Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/YuG9z5M1XNs-bczHtpGOR8X7WYo.roa
File:                     YuG9z5M1XNs-bczHtpGOR8X7WYo.roa (raw, json)
Hash identifier:          9MEXkKrN+WhBMnvEE9wPkLraLpoTptX9TwNbpyCp4SU=
Subject key identifier:   62:E1:BD:CF:93:35:5C:DB:3E:6D:CC:C7:B6:91:8E:47:C5:FB:59:8A
Certificate issuer:       /CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
Certificate serial:       0199F102D662C5BA4BC617D3EC9CB6FD0033
Authority key identifier: D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/YuG9z5M1XNs-bczHtpGOR8X7WYo.roa
Signing time:             Fri 17 Oct 2025 07:11:58 +0000
ROA not before:           Fri 17 Oct 2025 07:11:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        91.246.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 07:01:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f1:02:d6:62:c5:ba:4b:c6:17:d3:ec:9c:b6:fd:00:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3c35bc9b7f8550be3e467c54a9d3a66e2443bd4
        Validity
            Not Before: Oct 17 07:11:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62e1bdcf93355cdb3e6dccc7b6918e47c5fb598a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a1:c2:d4:74:02:d3:7b:ee:58:be:a7:31:79:
                    64:97:5b:36:45:0b:f9:ef:7b:8c:2c:d0:39:45:af:
                    ce:59:40:9f:8d:ab:30:a7:33:13:ae:0c:c9:71:27:
                    48:24:15:eb:fd:66:9c:8d:08:7d:46:cd:fc:35:52:
                    ea:79:04:03:6b:2f:3f:45:c3:c2:93:c0:56:44:c0:
                    36:45:80:1d:96:69:43:f7:e3:9d:7f:f5:82:c4:a2:
                    f7:64:7e:71:82:e5:38:c9:37:77:06:e8:aa:ad:68:
                    08:2e:43:69:62:1d:71:74:dd:53:35:5f:d4:07:35:
                    71:28:86:17:a4:2d:d0:5e:56:a0:0c:f7:08:72:60:
                    ff:ff:05:fc:bf:fa:07:21:66:d3:a7:fa:f4:24:a2:
                    06:4b:2b:e8:9f:06:19:6b:21:db:7b:f9:c1:d6:c9:
                    9c:a4:9b:63:09:51:08:f9:23:b9:15:96:ab:bd:2a:
                    10:e8:e5:83:b4:a3:d4:f7:9d:36:c4:78:a9:7c:d5:
                    6f:0e:13:da:47:82:4c:4b:27:f5:fd:5d:f1:99:e3:
                    a8:17:d0:f7:63:bc:20:e3:aa:45:7c:a2:11:0d:a1:
                    74:30:6d:46:8e:0c:9a:75:70:4f:fc:e0:dc:26:d5:
                    06:c6:1a:e2:1a:86:12:d4:44:4d:8b:5f:5b:50:0b:
                    fd:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:E1:BD:CF:93:35:5C:DB:3E:6D:CC:C7:B6:91:8E:47:C5:FB:59:8A
            X509v3 Authority Key Identifier:
