Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/ZuaAuBr3mjYLZzt7nOoi3jtwzIY.roa
File:                     ZuaAuBr3mjYLZzt7nOoi3jtwzIY.roa (raw, json)
Hash identifier:          WFz46VHFEUHY6d8iPoLy2pWWOpD7nX+IiME/4TJnl4M=
Subject key identifier:   66:E6:80:B8:1A:F7:9A:36:0B:67:3B:7B:9C:EA:22:DE:3B:70:CC:86
Certificate issuer:       /CN=ac0852af5a8e436b2d4da72e92b64114e1f4d15f
Certificate serial:       0198CD2EF81E7C4F3653DF80B791770A68B4
Authority key identifier: AC:08:52:AF:5A:8E:43:6B:2D:4D:A7:2E:92:B6:41:14:E1:F4:D1:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/ZuaAuBr3mjYLZzt7nOoi3jtwzIY.roa
Signing time:             Thu 21 Aug 2025 15:11:04 +0000
ROA not before:           Thu 21 Aug 2025 15:11:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        91.108.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:cd:2e:f8:1e:7c:4f:36:53:df:80:b7:91:77:0a:68:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0852af5a8e436b2d4da72e92b64114e1f4d15f
        Validity
            Not Before: Aug 21 15:11:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66e680b81af79a360b673b7b9cea22de3b70cc86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d0:9e:9f:61:69:2d:8a:5d:63:09:2e:e7:56:
                    09:40:a5:db:73:a7:e3:73:9b:33:c4:17:c8:12:fd:
                    72:ee:b5:41:57:a6:6a:f0:c1:4d:10:3d:35:1a:b0:
                    80:f7:21:01:8e:5b:38:09:c4:5a:04:db:c3:a8:1e:
                    a2:0d:20:75:5b:96:a4:c4:b6:bc:f2:78:f8:b3:55:
                    5b:59:ff:4a:fe:5b:f8:32:aa:4b:38:d7:f9:23:32:
                    f4:8f:71:ac:b4:8a:80:07:37:50:9f:e2:5c:32:7e:
                    bc:af:09:8d:62:54:c7:e1:b5:63:32:dd:2b:87:fc:
                    6b:d0:fb:38:6e:2f:08:09:9c:50:30:2e:3b:c2:ac:
                    aa:63:4b:a1:af:de:74:13:df:9a:60:be:5e:8f:c0:
                    d9:4f:0b:21:d8:8d:7d:96:53:1a:93:ab:1f:cf:c0:
                    5f:95:d5:b1:d5:a5:bf:e6:36:03:61:d9:fd:6a:89:
                    bf:0d:34:c9:67:eb:93:ce:1c:7b:27:94:41:c4:cc:
                    53:b7:0f:8d:4a:ab:d8:b8:08:06:93:27:05:5a:bb:
                    34:a3:d9:46:2d:b5:16:a5:e9:05:0f:83:db:55:0b:
                    2e:23:51:79:1d:d5:6f:9a:80:57:7d:f8:7a:92:cb:
                    d8:be:c6:bb:bc:65:f5:fe:38:d6:c1:08:bd:a5:b9:
                    bb:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:E6:80:B8:1A:F7:9A:36:0B:67:3B:7B:9C:EA:22:DE:3B:70:CC:86
            X509v3 Authority Key Identifier:
                keyid:AC:08:52:AF:5A:8E:43:6B:2D:4D:A7:2E:92:B6:41:14:E1:F4:D1:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAhSr1qOQ2stTacukrZBFOH00V8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/ZuaAuBr3mjYLZzt7nOoi3jtwzIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/4dbcb2-3a96-4817-9971-5007dde35045/1/rAhSr1qOQ2stTacukrZBFOH00V8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:50:04:7c:e4:b1:d6:58:4b:09:1d:fc:09:d3:54:2b:d3:c4:
         93:a4:5b:60:2f:7d:20:16:91:e2:5f:6f:7b:43:c6:b4:25:0f:
         69:71:5f:81:a4:3a:77:37:4e:4e:15:52:18:de:be:97:08:56:
         14:01:16:bf:5e:ad:df:7d:56:6c:9e:19:84:68:13:fb:f2:22:
         da:0a:0e:81:ae:7f:45:ea:2a:15:5e:2b:66:54:72:be:ac:71:
         74:d0:b1:23:87:73:f7:88:72:e0:20:45:d1:a6:a3:fb:9d:27:
         43:62:a1:1b:60:53:86:35:3a:75:b8:58:4d:f7:bb:e7:41:9f:
         0c:46:81:4e:c9:1c:2d:cd:f2:3a:d8:bd:cf:7f:07:54:4d:75:
         40:bd:27:50:87:48:80:c1:5b:b6:ea:d9:02:70:b3:2b:2b:08:
         0c:f3:52:9f:95:3f:80:eb:71:8c:67:b4:f9:22:36:cf:b9:07:
         fa:d4:f7:2a:ac:20:c9:5f:f9:3b:69:2b:86:72:b7:f8:7a:ff:
         59:e1:f4:07:da:4e:94:50:00:d8:ff:4c:fe:45:58:1d:1e:2c:
         a7:b3:f3:7e:ac:e2:cb:bb:8c:ed:c5:77:c6:d4:59:39:0f:da:
         40:8b:d5:ac:39:86:65:f6:06:8f:22:ae:cb:52:33:c4:75:ba:
         2b:62:b4:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjNLvgefE82U9+At5F3Cmi0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMDg1MmFmNWE4ZTQzNmIyZDRkYTcyZTkyYjY0MTE0ZTFm
NGQxNWYwHhcNMjUwODIxMTUxMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmU2ODBiODFhZjc5YTM2MGI2NzNiN2I5Y2VhMjJkZTNiNzBjYzg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdCen2FpLYpdYwku51YJQKXbc6fj
c5szxBfIEv1y7rVBV6Zq8MFNED01GrCA9yEBjls4CcRaBNvDqB6iDSB1W5akxLa8
8nj4s1VbWf9K/lv4MqpLONf5IzL0j3GstIqABzdQn+JcMn68rwmNYlTH4bVjMt0r
h/xr0Ps4bi8ICZxQMC47wqyqY0uhr950E9+aYL5ej8DZTwsh2I19llMak6sfz8Bf
ldWx1aW/5jYDYdn9aom/DTTJZ+uTzhx7J5RBxMxTtw+NSqvYuAgGkycFWrs0o9lG
LbUWpekFD4PbVQsuI1F5HdVvmoBXffh6ksvYvsa7vGX1/jjWwQi9pbm7YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbmgLga95o2C2c7e5zqIt47cMyGMB8GA1UdIwQY
MBaAFKwIUq9ajkNrLU2nLpK2QRTh9NFfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckFoU3IxcU9RMnN0VGFjdWtyWkJGT0gwMFY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny80ZGJjYjItM2E5Ni00ODE3LTk5NzEt
NTAwN2RkZTM1MDQ1LzEvWnVhQXVCcjNtallMWnp0N25Pb2kzanR3eklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny80ZGJjYjItM2E5Ni00ODE3LTk5NzEtNTAwN2RkZTM1MDQ1
LzEvckFoU3IxcU9RMnN0VGFjdWtyWkJGT0gwMFY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2y6MA0G
CSqGSIb3DQEBCwUAA4IBAQB6UAR85LHWWEsJHfwJ01Qr08STpFtgL30gFpHiX297
Q8a0JQ9pcV+BpDp3N05OFVIY3r6XCFYUARa/Xq3ffVZsnhmEaBP78iLaCg6Brn9F
6ioVXitmVHK+rHF00LEjh3P3iHLgIEXRpqP7nSdDYqEbYFOGNTp1uFhN97vnQZ8M
RoFOyRwtzfI62L3PfwdUTXVAvSdQh0iAwVu26tkCcLMrKwgM81KflT+A63GMZ7T5
IjbPuQf61PcqrCDJX/k7aSuGcrf4ev9Z4fQH2k6UUADY/0z+RVgdHiyns/N+rOLL
u4ztxXfG1Fk5D9pAi9WsOYZl9gaPIq7LUjPEdborYrSV
-----END CERTIFICATE-----