Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/usm9wn0ranV8cJoAdmlA0D2Pk2s.roa
File:                     usm9wn0ranV8cJoAdmlA0D2Pk2s.roa (raw, json)
Hash identifier:          lnjChVLXxICPBgsN6v1LDI5Ki8JFy1bjGXMD/7hIN1s=
Subject key identifier:   BA:C9:BD:C2:7D:2B:6A:75:7C:70:9A:00:76:69:40:D0:3D:8F:93:6B
Certificate issuer:       /CN=8d90a8c886ee9ac4238616f92631ebb8bc76e371
Certificate serial:       0198CBC8FF8B54EF0593CD7E66C0171ACC1A
Authority key identifier: 8D:90:A8:C8:86:EE:9A:C4:23:86:16:F9:26:31:EB:B8:BC:76:E3:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jZCoyIbumsQjhhb5JjHruLx243E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/usm9wn0ranV8cJoAdmlA0D2Pk2s.roa
Signing time:             Thu 21 Aug 2025 08:40:04 +0000
ROA not before:           Thu 21 Aug 2025 08:40:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52182
IP address blocks:        91.222.248.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/jZCoyIbumsQjhhb5JjHruLx243E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/jZCoyIbumsQjhhb5JjHruLx243E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jZCoyIbumsQjhhb5JjHruLx243E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cb:c8:ff:8b:54:ef:05:93:cd:7e:66:c0:17:1a:cc:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d90a8c886ee9ac4238616f92631ebb8bc76e371
        Validity
            Not Before: Aug 21 08:40:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bac9bdc27d2b6a757c709a00766940d03d8f936b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:9c:89:f9:bd:cd:44:42:5f:80:c8:5a:d9:6b:
                    c6:7c:f2:35:b4:57:c7:8b:aa:98:03:6e:f9:c8:1a:
                    47:94:4a:b7:8f:f7:a6:c2:e5:4d:4c:47:88:58:7f:
                    3c:73:b0:75:bc:04:a5:12:98:3f:40:48:31:93:67:
                    06:b7:d7:21:68:e3:52:78:db:b1:7d:d4:d2:14:60:
                    23:55:23:ff:b7:c0:b3:90:6a:dd:8d:70:47:72:a2:
                    8d:ff:b3:ca:05:51:3e:30:88:92:86:2c:5c:2e:41:
                    80:e5:5e:78:ec:07:7e:3a:c1:da:94:c7:e1:c1:b4:
                    0c:c7:9c:6c:b5:b9:98:90:3b:c5:40:1c:d3:72:fc:
                    09:7a:fe:5d:52:7d:b0:0a:92:f8:a3:dc:a3:75:0f:
                    2d:00:e4:e2:80:b5:6d:fe:d8:df:3c:8b:15:29:28:
                    29:d5:58:3c:9a:27:b3:72:b9:fb:62:78:26:92:fd:
                    3a:9a:c9:47:d8:1f:3d:ab:af:07:e7:3e:bb:59:f6:
                    13:a9:b7:2b:8f:d3:22:69:b7:6f:56:83:81:3a:c3:
                    c0:f1:b8:fc:1c:f2:1c:fc:ad:f5:c3:f8:8c:67:af:
                    ee:42:e6:cd:fb:75:67:f2:40:9f:a7:18:ff:0c:0e:
                    77:f5:44:c6:c2:8d:82:e7:d3:17:b2:f6:77:6a:e5:
                    b2:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:C9:BD:C2:7D:2B:6A:75:7C:70:9A:00:76:69:40:D0:3D:8F:93:6B
            X509v3 Authority Key Identifier:
