Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/3N9aZ8zTSdZQ6ZvfIiyQMbKeNPE.roa
File:                     3N9aZ8zTSdZQ6ZvfIiyQMbKeNPE.roa (raw, json)
Hash identifier:          VzMo5OEH6WAO4xNi9N0ubLSFEAUrDTWn6IFMnfmYKL4=
Subject key identifier:   DC:DF:5A:67:CC:D3:49:D6:50:E9:9B:DF:22:2C:90:31:B2:9E:34:F1
Certificate issuer:       /CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
Certificate serial:       0199B5E9C6A6551EEB129E8BE9FD4480451F
Authority key identifier: 27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/3N9aZ8zTSdZQ6ZvfIiyQMbKeNPE.roa
Signing time:             Sun 05 Oct 2025 19:47:00 +0000
ROA not before:           Sun 05 Oct 2025 19:47:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56582
IP address blocks:        91.102.160.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b5:e9:c6:a6:55:1e:eb:12:9e:8b:e9:fd:44:80:45:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27c8b427c313598a92e8d8ec60e2950da39fc2c9
        Validity
            Not Before: Oct  5 19:47:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dcdf5a67ccd349d650e99bdf222c9031b29e34f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:39:61:f0:11:49:c3:ae:19:1d:2a:7c:c5:73:
                    b9:fb:64:d1:b4:fb:ba:15:49:83:dd:8a:bb:c2:b1:
                    0e:9e:85:db:f2:36:da:26:61:f9:b3:2c:03:03:65:
                    83:86:1f:ed:f8:5e:00:9a:8a:1e:25:aa:2c:0b:5b:
                    b7:94:e8:22:f0:7b:39:ff:93:1e:4b:5a:a6:80:46:
                    38:e2:d0:b5:04:27:3d:6d:e6:4d:f8:3c:a4:8f:6a:
                    35:a0:f9:e1:df:cf:b1:61:9b:07:19:e8:d2:d8:68:
                    f3:bc:0b:82:c7:8b:11:95:fd:9c:4a:86:a5:79:50:
                    65:4a:5c:5c:03:24:2a:65:e3:3d:67:cf:99:25:4d:
                    96:de:0f:5b:f0:6f:ec:a9:6f:f3:86:9b:68:44:17:
                    a9:e6:64:fd:59:f2:3e:5f:15:1b:b7:3a:55:fb:6c:
                    be:19:ad:b9:75:63:57:88:ee:9c:35:82:25:59:af:
                    83:11:4c:16:05:36:24:33:89:d4:3a:45:6b:54:c2:
                    8d:7c:56:ab:4d:5a:69:38:0e:b2:16:10:e7:0f:bd:
                    fc:9c:ad:ef:1a:d4:01:4f:66:37:af:99:10:1c:b6:
                    20:3f:d3:0e:a4:dd:c8:e7:c8:ee:8c:a7:7c:a3:ed:
                    56:f2:1e:0c:88:2c:ca:a0:a3:08:c5:97:1a:95:c4:
                    2a:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:DF:5A:67:CC:D3:49:D6:50:E9:9B:DF:22:2C:90:31:B2:9E:34:F1
            X509v3 Authority Key Identifier:
                keyid:27:C8:B4:27:C3:13:59:8A:92:E8:D8:EC:60:E2:95:0D:A3:9F:C2:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8i0J8MTWYqS6NjsYOKVDaOfwsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/3N9aZ8zTSdZQ6ZvfIiyQMbKeNPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a7cdbf-da8e-4d43-bdc7-1c6ee44e11ad/1/J8i0J8MTWYqS6NjsYOKVDaOfwsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         50:4e:51:2e:67:69:1e:74:fe:bc:98:c0:9e:24:80:49:e9:31:
         c0:3b:d5:6e:3e:ef:6e:4d:b3:42:36:11:74:d3:2e:64:67:69:
         15:59:2d:40:3a:cc:72:f8:9a:29:21:37:6e:e2:c8:07:4f:f3:
         94:1b:73:fa:d8:1b:ca:61:4c:9c:77:2c:46:ad:e6:9f:4b:25:
         e1:49:4f:2a:d8:a2:7a:60:06:a6:26:0b:a5:7c:82:1a:66:db:
         2d:99:c8:5c:ca:82:32:97:5a:31:70:11:7c:00:99:fc:b9:69:
         d1:39:f8:83:b4:01:b1:64:bc:89:ab:01:37:2c:8e:71:6c:68:
         1d:9c:ae:bd:95:6a:d2:08:7d:2b:a0:60:27:2f:65:49:6e:15:
         31:82:db:13:0b:83:ae:47:ca:4d:05:14:c8:bf:8c:48:54:ca:
         24:54:57:27:a7:4b:8d:6d:af:2a:8c:e2:3d:3b:34:cd:41:3c:
         c2:74:55:87:7e:66:35:be:b0:98:0f:03:a7:a9:02:2d:f9:8c:
         90:e7:27:e4:6f:15:83:df:ce:79:4a:90:f9:d0:eb:12:4c:f7:
         d4:5d:33:34:0b:8b:19:15:25:39:68:6e:a6:66:23:4e:b7:dc:
         03:d3:2f:f7:b6:11:d9:0a:b8:a5:02:5b:ef:29:de:37:1e:2e:
         00:d0:ff:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm16camVR7rEp6L6f1EgEUfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzhiNDI3YzMxMzU5OGE5MmU4ZDhlYzYwZTI5NTBkYTM5
ZmMyYzkwHhcNMjUxMDA1MTk0NzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2RmNWE2N2NjZDM0OWQ2NTBlOTliZGYyMjJjOTAzMWIyOWUzNGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Dlh8BFJw64ZHSp8xXO5+2TRtPu6
FUmD3Yq7wrEOnoXb8jbaJmH5sywDA2WDhh/t+F4AmooeJaosC1u3lOgi8Hs5/5Me
S1qmgEY44tC1BCc9beZN+Dykj2o1oPnh38+xYZsHGejS2GjzvAuCx4sRlf2cSoal
eVBlSlxcAyQqZeM9Z8+ZJU2W3g9b8G/sqW/zhptoRBep5mT9WfI+XxUbtzpV+2y+
Ga25dWNXiO6cNYIlWa+DEUwWBTYkM4nUOkVrVMKNfFarTVppOA6yFhDnD738nK3v
GtQBT2Y3r5kQHLYgP9MOpN3I58jujKd8o+1W8h4MiCzKoKMIxZcalcQqWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNzfWmfM00nWUOmb3yIskDGynjTxMB8GA1UdIwQY
MBaAFCfItCfDE1mKkujY7GDilQ2jn8LJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzct
MWM2ZWU0NGUxMWFkLzEvM045YVo4elRTZFpRNlp2ZklpeVFNYktlTlBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hN2NkYmYtZGE4ZS00ZDQzLWJkYzctMWM2ZWU0NGUxMWFk
LzEvSjhpMEo4TVRXWXFTNk5qc1lPS1ZEYU9md3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW2agMA0G
CSqGSIb3DQEBCwUAA4IBAQBQTlEuZ2kedP68mMCeJIBJ6THAO9VuPu9uTbNCNhF0
0y5kZ2kVWS1AOsxy+JopITdu4sgHT/OUG3P62BvKYUycdyxGreafSyXhSU8q2KJ6
YAamJgulfIIaZtstmchcyoIyl1oxcBF8AJn8uWnROfiDtAGxZLyJqwE3LI5xbGgd
nK69lWrSCH0roGAnL2VJbhUxgtsTC4OuR8pNBRTIv4xIVMokVFcnp0uNba8qjOI9
OzTNQTzCdFWHfmY1vrCYDwOnqQIt+YyQ5yfkbxWD3855SpD50OsSTPfUXTM0C4sZ
FSU5aG6mZiNOt9wD0y/3thHZCrilAlvvKd43Hi4A0P+c
-----END CERTIFICATE-----