Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/48b52c-a045-409f-981b-9520549d7fd1/1/yD4usZMSXbGkK2CBunEX74yn4QI.roa
File:                     yD4usZMSXbGkK2CBunEX74yn4QI.roa (raw, json)
Hash identifier:          SizEhRkGwm4GTxXwCKgcYA/BLRuUEVBDL2+vReMYwzM=
Subject key identifier:   C8:3E:2E:B1:93:12:5D:B1:A4:2B:60:81:BA:71:17:EF:8C:A7:E1:02
Certificate issuer:       /CN=26251cf7d8d6d057dc64715ba836299df39fd85b
Certificate serial:       019976F7035EDDFCF3FBACD9C92DB13077E2
Authority key identifier: 26:25:1C:F7:D8:D6:D0:57:DC:64:71:5B:A8:36:29:9D:F3:9F:D8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JiUc99jW0FfcZHFbqDYpnfOf2Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/48b52c-a045-409f-981b-9520549d7fd1/1/yD4usZMSXbGkK2CBunEX74yn4QI.roa
Signing time:             Tue 23 Sep 2025 14:25:23 +0000
ROA not before:           Tue 23 Sep 2025 14:25:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208864
IP address blocks:        91.201.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/48b52c-a045-409f-981b-9520549d7fd1/1/JiUc99jW0FfcZHFbqDYpnfOf2Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/48b52c-a045-409f-981b-9520549d7fd1/1/JiUc99jW0FfcZHFbqDYpnfOf2Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JiUc99jW0FfcZHFbqDYpnfOf2Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:f7:03:5e:dd:fc:f3:fb:ac:d9:c9:2d:b1:30:77:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26251cf7d8d6d057dc64715ba836299df39fd85b
        Validity
            Not Before: Sep 23 14:25:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c83e2eb193125db1a42b6081ba7117ef8ca7e102
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a0:33:af:df:af:5a:a8:57:69:14:12:89:4e:
                    af:4e:35:4a:79:65:6e:70:8c:e6:ab:5b:3c:59:5b:
                    7d:05:67:9e:0b:bd:2b:97:cf:30:bc:c1:e1:bb:2c:
                    a2:32:6c:c2:4c:8d:d5:a8:c4:16:f0:ff:9e:fd:6d:
                    d8:72:32:1c:12:c5:f3:5d:3a:ab:69:c3:52:64:38:
                    de:7b:39:67:6f:6b:3f:a8:8c:a3:3e:ec:74:11:75:
                    c5:83:19:e6:e4:24:1f:cb:4f:0d:f3:49:95:ee:cf:
                    15:d2:28:cf:e1:b6:1d:4d:ea:13:2c:c1:8e:3d:07:
                    83:52:1a:6c:e7:b2:35:80:c0:79:d8:6a:8b:b5:b5:
                    f8:99:d5:a0:4e:a6:59:07:45:a0:6d:13:0e:9c:56:
                    74:5f:c3:85:58:36:6e:2d:8f:f8:c6:27:c5:26:56:
                    23:7b:bc:a6:b8:fb:86:48:86:e5:d1:62:42:76:1e:
                    8e:6b:ed:d1:0e:8f:8d:32:5a:58:03:cb:63:4d:eb:
                    a4:5c:ad:be:f9:27:fe:77:ff:70:44:c9:7d:86:1e:
                    41:79:7b:47:f6:86:b1:bb:96:a2:fa:bd:ea:6d:e0:
                    d2:8f:be:5e:71:13:d1:b1:1f:d9:db:01:1a:91:02:
                    19:ef:fe:cc:2b:a8:12:96:68:a6:e1:84:b1:3e:e1:
                    bf:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:3E:2E:B1:93:12:5D:B1:A4:2B:60:81:BA:71:17:EF:8C:A7:E1:02
            X509v3 Authority Key Identifier:
                keyid:26:25:1C:F7:D8:D6:D0:57:DC:64:71:5B:A8:36:29:9D:F3:9F:D8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JiUc99jW0FfcZHFbqDYpnfOf2Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/48b52c-a045-409f-981b-9520549d7fd1/1/yD4usZMSXbGkK2CBunEX74yn4QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/48b52c-a045-409f-981b-9520549d7fd1/1/JiUc99jW0FfcZHFbqDYpnfOf2Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:a1:01:21:ea:6e:00:0b:a3:79:86:94:0c:c6:cc:55:27:ab:
         d2:0f:ac:a5:73:3d:21:5f:f2:79:36:26:bb:85:f5:67:74:64:
         53:cd:44:b1:70:60:19:59:29:0e:cc:12:72:f4:49:0c:e2:ee:
         98:dc:7f:28:71:d0:2f:19:01:4c:82:eb:74:ab:1b:53:fc:9d:
         c6:e8:0c:53:d4:33:fe:75:1f:23:fc:2e:37:da:a8:f8:f2:9d:
         a4:8f:e2:f0:2f:86:30:ce:79:3e:6a:24:bf:99:c9:3f:62:e9:
         7f:1d:92:41:46:3d:a2:5d:53:79:bf:b7:51:8c:72:7d:c7:ab:
         26:5b:82:4c:85:ef:6a:bc:43:c6:5b:47:b1:31:75:56:90:76:
         8a:8b:d6:ba:71:f4:a9:aa:a7:e6:34:5d:bf:37:f7:01:e7:67:
         72:8f:68:3f:c4:14:10:b5:ae:c3:44:ea:fd:9c:80:8f:5c:2b:
         ff:51:7c:7e:78:a5:f8:9b:34:42:6b:6a:cf:b3:8a:c4:4d:da:
         29:56:f7:9d:2e:65:3e:dd:c6:da:30:ee:be:35:8e:8e:db:8c:
         97:60:b0:b1:4f:5f:25:51:a7:fd:91:e3:97:a1:e5:d6:22:8c:
         10:fe:2d:32:5c:6b:cf:1d:bf:95:ea:51:99:5e:61:20:15:ff:
         a0:5f:af:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl29wNe3fzz+6zZyS2xMHfiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2MjUxY2Y3ZDhkNmQwNTdkYzY0NzE1YmE4MzYyOTlkZjM5
ZmQ4NWIwHhcNMjUwOTIzMTQyNTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODNlMmViMTkzMTI1ZGIxYTQyYjYwODFiYTcxMTdlZjhjYTdlMTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqAzr9+vWqhXaRQSiU6vTjVKeWVu
cIzmq1s8WVt9BWeeC70rl88wvMHhuyyiMmzCTI3VqMQW8P+e/W3YcjIcEsXzXTqr
acNSZDjeezlnb2s/qIyjPux0EXXFgxnm5CQfy08N80mV7s8V0ijP4bYdTeoTLMGO
PQeDUhps57I1gMB52GqLtbX4mdWgTqZZB0WgbRMOnFZ0X8OFWDZuLY/4xifFJlYj
e7ymuPuGSIbl0WJCdh6Oa+3RDo+NMlpYA8tjTeukXK2++Sf+d/9wRMl9hh5BeXtH
9oaxu5ai+r3qbeDSj75ecRPRsR/Z2wEakQIZ7/7MK6gSlmim4YSxPuG/ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMg+LrGTEl2xpCtggbpxF++Mp+ECMB8GA1UdIwQY
MBaAFCYlHPfY1tBX3GRxW6g2KZ3zn9hbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmlVYzk5alcwRmZjWkhGYnFEWXBuZk9mMkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80OGI1MmMtYTA0NS00MDlmLTk4MWIt
OTUyMDU0OWQ3ZmQxLzEveUQ0dXNaTVNYYkdrSzJDQnVuRVg3NHluNFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80OGI1MmMtYTA0NS00MDlmLTk4MWItOTUyMDU0OWQ3ZmQx
LzEvSmlVYzk5alcwRmZjWkhGYnFEWXBuZk9mMkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8l8MA0G
CSqGSIb3DQEBCwUAA4IBAQAaoQEh6m4AC6N5hpQMxsxVJ6vSD6ylcz0hX/J5Nia7
hfVndGRTzUSxcGAZWSkOzBJy9EkM4u6Y3H8ocdAvGQFMgut0qxtT/J3G6AxT1DP+
dR8j/C432qj48p2kj+LwL4Ywznk+aiS/mck/Yul/HZJBRj2iXVN5v7dRjHJ9x6sm
W4JMhe9qvEPGW0exMXVWkHaKi9a6cfSpqqfmNF2/N/cB52dyj2g/xBQQta7DROr9
nICPXCv/UXx+eKX4mzRCa2rPs4rETdopVvedLmU+3cbaMO6+NY6O24yXYLCxT18l
Uaf9keOXoeXWIowQ/i0yXGvPHb+V6lGZXmEgFf+gX68n
-----END CERTIFICATE-----