Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/d0b571-3276-4177-8163-0069030763db/1/tfiH7BWA2nR2OChCX9UjtDlYY3Q.roa
File:                     tfiH7BWA2nR2OChCX9UjtDlYY3Q.roa (raw, json)
Hash identifier:          Nf7Xdo8U+iMEgw4lw6H1GywUDmKoW0FTEplT8uPlZJE=
Subject key identifier:   B5:F8:87:EC:15:80:DA:74:76:38:28:42:5F:D5:23:B4:39:58:63:74
Certificate issuer:       /CN=5365d03fd8522674eb17ac767294cd11f72939d1
Certificate serial:       0199B8D4D7C34B8CC49AAEE3B3A0444B5504
Authority key identifier: 53:65:D0:3F:D8:52:26:74:EB:17:AC:76:72:94:CD:11:F7:29:39:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U2XQP9hSJnTrF6x2cpTNEfcpOdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/d0b571-3276-4177-8163-0069030763db/1/tfiH7BWA2nR2OChCX9UjtDlYY3Q.roa
Signing time:             Mon 06 Oct 2025 09:23:00 +0000
ROA not before:           Mon 06 Oct 2025 09:23:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51709
IP address blocks:        91.209.5.0/24 maxlen: 24
                          2001:67c:8b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/d0b571-3276-4177-8163-0069030763db/1/U2XQP9hSJnTrF6x2cpTNEfcpOdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/d0b571-3276-4177-8163-0069030763db/1/U2XQP9hSJnTrF6x2cpTNEfcpOdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U2XQP9hSJnTrF6x2cpTNEfcpOdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b8:d4:d7:c3:4b:8c:c4:9a:ae:e3:b3:a0:44:4b:55:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5365d03fd8522674eb17ac767294cd11f72939d1
        Validity
            Not Before: Oct  6 09:23:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5f887ec1580da74763828425fd523b439586374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:6b:3e:74:cc:5e:8f:8f:52:ea:aa:de:66:6d:
                    f5:ea:26:f3:f2:be:b1:a5:99:47:9b:cc:3c:3b:9f:
                    f5:e3:ea:4b:60:8e:59:99:62:4f:2b:df:48:92:27:
                    37:10:18:99:d7:17:b2:c5:72:64:63:57:a6:65:94:
                    87:fb:b7:a9:0e:99:f0:d7:0b:71:e1:cf:33:72:5c:
                    2c:d4:38:74:71:17:1e:8f:e0:2e:a9:2d:e2:3d:06:
                    0f:8c:75:13:df:46:9c:6b:1d:c0:9f:56:b3:55:11:
                    bc:96:2f:20:76:c7:96:f4:fa:87:3d:f3:5c:df:e9:
                    3b:24:cf:9b:1c:83:9e:9b:d7:a9:7c:4d:9d:6d:f7:
                    b1:f6:c3:26:58:fd:f6:a9:e2:22:1c:22:ea:ce:8b:
                    9b:b6:11:3c:84:53:c7:fb:01:10:62:63:1a:1a:ad:
                    f5:54:2d:c7:f4:05:11:9f:ff:73:d6:6d:00:5d:05:
                    57:a8:c9:39:e7:b3:cd:3f:35:9f:97:75:e9:9c:d1:
                    e1:c9:10:21:37:b3:44:a3:96:01:07:ff:c0:ff:b8:
                    65:70:bd:c3:3d:6f:4e:45:d7:74:ab:cb:c1:c6:6a:
                    65:e9:ce:55:af:7f:14:d1:e4:cc:47:fd:c5:03:f9:
                    7e:86:27:b0:c8:62:29:67:1a:a6:2e:ca:31:b4:47:
                    ac:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:F8:87:EC:15:80:DA:74:76:38:28:42:5F:D5:23:B4:39:58:63:74
            X509v3 Authority Key Identifier:
                keyid:53:65:D0:3F:D8:52:26:74:EB:17:AC:76:72:94:CD:11:F7:29:39:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U2XQP9hSJnTrF6x2cpTNEfcpOdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d0b571-3276-4177-8163-0069030763db/1/tfiH7BWA2nR2OChCX9UjtDlYY3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/d0b571-3276-4177-8163-0069030763db/1/U2XQP9hSJnTrF6x2cpTNEfcpOdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.5.0/24
                IPv6:
                  2001:67c:8b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         1a:1f:f5:f7:da:28:28:57:c7:3c:53:05:94:ed:63:e7:c0:07:
         7b:2a:eb:36:b3:08:4b:06:7b:b5:96:26:42:39:24:ca:90:d8:
         ec:79:08:2e:5a:d8:46:c5:c3:e0:aa:c9:ca:cc:da:01:0f:bd:
         6b:7a:5a:40:b4:67:a6:34:7f:ab:29:ff:14:87:89:26:14:78:
         ed:c0:65:69:81:ee:f4:d6:e4:7f:fd:18:cb:89:4c:9e:ba:ae:
         93:64:83:46:0d:4d:24:ae:7d:bd:31:c8:52:99:59:b0:e0:33:
         3e:83:a4:bc:cc:81:ed:1c:45:e0:7c:62:a9:65:a3:e7:5e:dd:
         87:7d:8a:c4:4b:e3:d0:bb:96:c7:ef:f5:91:c1:9b:98:bc:04:
         e7:57:fc:40:33:cc:4d:fc:ec:ac:33:0e:41:c0:4a:56:6e:a5:
         28:9e:b7:36:bc:42:01:25:44:a2:c6:6b:09:d1:9a:d2:29:56:
         0f:a5:43:23:6c:1e:30:dc:77:b1:b7:81:a3:ba:ce:36:ba:07:
         af:1c:22:fc:06:f2:8c:77:1e:31:9c:d2:38:3a:71:cd:3f:55:
         66:50:e9:1b:10:a2:c2:33:9a:98:4f:ea:89:f2:d6:29:e7:60:
         1f:ea:dd:74:35:18:52:ee:91:29:72:a9:67:17:7b:91:8b:89:
         40:fb:e6:44
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZm41NfDS4zEmq7js6BES1UEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNjVkMDNmZDg1MjI2NzRlYjE3YWM3NjcyOTRjZDExZjcy
OTM5ZDEwHhcNMjUxMDA2MDkyMzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWY4ODdlYzE1ODBkYTc0NzYzODI4NDI1ZmQ1MjNiNDM5NTg2Mzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02s+dMxej49S6qreZm316ibz8r6x
pZlHm8w8O5/14+pLYI5ZmWJPK99Ikic3EBiZ1xeyxXJkY1emZZSH+7epDpnw1wtx
4c8zclws1Dh0cRcej+AuqS3iPQYPjHUT30acax3An1azVRG8li8gdseW9PqHPfNc
3+k7JM+bHIOem9epfE2dbfex9sMmWP32qeIiHCLqzoubthE8hFPH+wEQYmMaGq31
VC3H9AURn/9z1m0AXQVXqMk557PNPzWfl3XpnNHhyRAhN7NEo5YBB//A/7hlcL3D
PW9ORdd0q8vBxmpl6c5Vr38U0eTMR/3FA/l+hiewyGIpZxqmLsoxtEesTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLX4h+wVgNp0djgoQl/VI7Q5WGN0MB8GA1UdIwQY
MBaAFFNl0D/YUiZ06xesdnKUzRH3KTnRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTJYUVA5aFNKblRyRjZ4MmNwVE5FZmNwT2RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9kMGI1NzEtMzI3Ni00MTc3LTgxNjMt
MDA2OTAzMDc2M2RiLzEvdGZpSDdCV0EyblIyT0NoQ1g5VWp0RGxZWTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9kMGI1NzEtMzI3Ni00MTc3LTgxNjMtMDA2OTAzMDc2M2Ri
LzEvVTJYUVA5aFNKblRyRjZ4MmNwVE5FZmNwT2RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9EFMA8E
AgACMAkDBwAgAQZ8CLAwDQYJKoZIhvcNAQELBQADggEBABof9ffaKChXxzxTBZTt
Y+fAB3sq6zazCEsGe7WWJkI5JMqQ2Ox5CC5a2EbFw+CqycrM2gEPvWt6WkC0Z6Y0
f6sp/xSHiSYUeO3AZWmB7vTW5H/9GMuJTJ66rpNkg0YNTSSufb0xyFKZWbDgMz6D
pLzMge0cReB8Yqllo+de3Yd9isRL49C7lsfv9ZHBm5i8BOdX/EAzzE387KwzDkHA
SlZupSietza8QgElRKLGawnRmtIpVg+lQyNsHjDcd7G3gaO6zja6B68cIvwG8ox3
HjGc0jg6cc0/VWZQ6RsQosIzmphP6ony1innYB/q3XQ1GFLukSlyqWcXe5GLiUD7
5kQ=
-----END CERTIFICATE-----