Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/JMcsUGuUaLZsEGBNH_a8JRQk3a4.roa
File:                     JMcsUGuUaLZsEGBNH_a8JRQk3a4.roa (raw, json)
Hash identifier:          Rd4/PCtPXSBKXGV3ZlmAFHOuRuHln3ehOWxO5fz7X8c=
Subject key identifier:   24:C7:2C:50:6B:94:68:B6:6C:10:60:4D:1F:F6:BC:25:14:24:DD:AE
Certificate issuer:       /CN=5a5e66b2759e50bb69bb0a4409eeb3ba48c46c56
Certificate serial:       0199B09C0B671E82F52717905B1CD5EAB169
Authority key identifier: 5A:5E:66:B2:75:9E:50:BB:69:BB:0A:44:09:EE:B3:BA:48:C4:6C:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wl5msnWeULtpuwpECe6zukjEbFY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/JMcsUGuUaLZsEGBNH_a8JRQk3a4.roa
Signing time:             Sat 04 Oct 2025 19:04:00 +0000
ROA not before:           Sat 04 Oct 2025 19:04:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202391
IP address blocks:        91.237.254.0/24 maxlen: 24
                          91.237.255.0/24 maxlen: 24
                          91.238.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/Wl5msnWeULtpuwpECe6zukjEbFY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/Wl5msnWeULtpuwpECe6zukjEbFY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wl5msnWeULtpuwpECe6zukjEbFY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 10:02:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b0:9c:0b:67:1e:82:f5:27:17:90:5b:1c:d5:ea:b1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5a5e66b2759e50bb69bb0a4409eeb3ba48c46c56
        Validity
            Not Before: Oct  4 19:04:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=24c72c506b9468b66c10604d1ff6bc251424ddae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b0:10:47:f9:8f:40:e3:b7:a9:34:4d:ee:8e:
                    a6:01:17:f6:35:05:f7:d6:27:98:37:54:31:f9:a1:
                    30:4f:30:fd:55:f6:4a:68:e1:c9:e1:8e:6d:bf:31:
                    34:07:3f:15:fd:ba:86:9f:96:44:4d:f6:76:8f:56:
                    cd:39:c0:ef:18:cc:26:3d:d1:c5:fc:3d:57:fb:56:
                    fb:16:4b:f8:4f:22:47:7a:58:68:ab:1d:b5:ee:05:
                    6e:1b:28:ed:88:aa:6a:6a:76:66:53:86:6d:60:20:
                    53:db:00:b0:44:21:2e:cc:14:3b:0e:55:63:a1:3b:
                    7b:20:c6:45:ce:76:1e:fb:9f:bf:f7:f3:fc:c6:76:
                    29:6c:4c:b0:ee:ef:22:a6:5d:2e:53:bf:87:20:bb:
                    cc:c9:3f:1a:9e:ff:ea:6f:29:b5:ff:5c:04:9b:a9:
                    b1:6f:3f:dc:fe:a9:c2:cd:ba:17:e0:e2:ef:5f:9f:
                    eb:30:01:1c:f8:93:43:40:d3:f1:a3:a1:d6:75:1f:
                    2e:62:c9:e7:23:30:00:46:c9:52:89:9e:8f:ec:a8:
                    f5:13:e2:7d:bc:25:e4:7a:87:b9:1f:60:d2:8b:f0:
                    1f:76:fe:d0:a9:ef:5d:05:6b:23:ae:e9:7a:23:4c:
                    f3:4e:36:b6:d4:c0:92:4d:29:55:d5:02:22:16:57:
                    6d:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:C7:2C:50:6B:94:68:B6:6C:10:60:4D:1F:F6:BC:25:14:24:DD:AE
            X509v3 Authority Key Identifier:
                keyid:5A:5E:66:B2:75:9E:50:BB:69:BB:0A:44:09:EE:B3:BA:48:C4:6C:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wl5msnWeULtpuwpECe6zukjEbFY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/JMcsUGuUaLZsEGBNH_a8JRQk3a4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/4f76b4-7d56-47a0-ac5b-653f239fe9a0/1/Wl5msnWeULtpuwpECe6zukjEbFY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.254.0-91.238.0.255

    Signature Algorithm: sha256WithRSAEncryption
         56:40:7a:44:60:0d:06:c9:73:bd:a9:d7:24:9a:8f:3e:aa:e8:
         40:df:25:56:3e:8f:92:86:32:30:c6:79:57:fc:7f:61:05:bf:
         88:78:91:0a:52:62:93:dd:19:9b:1d:d3:a1:f2:f3:c8:47:81:
         1b:a5:11:25:1f:31:d2:01:96:44:9c:6d:f5:6b:44:08:e9:57:
         d5:ca:ee:0f:94:fc:d2:c7:ae:97:1b:7e:e7:fd:ed:0f:78:a1:
         99:b7:9b:f3:43:54:68:b3:9e:f1:ab:82:c9:81:62:75:2d:1b:
         bb:48:b5:12:23:c4:08:ba:f9:47:1e:2f:91:f8:92:7f:05:18:
         16:e8:25:ed:7e:61:d0:6e:fa:d0:09:b5:6f:9e:51:5a:b8:7c:
         f3:4f:20:a8:8f:47:73:c1:2c:fd:68:5d:cc:14:2c:65:0e:a0:
         91:1b:09:c2:69:95:76:d4:c8:e5:13:93:cb:3a:e5:89:4d:7c:
         2b:0f:b7:e2:3b:a1:bd:43:ed:a6:89:c7:d7:3a:41:8a:80:66:
         06:6c:5f:d7:1f:d4:6a:2b:b4:c4:5b:79:23:e6:78:4d:cb:93:
         d8:25:41:15:35:aa:67:7b:56:16:fd:7e:d3:db:7c:61:b4:47:
         99:bc:d7:0b:b1:ec:19:44:90:14:ef:0f:24:00:ff:e1:ad:72:
         d2:7d:c4:e3
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZmwnAtnHoL1JxeQWxzV6rFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhNWU2NmIyNzU5ZTUwYmI2OWJiMGE0NDA5ZWViM2JhNDhj
NDZjNTYwHhcNMjUxMDA0MTkwNDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGM3MmM1MDZiOTQ2OGI2NmMxMDYwNGQxZmY2YmMyNTE0MjRkZGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rAQR/mPQOO3qTRN7o6mARf2NQX3
1ieYN1Qx+aEwTzD9VfZKaOHJ4Y5tvzE0Bz8V/bqGn5ZETfZ2j1bNOcDvGMwmPdHF
/D1X+1b7Fkv4TyJHelhoqx217gVuGyjtiKpqanZmU4ZtYCBT2wCwRCEuzBQ7DlVj
oTt7IMZFznYe+5+/9/P8xnYpbEyw7u8ipl0uU7+HILvMyT8anv/qbym1/1wEm6mx
bz/c/qnCzboX4OLvX5/rMAEc+JNDQNPxo6HWdR8uYsnnIzAARslSiZ6P7Kj1E+J9
vCXkeoe5H2DSi/Afdv7Qqe9dBWsjrul6I0zzTja21MCSTSlV1QIiFldt/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCTHLFBrlGi2bBBgTR/2vCUUJN2uMB8GA1UdIwQY
MBaAFFpeZrJ1nlC7absKRAnus7pIxGxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2w1bXNuV2VVTHRwdXdwRUNlNnp1a2pFYkZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi80Zjc2YjQtN2Q1Ni00N2EwLWFjNWIt
NjUzZjIzOWZlOWEwLzEvSk1jc1VHdVVhTFpzRUdCTkhfYThKUlFrM2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi80Zjc2YjQtN2Q1Ni00N2EwLWFjNWItNjUzZjIzOWZlOWEw
LzEvV2w1bXNuV2VVTHRwdXdwRUNlNnp1a2pFYkZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFb7f4D
BABb7gAwDQYJKoZIhvcNAQELBQADggEBAFZAekRgDQbJc72p1ySajz6q6EDfJVY+
j5KGMjDGeVf8f2EFv4h4kQpSYpPdGZsd06Hy88hHgRulESUfMdIBlkScbfVrRAjp
V9XK7g+U/NLHrpcbfuf97Q94oZm3m/NDVGiznvGrgsmBYnUtG7tItRIjxAi6+Uce
L5H4kn8FGBboJe1+YdBu+tAJtW+eUVq4fPNPIKiPR3PBLP1oXcwULGUOoJEbCcJp
lXbUyOUTk8s65YlNfCsPt+I7ob1D7aaJx9c6QYqAZgZsX9cf1GortMRbeSPmeE3L
k9glQRU1qmd7Vhb9ftPbfGG0R5m81wux7BlEkBTvDyQA/+GtctJ9xOM=
-----END CERTIFICATE-----