Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/tYoM16a1O9OZo5XYoFfju_qqz8M.roa
File:                     tYoM16a1O9OZo5XYoFfju_qqz8M.roa (raw, json)
Hash identifier:          GdlsDb/allp69iNiLm+qN/cOyit2KYOzK+rzYY7uXMw=
Subject key identifier:   B5:8A:0C:D7:A6:B5:3B:D3:99:A3:95:D8:A0:57:E3:BB:FA:AA:CF:C3
Certificate issuer:       /CN=cd9173bc828ab71da2ebcafa7f898ec6aa1eea76
Certificate serial:       0199DD27AF007FA3747ABD8540EA48C3B0D6
Authority key identifier: CD:91:73:BC:82:8A:B7:1D:A2:EB:CA:FA:7F:89:8E:C6:AA:1E:EA:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zZFzvIKKtx2i68r6f4mOxqoe6nY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/tYoM16a1O9OZo5XYoFfju_qqz8M.roa
Signing time:             Mon 13 Oct 2025 10:39:49 +0000
ROA not before:           Mon 13 Oct 2025 10:39:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213611
IP address blocks:        91.192.163.0/24 maxlen: 24
                          2a14:4040::/29 maxlen: 29
                          2a14:4040::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/zZFzvIKKtx2i68r6f4mOxqoe6nY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/zZFzvIKKtx2i68r6f4mOxqoe6nY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zZFzvIKKtx2i68r6f4mOxqoe6nY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:dd:27:af:00:7f:a3:74:7a:bd:85:40:ea:48:c3:b0:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd9173bc828ab71da2ebcafa7f898ec6aa1eea76
        Validity
            Not Before: Oct 13 10:39:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b58a0cd7a6b53bd399a395d8a057e3bbfaaacfc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:4f:7f:a8:51:88:0e:e6:71:3e:ee:ee:88:68:
                    85:71:6d:8d:05:5f:5d:c4:11:d4:48:92:bf:d0:3d:
                    7b:8c:99:0b:1f:b5:b4:c7:49:22:d6:f4:19:bd:d2:
                    e6:31:6c:8f:05:d7:1c:45:ed:d6:f5:eb:8b:fe:9e:
                    23:9c:ea:dd:39:a3:2a:46:a1:01:37:43:e3:c8:41:
                    b8:c6:7b:f9:9e:55:5a:41:bb:ad:f6:6d:1b:7b:fa:
                    98:73:55:33:dc:41:c1:db:97:f5:24:44:65:78:33:
                    e7:c0:b4:74:51:83:8e:1a:7b:4f:87:13:dc:f2:20:
                    ab:fb:45:79:3e:e0:f2:81:56:22:59:c4:23:d5:75:
                    2a:d4:5a:e0:67:64:ee:ce:87:0c:ca:14:78:c7:3f:
                    27:e3:e6:ec:04:0a:f4:2c:67:7c:ba:93:e0:80:14:
                    8b:d1:4b:cf:94:5f:ab:71:c3:88:7c:b4:ee:ad:a5:
                    9a:45:f6:75:87:0f:91:3d:3a:9c:cd:65:18:19:70:
                    c4:a7:d6:60:04:be:a1:75:64:82:84:4a:98:a6:12:
                    72:b5:0c:46:25:a0:57:a8:61:16:fa:9c:4e:5b:7d:
                    0b:5a:ad:d3:ec:14:30:52:62:c2:79:15:b5:3c:78:
                    b6:f7:1a:6c:76:98:bc:2d:21:41:8f:52:b2:2a:56:
                    5a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:8A:0C:D7:A6:B5:3B:D3:99:A3:95:D8:A0:57:E3:BB:FA:AA:CF:C3
            X509v3 Authority Key Identifier:
                keyid:CD:91:73:BC:82:8A:B7:1D:A2:EB:CA:FA:7F:89:8E:C6:AA:1E:EA:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zZFzvIKKtx2i68r6f4mOxqoe6nY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/tYoM16a1O9OZo5XYoFfju_qqz8M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/5b8b9c-8f19-4c6b-afd7-c694260017b0/1/zZFzvIKKtx2i68r6f4mOxqoe6nY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.163.0/24
                IPv6:
                  2a14:4040::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:25:b3:0d:77:e1:54:42:af:14:b1:d6:c9:5f:ac:a3:70:37:
         55:a8:40:20:d9:df:1e:6b:c1:94:10:d0:04:84:ca:c2:08:61:
         8f:fe:e5:40:6f:64:40:55:c4:d1:5c:9c:4a:9d:2a:5b:2a:40:
         5f:14:57:cd:95:90:cf:da:71:56:0a:8e:42:92:7d:6c:25:3d:
         6f:ce:eb:77:2a:02:2c:61:9c:9a:ca:93:22:2a:24:a3:e2:59:
         22:f0:fb:ca:22:32:20:35:1e:2e:df:dd:e3:84:b4:e7:25:80:
         f2:42:09:ae:b7:75:e3:df:66:13:53:67:a1:c2:a7:b4:bd:eb:
         f8:67:0a:13:ba:c9:41:99:b3:02:3a:02:64:e7:3f:45:88:f2:
         cb:4f:a6:3b:51:fa:80:9e:00:48:cb:b6:28:b8:52:75:c8:b8:
         63:55:a8:d8:2f:97:91:4c:22:4b:39:87:30:37:53:6e:61:84:
         85:d9:3c:f2:53:27:04:b5:2e:45:38:13:d9:4d:dd:51:20:60:
         9c:59:5b:b4:ef:a3:7f:69:cb:cd:b4:00:08:6a:a7:95:e8:18:
         3e:01:14:47:e2:32:de:89:f1:38:c6:72:bf:47:4c:78:43:1c:
         7e:70:22:5c:6d:05:80:20:a9:24:89:70:b1:71:88:4f:33:ba:
         ca:f1:f3:d5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZndJ68Af6N0er2FQOpIw7DWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkOTE3M2JjODI4YWI3MWRhMmViY2FmYTdmODk4ZWM2YWEx
ZWVhNzYwHhcNMjUxMDEzMTAzOTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNThhMGNkN2E2YjUzYmQzOTlhMzk1ZDhhMDU3ZTNiYmZhYWFjZmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApU9/qFGIDuZxPu7uiGiFcW2NBV9d
xBHUSJK/0D17jJkLH7W0x0ki1vQZvdLmMWyPBdccRe3W9euL/p4jnOrdOaMqRqEB
N0PjyEG4xnv5nlVaQbut9m0be/qYc1Uz3EHB25f1JERleDPnwLR0UYOOGntPhxPc
8iCr+0V5PuDygVYiWcQj1XUq1FrgZ2TuzocMyhR4xz8n4+bsBAr0LGd8upPggBSL
0UvPlF+rccOIfLTuraWaRfZ1hw+RPTqczWUYGXDEp9ZgBL6hdWSChEqYphJytQxG
JaBXqGEW+pxOW30LWq3T7BQwUmLCeRW1PHi29xpsdpi8LSFBj1KyKlZaYwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLWKDNemtTvTmaOV2KBX47v6qs/DMB8GA1UdIwQY
MBaAFM2Rc7yCircdouvK+n+JjsaqHup2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelpGenZJS0t0eDJpNjhyNmY0bU94cW9lNm5ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS81YjhiOWMtOGYxOS00YzZiLWFmZDct
YzY5NDI2MDAxN2IwLzEvdFlvTTE2YTFPOU9abzVYWW9GZmp1X3FxejhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS81YjhiOWMtOGYxOS00YzZiLWFmZDctYzY5NDI2MDAxN2Iw
LzEvelpGenZJS0t0eDJpNjhyNmY0bU94cW9lNm5ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8CjMA0E
AgACMAcDBQMqFEBAMA0GCSqGSIb3DQEBCwUAA4IBAQA8JbMNd+FUQq8UsdbJX6yj
cDdVqEAg2d8ea8GUENAEhMrCCGGP/uVAb2RAVcTRXJxKnSpbKkBfFFfNlZDP2nFW
Co5Ckn1sJT1vzut3KgIsYZyaypMiKiSj4lki8PvKIjIgNR4u393jhLTnJYDyQgmu
t3Xj32YTU2ehwqe0vev4ZwoTuslBmbMCOgJk5z9FiPLLT6Y7UfqAngBIy7YouFJ1
yLhjVajYL5eRTCJLOYcwN1NuYYSF2TzyUycEtS5FOBPZTd1RIGCcWVu076N/acvN
tAAIaqeV6Bg+ARRH4jLeifE4xnK/R0x4Qxx+cCJcbQWAIKkkiXCxcYhPM7rK8fPV
-----END CERTIFICATE-----