Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/iTRKgS_ctdQMS65aT9yNiwNmnac.roa
File:                     iTRKgS_ctdQMS65aT9yNiwNmnac.roa (raw, json)
Hash identifier:          9OIP8hq95SLwUq03I4+pqdX2ifDWiqIls9ZH9aKVb9Q=
Subject key identifier:   89:34:4A:81:2F:DC:B5:D4:0C:4B:AE:5A:4F:DC:8D:8B:03:66:9D:A7
Certificate issuer:       /CN=e316318247d211841f9620a9a1130010ddb486f2
Certificate serial:       0199CEECA094048F51FAFD912C5E921237D8
Authority key identifier: E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/iTRKgS_ctdQMS65aT9yNiwNmnac.roa
Signing time:             Fri 10 Oct 2025 16:20:38 +0000
ROA not before:           Fri 10 Oct 2025 16:20:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215898
IP address blocks:        91.232.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:ec:a0:94:04:8f:51:fa:fd:91:2c:5e:92:12:37:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e316318247d211841f9620a9a1130010ddb486f2
        Validity
            Not Before: Oct 10 16:20:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89344a812fdcb5d40c4bae5a4fdc8d8b03669da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:e4:1d:19:31:10:af:a8:95:a5:8f:c2:e4:df:
                    fc:74:ba:a1:24:ef:20:a0:1d:fc:dc:90:84:04:c8:
                    de:b4:b6:95:fc:37:9d:ca:b9:68:f6:94:5a:d4:91:
                    a9:2d:4b:0e:8b:ff:18:b5:4c:35:40:52:89:30:46:
                    e4:48:31:27:7d:f5:f4:9e:17:e8:25:a7:d4:e6:e0:
                    42:66:dc:b1:b8:61:64:b0:96:8a:60:2e:7e:d8:e7:
                    0a:5f:26:63:d9:a9:0e:13:48:88:a4:5f:9d:3d:4c:
                    98:5c:da:14:62:4e:0a:cf:ba:6c:6c:4e:08:06:af:
                    12:34:29:79:30:89:bd:f8:80:87:80:37:8b:73:af:
                    30:9c:a6:89:d3:0d:33:5f:43:d5:d7:67:99:1a:4d:
                    2a:20:45:7d:35:fb:7f:f7:d8:8f:f5:50:b8:d5:22:
                    dd:01:24:69:4a:39:89:61:b8:83:f4:f0:41:77:b8:
                    f6:5a:2e:ff:b2:57:82:e9:f6:30:48:af:60:77:98:
                    a9:68:60:9a:98:d1:58:82:09:a4:4e:c5:ff:af:bf:
                    da:0a:61:48:7d:b5:f3:f7:96:42:f0:18:d1:f4:60:
                    01:2b:44:4f:5f:a6:51:2b:8b:db:2b:11:34:d2:2c:
                    7d:b4:bb:33:91:99:86:8e:91:dc:99:d8:57:36:b6:
                    39:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:34:4A:81:2F:DC:B5:D4:0C:4B:AE:5A:4F:DC:8D:8B:03:66:9D:A7
            X509v3 Authority Key Identifier:
                keyid:E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/iTRKgS_ctdQMS65aT9yNiwNmnac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:54:2a:e5:82:df:26:98:5e:28:38:c1:28:21:95:4d:22:c8:
         7c:59:6c:38:a2:26:21:7f:67:03:40:03:b9:62:f0:48:71:b9:
         96:2b:aa:b2:31:c2:45:e6:11:5b:2c:a3:a9:11:8c:d6:89:e7:
         a6:30:1d:8b:ff:f5:cb:ca:fe:6e:d5:7b:1d:a0:cf:99:a9:70:
         0f:bc:47:8b:d9:d3:51:6b:62:46:18:c0:33:ef:93:91:06:2a:
         01:e8:58:bb:8b:66:86:b0:93:1a:2e:d3:dd:72:9b:e0:4b:78:
         7f:42:a2:e2:aa:f6:d3:a4:c0:41:e5:fb:c7:7e:68:f5:1c:bc:
         95:1a:ba:6f:71:07:6e:78:1d:db:54:39:b7:83:50:e5:21:38:
         4f:78:01:0d:01:be:1e:b0:86:9a:f7:5c:b9:5e:2d:88:11:28:
         ec:e2:61:bb:3d:76:bc:a2:72:6f:9b:ff:ae:1b:5f:82:91:97:
         0c:4f:e6:37:be:28:f9:c5:f3:78:64:a8:49:44:19:cf:13:eb:
         da:c6:42:e8:c4:2d:0c:f5:59:9a:a4:1c:3a:f8:b0:d9:b6:42:
         9b:24:01:a7:75:59:2c:83:40:ef:a6:11:a5:50:ce:a4:6a:02:
         2b:53:79:9a:69:51:8c:43:ed:b9:f1:4c:15:4e:4e:77:c3:98:
         27:88:19:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnO7KCUBI9R+v2RLF6SEjfYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTYzMTgyNDdkMjExODQxZjk2MjBhOWExMTMwMDEwZGRi
NDg2ZjIwHhcNMjUxMDEwMTYyMDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTM0NGE4MTJmZGNiNWQ0MGM0YmFlNWE0ZmRjOGQ4YjAzNjY5ZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl+QdGTEQr6iVpY/C5N/8dLqhJO8g
oB383JCEBMjetLaV/Dedyrlo9pRa1JGpLUsOi/8YtUw1QFKJMEbkSDEnffX0nhfo
JafU5uBCZtyxuGFksJaKYC5+2OcKXyZj2akOE0iIpF+dPUyYXNoUYk4Kz7psbE4I
Bq8SNCl5MIm9+ICHgDeLc68wnKaJ0w0zX0PV12eZGk0qIEV9Nft/99iP9VC41SLd
ASRpSjmJYbiD9PBBd7j2Wi7/sleC6fYwSK9gd5ipaGCamNFYggmkTsX/r7/aCmFI
fbXz95ZC8BjR9GABK0RPX6ZRK4vbKxE00ix9tLszkZmGjpHcmdhXNrY5kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIk0SoEv3LXUDEuuWk/cjYsDZp2nMB8GA1UdIwQY
MBaAFOMWMYJH0hGEH5YgqaETABDdtIbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYt
ZWMyODdlMWQzN2U1LzEvaVRSS2dTX2N0ZFFNUzY1YVQ5eU5pd05tbmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYtZWMyODdlMWQzN2U1
LzEvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hnMA0G
CSqGSIb3DQEBCwUAA4IBAQB8VCrlgt8mmF4oOMEoIZVNIsh8WWw4oiYhf2cDQAO5
YvBIcbmWK6qyMcJF5hFbLKOpEYzWieemMB2L//XLyv5u1XsdoM+ZqXAPvEeL2dNR
a2JGGMAz75ORBioB6Fi7i2aGsJMaLtPdcpvgS3h/QqLiqvbTpMBB5fvHfmj1HLyV
GrpvcQdueB3bVDm3g1DlIThPeAENAb4esIaa91y5Xi2IESjs4mG7PXa8onJvm/+u
G1+CkZcMT+Y3vij5xfN4ZKhJRBnPE+vaxkLoxC0M9VmapBw6+LDZtkKbJAGndVks
g0DvphGlUM6kagIrU3maaVGMQ+258UwVTk53w5gniBkf
-----END CERTIFICATE-----