Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/i9rF_vMQKJ6Idr0l2zV9fG7JsI4.roa
File:                     i9rF_vMQKJ6Idr0l2zV9fG7JsI4.roa (raw, json)
Hash identifier:          Ym+D0lV82GzeaN5WC17D6hleAFitEdQ3vLzucr/5Qp0=
Subject key identifier:   8B:DA:C5:FE:F3:10:28:9E:88:76:BD:25:DB:35:7D:7C:6E:C9:B0:8E
Certificate issuer:       /CN=90b8a15466c3ff1e915d780a10b0baa9ad694860
Certificate serial:       0199C3AC61679CAE1362D0E7C9D6488A2D67
Authority key identifier: 90:B8:A1:54:66:C3:FF:1E:91:5D:78:0A:10:B0:BA:A9:AD:69:48:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kLihVGbD_x6RXXgKELC6qa1pSGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/i9rF_vMQKJ6Idr0l2zV9fG7JsI4.roa
Signing time:             Wed 08 Oct 2025 11:54:38 +0000
ROA not before:           Wed 08 Oct 2025 11:54:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197979
IP address blocks:        91.231.24.0/24 maxlen: 24
                          91.231.25.0/24 maxlen: 24
                          91.231.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/kLihVGbD_x6RXXgKELC6qa1pSGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/kLihVGbD_x6RXXgKELC6qa1pSGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kLihVGbD_x6RXXgKELC6qa1pSGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c3:ac:61:67:9c:ae:13:62:d0:e7:c9:d6:48:8a:2d:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90b8a15466c3ff1e915d780a10b0baa9ad694860
        Validity
            Not Before: Oct  8 11:54:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8bdac5fef310289e8876bd25db357d7c6ec9b08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:b6:24:e6:a9:dd:69:1b:a3:48:97:26:25:3b:
                    b3:9b:d8:f9:da:4e:e6:fe:1a:10:c7:c0:00:80:ce:
                    ee:a9:04:bd:22:59:b1:1c:01:12:f9:4e:ec:a9:87:
                    6e:bc:3b:bf:5a:5d:fa:22:c9:7e:71:07:8a:a0:2b:
                    f3:b6:f6:7e:e0:98:54:a9:ac:4f:fe:c6:8a:cb:98:
                    b2:ed:f1:a3:ff:11:f9:3d:03:a2:c9:27:6d:cb:91:
                    aa:98:fc:51:b8:55:44:77:1d:fb:41:ee:41:80:f6:
                    4c:f6:57:41:42:6c:0e:fc:2b:4a:3a:b2:52:85:61:
                    7d:82:f0:04:7f:2a:07:0f:94:c4:1d:ad:65:dc:98:
                    45:60:01:8d:90:47:89:59:a8:2b:0f:41:93:f3:1f:
                    09:e7:a6:3a:56:f3:07:90:f8:3f:15:c9:ab:bf:c6:
                    85:c5:c6:2c:7b:21:43:e1:a4:db:82:3d:61:f3:2f:
                    d2:8d:3d:6b:0f:8a:31:41:dc:be:87:41:dc:fd:3e:
                    90:47:c2:de:86:8e:4b:d8:e2:11:7c:64:16:3b:f7:
                    c0:48:15:b7:fc:c0:57:07:66:c6:1a:8b:ce:6d:48:
                    b6:3e:9b:5e:59:63:11:2a:2f:f0:de:d7:7a:24:3d:
                    50:73:f7:cc:d9:5a:a0:db:33:2e:72:c9:a2:a0:70:
                    01:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:DA:C5:FE:F3:10:28:9E:88:76:BD:25:DB:35:7D:7C:6E:C9:B0:8E
            X509v3 Authority Key Identifier:
                keyid:90:B8:A1:54:66:C3:FF:1E:91:5D:78:0A:10:B0:BA:A9:AD:69:48:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kLihVGbD_x6RXXgKELC6qa1pSGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/i9rF_vMQKJ6Idr0l2zV9fG7JsI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a2df44-38b2-4d12-8347-78e997869952/1/kLihVGbD_x6RXXgKELC6qa1pSGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.24.0/23
                  91.231.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:fe:ea:8c:fb:c7:44:5a:c3:e8:e5:7f:40:d6:48:77:97:f6:
         45:30:b9:c9:09:bb:42:52:b3:ff:65:79:a7:33:e6:87:d4:ca:
         28:04:75:b2:98:7f:fe:d3:be:2e:65:6e:77:eb:ab:38:c3:4f:
         9a:18:7f:03:e0:73:3f:d5:48:21:ea:37:68:d7:aa:ba:9b:db:
         77:cc:e5:67:a4:bc:d8:16:b2:73:79:7d:3a:27:79:4d:70:20:
         a2:87:f2:6e:f4:c3:8b:4a:cd:5f:ac:63:d2:c7:af:99:05:33:
         d7:66:01:e5:a3:b4:0d:16:36:6a:15:be:56:cc:a8:22:f3:b7:
         38:4b:cc:ac:51:32:c4:03:0e:79:08:a4:a0:64:62:f3:0b:10:
         68:7a:c6:03:07:e8:f7:13:1c:18:7d:39:56:ef:59:72:17:d8:
         de:0f:15:58:e2:50:eb:5d:03:34:3b:ef:4b:c0:8a:4a:77:f9:
         08:fa:34:80:ab:27:fa:89:c4:d8:05:f2:5a:45:29:9b:c9:8f:
         04:7b:41:b0:eb:2e:10:ad:e2:94:fc:1d:5a:eb:91:d3:8a:d4:
         09:a7:5f:f3:89:01:f7:ac:0d:05:b4:9e:b2:12:e9:f1:f2:9c:
         f2:30:47:26:e9:d5:0b:af:47:cb:78:f2:a6:e4:09:10:31:cd:
         a1:5e:03:d0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZnDrGFnnK4TYtDnydZIii1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYjhhMTU0NjZjM2ZmMWU5MTVkNzgwYTEwYjBiYWE5YWQ2
OTQ4NjAwHhcNMjUxMDA4MTE1NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmRhYzVmZWYzMTAyODllODg3NmJkMjVkYjM1N2Q3YzZlYzliMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrYk5qndaRujSJcmJTuzm9j52k7m
/hoQx8AAgM7uqQS9IlmxHAES+U7sqYduvDu/Wl36Isl+cQeKoCvztvZ+4JhUqaxP
/saKy5iy7fGj/xH5PQOiySdty5GqmPxRuFVEdx37Qe5BgPZM9ldBQmwO/CtKOrJS
hWF9gvAEfyoHD5TEHa1l3JhFYAGNkEeJWagrD0GT8x8J56Y6VvMHkPg/Fcmrv8aF
xcYseyFD4aTbgj1h8y/SjT1rD4oxQdy+h0Hc/T6QR8Leho5L2OIRfGQWO/fASBW3
/MBXB2bGGovObUi2PpteWWMRKi/w3td6JD1Qc/fM2Vqg2zMucsmioHABtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIvaxf7zECieiHa9Jds1fXxuybCOMB8GA1UdIwQY
MBaAFJC4oVRmw/8ekV14ChCwuqmtaUhgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0xpaFZHYkRfeDZSWFhnS0VMQzZxYTFwU0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9hMmRmNDQtMzhiMi00ZDEyLTgzNDct
NzhlOTk3ODY5OTUyLzEvaTlyRl92TVFLSjZJZHIwbDJ6VjlmRzdKc0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9hMmRmNDQtMzhiMi00ZDEyLTgzNDctNzhlOTk3ODY5OTUy
LzEva0xpaFZHYkRfeDZSWFhnS0VMQzZxYTFwU0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+cYAwQA
W+cbMA0GCSqGSIb3DQEBCwUAA4IBAQC0/uqM+8dEWsPo5X9A1kh3l/ZFMLnJCbtC
UrP/ZXmnM+aH1MooBHWymH/+074uZW5366s4w0+aGH8D4HM/1Ugh6jdo16q6m9t3
zOVnpLzYFrJzeX06J3lNcCCih/Ju9MOLSs1frGPSx6+ZBTPXZgHlo7QNFjZqFb5W
zKgi87c4S8ysUTLEAw55CKSgZGLzCxBoesYDB+j3ExwYfTlW71lyF9jeDxVY4lDr
XQM0O+9LwIpKd/kI+jSAqyf6icTYBfJaRSmbyY8Ee0Gw6y4QreKU/B1a65HTitQJ
p1/ziQH3rA0FtJ6yEunx8pzyMEcm6dULr0fLePKm5AkQMc2hXgPQ
-----END CERTIFICATE-----