF:35:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/yxG7yWv__YoAWY_L9hRp3vU2XYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/febef8-a0ea-4c7e-8806-20e19780cb2e/1/0I2pzwDU1YuFT_xiAQ8jWwbfNUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.109.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:cd:b5:9f:58:89:f5:ee:27:41:c3:13:81:7a:38:dd:ec:51:
         07:5a:04:79:42:b7:de:28:a0:e0:4a:78:50:b5:f4:45:fe:25:
         86:d7:20:1f:9f:77:96:5c:63:dd:b0:59:42:2a:74:0d:0b:8c:
         58:fb:c1:17:e4:8f:f4:90:ce:27:e9:07:a9:a3:8b:e8:88:7c:
         f2:4d:e6:05:ce:f0:0d:1f:7d:c3:d6:1f:6d:52:5d:87:0c:e6:
         b5:5a:05:99:08:1f:4f:07:b1:1b:0c:70:98:dd:8e:d4:6c:f0:
         5e:5d:af:f5:6a:fc:c5:f3:b1:53:3e:4b:00:7b:59:90:74:6e:
         ce:f7:d2:18:ff:e4:ea:04:0a:67:50:bd:63:00:83:36:cc:0f:
         4e:ca:5b:1a:72:31:d7:ca:dc:24:c7:0e:90:a6:5a:66:f5:1c:
         53:78:ba:63:78:fb:2f:39:bf:36:00:d7:ec:55:00:eb:a3:b3:
         33:dd:0e:0e:f3:35:3d:aa:4a:99:2b:30:0b:22:5e:06:0e:03:
         0d:59:57:7a:30:49:68:84:30:23:e1:52:39:21:34:9a:fd:42:
         20:d7:26:6f:b1:c8:16:ca:60:51:05:fd:a5:79:ae:bb:b6:28:
         5b:dd:0d:01:e2:07:75:6c:51:ce:ea:e9:73:11:d2:4a:f0:7f:
         6e:41:4b:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjBauN/UnyEi0uWQW3gzA22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOGRhOWNmMDBkNGQ1OGI4NTRmZmM2MjAxMGYyMzViMDZk
ZjM1NGEwHhcNMjUwODE5MDgyMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjExYmJjOTZiZmZmZDhhMDA1OThmY2JmNjE0NjlkZWY1MzY1ZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3qCose9XXFh475IByfBJe9n//XNJ
PaconavdXCbwWu90fKnGGOF0Nhzi+MfFoFU63VJSwgMPSUwZIArzpF4atSVB7dHB
FJolLnYREirtRvdEIic3/T83iqQGWPLpSWGyzPqaSRpNgg01K3wcfugIdAaDlKhA
kk+VfsU+zBEYsAfYBWcUMD99J2kCtJkr9nWIonzDzmVFGCoMRRcRz/OF5MwsJQq7
JOGzgV3k/EhxwyGkPLiOtZsn67fEIt9+p0ZspcELzi6IIy0aE82AZXp81gIBi4NB
wQ0PPoQGJSSWufGW8NLnSMpIrx7VjA/4Umkh8PQF5TGaDkdFMp85u7mbkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMsRu8lr//2KAFmPy/YUad71Nl2LMB8GA1UdIwQY
MBaAFNCNqc8A1NWLhU/8YgEPI1sG3zVKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYt
MjBlMTk3ODBjYjJlLzEveXhHN3lXdl9fWW9BV1lfTDloUnAzdlUyWFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS9mZWJlZjgtYTBlYS00YzdlLTg4MDYtMjBlMTk3ODBjYjJl
LzEvMEkycHp3RFUxWXVGVF94aUFROGpXd2JmTlVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW20sMA0G
CSqGSIb3DQEBCwUAA4IBAQAAzbWfWIn17idBwxOBejjd7FEHWgR5QrfeKKDgSnhQ
tfRF/iWG1yAfn3eWXGPdsFlCKnQNC4xY+8EX5I/0kM4n6Qepo4voiHzyTeYFzvAN
H33D1h9tUl2HDOa1WgWZCB9PB7EbDHCY3Y7UbPBeXa/1avzF87FTPksAe1mQdG7O
99IY/+TqBApnUL1jAIM2zA9OylsacjHXytwkxw6Qplpm9RxTeLpjePsvOb82ANfs
VQDro7Mz3Q4O8zU9qkqZKzALIl4GDgMNWVd6MElohDAj4VI5ITSa/UIg1yZvscgW
ymBRBf2lea67tihb3Q0B4gd1bFHO6ulzEdJK8H9uQUva
-----END CERTIFICATE-----