Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/T4_sRnkkd-VWG6jw6G9Xrqx2sGA.roa
File:                     T4_sRnkkd-VWG6jw6G9Xrqx2sGA.roa (raw, json)
Hash identifier:          RvSTlNC63SwkWYjly9ehYd86nj2pxvEow82/5Kb+3tY=
Subject key identifier:   4F:8F:EC:46:79:24:77:E5:56:1B:A8:F0:E8:6F:57:AE:AC:76:B0:60
Certificate issuer:       /CN=827603a93bca31b018f511f6d4b0b7546e963362
Certificate serial:       0199B91B56C93E9526FA94890A361911F12F
Authority key identifier: 82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/T4_sRnkkd-VWG6jw6G9Xrqx2sGA.roa
Signing time:             Mon 06 Oct 2025 10:40:00 +0000
ROA not before:           Mon 06 Oct 2025 10:40:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211373
IP address blocks:        89.190.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b9:1b:56:c9:3e:95:26:fa:94:89:0a:36:19:11:f1:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=827603a93bca31b018f511f6d4b0b7546e963362
        Validity
            Not Before: Oct  6 10:40:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4f8fec46792477e5561ba8f0e86f57aeac76b060
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:92:8a:06:00:df:22:69:ec:7f:2f:af:ed:ed:
                    92:e3:ca:51:25:fd:70:e3:d4:48:0f:04:8d:41:0c:
                    30:5a:64:e7:cc:f4:a1:69:e6:50:41:0e:5b:f6:a4:
                    f5:b8:c7:5c:aa:ff:32:3d:04:c3:a5:cc:c0:7c:77:
                    a0:f9:cd:4b:3f:1c:d5:d1:c1:c3:ea:0a:92:bf:27:
                    d7:b7:6d:f3:fe:e2:b3:85:b6:d0:16:8a:c8:7b:70:
                    ca:0d:3c:eb:56:a4:f5:54:38:93:b3:7a:aa:77:f3:
                    a2:ed:7a:2c:fb:fb:bb:63:da:4e:9d:40:27:f4:b8:
                    24:0b:0f:83:cb:44:a3:41:62:5f:69:14:44:74:24:
                    38:23:a1:ed:62:b4:98:e4:81:1e:79:20:4b:3c:f6:
                    a1:8f:90:37:92:ea:d2:a1:25:be:fb:2c:a5:97:f8:
                    48:68:c6:3c:df:eb:4d:dd:e0:6a:ed:1b:53:08:f2:
                    7a:99:d3:ef:ea:b8:f8:e1:17:04:45:82:46:77:f6:
                    f7:4e:29:38:9a:f7:39:c9:0e:17:0e:b2:a5:f2:33:
                    eb:a6:f0:ca:43:93:9a:c6:55:5f:3d:45:5c:7a:3e:
                    aa:c3:66:2e:54:bb:8a:0f:65:16:d0:6c:f0:fc:f1:
                    2d:4e:b8:6c:14:6e:3a:6f:ee:08:e4:39:61:54:0f:
                    f0:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:8F:EC:46:79:24:77:E5:56:1B:A8:F0:E8:6F:57:AE:AC:76:B0:60
            X509v3 Authority Key Identifier:
                keyid:82:76:03:A9:3B:CA:31:B0:18:F5:11:F6:D4:B0:B7:54:6E:96:33:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gnYDqTvKMbAY9RH21LC3VG6WM2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/T4_sRnkkd-VWG6jw6G9Xrqx2sGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/91af66-d394-42fa-a0c6-b16cb4dfadd3/1/gnYDqTvKMbAY9RH21LC3VG6WM2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.190.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:a8:d8:f8:23:ae:48:af:a5:7e:0f:f7:98:15:22:3e:0a:6c:
         b4:75:16:91:5f:07:6a:0e:c6:90:8c:46:43:80:74:af:c4:ad:
         61:e4:3c:71:2b:95:d2:53:50:26:41:b5:cf:4a:fa:0b:79:87:
         7d:56:0c:c8:7a:63:ba:fc:82:1b:84:72:5f:b7:96:91:ec:56:
         4f:65:0a:18:6e:eb:a2:b6:16:6b:43:9f:84:08:67:63:17:05:
         3e:9f:03:72:79:23:1b:0e:f9:87:72:93:52:3a:65:21:f9:19:
         e8:2c:a6:88:1d:e8:0b:00:ac:70:4b:9e:74:d3:94:84:a1:65:
         cc:09:84:b7:95:25:b5:6c:6a:e2:cc:41:32:39:5c:87:44:3c:
         42:19:50:84:4a:bb:10:08:aa:fe:7d:f2:d7:a3:8f:ee:27:8c:
         69:7f:25:70:37:5b:24:2f:84:bf:24:de:63:df:15:0c:5e:ec:
         b8:9e:ac:14:88:de:c5:99:07:70:c2:b6:82:33:51:c9:31:0d:
         4f:40:3f:b8:8c:27:a9:0a:b2:1e:2b:4e:b7:cf:8c:54:a3:d1:
         29:4d:da:3a:a3:ec:89:2b:ea:57:dd:b3:af:e6:8d:3f:f5:9d:
         d1:7f:e7:f8:0a:19:dc:aa:54:bb:3d:e2:91:28:0a:af:78:d3:
         00:1e:bd:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZm5G1bJPpUm+pSJCjYZEfEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNzYwM2E5M2JjYTMxYjAxOGY1MTFmNmQ0YjBiNzU0NmU5
NjMzNjIwHhcNMjUxMDA2MTA0MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjhmZWM0Njc5MjQ3N2U1NTYxYmE4ZjBlODZmNTdhZWFjNzZiMDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZKKBgDfImnsfy+v7e2S48pRJf1w
49RIDwSNQQwwWmTnzPShaeZQQQ5b9qT1uMdcqv8yPQTDpczAfHeg+c1LPxzV0cHD
6gqSvyfXt23z/uKzhbbQForIe3DKDTzrVqT1VDiTs3qqd/Oi7Xos+/u7Y9pOnUAn
9LgkCw+Dy0SjQWJfaRREdCQ4I6HtYrSY5IEeeSBLPPahj5A3kurSoSW++yyll/hI
aMY83+tN3eBq7RtTCPJ6mdPv6rj44RcERYJGd/b3Tik4mvc5yQ4XDrKl8jPrpvDK
Q5OaxlVfPUVcej6qw2YuVLuKD2UW0Gzw/PEtTrhsFG46b+4I5DlhVA/w0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+P7EZ5JHflVhuo8OhvV66sdrBgMB8GA1UdIwQY
MBaAFIJ2A6k7yjGwGPUR9tSwt1RuljNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYt
YjE2Y2I0ZGZhZGQzLzEvVDRfc1Jua2tkLVZXRzZqdzZHOVhycXgyc0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi85MWFmNjYtZDM5NC00MmZhLWEwYzYtYjE2Y2I0ZGZhZGQz
LzEvZ25ZRHFUdktNYkFZOVJIMjFMQzNWRzZXTTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWb6XMA0G
CSqGSIb3DQEBCwUAA4IBAQA4qNj4I65Ir6V+D/eYFSI+Cmy0dRaRXwdqDsaQjEZD
gHSvxK1h5DxxK5XSU1AmQbXPSvoLeYd9VgzIemO6/IIbhHJft5aR7FZPZQoYbuui
thZrQ5+ECGdjFwU+nwNyeSMbDvmHcpNSOmUh+RnoLKaIHegLAKxwS55005SEoWXM
CYS3lSW1bGrizEEyOVyHRDxCGVCESrsQCKr+ffLXo4/uJ4xpfyVwN1skL4S/JN5j
3xUMXuy4nqwUiN7FmQdwwraCM1HJMQ1PQD+4jCepCrIeK063z4xUo9EpTdo6o+yJ
K+pX3bOv5o0/9Z3Rf+f4ChncqlS7PeKRKAqveNMAHr0b
-----END CERTIFICATE-----