Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/Di1QpgX41h6ctGuvSOLfkm_uyfw.roa
File:                     Di1QpgX41h6ctGuvSOLfkm_uyfw.roa (raw, json)
Hash identifier:          EAPlmPmv8N/hsnjz5qvYOhwhE3evHDf9S6gLR+bmno4=
Subject key identifier:   0E:2D:50:A6:05:F8:D6:1E:9C:B4:6B:AF:48:E2:DF:92:6F:EE:C9:FC
Certificate issuer:       /CN=082b54b05af5e3e8743e7bf4af41ea622bb09411
Certificate serial:       0199A5096E22FE314DB2D94B3938B9B5FA8B
Authority key identifier: 08:2B:54:B0:5A:F5:E3:E8:74:3E:7B:F4:AF:41:EA:62:2B:B0:94:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CCtUsFr14-h0Pnv0r0HqYiuwlBE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/Di1QpgX41h6ctGuvSOLfkm_uyfw.roa
Signing time:             Thu 02 Oct 2025 13:08:02 +0000
ROA not before:           Thu 02 Oct 2025 13:08:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43534
IP address blocks:        91.197.95.0/24 maxlen: 24
                          193.163.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/CCtUsFr14-h0Pnv0r0HqYiuwlBE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/CCtUsFr14-h0Pnv0r0HqYiuwlBE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CCtUsFr14-h0Pnv0r0HqYiuwlBE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:09:6e:22:fe:31:4d:b2:d9:4b:39:38:b9:b5:fa:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=082b54b05af5e3e8743e7bf4af41ea622bb09411
        Validity
            Not Before: Oct  2 13:08:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e2d50a605f8d61e9cb46baf48e2df926feec9fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:db:b7:09:af:cf:aa:df:0c:4e:89:35:d4:eb:
                    43:ca:0f:fd:e7:e9:17:f3:9e:b7:29:71:9a:b5:3d:
                    b1:e4:44:a0:f3:7d:4b:6b:cf:5f:b1:64:fb:e6:99:
                    cb:3d:91:36:64:20:4d:ed:6c:00:6a:1d:37:be:87:
                    65:f9:7f:6b:a3:f0:f2:1a:be:9c:e9:fc:98:51:00:
                    aa:cd:26:c1:06:d5:26:00:2f:e9:64:47:5d:7d:76:
                    be:1b:b2:20:e4:37:99:af:1a:2a:b9:f7:f2:fc:e8:
                    71:0a:c7:85:68:1e:c1:8c:c1:03:21:08:e6:de:5a:
                    a5:eb:97:fb:a4:b5:75:db:57:f1:03:8b:d8:94:c5:
                    9c:23:04:e7:cc:2f:ad:d5:10:a1:7a:f3:cd:d3:23:
                    d0:01:b9:99:53:1a:ef:34:67:f8:eb:60:8f:fe:5d:
                    3d:08:ad:64:fc:2d:73:87:70:42:4b:f2:bf:f3:bf:
                    3c:95:7d:62:98:2f:3b:81:e1:5a:39:61:6d:1e:f7:
                    8e:ec:6c:29:fa:d5:8c:bb:7f:90:1a:53:05:dd:b7:
                    c8:6c:12:9b:f9:a2:8d:38:fa:0a:0f:85:20:b5:e3:
                    a8:26:c9:10:1b:7f:9d:6a:0a:f6:4f:a1:69:be:bd:
                    51:6f:bd:f9:94:08:da:a4:4c:b3:a8:6e:28:e0:0e:
                    f1:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:2D:50:A6:05:F8:D6:1E:9C:B4:6B:AF:48:E2:DF:92:6F:EE:C9:FC
            X509v3 Authority Key Identifier:
                keyid:08:2B:54:B0:5A:F5:E3:E8:74:3E:7B:F4:AF:41:EA:62:2B:B0:94:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CCtUsFr14-h0Pnv0r0HqYiuwlBE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/Di1QpgX41h6ctGuvSOLfkm_uyfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/0900a1-924f-496a-ad4c-195060671a0c/1/CCtUsFr14-h0Pnv0r0HqYiuwlBE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.95.0/24
                  193.163.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:42:6a:99:08:17:4e:32:3e:ff:7d:71:b0:d1:bc:d6:81:3d:
         5e:fb:a3:71:b3:9c:e8:7c:f3:e7:56:9d:d5:83:70:c5:72:41:
         67:1a:59:1e:01:24:41:cd:a4:38:a8:37:6e:2f:43:cb:48:71:
         c3:60:b6:e9:e3:cb:48:e2:7f:f8:43:55:4c:35:27:78:5b:9c:
         a0:f2:f0:4d:99:0b:2d:7b:cd:f3:e7:88:80:65:fe:b7:f5:fa:
         cf:14:b9:f3:a9:99:68:5f:5b:91:6f:f5:e1:d3:8c:6e:6a:ed:
         3a:88:54:6c:50:bc:a3:14:f9:b4:c1:27:de:8b:ac:b1:db:6b:
         59:12:48:ac:10:7e:8d:b0:48:0a:18:27:76:d7:3b:58:25:e7:
         0d:50:88:4c:7f:d1:89:db:fa:52:02:d4:95:61:f6:f8:b8:4e:
         a7:f9:bb:6c:b1:33:7d:27:0a:28:56:7a:80:91:d5:13:47:5c:
         0c:5c:bc:30:6c:b1:b5:6c:af:4d:43:3d:0a:8c:5e:b9:54:dd:
         3f:76:47:60:8f:02:5a:6c:bc:56:79:c1:d2:e2:7c:2b:7d:1d:
         40:78:8a:8c:b3:8e:d2:77:a0:22:70:0b:1b:bb:76:5e:39:13:
         ee:9a:0b:90:87:a4:a6:ff:57:3d:4d:53:e4:c8:73:27:b7:78:
         cc:a8:fa:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZmlCW4i/jFNstlLOTi5tfqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MmI1NGIwNWFmNWUzZTg3NDNlN2JmNGFmNDFlYTYyMmJi
MDk0MTEwHhcNMjUxMDAyMTMwODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTJkNTBhNjA1ZjhkNjFlOWNiNDZiYWY0OGUyZGY5MjZmZWVjOWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApdu3Ca/Pqt8MTok11OtDyg/95+kX
8563KXGatT2x5ESg831La89fsWT75pnLPZE2ZCBN7WwAah03vodl+X9ro/DyGr6c
6fyYUQCqzSbBBtUmAC/pZEddfXa+G7Ig5DeZrxoquffy/OhxCseFaB7BjMEDIQjm
3lql65f7pLV121fxA4vYlMWcIwTnzC+t1RChevPN0yPQAbmZUxrvNGf462CP/l09
CK1k/C1zh3BCS/K/8788lX1imC87geFaOWFtHveO7Gwp+tWMu3+QGlMF3bfIbBKb
+aKNOPoKD4UgteOoJskQG3+dagr2T6Fpvr1Rb735lAjapEyzqG4o4A7xpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA4tUKYF+NYenLRrr0ji35Jv7sn8MB8GA1UdIwQY
MBaAFAgrVLBa9ePodD579K9B6mIrsJQRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0N0VXNGcjE0LWgwUG52MHIwSHFZaXV3bEJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8wOTAwYTEtOTI0Zi00OTZhLWFkNGMt
MTk1MDYwNjcxYTBjLzEvRGkxUXBnWDQxaDZjdEd1dlNPTGZrbV91eWZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8wOTAwYTEtOTI0Zi00OTZhLWFkNGMtMTk1MDYwNjcxYTBj
LzEvQ0N0VXNGcjE0LWgwUG52MHIwSHFZaXV3bEJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8VfAwQA
waMwMA0GCSqGSIb3DQEBCwUAA4IBAQAtQmqZCBdOMj7/fXGw0bzWgT1e+6Nxs5zo
fPPnVp3Vg3DFckFnGlkeASRBzaQ4qDduL0PLSHHDYLbp48tI4n/4Q1VMNSd4W5yg
8vBNmQste83z54iAZf639frPFLnzqZloX1uRb/Xh04xuau06iFRsULyjFPm0wSfe
i6yx22tZEkisEH6NsEgKGCd21ztYJecNUIhMf9GJ2/pSAtSVYfb4uE6n+btssTN9
JwooVnqAkdUTR1wMXLwwbLG1bK9NQz0KjF65VN0/dkdgjwJabLxWecHS4nwrfR1A
eIqMs47Sd6AicAsbu3ZeORPumguQh6Sm/1c9TVPkyHMnt3jMqPoQ
-----END CERTIFICATE-----