Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/J0xQ_1w-gFpYF0LKQsYsfk-VGSQ.roa
File:                     J0xQ_1w-gFpYF0LKQsYsfk-VGSQ.roa (raw, json)
Hash identifier:          BG3PKtX8/a+ywGlKRJT/ICLStEzmSbRCf01OUsYWJWQ=
Subject key identifier:   27:4C:50:FF:5C:3E:80:5A:58:17:42:CA:42:C6:2C:7E:4F:95:19:24
Certificate issuer:       /CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
Certificate serial:       0199B9D7413C488548DFA636987F12EA8772
Authority key identifier: 23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/J0xQ_1w-gFpYF0LKQsYsfk-VGSQ.roa
Signing time:             Mon 06 Oct 2025 14:05:15 +0000
ROA not before:           Mon 06 Oct 2025 14:05:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49101
IP address blocks:        82.144.128.0/19 maxlen: 19
                          2a02:d00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b9:d7:41:3c:48:85:48:df:a6:36:98:7f:12:ea:87:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23259da3b1b38ca0939f490fb9043fcd89cfd062
        Validity
            Not Before: Oct  6 14:05:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=274c50ff5c3e805a581742ca42c62c7e4f951924
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:71:d8:09:41:ba:38:20:1d:10:90:4f:26:90:
                    2b:2a:01:d6:49:24:9c:04:d3:80:80:b8:00:c7:11:
                    50:74:77:35:5b:c5:94:c9:98:84:cb:93:5c:cc:df:
                    cd:af:fd:60:bc:f9:0f:bb:f4:0c:8e:5f:60:78:70:
                    e0:66:b1:2f:b0:ff:68:89:00:56:90:1e:44:50:ab:
                    ac:73:07:92:8c:3c:14:47:2c:41:fb:a3:6b:3a:f4:
                    78:79:6a:78:99:34:7f:2d:16:ce:dc:c2:a8:3b:7f:
                    ad:cc:af:9e:f0:db:db:b3:f9:a8:f0:b9:25:90:e3:
                    51:ee:11:9a:46:08:cb:57:82:6b:dd:b1:da:b6:f3:
                    48:99:71:b2:81:7c:69:15:6f:8e:f0:3d:11:4f:b2:
                    e3:cc:58:38:6d:cb:68:f3:76:7c:ba:aa:eb:8d:f8:
                    92:73:0d:de:5d:d5:db:4d:95:cf:5b:ec:73:a9:67:
                    1a:1d:f1:4c:5b:94:2a:d4:5d:7a:c8:18:5c:34:5f:
                    de:91:58:74:ca:fd:cb:24:e9:b8:ac:37:0c:08:0b:
                    f5:35:a2:65:56:6a:7d:cf:79:73:3a:5d:99:cb:f6:
                    24:b9:57:eb:02:fa:3d:74:92:60:50:7f:ae:e0:fe:
                    a4:89:28:c4:01:8c:e0:ea:79:92:52:43:ad:31:64:
                    c1:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:4C:50:FF:5C:3E:80:5A:58:17:42:CA:42:C6:2C:7E:4F:95:19:24
            X509v3 Authority Key Identifier:
                keyid:23:25:9D:A3:B1:B3:8C:A0:93:9F:49:0F:B9:04:3F:CD:89:CF:D0:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/J0xQ_1w-gFpYF0LKQsYsfk-VGSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/91a5fd-e56c-4d87-bd75-654dd6442ce4/1/IyWdo7GzjKCTn0kPuQQ_zYnP0GI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.144.128.0/19
