Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/O8RYzdOGcber5Lyd0fkaQNOBiZM.roa
File:                     O8RYzdOGcber5Lyd0fkaQNOBiZM.roa (raw, json)
Hash identifier:          /upGWqeDSmoTCs0TmrDJ+JgYywdWmCG+PwMCdlRHNTc=
Subject key identifier:   3B:C4:58:CD:D3:86:71:B7:AB:E4:BC:9D:D1:F9:1A:40:D3:81:89:93
Certificate issuer:       /CN=ac0852af5a8e436b2d4da72e92b64114e1f4d15f
Certificate serial:       0198CD2EF7D2BC7D68A5282A07F13FAA63FE
Authority key identifier: AC:08:52:AF:5A:8E:43:6B:2D:4D:A7:2E:92:B6:41:14:E1:F4:D1:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/O8RYzdOGcber5Lyd0fkaQNOBiZM.roa
Signing time:             Thu 21 Aug 2025 15:11:04 +0000
ROA not before:           Thu 21 Aug 2025 15:11:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54252
IP address blocks:        91.108.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cd:2e:f7:d2:bc:7d:68:a5:28:2a:07:f1:3f:aa:63:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0852af5a8e436b2d4da72e92b64114e1f4d15f
        Validity
            Not Before: Aug 21 15:11:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bc458cdd38671b7abe4bc9dd1f91a40d3818993
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3a:9a:51:31:b7:af:d7:09:c3:2c:51:83:f5:
                    98:40:db:f3:da:e7:4e:fa:b6:84:b3:5c:b9:af:c2:
                    05:23:2b:8d:ab:6e:af:9c:a9:b2:29:67:b6:be:70:
                    47:f0:88:ef:8b:17:ed:db:c3:0b:99:05:db:bd:5f:
                    62:d2:35:85:77:0a:a6:70:54:ae:dc:9e:12:bc:09:
                    2a:1e:84:9b:c0:e7:eb:20:a3:07:84:17:5e:34:c8:
                    09:b4:de:c6:7c:55:cc:09:9c:ff:1f:88:5b:38:43:
                    f9:85:fb:80:30:53:19:1f:f4:1e:a2:cb:e6:32:a1:
                    a9:4c:8c:59:70:08:9b:9f:3f:c0:a9:8c:2f:e3:dd:
                    3a:cc:fc:4e:64:a4:92:c0:74:62:34:bf:d4:77:52:
                    cf:26:4a:04:49:e6:71:7b:a9:03:35:a7:a7:d6:11:
                    f2:50:02:9c:9b:ed:99:b4:b6:af:d6:8d:4f:01:b2:
                    f1:63:56:4b:89:7b:a2:44:c5:fe:a4:50:87:1d:98:
                    f4:9e:df:3c:6d:a4:0d:7a:d0:18:02:b7:1c:ca:c8:
                    2f:45:07:04:7c:50:82:27:83:1c:8a:dc:90:78:8e:
                    d5:81:ee:02:40:a1:1a:31:c9:21:04:31:c7:07:1d:
                    c3:d4:8e:67:3d:7d:6b:92:d4:62:ec:e3:30:08:ae:
                    0f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:C4:58:CD:D3:86:71:B7:AB:E4:BC:9D:D1:F9:1A:40:D3:81:89:93
            X509v3 Authority Key Identifier:
                keyid:AC:08:52:AF:5A:8E:43:6B:2D:4D:A7:2E:92:B6:41:14:E1:F4:D1:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/O8RYzdOGcber5Lyd0fkaQNOBiZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:41:bd:e9:e1:9f:63:c5:c3:df:39:96:7b:96:63:82:a5:f5:
         b3:f1:c7:a0:68:8d:4a:d1:02:8a:cf:da:f0:59:dc:4a:37:50:
         03:2f:04:42:eb:bb:82:bb:78:60:c2:58:e1:23:06:57:ac:57:
         9b:4d:d3:67:f6:92:02:ea:77:23:1c:98:eb:6c:7b:99:22:d7:
         d9:e2:90:8c:75:de:52:69:16:fc:d8:f6:d8:ee:df:0b:da:15:
         5a:c1:32:24:f6:4a:58:c2:00:4d:ea:4b:97:33:7a:58:4c:a6:
         c6:9d:61:d9:3c:84:6c:68:79:7a:7e:b8:7e:0d:5a:20:4f:26:
         68:8c:7b:36:b6:9c:df:a2:79:f0:7f:9a:f3:10:eb:83:03:6e:
         7a:82:8e:24:54:fe:a0:93:d5:8f:52:d5:1e:f9:f4:2c:45:34:
         58:49:b9:c0:87:bc:d2:ce:12:e6:52:9f:27:5b:27:e8:8d:f5:
         5d:d7:34:a9:b5:30:69:03:64:77:aa:be:11:11:57:60:ba:79:
         db:83:01:87:c5:c8:24:ec:3f:9f:ff:aa:d4:98:73:47:cd:22:
         dd:0b:07:88:69:9b:7e:3e:91:42:01:83:6a:c6:11:e6:25:c5:
         c6:0a:59:f6:f4:32:ce:62:f3:0a:90:48:72:66:c1:03:16:7e:
         1a:2a:7f:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjNLvfSvH1opSgqB/E/qmP+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMDg1MmFmNWE4ZTQzNmIyZDRkYTcyZTkyYjY0MTE0ZTFm
NGQxNWYwHhcNMjUwODIxMTUxMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmM0NThjZGQzODY3MWI3YWJlNGJjOWRkMWY5MWE0MGQzODE4OTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtzqaUTG3r9cJwyxRg/WYQNvz2udO
+raEs1y5r8IFIyuNq26vnKmyKWe2vnBH8Ijvixft28MLmQXbvV9i0jWFdwqmcFSu
3J4SvAkqHoSbwOfrIKMHhBdeNMgJtN7GfFXMCZz/H4hbOEP5hfuAMFMZH/Qeosvm
MqGpTIxZcAibnz/AqYwv4906zPxOZKSSwHRiNL/Ud1LPJkoESeZxe6kDNaen1hHy
UAKcm+2ZtLav1o1PAbLxY1ZLiXuiRMX+pFCHHZj0nt88baQNetAYArccysgvRQcE
fFCCJ4McityQeI7Vge4CQKEaMckhBDHHBx3D1I5nPX1rktRi7OMwCK4P0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvEWM3ThnG3q+S8ndH5GkDTgYmTMB8GA1UdIwQY
MBaAFKwIUq9ajkNrLU2nLpK2QRTh9NFfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckFoU3IxcU9RMnN0VGFjdWtyWkJGT0gwMFY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZGJjYjItM2E5Ni00ODE3LTk5NzEt
NTAwN2RkZTM1MDQ1LzEvTzhSWXpkT0djYmVyNUx5ZDBma2FRTk9CaVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZGJjYjItM2E5Ni00ODE3LTk5NzEtNTAwN2RkZTM1MDQ1
LzEvckFoU3IxcU9RMnN0VGFjdWtyWkJGT0gwMFY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2y6MA0G
CSqGSIb3DQEBCwUAA4IBAQAYQb3p4Z9jxcPfOZZ7lmOCpfWz8cegaI1K0QKKz9rw
WdxKN1ADLwRC67uCu3hgwljhIwZXrFebTdNn9pIC6ncjHJjrbHuZItfZ4pCMdd5S
aRb82PbY7t8L2hVawTIk9kpYwgBN6kuXM3pYTKbGnWHZPIRsaHl6frh+DVogTyZo
jHs2tpzfonnwf5rzEOuDA256go4kVP6gk9WPUtUe+fQsRTRYSbnAh7zSzhLmUp8n
WyfojfVd1zSptTBpA2R3qr4REVdgunnbgwGHxcgk7D+f/6rUmHNHzSLdCweIaZt+
PpFCAYNqxhHmJcXGCln29DLOYvMKkEhyZsEDFn4aKn/B
-----END CERTIFICATE-----