Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/owAhL1NHTs3a_KA4LBgI9S2g7Cs.roa
File:                     owAhL1NHTs3a_KA4LBgI9S2g7Cs.roa (raw, json)
Hash identifier:          JEBK6rkYLONJ+2U7DSIWRzvXuZ8BeffH/0aQKugUgXU=
Subject key identifier:   A3:00:21:2F:53:47:4E:CD:DA:FC:A0:38:2C:18:08:F5:2D:A0:EC:2B
Certificate issuer:       /CN=bbd84bc44dbda5babfc4940bccc1635e153b24b6
Certificate serial:       0198AF056A3A92CE035FD9501C86292BADC0
Authority key identifier: BB:D8:4B:C4:4D:BD:A5:BA:BF:C4:94:0B:CC:C1:63:5E:15:3B:24:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u9hLxE29pbq_xJQLzMFjXhU7JLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/owAhL1NHTs3a_KA4LBgI9S2g7Cs.roa
Signing time:             Fri 15 Aug 2025 18:37:04 +0000
ROA not before:           Fri 15 Aug 2025 18:37:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61112
IP address blocks:        91.229.132.0/23 maxlen: 23
                          91.229.132.0/24 maxlen: 24
                          91.229.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/u9hLxE29pbq_xJQLzMFjXhU7JLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/u9hLxE29pbq_xJQLzMFjXhU7JLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u9hLxE29pbq_xJQLzMFjXhU7JLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 08:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:af:05:6a:3a:92:ce:03:5f:d9:50:1c:86:29:2b:ad:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbd84bc44dbda5babfc4940bccc1635e153b24b6
        Validity
            Not Before: Aug 15 18:37:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a300212f53474ecddafca0382c1808f52da0ec2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a0:4b:22:83:f9:13:62:53:ac:81:16:07:e6:
                    0b:36:5a:47:bf:2d:66:1c:3f:03:87:47:ea:75:97:
                    43:5d:83:9d:ad:bc:28:ca:92:8d:c8:51:f7:42:c2:
                    e9:cb:0b:99:8c:31:94:72:f6:9a:22:c7:15:3b:a6:
                    9a:04:06:4c:19:db:cb:43:43:62:dd:0d:43:68:f8:
                    7a:a4:c6:50:1d:07:76:92:3d:b7:5c:48:90:f2:31:
                    1f:b3:9a:2d:48:fe:ad:5b:5e:fb:c4:23:29:0e:5f:
                    6d:65:59:e4:0b:49:25:ba:06:6a:a4:ae:31:b4:32:
                    4f:f1:01:18:73:ab:90:8a:b7:57:81:99:ff:92:e4:
                    67:ea:f6:c3:23:ca:68:60:6e:3b:23:72:9c:3c:86:
                    63:bd:02:dd:85:ce:af:9f:68:73:9a:60:29:a8:c8:
                    36:60:19:93:63:37:1d:2e:1f:4b:13:ee:b0:e1:48:
                    42:a3:fc:1c:12:c9:6c:51:12:c1:5e:ea:83:84:5d:
                    97:35:6c:63:d0:f9:11:fa:3a:ea:13:51:83:8f:c8:
                    4d:b1:d7:98:31:5d:57:52:ba:05:6c:19:e7:90:01:
                    66:bb:98:dc:be:2b:bd:12:cc:4d:2d:0f:8e:de:f5:
                    23:08:f3:db:a9:20:84:93:b4:30:70:ca:1c:96:03:
                    9a:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:00:21:2F:53:47:4E:CD:DA:FC:A0:38:2C:18:08:F5:2D:A0:EC:2B
            X509v3 Authority Key Identifier:
