Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/KH90CUhf7XrSfMlN4KfUmuqyFXY.roa
File:                     KH90CUhf7XrSfMlN4KfUmuqyFXY.roa (raw, json)
Hash identifier:          NdQ1WD96RFU3zZNEmARTJbdjxnkES0BC89q7VKokYR0=
Subject key identifier:   28:7F:74:09:48:5F:ED:7A:D2:7C:C9:4D:E0:A7:D4:9A:EA:B2:15:76
Certificate issuer:       /CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
Certificate serial:       01997B20B127B9A25B849A8D958CC56A8B37
Authority key identifier: 9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/KH90CUhf7XrSfMlN4KfUmuqyFXY.roa
Signing time:             Wed 24 Sep 2025 09:49:23 +0000
ROA not before:           Wed 24 Sep 2025 09:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20648
IP address blocks:        185.91.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:20:b1:27:b9:a2:5b:84:9a:8d:95:8c:c5:6a:8b:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9faf0bf93fc4381fff7e7aa86b4076c033242ffa
        Validity
            Not Before: Sep 24 09:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=287f7409485fed7ad27cc94de0a7d49aeab21576
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e5:a3:5d:eb:61:86:30:c6:0a:01:91:d2:12:
                    48:51:2e:55:d4:12:15:ef:f4:e8:da:fc:08:73:6f:
                    3c:e1:51:13:cb:1f:78:12:df:a9:e1:2e:27:97:11:
                    77:1b:ad:d3:9f:46:5d:d5:f6:0b:9f:5a:6b:27:7f:
                    a9:0a:3b:a5:8e:16:f9:ce:e1:87:39:17:78:19:e4:
                    42:98:87:f8:45:bc:f5:01:50:f7:1b:fc:58:06:ea:
                    77:87:26:8d:95:0c:d9:14:bc:ea:c5:04:5d:c5:0c:
                    46:69:48:f4:de:4e:fc:2c:75:82:82:17:ca:93:32:
                    ef:94:d4:83:3a:c3:0e:9d:82:03:6f:cc:12:45:00:
                    61:e4:4d:9a:ef:ea:89:01:f0:03:68:95:1b:d3:ee:
                    fb:c8:ec:c0:75:f3:ff:e4:5f:f5:d5:9c:f0:ef:5c:
                    3b:4e:4e:ab:91:a3:f4:81:a1:bf:40:8b:23:39:8c:
                    bb:73:00:69:19:eb:46:2a:c2:8e:1d:d4:9c:ac:69:
                    dc:0b:d3:b3:ce:fe:88:f2:5a:73:1a:e5:8a:c7:fc:
                    ac:ba:b1:12:d0:d9:43:14:f1:2a:e8:74:89:4e:f4:
                    79:47:67:62:97:5b:92:4c:c7:c0:a6:03:ec:3b:3a:
                    bc:74:0a:94:a6:32:30:00:b9:1b:11:64:44:0d:10:
                    58:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:7F:74:09:48:5F:ED:7A:D2:7C:C9:4D:E0:A7:D4:9A:EA:B2:15:76
            X509v3 Authority Key Identifier:
                keyid:9F:AF:0B:F9:3F:C4:38:1F:FF:7E:7A:A8:6B:40:76:C0:33:24:2F:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n68L-T_EOB__fnqoa0B2wDMkL_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/KH90CUhf7XrSfMlN4KfUmuqyFXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/a4ff33-b290-4307-afc8-f520a7d71ef5/1/n68L-T_EOB__fnqoa0B2wDMkL_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:a0:ee:55:4d:3f:d9:e5:e6:63:0b:6f:4d:6a:c5:d6:4f:af:
         43:37:dd:0d:24:44:af:30:09:ea:68:40:88:8b:04:7e:12:c6:
         0b:42:63:3e:64:2e:13:74:2a:eb:89:a7:73:fb:2e:1a:1e:c7:
         6c:65:d1:cd:64:b2:ae:4e:76:65:61:ea:b2:77:31:b0:ce:37:
         37:55:71:48:b3:1f:55:ce:c7:ed:29:59:53:2f:f5:93:4e:10:
         5f:85:15:2d:d1:1e:dd:61:1f:d1:bc:1a:54:4e:bc:38:2e:20:
         e6:de:97:65:b0:bc:4b:5e:ca:27:5f:22:9d:c8:2d:0b:56:e6:
         f4:16:f3:36:86:7a:ce:09:e1:62:4c:f5:d3:61:c7:ac:8d:51:
         07:51:17:2c:52:3a:38:0d:ec:62:46:5c:31:31:07:26:81:d9:
         84:66:0f:6b:2c:f5:5c:41:04:d0:42:79:d1:e9:59:92:37:33:
         8a:fd:3c:13:14:00:c7:4a:3b:57:3f:57:98:2a:3f:7e:7f:f7:
         d7:96:0f:99:76:00:49:3b:f2:c5:d3:39:8e:97:b3:1c:55:33:
         16:b8:77:a4:46:f1:73:1a:72:bb:1b:2b:07:2c:80:ea:4e:bd:
         03:3d:87:47:20:78:79:58:c4:6a:0b:fe:1b:09:cf:50:72:c3:
         86:d9:b6:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl7ILEnuaJbhJqNlYzFaos3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYWYwYmY5M2ZjNDM4MWZmZjdlN2FhODZiNDA3NmMwMzMy
NDJmZmEwHhcNMjUwOTI0MDk0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODdmNzQwOTQ4NWZlZDdhZDI3Y2M5NGRlMGE3ZDQ5YWVhYjIxNTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+WjXethhjDGCgGR0hJIUS5V1BIV
7/To2vwIc2884VETyx94Et+p4S4nlxF3G63Tn0Zd1fYLn1prJ3+pCjuljhb5zuGH
ORd4GeRCmIf4Rbz1AVD3G/xYBup3hyaNlQzZFLzqxQRdxQxGaUj03k78LHWCghfK
kzLvlNSDOsMOnYIDb8wSRQBh5E2a7+qJAfADaJUb0+77yOzAdfP/5F/11Zzw71w7
Tk6rkaP0gaG/QIsjOYy7cwBpGetGKsKOHdScrGncC9Ozzv6I8lpzGuWKx/ysurES
0NlDFPEq6HSJTvR5R2dil1uSTMfApgPsOzq8dAqUpjIwALkbEWREDRBYtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCh/dAlIX+160nzJTeCn1JrqshV2MB8GA1UdIwQY
MBaAFJ+vC/k/xDgf/356qGtAdsAzJC/6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgt
ZjUyMGE3ZDcxZWY1LzEvS0g5MENVaGY3WHJTZk1sTjRLZlVtdXF5RlhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi9hNGZmMzMtYjI5MC00MzA3LWFmYzgtZjUyMGE3ZDcxZWY1
LzEvbjY4TC1UX0VPQl9fZm5xb2EwQjJ3RE1rTF9vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVvNMA0G
CSqGSIb3DQEBCwUAA4IBAQDHoO5VTT/Z5eZjC29NasXWT69DN90NJESvMAnqaECI
iwR+EsYLQmM+ZC4TdCrriadz+y4aHsdsZdHNZLKuTnZlYeqydzGwzjc3VXFIsx9V
zsftKVlTL/WTThBfhRUt0R7dYR/RvBpUTrw4LiDm3pdlsLxLXsonXyKdyC0LVub0
FvM2hnrOCeFiTPXTYcesjVEHURcsUjo4DexiRlwxMQcmgdmEZg9rLPVcQQTQQnnR
6VmSNzOK/TwTFADHSjtXP1eYKj9+f/fXlg+ZdgBJO/LF0zmOl7McVTMWuHekRvFz
GnK7GysHLIDqTr0DPYdHIHh5WMRqC/4bCc9QcsOG2bbH
-----END CERTIFICATE-----