Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/dQ-UnjUf_zrF6QrM_x6OnxYwXrs.roa
File:                     dQ-UnjUf_zrF6QrM_x6OnxYwXrs.roa (raw, json)
Hash identifier:          lmcAQBoAG4rGhrHwCQpsyMirWvdOFHnh3mHdkplTacE=
Subject key identifier:   75:0F:94:9E:35:1F:FF:3A:C5:E9:0A:CC:FF:1E:8E:9F:16:30:5E:BB
Certificate issuer:       /CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
Certificate serial:       0199A62D7C542F4B937FC18659E246D81E67
Authority key identifier: 8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/dQ-UnjUf_zrF6QrM_x6OnxYwXrs.roa
Signing time:             Thu 02 Oct 2025 18:27:02 +0000
ROA not before:           Thu 02 Oct 2025 18:27:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49544
IP address blocks:        91.221.208.0/24 maxlen: 24
                          2a0e:6b00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 18:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a6:2d:7c:54:2f:4b:93:7f:c1:86:59:e2:46:d8:1e:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
        Validity
            Not Before: Oct  2 18:27:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=750f949e351fff3ac5e90accff1e8e9f16305ebb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b6:4b:28:1f:20:fe:d8:eb:54:d5:0c:79:b0:
                    ed:f4:2d:62:18:ed:46:ab:3e:4f:69:65:7b:6e:af:
                    de:06:4b:61:11:39:fe:9d:03:d8:8c:e0:4b:cf:02:
                    56:48:e8:1f:6b:ed:66:80:45:5b:68:dc:8a:04:67:
                    51:a7:d0:6c:58:e2:a6:3c:21:70:84:15:82:15:08:
                    4f:d0:ef:ec:b0:9e:62:7a:49:b7:5d:3f:95:c7:cd:
                    52:69:1a:ae:48:de:1a:ce:a3:c4:b0:6d:5d:64:29:
                    a7:96:48:6b:f2:28:e9:e4:f9:25:46:87:46:c6:4f:
                    b9:15:6a:e1:b7:01:df:aa:cb:12:9a:f8:14:99:14:
                    6e:43:8d:e3:a1:44:d0:3e:83:2e:8f:33:46:3e:a1:
                    76:05:c1:10:e5:24:1c:6a:6d:df:22:7f:b9:d0:77:
                    2e:e7:5c:4c:7d:24:6d:f8:f5:78:70:ed:c0:f1:88:
                    16:0e:8f:4a:2c:30:91:9a:11:57:eb:92:72:ad:e4:
                    b8:a6:3f:b5:f4:f1:94:e7:8a:8b:c3:e2:b4:78:2b:
                    90:02:06:de:d1:aa:63:22:00:d7:60:75:a4:80:24:
                    07:5f:40:af:bf:31:7b:13:cf:8b:a5:cc:8c:17:9b:
                    be:dc:1b:e3:a0:d1:95:67:4d:79:f8:d7:24:2d:cf:
                    dd:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:0F:94:9E:35:1F:FF:3A:C5:E9:0A:CC:FF:1E:8E:9F:16:30:5E:BB
            X509v3 Authority Key Identifier:
                keyid:8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/dQ-UnjUf_zrF6QrM_x6OnxYwXrs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.208.0/24
                IPv6:
                  2a0e:6b00::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:eb:cf:b3:05:b0:3d:41:46:31:c9:e4:4f:45:f9:d6:bc:c0:
         b9:95:c8:95:56:e6:87:b8:65:2a:5d:b9:c0:02:d6:18:fd:dd:
         e7:11:7f:cc:bc:d3:c7:5d:ca:f6:7f:4b:56:31:c0:6a:9e:4b:
         3f:52:17:00:9b:3f:5c:35:0b:cc:87:8a:82:25:67:32:2c:79:
         ee:dd:f1:1b:6c:07:c3:48:a7:07:49:39:16:b3:68:de:04:29:
         fe:13:fe:fd:c0:15:d2:10:e9:5a:3f:c5:ee:1a:c1:5e:dc:02:
         ae:e4:f0:69:6c:60:f6:26:ef:97:d3:c2:23:24:69:26:b4:40:
         00:b7:c3:85:6b:19:3e:83:37:cf:52:c1:8c:f7:16:80:72:41:
         b0:6d:5b:37:40:d7:88:be:a7:fa:34:3e:11:f4:b5:39:0c:1b:
         96:20:dd:08:1c:72:f2:c7:23:fa:85:2c:67:ae:6a:13:5d:ab:
         62:df:eb:11:a8:c6:05:2f:c8:4b:2d:c9:e9:fd:47:be:d9:7f:
         e5:9a:6e:bb:ea:28:34:8c:40:49:ab:c4:5f:a6:1e:11:98:25:
         f7:8d:48:49:79:46:20:cc:70:7d:18:d1:80:a6:da:7a:d1:82:
         60:40:f1:9e:9a:27:a5:a2:b9:02:a2:dc:5a:4d:d7:22:52:22:
         65:f6:61:b7
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZmmLXxUL0uTf8GGWeJG2B5nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWI0YzBjZjIxYzFhM2Q2ZWE0MTA2OGNiZTkwOGJlMzg4
ZTQ1MGEwHhcNMjUxMDAyMTgyNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTBmOTQ5ZTM1MWZmZjNhYzVlOTBhY2NmZjFlOGU5ZjE2MzA1ZWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbZLKB8g/tjrVNUMebDt9C1iGO1G
qz5PaWV7bq/eBkthETn+nQPYjOBLzwJWSOgfa+1mgEVbaNyKBGdRp9BsWOKmPCFw
hBWCFQhP0O/ssJ5iekm3XT+Vx81SaRquSN4azqPEsG1dZCmnlkhr8ijp5PklRodG
xk+5FWrhtwHfqssSmvgUmRRuQ43joUTQPoMujzNGPqF2BcEQ5SQcam3fIn+50Hcu
51xMfSRt+PV4cO3A8YgWDo9KLDCRmhFX65JyreS4pj+19PGU54qLw+K0eCuQAgbe
0apjIgDXYHWkgCQHX0CvvzF7E8+LpcyMF5u+3BvjoNGVZ015+NckLc/d4wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHUPlJ41H/86xekKzP8ejp8WMF67MB8GA1UdIwQY
MBaAFIqrTAzyHBo9bqQQaMvpCL44jkUKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMt
NTM3YjFiNDlkZmU3LzEvZFEtVW5qVWZfenJGNlFyTV94Nk9ueFl3WHJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMtNTM3YjFiNDlkZmU3
LzEvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW93QMA8E
AgACMAkDBwAqDmsAAAAwDQYJKoZIhvcNAQELBQADggEBABjrz7MFsD1BRjHJ5E9F
+da8wLmVyJVW5oe4ZSpducAC1hj93ecRf8y808ddyvZ/S1YxwGqeSz9SFwCbP1w1
C8yHioIlZzIsee7d8RtsB8NIpwdJORazaN4EKf4T/v3AFdIQ6Vo/xe4awV7cAq7k
8GlsYPYm75fTwiMkaSa0QAC3w4VrGT6DN89SwYz3FoByQbBtWzdA14i+p/o0PhH0
tTkMG5Yg3QgccvLHI/qFLGeuahNdq2Lf6xGoxgUvyEstyen9R77Zf+WabrvqKDSM
QEmrxF+mHhGYJfeNSEl5RiDMcH0Y0YCm2nrRgmBA8Z6aJ6WiuQKi3FpN1yJSImX2
Ybc=
-----END CERTIFICATE-----