Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/KMWQvkvZexGmjDkok2xFAK-VG28.roa
File:                     KMWQvkvZexGmjDkok2xFAK-VG28.roa (raw, json)
Hash identifier:          k7JhCKGfs3xftRzHduHTKDM6EpxC14ywrQN15pLBPWI=
Subject key identifier:   28:C5:90:BE:4B:D9:7B:11:A6:8C:39:28:93:6C:45:00:AF:95:1B:6F
Certificate issuer:       /CN=bbd84bc44dbda5babfc4940bccc1635e153b24b6
Certificate serial:       0198B34E3899D3FBE6BC131EB14C2DA12EEA
Authority key identifier: BB:D8:4B:C4:4D:BD:A5:BA:BF:C4:94:0B:CC:C1:63:5E:15:3B:24:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u9hLxE29pbq_xJQLzMFjXhU7JLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/KMWQvkvZexGmjDkok2xFAK-VG28.roa
Signing time:             Sat 16 Aug 2025 14:35:04 +0000
ROA not before:           Sat 16 Aug 2025 14:35:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     263759
IP address blocks:        91.229.134.0/23 maxlen: 24
                          91.229.134.0/24 maxlen: 24
                          91.229.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/u9hLxE29pbq_xJQLzMFjXhU7JLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/u9hLxE29pbq_xJQLzMFjXhU7JLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u9hLxE29pbq_xJQLzMFjXhU7JLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b3:4e:38:99:d3:fb:e6:bc:13:1e:b1:4c:2d:a1:2e:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbd84bc44dbda5babfc4940bccc1635e153b24b6
        Validity
            Not Before: Aug 16 14:35:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28c590be4bd97b11a68c3928936c4500af951b6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:17:d1:b4:cf:99:31:f0:4d:ef:a7:62:47:76:
                    2b:e1:b4:e2:2c:3d:fe:08:7d:ab:b7:73:63:8e:52:
                    2d:66:3f:2f:d8:d0:41:24:53:6e:17:c2:50:6b:22:
                    f3:0a:c5:db:ce:c0:1a:cc:f6:54:2c:df:61:4a:ce:
                    6e:73:04:15:fc:dd:e9:67:93:29:61:cc:1f:67:4c:
                    85:e7:ac:be:0d:63:d0:54:7a:00:98:8f:2d:06:86:
                    1d:d8:ac:a7:6f:ab:d4:f6:2a:ff:5b:50:b7:0d:e3:
                    77:e6:0c:3c:51:5f:72:c3:83:da:c7:4b:9f:04:30:
                    19:a1:0c:74:97:30:96:17:31:b7:f7:ae:2c:4f:75:
                    81:ae:36:f5:b0:8e:7a:28:a2:71:b2:9d:7b:0a:38:
                    e0:37:46:86:a8:19:f7:e8:e9:8a:c1:e7:7c:23:a6:
                    df:bb:2e:5b:e6:99:ac:eb:a5:da:73:e9:9d:67:c4:
                    d5:6f:79:3c:49:a6:ff:fc:46:8e:3d:79:0f:30:40:
                    fd:90:dd:6f:73:3a:0a:44:cd:6c:7b:75:bb:fd:cd:
                    42:7b:c8:21:c7:96:a1:f1:5e:82:b0:4a:9e:29:93:
                    fd:17:0c:38:94:2b:43:57:7e:ae:59:2d:c5:96:ec:
                    1a:b4:74:63:72:fc:4e:9d:5a:a2:c1:17:3f:68:12:
                    c6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:C5:90:BE:4B:D9:7B:11:A6:8C:39:28:93:6C:45:00:AF:95:1B:6F
            X509v3 Authority Key Identifier:
                keyid:BB:D8:4B:C4:4D:BD:A5:BA:BF:C4:94:0B:CC:C1:63:5E:15:3B:24:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u9hLxE29pbq_xJQLzMFjXhU7JLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/KMWQvkvZexGmjDkok2xFAK-VG28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/u9hLxE29pbq_xJQLzMFjXhU7JLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:fb:b7:0d:ee:2d:75:c9:61:90:64:d7:d9:72:88:14:c5:ff:
         0e:c3:31:f0:0c:e2:7e:81:cb:64:ee:b9:b3:f0:93:b4:f8:9a:
         c1:45:db:fc:7a:b3:c9:e0:77:a2:35:7b:14:3f:e1:ff:ff:7e:
         df:fb:87:4e:4e:a3:6d:79:fd:fa:a4:0a:ea:a0:2c:a6:b0:18:
         aa:c2:fb:51:60:ee:5a:d1:36:19:c1:d0:b9:6c:ad:43:06:87:
         a0:6a:57:4f:9a:49:5c:44:fc:30:24:db:b8:80:c6:a2:4b:ee:
         82:fb:ab:d9:ca:f5:c4:ac:e1:0d:48:78:83:c4:71:d6:3b:e1:
         0a:69:7e:b7:a2:c9:70:15:54:6f:19:71:0f:9a:62:e9:51:b7:
         9b:c6:ce:00:24:48:fd:76:6f:d2:6d:92:2c:b0:83:3c:97:e6:
         0e:5d:d1:f6:5e:d4:64:28:73:c6:0c:53:30:a2:23:2a:06:f7:
         88:37:71:f7:a2:e0:c6:a0:a1:58:2e:7f:41:e2:a7:bc:05:f8:
         91:79:61:8b:84:55:36:04:c0:e1:cc:1f:9c:df:37:50:70:5b:
         1a:7b:06:cb:cc:69:ab:e0:70:ed:60:4c:41:04:b0:7a:31:96:
         69:c4:55:e8:07:36:5c:87:16:eb:d6:5e:d1:11:2a:c7:f3:21:
         08:e9:b2:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZizTjiZ0/vmvBMesUwtoS7qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZDg0YmM0NGRiZGE1YmFiZmM0OTQwYmNjYzE2MzVlMTUz
YjI0YjYwHhcNMjUwODE2MTQzNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGM1OTBiZTRiZDk3YjExYTY4YzM5Mjg5MzZjNDUwMGFmOTUxYjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9hfRtM+ZMfBN76diR3Yr4bTiLD3+
CH2rt3NjjlItZj8v2NBBJFNuF8JQayLzCsXbzsAazPZULN9hSs5ucwQV/N3pZ5Mp
YcwfZ0yF56y+DWPQVHoAmI8tBoYd2Kynb6vU9ir/W1C3DeN35gw8UV9yw4Pax0uf
BDAZoQx0lzCWFzG3964sT3WBrjb1sI56KKJxsp17CjjgN0aGqBn36OmKwed8I6bf
uy5b5pms66Xac+mdZ8TVb3k8Sab//EaOPXkPMED9kN1vczoKRM1se3W7/c1Ce8gh
x5ah8V6CsEqeKZP9Fww4lCtDV36uWS3FluwatHRjcvxOnVqiwRc/aBLGJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCjFkL5L2XsRpow5KJNsRQCvlRtvMB8GA1UdIwQY
MBaAFLvYS8RNvaW6v8SUC8zBY14VOyS2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTloTHhFMjlwYnFfeEpRTHpNRmpYaFU3SkxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS82MzliZTQtOTNlNi00MTgzLWFiNmYt
ZGZkZGIxMzY0MzYzLzEvS01XUXZrdlpleEdtakRrb2syeEZBSy1WRzI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS82MzliZTQtOTNlNi00MTgzLWFiNmYtZGZkZGIxMzY0MzYz
LzEvdTloTHhFMjlwYnFfeEpRTHpNRmpYaFU3SkxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+WGMA0G
CSqGSIb3DQEBCwUAA4IBAQBy+7cN7i11yWGQZNfZcogUxf8OwzHwDOJ+gctk7rmz
8JO0+JrBRdv8erPJ4HeiNXsUP+H//37f+4dOTqNtef36pArqoCymsBiqwvtRYO5a
0TYZwdC5bK1DBoegaldPmklcRPwwJNu4gMaiS+6C+6vZyvXErOENSHiDxHHWO+EK
aX63oslwFVRvGXEPmmLpUbebxs4AJEj9dm/SbZIssIM8l+YOXdH2XtRkKHPGDFMw
oiMqBveIN3H3ouDGoKFYLn9B4qe8BfiReWGLhFU2BMDhzB+c3zdQcFsaewbLzGmr
4HDtYExBBLB6MZZpxFXoBzZchxbr1l7RESrH8yEI6bJ0
-----END CERTIFICATE-----