                keyid:D3:C3:5B:C9:B7:F8:55:0B:E3:E4:67:C5:4A:9D:3A:66:E2:44:3B:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/08Nbybf4VQvj5GfFSp06ZuJEO9Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/YuG9z5M1XNs-bczHtpGOR8X7WYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/8ba8bb-c1c0-4d35-90a7-cda5c3766f03/1/08Nbybf4VQvj5GfFSp06ZuJEO9Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.246.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:95:4b:2e:dc:2b:a5:45:d6:1c:33:ca:fb:1f:0a:fb:bc:0d:
         fd:f2:b3:b2:84:b4:88:29:2f:a6:3e:45:85:61:b5:9e:6e:3a:
         6d:5d:54:d5:c4:0f:5f:c0:aa:ba:02:65:05:86:91:0c:fe:b9:
         0a:78:28:61:85:09:02:ea:c0:a2:16:61:9c:c3:53:8a:7d:e6:
         b8:36:f9:7e:76:88:84:a6:3d:76:d1:fd:5b:33:54:1e:1a:72:
         90:dc:a6:a3:e3:9e:1d:fc:09:5a:cb:be:03:97:2a:91:34:7f:
         bd:ca:c6:c6:22:78:67:a7:c9:2b:9a:d6:9b:03:39:55:2a:d1:
         46:ea:5f:ba:05:af:ff:71:00:94:a3:7c:16:6c:eb:77:a9:55:
         a0:51:01:77:90:f1:90:b3:e0:41:73:35:fa:72:3d:5e:1b:86:
         1d:c2:13:7c:4f:ff:8b:91:d2:24:82:66:2b:52:49:97:2d:27:
         a0:a6:db:f0:23:4e:07:36:58:a6:9b:ff:11:e3:c4:e9:7b:11:
         ec:74:44:e2:a4:20:36:03:38:26:08:6a:94:dc:00:1e:95:cf:
         aa:91:0e:f4:d1:63:cb:e5:b1:6b:94:b4:f0:08:a8:8f:94:e8:
         a8:c4:ba:2c:f3:f8:88:cf:25:75:73:5b:c8:00:7a:38:0e:3e:
         44:a0:d3:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnxAtZixbpLxhfT7Jy2/QAzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzYzM1YmM5YjdmODU1MGJlM2U0NjdjNTRhOWQzYTY2ZTI0
NDNiZDQwHhcNMjUxMDE3MDcxMTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmUxYmRjZjkzMzU1Y2RiM2U2ZGNjYzdiNjkxOGU0N2M1ZmI1OThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuaHC1HQC03vuWL6nMXlkl1s2RQv5
73uMLNA5Ra/OWUCfjaswpzMTrgzJcSdIJBXr/WacjQh9Rs38NVLqeQQDay8/RcPC
k8BWRMA2RYAdlmlD9+Odf/WCxKL3ZH5xguU4yTd3BuiqrWgILkNpYh1xdN1TNV/U
BzVxKIYXpC3QXlagDPcIcmD//wX8v/oHIWbTp/r0JKIGSyvonwYZayHbe/nB1smc
pJtjCVEI+SO5FZarvSoQ6OWDtKPU9502xHipfNVvDhPaR4JMSyf1/V3xmeOoF9D3
Y7wg46pFfKIRDaF0MG1GjgyadXBP/ODcJtUGxhriGoYS1ERNi19bUAv9DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGLhvc+TNVzbPm3Mx7aRjkfF+1mKMB8GA1UdIwQY
MBaAFNPDW8m3+FUL4+RnxUqdOmbiRDvUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTct
Y2RhNWMzNzY2ZjAzLzEvWXVHOXo1TTFYTnMtYmN6SHRwR09SOFg3V1lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy84YmE4YmItYzFjMC00ZDM1LTkwYTctY2RhNWMzNzY2ZjAz
LzEvMDhOYnliZjRWUXZqNUdmRlNwMDZadUpFTzlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/Y3MA0G
CSqGSIb3DQEBCwUAA4IBAQCZlUsu3CulRdYcM8r7Hwr7vA398rOyhLSIKS+mPkWF
YbWebjptXVTVxA9fwKq6AmUFhpEM/rkKeChhhQkC6sCiFmGcw1OKfea4Nvl+doiE
pj120f1bM1QeGnKQ3Kaj454d/Alay74DlyqRNH+9ysbGInhnp8krmtabAzlVKtFG
6l+6Ba//cQCUo3wWbOt3qVWgUQF3kPGQs+BBczX6cj1eG4YdwhN8T/+LkdIkgmYr
UkmXLSegptvwI04HNlimm/8R48TpexHsdETipCA2AzgmCGqU3AAelc+qkQ700WPL
5bFrlLTwCKiPlOioxLos8/iIzyV1c1vIAHo4Dj5EoNPv
-----END CERTIFICATE-----