                keyid:8D:90:A8:C8:86:EE:9A:C4:23:86:16:F9:26:31:EB:B8:BC:76:E3:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jZCoyIbumsQjhhb5JjHruLx243E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/usm9wn0ranV8cJoAdmlA0D2Pk2s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/9b0ed7-9fd6-4ca6-a575-36aa91069cbd/1/jZCoyIbumsQjhhb5JjHruLx243E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:58:55:4f:5d:d9:e1:cd:f7:c1:d7:c2:d7:6b:d9:30:0e:63:
         f1:ed:24:ee:0e:73:29:7c:30:75:01:4a:9e:92:cf:1b:af:1b:
         ad:05:7d:f8:08:67:cd:9e:1f:01:3d:14:2e:77:56:66:50:f2:
         58:57:fd:d4:df:f1:a6:22:c6:02:a6:0e:f0:0d:8c:e9:c9:96:
         3a:10:5c:56:81:8a:3d:3b:5c:69:48:3a:e8:d4:30:ce:e9:4c:
         84:d0:f0:6b:30:80:93:ff:2c:d6:43:84:d8:74:ac:36:5f:21:
         b0:91:29:67:23:6b:31:6a:bd:53:e3:7f:54:cf:62:c7:2b:24:
         52:f1:a9:bc:dc:a2:be:f4:30:bd:3f:a1:c0:cc:21:d1:1f:8d:
         a6:80:c1:c3:d7:5a:f8:a0:36:cd:9a:88:f7:28:98:2b:98:95:
         52:da:ae:85:70:fc:d1:d5:65:f4:bc:f9:83:51:34:9b:1a:ea:
         86:c5:5f:ba:cf:bd:5b:47:db:89:31:b5:55:99:a6:3f:51:7e:
         0f:b6:ab:28:c6:4f:2f:3d:1d:43:2c:56:3e:48:ea:2c:c2:fb:
         8e:c2:e5:13:51:19:af:8b:36:ce:1a:b7:88:07:9a:f8:14:b5:
         be:bd:c7:e5:fe:fc:69:17:31:1d:dc:a4:93:de:06:19:ea:de:
         5a:e6:bf:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjLyP+LVO8Fk81+ZsAXGswaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkOTBhOGM4ODZlZTlhYzQyMzg2MTZmOTI2MzFlYmI4YmM3
NmUzNzEwHhcNMjUwODIxMDg0MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWM5YmRjMjdkMmI2YTc1N2M3MDlhMDA3NjY5NDBkMDNkOGY5MzZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9JyJ+b3NREJfgMha2WvGfPI1tFfH
i6qYA275yBpHlEq3j/emwuVNTEeIWH88c7B1vASlEpg/QEgxk2cGt9chaONSeNux
fdTSFGAjVSP/t8CzkGrdjXBHcqKN/7PKBVE+MIiShixcLkGA5V547Ad+OsHalMfh
wbQMx5xstbmYkDvFQBzTcvwJev5dUn2wCpL4o9yjdQ8tAOTigLVt/tjfPIsVKSgp
1Vg8miezcrn7Yngmkv06mslH2B89q68H5z67WfYTqbcrj9MiabdvVoOBOsPA8bj8
HPIc/K31w/iMZ6/uQubN+3Vn8kCfpxj/DA539UTGwo2C59MXsvZ3auWyiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLrJvcJ9K2p1fHCaAHZpQNA9j5NrMB8GA1UdIwQY
MBaAFI2QqMiG7prEI4YW+SYx67i8duNxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalpDb3lJYnVtc1FqaGhiNUpqSHJ1THgyNDNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC85YjBlZDctOWZkNi00Y2E2LWE1NzUt
MzZhYTkxMDY5Y2JkLzEvdXNtOXduMHJhblY4Y0pvQWRtbEEwRDJQazJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC85YjBlZDctOWZkNi00Y2E2LWE1NzUtMzZhYTkxMDY5Y2Jk
LzEvalpDb3lJYnVtc1FqaGhiNUpqSHJ1THgyNDNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW974MA0G
CSqGSIb3DQEBCwUAA4IBAQCPWFVPXdnhzffB18LXa9kwDmPx7STuDnMpfDB1AUqe
ks8brxutBX34CGfNnh8BPRQud1ZmUPJYV/3U3/GmIsYCpg7wDYzpyZY6EFxWgYo9
O1xpSDro1DDO6UyE0PBrMICT/yzWQ4TYdKw2XyGwkSlnI2sxar1T439Uz2LHKyRS
8am83KK+9DC9P6HAzCHRH42mgMHD11r4oDbNmoj3KJgrmJVS2q6FcPzR1WX0vPmD
UTSbGuqGxV+6z71bR9uJMbVVmaY/UX4Ptqsoxk8vPR1DLFY+SOoswvuOwuUTURmv
izbOGreIB5r4FLW+vcfl/vxpFzEd3KST3gYZ6t5a5r9k
-----END CERTIFICATE-----