Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/4UNPQAXZu9JxwT2Sc4WzpO3LENE.roa
File:                     4UNPQAXZu9JxwT2Sc4WzpO3LENE.roa (raw, json)
Hash identifier:          anoqLUvcJa2b/lCeb6nl+knhRinVk56BkYJL3ws+r4E=
Subject key identifier:   E1:43:4F:40:05:D9:BB:D2:71:C1:3D:92:73:85:B3:A4:ED:CB:10:D1
Certificate issuer:       /CN=d275d7a8bac0477f5509dff11b9195ca60df87da
Certificate serial:       019A0166B2CB5662B250215234EEBB7BF9EC
Authority key identifier: D2:75:D7:A8:BA:C0:47:7F:55:09:DF:F1:1B:91:95:CA:60:DF:87:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nXXqLrAR39VCd_xG5GVymDfh9o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/4UNPQAXZu9JxwT2Sc4WzpO3LENE.roa
Signing time:             Mon 20 Oct 2025 11:34:58 +0000
ROA not before:           Mon 20 Oct 2025 11:34:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209483
IP address blocks:        91.135.190.0/24 maxlen: 24
                          171.22.156.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/0nXXqLrAR39VCd_xG5GVymDfh9o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/0nXXqLrAR39VCd_xG5GVymDfh9o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0nXXqLrAR39VCd_xG5GVymDfh9o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 11:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:01:66:b2:cb:56:62:b2:50:21:52:34:ee:bb:7b:f9:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d275d7a8bac0477f5509dff11b9195ca60df87da
        Validity
            Not Before: Oct 20 11:34:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1434f4005d9bbd271c13d927385b3a4edcb10d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:c5:5f:0e:d0:68:a3:5b:2b:0d:2c:f5:40:f2:
                    3d:ab:eb:6c:2a:a9:dd:3e:ee:2d:cd:9d:7c:1b:3b:
                    50:68:70:31:53:48:2a:11:c6:b0:f0:a8:f6:8e:4f:
                    00:a8:bd:3d:9d:b7:68:ea:09:5f:5e:81:43:e8:5e:
                    8c:af:a8:17:6a:a8:25:95:a5:17:cd:36:4a:c8:7a:
                    1e:6f:72:12:12:ac:20:c7:bd:7f:92:73:04:10:47:
                    37:40:0a:a8:a3:8e:11:be:9f:9c:a2:2e:7a:17:7e:
                    95:46:43:8b:e9:07:8c:01:98:50:7d:05:06:de:89:
                    82:5b:5f:8c:57:f0:44:40:16:7c:3f:f8:a7:58:50:
                    5f:5c:2c:3c:91:d0:16:ee:29:89:2a:be:3f:e6:1b:
                    75:95:bf:71:70:8a:c5:e0:c3:01:15:72:20:ad:fd:
                    22:b8:00:f9:7a:51:db:4a:c4:f4:c1:3b:45:9c:1d:
                    70:a3:e9:ad:94:b6:3b:27:bc:bc:37:c7:b1:ae:0f:
                    67:df:b7:7d:de:52:06:7b:aa:c3:78:b7:63:2e:f1:
                    44:4c:ef:4b:02:13:ea:f1:34:fc:0f:6c:3e:86:fc:
                    95:cf:0e:96:9f:64:12:78:f3:e6:d7:fb:f8:90:a4:
                    ba:30:0b:69:b4:8e:0b:6b:20:27:15:c9:91:e0:34:
                    dc:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:43:4F:40:05:D9:BB:D2:71:C1:3D:92:73:85:B3:A4:ED:CB:10:D1
            X509v3 Authority Key Identifier:
                keyid:D2:75:D7:A8:BA:C0:47:7F:55:09:DF:F1:1B:91:95:CA:60:DF:87:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nXXqLrAR39VCd_xG5GVymDfh9o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/4UNPQAXZu9JxwT2Sc4WzpO3LENE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/7beb04-317b-448a-82ed-565b1447037b/1/0nXXqLrAR39VCd_xG5GVymDfh9o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.135.190.0/24
                  171.22.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:66:30:21:25:e9:04:fa:b5:98:01:c8:1a:f9:77:3f:3b:8f:
         fe:34:9c:40:83:e9:c5:49:90:63:8b:d0:1b:df:fc:01:d9:d4:
         cf:c8:27:63:9b:e5:12:9f:53:9e:6a:fa:01:39:64:b7:8d:89:
         87:9d:87:7d:0d:a6:b2:a5:92:a9:e7:a8:5c:03:8e:a3:dd:d3:
         28:c5:68:a2:ef:8b:5f:64:f1:83:3d:05:29:59:4d:e5:25:d3:
         b8:d0:b9:6c:4d:44:f7:41:2d:71:d7:1c:2e:38:81:2c:e5:01:
         7b:92:e6:a0:fa:00:34:09:85:2d:3f:f4:a4:59:40:92:09:f6:
         c6:3e:39:27:d7:2a:01:7b:b1:98:84:f6:7b:b6:7b:88:a1:ea:
         3b:51:76:8e:24:88:7b:01:5b:a9:df:70:a0:99:64:fc:35:5a:
         e0:0a:86:bc:49:6c:bd:a5:ce:12:65:3f:b7:ee:1d:4b:48:cf:
         ee:68:f4:1d:86:2c:bf:ee:92:33:71:10:6e:9d:0d:1e:37:4d:
         94:f5:8b:6a:a3:b5:f0:eb:20:82:cc:c0:42:36:e4:4c:43:37:
         c8:c2:bf:54:e1:03:c2:82:2d:76:5c:c3:b6:99:1a:99:2b:07:
         2e:b9:b0:22:11:b3:a7:23:28:48:5e:5a:eb:c6:17:41:d8:fd:
         cb:49:02:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZoBZrLLVmKyUCFSNO67e/nsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNzVkN2E4YmFjMDQ3N2Y1NTA5ZGZmMTFiOTE5NWNhNjBk
Zjg3ZGEwHhcNMjUxMDIwMTEzNDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTQzNGY0MDA1ZDliYmQyNzFjMTNkOTI3Mzg1YjNhNGVkY2IxMGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6cVfDtBoo1srDSz1QPI9q+tsKqnd
Pu4tzZ18GztQaHAxU0gqEcaw8Kj2jk8AqL09nbdo6glfXoFD6F6Mr6gXaqgllaUX
zTZKyHoeb3ISEqwgx71/knMEEEc3QAqoo44Rvp+coi56F36VRkOL6QeMAZhQfQUG
3omCW1+MV/BEQBZ8P/inWFBfXCw8kdAW7imJKr4/5ht1lb9xcIrF4MMBFXIgrf0i
uAD5elHbSsT0wTtFnB1wo+mtlLY7J7y8N8exrg9n37d93lIGe6rDeLdjLvFETO9L
AhPq8TT8D2w+hvyVzw6Wn2QSePPm1/v4kKS6MAtptI4LayAnFcmR4DTcGwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOFDT0AF2bvSccE9knOFs6TtyxDRMB8GA1UdIwQY
MBaAFNJ116i6wEd/VQnf8RuRlcpg34faMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG5YWHFMckFSMzlWQ2RfeEc1R1Z5bURmaDlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS83YmViMDQtMzE3Yi00NDhhLTgyZWQt
NTY1YjE0NDcwMzdiLzEvNFVOUFFBWFp1OUp4d1QyU2M0V3pwTzNMRU5FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS83YmViMDQtMzE3Yi00NDhhLTgyZWQtNTY1YjE0NDcwMzdi
LzEvMG5YWHFMckFSMzlWQ2RfeEc1R1Z5bURmaDlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW4e+AwQC
qxacMA0GCSqGSIb3DQEBCwUAA4IBAQBhZjAhJekE+rWYAcga+Xc/O4/+NJxAg+nF
SZBji9Ab3/wB2dTPyCdjm+USn1OeavoBOWS3jYmHnYd9DaaypZKp56hcA46j3dMo
xWii74tfZPGDPQUpWU3lJdO40LlsTUT3QS1x1xwuOIEs5QF7kuag+gA0CYUtP/Sk
WUCSCfbGPjkn1yoBe7GYhPZ7tnuIoeo7UXaOJIh7AVup33CgmWT8NVrgCoa8SWy9
pc4SZT+37h1LSM/uaPQdhiy/7pIzcRBunQ0eN02U9Ytqo7Xw6yCCzMBCNuRMQzfI
wr9U4QPCgi12XMO2mRqZKwcuubAiEbOnIyhIXlrrxhdB2P3LSQKj
-----END CERTIFICATE-----