                keyid:BB:D8:4B:C4:4D:BD:A5:BA:BF:C4:94:0B:CC:C1:63:5E:15:3B:24:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u9hLxE29pbq_xJQLzMFjXhU7JLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/owAhL1NHTs3a_KA4LBgI9S2g7Cs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/639be4-93e6-4183-ab6f-dfddb1364363/1/u9hLxE29pbq_xJQLzMFjXhU7JLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         06:0c:4f:55:99:f3:5f:68:d7:65:64:f2:6f:cd:ea:41:cb:58:
         21:11:32:0e:db:31:13:f6:a9:d3:82:4c:6a:56:94:43:6c:ef:
         99:b6:01:80:6c:b5:e1:38:e6:a9:01:50:49:1c:ec:33:04:04:
         0a:53:b6:fd:19:11:4e:04:7f:d6:66:e3:5a:83:31:33:45:9a:
         0b:3b:ca:26:2d:b2:23:47:c7:da:a2:79:ef:8a:bd:0c:f4:5b:
         2b:f2:07:96:f3:9d:b4:f4:fc:22:fc:b5:32:7d:d4:68:05:c6:
         fc:b6:c6:c9:af:6f:7c:c3:dc:12:c9:04:15:15:b8:05:af:82:
         3f:30:40:6d:68:ae:cb:a6:a3:f7:09:18:61:92:43:17:5b:41:
         7c:04:53:6a:a8:98:e4:e0:19:cc:13:09:33:96:6f:11:1d:ff:
         ce:d9:90:a5:90:08:07:bf:e1:f3:53:da:60:d5:76:ef:54:25:
         73:37:82:07:10:56:60:63:a6:73:af:0d:89:4a:1d:c1:4f:6e:
         b9:96:61:23:b8:e6:c0:0b:ad:d4:51:44:df:e4:a0:dc:7a:8c:
         f0:e4:91:1f:ff:a1:90:30:d3:3c:09:2c:59:a3:55:d3:68:aa:
         86:fa:86:eb:5b:c9:4a:17:42:1f:1e:3a:26:92:26:26:3e:9c:
         8f:4e:ac:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZivBWo6ks4DX9lQHIYpK63AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiZDg0YmM0NGRiZGE1YmFiZmM0OTQwYmNjYzE2MzVlMTUz
YjI0YjYwHhcNMjUwODE1MTgzNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzAwMjEyZjUzNDc0ZWNkZGFmY2EwMzgyYzE4MDhmNTJkYTBlYzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qBLIoP5E2JTrIEWB+YLNlpHvy1m
HD8Dh0fqdZdDXYOdrbwoypKNyFH3QsLpywuZjDGUcvaaIscVO6aaBAZMGdvLQ0Ni
3Q1DaPh6pMZQHQd2kj23XEiQ8jEfs5otSP6tW177xCMpDl9tZVnkC0klugZqpK4x
tDJP8QEYc6uQirdXgZn/kuRn6vbDI8poYG47I3KcPIZjvQLdhc6vn2hzmmApqMg2
YBmTYzcdLh9LE+6w4UhCo/wcEslsURLBXuqDhF2XNWxj0PkR+jrqE1GDj8hNsdeY
MV1XUroFbBnnkAFmu5jcviu9EsxNLQ+O3vUjCPPbqSCEk7QwcMoclgOaSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMAIS9TR07N2vygOCwYCPUtoOwrMB8GA1UdIwQY
MBaAFLvYS8RNvaW6v8SUC8zBY14VOyS2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTloTHhFMjlwYnFfeEpRTHpNRmpYaFU3SkxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS82MzliZTQtOTNlNi00MTgzLWFiNmYt
ZGZkZGIxMzY0MzYzLzEvb3dBaEwxTkhUczNhX0tBNExCZ0k5UzJnN0NzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS82MzliZTQtOTNlNi00MTgzLWFiNmYtZGZkZGIxMzY0MzYz
LzEvdTloTHhFMjlwYnFfeEpRTHpNRmpYaFU3SkxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+WEMA0G
CSqGSIb3DQEBCwUAA4IBAQAGDE9VmfNfaNdlZPJvzepBy1ghETIO2zET9qnTgkxq
VpRDbO+ZtgGAbLXhOOapAVBJHOwzBAQKU7b9GRFOBH/WZuNagzEzRZoLO8omLbIj
R8faonnvir0M9Fsr8geW85209Pwi/LUyfdRoBcb8tsbJr298w9wSyQQVFbgFr4I/
MEBtaK7LpqP3CRhhkkMXW0F8BFNqqJjk4BnMEwkzlm8RHf/O2ZClkAgHv+HzU9pg
1XbvVCVzN4IHEFZgY6Zzrw2JSh3BT265lmEjuObAC63UUUTf5KDceozw5JEf/6GQ
MNM8CSxZo1XTaKqG+obrW8lKF0IfHjomkiYmPpyPTqzA
-----END CERTIFICATE-----