Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/Jb1qAtrQRHkWR9yqePpnXV6kF-U.roa
File:                     Jb1qAtrQRHkWR9yqePpnXV6kF-U.roa (raw, json)
Hash identifier:          opwZoEWtUaeMsOhsAkDVCLoxpYSLW7EC/weSdnXl3hU=
Subject key identifier:   25:BD:6A:02:DA:D0:44:79:16:47:DC:AA:78:FA:67:5D:5E:A4:17:E5
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       0199A5AD4FE646C5F91E3551D29D359AE685
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/Jb1qAtrQRHkWR9yqePpnXV6kF-U.roa
Signing time:             Thu 02 Oct 2025 16:07:02 +0000
ROA not before:           Thu 02 Oct 2025 16:07:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142019
IP address blocks:        188.209.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:ad:4f:e6:46:c5:f9:1e:35:51:d2:9d:35:9a:e6:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: Oct  2 16:07:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=25bd6a02dad044791647dcaa78fa675d5ea417e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:34:db:d6:d2:72:8f:f9:7e:93:90:c4:09:ad:
                    2d:f4:45:86:b1:92:b1:14:ff:04:f8:b8:13:a0:b8:
                    44:bb:0c:05:b7:b6:67:0a:21:28:0d:d9:31:36:59:
                    1e:6a:81:22:4c:e3:9b:a9:1e:5b:2d:cd:0e:7b:4e:
                    2a:42:8b:6a:34:8c:39:35:ab:4f:fd:d9:9f:5d:7c:
                    08:2f:99:b5:c8:e6:3a:e1:a5:44:1b:19:5b:d0:e8:
                    75:0a:0b:47:64:e6:7e:46:d7:a1:96:89:7a:a5:3b:
                    47:96:e2:8e:73:42:fc:86:6f:bc:89:38:c0:9e:d8:
                    17:a5:e0:9a:16:78:a3:bd:00:60:91:c1:18:be:e0:
                    83:d8:b7:bf:12:1e:67:7b:23:34:e7:c0:34:db:cb:
                    2e:71:a8:ab:eb:ca:51:ee:7b:07:14:5e:ba:a8:dd:
                    03:a7:e4:b1:ac:ab:02:64:a1:26:cb:1b:bc:44:77:
                    9d:73:71:19:f9:c1:8b:c9:95:df:2c:d0:e6:56:6e:
                    8f:47:bb:9a:9c:88:f4:a2:16:97:75:21:7c:3b:a6:
                    45:a0:1e:df:63:2e:30:89:c9:a8:5b:32:39:1d:ec:
                    a3:f3:f4:6e:6d:96:03:ea:18:08:be:c4:65:e3:c8:
                    3a:13:cd:92:1e:a8:57:2f:3c:dd:93:3a:ee:ae:30:
                    7c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:BD:6A:02:DA:D0:44:79:16:47:DC:AA:78:FA:67:5D:5E:A4:17:E5
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/Jb1qAtrQRHkWR9yqePpnXV6kF-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.209.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:03:ad:53:59:c1:ef:b7:71:5a:d6:e8:7e:4c:5f:80:5a:44:
         6a:26:82:09:8e:6f:11:d2:0d:00:04:89:6a:4c:67:d9:28:a4:
         18:af:34:41:fe:55:f7:d9:77:00:3e:b3:6c:00:5b:51:a4:f2:
         2a:38:95:42:fa:e3:aa:46:7b:7f:56:38:ef:25:e8:f5:b4:39:
         2a:05:f0:f3:e4:7d:cf:3e:f2:e9:c3:b4:8a:1d:b2:f0:f7:23:
         bd:9e:44:a2:31:a7:d7:83:b1:a3:a4:ec:a6:d0:9b:dd:56:71:
         76:38:0e:3d:8d:1a:72:57:bb:69:be:3d:f0:ad:75:7b:32:1e:
         58:92:61:e1:99:4d:e5:28:f8:50:a6:8e:b5:c8:29:1a:98:da:
         ea:1c:df:b6:71:21:58:81:c7:8e:bb:4f:a3:7d:5e:64:b8:7a:
         bf:04:2e:cf:d7:7d:68:99:0c:b2:8f:7e:b8:d8:c4:69:34:19:
         80:cc:d8:70:60:ec:3f:85:1f:93:12:e2:31:f3:cb:7a:f1:d1:
         01:67:6e:a4:4b:97:33:cc:68:56:3d:39:66:34:57:be:ab:ae:
         b0:2e:bf:e3:7b:9c:32:77:bf:56:79:96:fa:ef:05:0a:ae:6b:
         49:71:01:74:06:51:25:a1:34:80:0c:61:98:09:4b:2b:f8:8e:
         ed:65:09:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmlrU/mRsX5HjVR0p01muaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjUxMDAyMTYwNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWJkNmEwMmRhZDA0NDc5MTY0N2RjYWE3OGZhNjc1ZDVlYTQxN2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTTb1tJyj/l+k5DECa0t9EWGsZKx
FP8E+LgToLhEuwwFt7ZnCiEoDdkxNlkeaoEiTOObqR5bLc0Oe04qQotqNIw5NatP
/dmfXXwIL5m1yOY64aVEGxlb0Oh1CgtHZOZ+Rtehlol6pTtHluKOc0L8hm+8iTjA
ntgXpeCaFnijvQBgkcEYvuCD2Le/Eh5neyM058A028sucair68pR7nsHFF66qN0D
p+SxrKsCZKEmyxu8RHedc3EZ+cGLyZXfLNDmVm6PR7uanIj0ohaXdSF8O6ZFoB7f
Yy4wicmoWzI5Heyj8/RubZYD6hgIvsRl48g6E82SHqhXLzzdkzrurjB8FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCW9agLa0ER5Fkfcqnj6Z11epBflMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvSmIxcUF0clFSSGtXUjl5cWVQcG5YVjZrRi1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTctYmJlYTI5MThlMTAy
LzEvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNHfMA0G
CSqGSIb3DQEBCwUAA4IBAQCsA61TWcHvt3Fa1uh+TF+AWkRqJoIJjm8R0g0ABIlq
TGfZKKQYrzRB/lX32XcAPrNsAFtRpPIqOJVC+uOqRnt/VjjvJej1tDkqBfDz5H3P
PvLpw7SKHbLw9yO9nkSiMafXg7GjpOym0JvdVnF2OA49jRpyV7tpvj3wrXV7Mh5Y
kmHhmU3lKPhQpo61yCkamNrqHN+2cSFYgceOu0+jfV5kuHq/BC7P131omQyyj364
2MRpNBmAzNhwYOw/hR+TEuIx88t68dEBZ26kS5czzGhWPTlmNFe+q66wLr/je5wy
d79WeZb67wUKrmtJcQF0BlEloTSADGGYCUsr+I7tZQnc
-----END CERTIFICATE-----