Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/m1rDa4mFSS7DgxLKEUuhg1KKIME.roa
File:                     m1rDa4mFSS7DgxLKEUuhg1KKIME.roa (raw, json)
Hash identifier:          P+gAWygPgYFKaEAocSrD9brqA8mxvT8s5Q0PR3R+oc4=
Subject key identifier:   9B:5A:C3:6B:89:85:49:2E:C3:83:12:CA:11:4B:A1:83:52:8A:20:C1
Certificate issuer:       /CN=1c6fd297f95531feb82c964fd67f6c94320938f6
Certificate serial:       0199C2ED082C8357718A25AFCA3F052EA0C9
Authority key identifier: 1C:6F:D2:97:F9:55:31:FE:B8:2C:96:4F:D6:7F:6C:94:32:09:38:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HG_Sl_lVMf64LJZP1n9slDIJOPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/m1rDa4mFSS7DgxLKEUuhg1KKIME.roa
Signing time:             Wed 08 Oct 2025 08:25:37 +0000
ROA not before:           Wed 08 Oct 2025 08:25:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206123
IP address blocks:        91.235.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/HG_Sl_lVMf64LJZP1n9slDIJOPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/HG_Sl_lVMf64LJZP1n9slDIJOPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HG_Sl_lVMf64LJZP1n9slDIJOPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 14:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c2:ed:08:2c:83:57:71:8a:25:af:ca:3f:05:2e:a0:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c6fd297f95531feb82c964fd67f6c94320938f6
        Validity
            Not Before: Oct  8 08:25:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b5ac36b8985492ec38312ca114ba183528a20c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:c3:f0:a7:7d:ce:fe:66:16:a9:e2:8b:b7:c8:
                    63:c6:d5:9a:6a:d6:f2:d6:44:a7:94:51:74:04:2d:
                    5d:62:3a:19:09:22:7c:b2:8e:71:36:96:a9:c1:b0:
                    91:f9:51:11:f6:63:83:bd:a8:b6:ac:87:17:66:dd:
                    db:c9:ad:f8:76:b5:a5:21:98:3a:a6:c6:b2:1f:5e:
                    df:53:01:90:f1:a6:90:0f:ea:fd:97:25:71:ce:8a:
                    da:fc:03:23:5b:3d:62:a6:4c:b6:14:a5:37:35:22:
                    ff:94:ee:0a:9d:02:76:b3:2d:48:c0:ba:e4:c4:99:
                    e0:c2:f7:8b:da:d2:03:03:b3:54:bd:cd:cc:ea:52:
                    8c:b6:d9:1f:e3:86:6d:a1:af:12:a6:5b:20:7d:68:
                    7b:62:3e:86:be:43:49:e2:93:8f:84:f0:fd:4d:60:
                    5b:3a:c6:70:d0:f4:74:82:39:da:32:e2:b0:c5:c5:
                    95:d8:a8:9e:d4:00:5a:52:1a:c9:54:f4:17:55:26:
                    ce:b2:2c:50:5a:8c:0c:53:5f:dc:e6:1b:1a:82:e2:
                    b0:dc:62:79:61:8d:5a:89:27:b2:03:3a:9b:9c:c4:
                    7f:a5:3f:e8:e6:46:1f:f6:94:1c:b8:d6:96:9f:30:
                    9f:e1:13:09:d7:e8:84:5b:d7:88:4e:3b:fb:af:49:
                    24:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:5A:C3:6B:89:85:49:2E:C3:83:12:CA:11:4B:A1:83:52:8A:20:C1
            X509v3 Authority Key Identifier:
                keyid:1C:6F:D2:97:F9:55:31:FE:B8:2C:96:4F:D6:7F:6C:94:32:09:38:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HG_Sl_lVMf64LJZP1n9slDIJOPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/m1rDa4mFSS7DgxLKEUuhg1KKIME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/5bd26c-bbce-40c0-89d7-ef78a8a7606c/1/HG_Sl_lVMf64LJZP1n9slDIJOPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.235.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:a8:70:0c:6c:a5:5b:a1:f2:7d:ea:27:24:8d:b0:b3:3f:46:
         0b:07:e4:23:b6:e0:9e:ac:bd:02:38:9e:7f:df:15:9d:a2:1d:
         41:03:cc:85:bb:ac:20:5d:6f:9f:a4:dc:e9:57:27:62:5a:f1:
         4b:d7:47:5b:c5:4b:37:89:32:4c:01:b3:96:f9:03:e5:d9:69:
         41:2b:ad:a5:c1:48:b9:d0:a2:40:3e:19:a9:75:69:b3:26:71:
         64:da:c6:bf:dc:aa:f3:d8:3d:a3:24:76:67:7b:9f:11:bb:41:
         f1:5a:6e:ee:46:94:83:0f:3f:30:1a:20:7e:02:85:cf:f3:49:
         65:3f:ce:b2:93:45:78:2d:ca:63:cb:e4:2e:82:75:b5:37:91:
         5b:a4:6f:cb:71:d6:67:e6:5e:50:9e:f6:ea:e0:b4:f9:92:ce:
         8c:a5:a6:c9:24:a2:62:e6:1d:cc:98:4f:d8:29:41:dd:eb:86:
         08:67:2d:72:99:b5:18:29:42:9d:a9:fc:48:6b:b8:61:dd:b4:
         36:b8:46:2d:4d:fd:d1:b3:97:48:9d:a1:03:37:b7:7d:9e:db:
         a8:e9:e7:33:75:f5:c7:86:67:e9:12:6a:ba:f1:fd:95:d4:74:
         ef:26:cf:14:1f:1d:de:dd:7a:88:a0:c8:0b:9e:53:45:9a:03:
         ac:b7:ef:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnC7Qgsg1dxiiWvyj8FLqDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNmZkMjk3Zjk1NTMxZmViODJjOTY0ZmQ2N2Y2Yzk0MzIw
OTM4ZjYwHhcNMjUxMDA4MDgyNTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjVhYzM2Yjg5ODU0OTJlYzM4MzEyY2ExMTRiYTE4MzUyOGEyMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8Pwp33O/mYWqeKLt8hjxtWaatby
1kSnlFF0BC1dYjoZCSJ8so5xNpapwbCR+VER9mODvai2rIcXZt3bya34drWlIZg6
psayH17fUwGQ8aaQD+r9lyVxzora/AMjWz1ipky2FKU3NSL/lO4KnQJ2sy1IwLrk
xJngwveL2tIDA7NUvc3M6lKMttkf44Ztoa8SplsgfWh7Yj6GvkNJ4pOPhPD9TWBb
OsZw0PR0gjnaMuKwxcWV2Kie1ABaUhrJVPQXVSbOsixQWowMU1/c5hsaguKw3GJ5
YY1aiSeyAzqbnMR/pT/o5kYf9pQcuNaWnzCf4RMJ1+iEW9eITjv7r0kkYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJtaw2uJhUkuw4MSyhFLoYNSiiDBMB8GA1UdIwQY
MBaAFBxv0pf5VTH+uCyWT9Z/bJQyCTj2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEdfU2xfbFZNZjY0TEpaUDFuOXNsRElKT1BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi81YmQyNmMtYmJjZS00MGMwLTg5ZDct
ZWY3OGE4YTc2MDZjLzEvbTFyRGE0bUZTUzdEZ3hMS0VVdWhnMUtLSU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi81YmQyNmMtYmJjZS00MGMwLTg5ZDctZWY3OGE4YTc2MDZj
LzEvSEdfU2xfbFZNZjY0TEpaUDFuOXNsRElKT1BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+vUMA0G
CSqGSIb3DQEBCwUAA4IBAQAJqHAMbKVbofJ96ickjbCzP0YLB+QjtuCerL0COJ5/
3xWdoh1BA8yFu6wgXW+fpNzpVydiWvFL10dbxUs3iTJMAbOW+QPl2WlBK62lwUi5
0KJAPhmpdWmzJnFk2sa/3Krz2D2jJHZne58Ru0HxWm7uRpSDDz8wGiB+AoXP80ll
P86yk0V4Lcpjy+QugnW1N5FbpG/LcdZn5l5Qnvbq4LT5ks6MpabJJKJi5h3MmE/Y
KUHd64YIZy1ymbUYKUKdqfxIa7hh3bQ2uEYtTf3Rs5dInaEDN7d9ntuo6eczdfXH
hmfpEmq68f2V1HTvJs8UHx3e3XqIoMgLnlNFmgOst+8p
-----END CERTIFICATE-----