Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/iSLwTqep0NbUn-xM6ERQaCHn1tI.roa
File:                     iSLwTqep0NbUn-xM6ERQaCHn1tI.roa (raw, json)
Hash identifier:          khQ4c7Qn9evkEyI3Gv7ZG1leD8nar2lQ0KO438Y9oxI=
Subject key identifier:   89:22:F0:4E:A7:A9:D0:D6:D4:9F:EC:4C:E8:44:50:68:21:E7:D6:D2
Certificate issuer:       /CN=a1dc0630e96096de4822d1f51ef80c6fff54191b
Certificate serial:       0199E64F42CBCA29AEB35E430E3E111B4C6C
Authority key identifier: A1:DC:06:30:E9:60:96:DE:48:22:D1:F5:1E:F8:0C:6F:FF:54:19:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odwGMOlglt5IItH1HvgMb_9UGRs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/iSLwTqep0NbUn-xM6ERQaCHn1tI.roa
Signing time:             Wed 15 Oct 2025 05:19:37 +0000
ROA not before:           Wed 15 Oct 2025 05:19:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60223
IP address blocks:        91.227.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/odwGMOlglt5IItH1HvgMb_9UGRs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/odwGMOlglt5IItH1HvgMb_9UGRs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odwGMOlglt5IItH1HvgMb_9UGRs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:4f:42:cb:ca:29:ae:b3:5e:43:0e:3e:11:1b:4c:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1dc0630e96096de4822d1f51ef80c6fff54191b
        Validity
            Not Before: Oct 15 05:19:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8922f04ea7a9d0d6d49fec4ce844506821e7d6d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5c:2e:e5:62:29:b5:3f:96:65:e9:d0:62:28:
                    63:e2:ff:37:05:1f:9b:e1:98:15:b2:83:0d:28:bc:
                    d8:3e:0d:35:bc:b9:2f:12:4e:8f:22:e6:69:1b:eb:
                    4f:1b:bd:65:38:d2:d2:2f:20:bd:1c:48:e5:05:03:
                    d2:ed:f1:58:d1:11:51:d2:3e:06:8a:06:4c:12:8f:
                    2a:75:70:fe:4c:7c:77:76:aa:20:33:02:f4:56:27:
                    c5:23:86:06:14:16:96:5c:8d:4d:af:9c:99:4b:01:
                    97:8b:3e:9e:3f:36:93:30:fe:f1:d9:fe:e5:a9:fa:
                    ec:aa:19:ec:ef:75:67:ae:6d:12:ab:dc:c4:51:e1:
                    0d:27:12:5f:31:10:82:ee:1d:b9:6d:d1:a1:4a:be:
                    a3:35:00:04:d1:4f:6f:29:ef:84:4e:4d:7a:d7:9b:
                    0a:3c:0d:21:f4:35:a3:40:0d:d2:ba:44:91:25:c8:
                    d1:a4:20:ab:8e:be:5f:84:50:ca:bf:69:1c:31:4f:
                    39:84:05:b6:cb:38:d1:15:a9:26:a4:73:2e:70:85:
                    57:a3:a7:11:6f:cf:93:63:3b:a9:08:60:47:5e:96:
                    5b:4e:67:01:b0:d2:a5:96:13:5f:bb:20:62:f6:ec:
                    b8:5a:d5:5e:3e:15:73:69:09:58:44:e0:e6:0f:b3:
                    a4:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:22:F0:4E:A7:A9:D0:D6:D4:9F:EC:4C:E8:44:50:68:21:E7:D6:D2
            X509v3 Authority Key Identifier:
                keyid:A1:DC:06:30:E9:60:96:DE:48:22:D1:F5:1E:F8:0C:6F:FF:54:19:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odwGMOlglt5IItH1HvgMb_9UGRs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/iSLwTqep0NbUn-xM6ERQaCHn1tI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/3f9158-6a90-4e57-a28f-3e06a0182614/1/odwGMOlglt5IItH1HvgMb_9UGRs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:53:b8:93:e0:9d:73:83:c7:b1:45:c8:d6:44:c6:7f:ed:78:
         34:a3:22:2b:91:a8:83:cd:12:84:93:39:f4:fb:48:3e:83:41:
         ab:9c:c5:3b:f9:f6:1c:0a:2f:8a:19:7c:5e:3b:11:46:2c:bd:
         04:ae:ad:22:a1:41:b8:d1:fd:ba:75:10:2b:95:32:24:c9:62:
         d8:c1:1b:5c:7a:78:db:70:1e:62:f6:72:93:e9:e3:ab:a2:51:
         a3:75:a1:4e:83:c2:f0:cb:e7:1d:8f:06:e1:0f:fe:d5:af:3d:
         e7:01:7d:38:ee:e6:09:14:b4:39:c8:81:7c:35:86:d5:22:66:
         29:a2:3c:1b:17:66:a7:c5:1b:e3:57:24:1d:df:e5:70:73:a3:
         fc:91:85:4c:64:ae:9e:8a:a8:94:92:fa:de:de:e1:39:e9:71:
         90:3a:67:03:55:c0:08:13:cf:c2:9e:a9:da:cb:c5:bc:19:71:
         c8:80:6d:06:db:1e:2e:90:fe:12:32:f1:c3:bb:b0:63:46:b1:
         28:58:d1:58:07:3f:e0:95:1e:40:6c:e2:28:f6:ec:42:cc:09:
         c1:50:0d:c7:d2:a5:e4:00:f6:62:17:c0:4a:10:1a:a5:6f:fe:
         c3:32:9f:41:71:f8:a7:b9:6e:b6:f3:93:ac:0c:3f:e2:f9:5c:
         ef:85:80:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnmT0LLyimus15DDj4RG0xsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZGMwNjMwZTk2MDk2ZGU0ODIyZDFmNTFlZjgwYzZmZmY1
NDE5MWIwHhcNMjUxMDE1MDUxOTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTIyZjA0ZWE3YTlkMGQ2ZDQ5ZmVjNGNlODQ0NTA2ODIxZTdkNmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFwu5WIptT+WZenQYihj4v83BR+b
4ZgVsoMNKLzYPg01vLkvEk6PIuZpG+tPG71lONLSLyC9HEjlBQPS7fFY0RFR0j4G
igZMEo8qdXD+THx3dqogMwL0VifFI4YGFBaWXI1Nr5yZSwGXiz6ePzaTMP7x2f7l
qfrsqhns73Vnrm0Sq9zEUeENJxJfMRCC7h25bdGhSr6jNQAE0U9vKe+ETk1615sK
PA0h9DWjQA3SukSRJcjRpCCrjr5fhFDKv2kcMU85hAW2yzjRFakmpHMucIVXo6cR
b8+TYzupCGBHXpZbTmcBsNKllhNfuyBi9uy4WtVePhVzaQlYRODmD7Ok3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIki8E6nqdDW1J/sTOhEUGgh59bSMB8GA1UdIwQY
MBaAFKHcBjDpYJbeSCLR9R74DG//VBkbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2R3R01PbGdsdDVJSXRIMUh2Z01iXzlVR1JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8zZjkxNTgtNmE5MC00ZTU3LWEyOGYt
M2UwNmEwMTgyNjE0LzEvaVNMd1RxZXAwTmJVbi14TTZFUlFhQ0huMXRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8zZjkxNTgtNmE5MC00ZTU3LWEyOGYtM2UwNmEwMTgyNjE0
LzEvb2R3R01PbGdsdDVJSXRIMUh2Z01iXzlVR1JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+M+MA0G
CSqGSIb3DQEBCwUAA4IBAQCfU7iT4J1zg8exRcjWRMZ/7Xg0oyIrkaiDzRKEkzn0
+0g+g0GrnMU7+fYcCi+KGXxeOxFGLL0Erq0ioUG40f26dRArlTIkyWLYwRtcenjb
cB5i9nKT6eOrolGjdaFOg8Lwy+cdjwbhD/7Vrz3nAX047uYJFLQ5yIF8NYbVImYp
ojwbF2anxRvjVyQd3+Vwc6P8kYVMZK6eiqiUkvre3uE56XGQOmcDVcAIE8/Cnqna
y8W8GXHIgG0G2x4ukP4SMvHDu7BjRrEoWNFYBz/glR5AbOIo9uxCzAnBUA3H0qXk
APZiF8BKEBqlb/7DMp9BcfinuW6285OsDD/i+VzvhYDc
-----END CERTIFICATE-----