                IPv6:
                  2a02:d00::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:78:03:25:a0:bc:6c:76:5f:e3:86:3a:59:5a:96:94:51:1d:
         87:8d:4e:d4:f7:7b:dd:f2:b9:d6:53:c4:33:8b:5d:b8:d3:e1:
         50:81:78:87:52:27:5f:c7:a4:75:ed:73:bd:ad:b5:b0:8f:17:
         fb:0a:ec:45:59:be:79:6e:d8:9d:dd:16:31:4f:2e:bf:ca:4e:
         fc:2f:5f:06:b7:85:af:68:54:4f:36:e9:44:fc:3e:84:38:ce:
         09:d6:5f:1e:72:99:14:c6:2a:1d:95:7d:4a:08:64:65:da:da:
         24:f6:a2:38:ce:86:db:14:31:f0:ff:d7:d2:0e:a5:19:f2:94:
         d0:4e:57:29:fc:15:4c:e3:2a:d2:64:e2:2e:fa:ee:b7:6b:30:
         52:74:65:0c:e5:d7:3c:ff:58:64:84:6d:ca:75:4b:1c:d9:ed:
         1f:0b:97:21:80:2c:fb:c7:49:d6:b7:ab:a7:fc:ae:48:f9:ae:
         70:8a:fb:dc:12:26:74:66:af:64:44:74:86:43:c6:09:50:9e:
         5c:d3:72:fa:d9:f7:55:7c:eb:bf:b1:81:58:a5:31:d6:5a:7b:
         90:61:35:4c:5e:94:5b:ac:6e:b6:4b:df:f4:16:4e:29:59:f9:
         ac:bb:34:e4:5d:56:cf:0a:49:8a:ba:14:34:44:cb:b6:45:4d:
         21:36:04:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZm510E8SIVI36Y2mH8S6odyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMjU5ZGEzYjFiMzhjYTA5MzlmNDkwZmI5MDQzZmNkODlj
ZmQwNjIwHhcNMjUxMDA2MTQwNTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzRjNTBmZjVjM2U4MDVhNTgxNzQyY2E0MmM2MmM3ZTRmOTUxOTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0XHYCUG6OCAdEJBPJpArKgHWSSSc
BNOAgLgAxxFQdHc1W8WUyZiEy5NczN/Nr/1gvPkPu/QMjl9geHDgZrEvsP9oiQBW
kB5EUKuscweSjDwURyxB+6NrOvR4eWp4mTR/LRbO3MKoO3+tzK+e8Nvbs/mo8Lkl
kONR7hGaRgjLV4Jr3bHatvNImXGygXxpFW+O8D0RT7LjzFg4bcto83Z8uqrrjfiS
cw3eXdXbTZXPW+xzqWcaHfFMW5Qq1F16yBhcNF/ekVh0yv3LJOm4rDcMCAv1NaJl
Vmp9z3lzOl2Zy/YkuVfrAvo9dJJgUH+u4P6kiSjEAYzg6nmSUkOtMWTBFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCdMUP9cPoBaWBdCykLGLH5PlRkkMB8GA1UdIwQY
MBaAFCMlnaOxs4ygk59JD7kEP82Jz9BiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUt
NjU0ZGQ2NDQyY2U0LzEvSjB4UV8xdy1nRnBZRjBMS1FzWXNmay1WR1NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy85MWE1ZmQtZTU2Yy00ZDg3LWJkNzUtNjU0ZGQ2NDQyY2U0
LzEvSXlXZG83R3pqS0NUbjBrUHVRUV96WW5QMEdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQFUpCAMA0E
AgACMAcDBQAqAg0AMA0GCSqGSIb3DQEBCwUAA4IBAQA0eAMloLxsdl/jhjpZWpaU
UR2HjU7U93vd8rnWU8Qzi1240+FQgXiHUidfx6R17XO9rbWwjxf7CuxFWb55btid
3RYxTy6/yk78L18Gt4WvaFRPNulE/D6EOM4J1l8ecpkUxiodlX1KCGRl2tok9qI4
zobbFDHw/9fSDqUZ8pTQTlcp/BVM4yrSZOIu+u63azBSdGUM5dc8/1hkhG3KdUsc
2e0fC5chgCz7x0nWt6un/K5I+a5wivvcEiZ0Zq9kRHSGQ8YJUJ5c03L62fdVfOu/
sYFYpTHWWnuQYTVMXpRbrG62S9/0Fk4pWfmsuzTkXVbPCkmKuhQ0RMu2RU0hNgRh
-----END CERTIFICATE-----