Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/wnjBzzTh1nOLtHn-MycT-V9xs1U.roa
File:                     wnjBzzTh1nOLtHn-MycT-V9xs1U.roa (raw, json)
Hash identifier:          vhvfmbXLzxRQ2h0uOUjGMbl4v8ffZL2j3QGUBdIR1YM=
Subject key identifier:   C2:78:C1:CF:34:E1:D6:73:8B:B4:79:FE:33:27:13:F9:5F:71:B3:55
Certificate issuer:       /CN=f6090b4db06a4d65935141bac98098127a8b8f5a
Certificate serial:       01988958A464BA5827F02B61D5B4F4C12DCD
Authority key identifier: F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/wnjBzzTh1nOLtHn-MycT-V9xs1U.roa
Signing time:             Fri 08 Aug 2025 11:02:24 +0000
ROA not before:           Fri 08 Aug 2025 11:02:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216457
IP address blocks:        91.208.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:89:58:a4:64:ba:58:27:f0:2b:61:d5:b4:f4:c1:2d:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6090b4db06a4d65935141bac98098127a8b8f5a
        Validity
            Not Before: Aug  8 11:02:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c278c1cf34e1d6738bb479fe332713f95f71b355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:84:dd:dd:b2:80:e1:40:94:d2:00:3d:96:e9:
                    c6:92:54:e5:e4:67:bd:b7:f5:11:53:ed:46:1e:ae:
                    d3:bf:05:6e:e7:c2:46:cc:10:cb:76:99:50:57:c2:
                    da:4a:1d:a0:1c:41:64:d9:63:97:d5:ee:d0:61:2f:
                    ad:1c:28:72:5d:a8:3b:ac:23:8a:e2:26:85:a9:61:
                    c0:10:c7:2f:d4:56:2f:2d:d5:46:3d:29:28:5d:ea:
                    d6:53:3a:cb:0d:0c:3b:de:6d:90:b5:12:41:13:30:
                    7e:bc:d0:2b:7b:6d:dd:9c:da:1c:1f:8d:6d:30:6b:
                    8a:fa:3b:4f:2d:b4:a6:af:eb:d6:a9:4c:bc:30:dd:
                    3a:08:23:17:f7:9b:96:3d:6f:40:c8:fc:58:30:7b:
                    0f:66:c2:64:06:57:74:a3:23:9a:0c:dc:f3:fe:0a:
                    ef:90:12:23:1b:95:bb:53:4b:bd:d6:f7:f2:4e:93:
                    fc:66:46:51:06:5e:d2:cd:66:eb:4e:04:fe:9d:3f:
                    71:1c:a2:d0:8e:f0:97:0c:75:c3:c5:bd:ed:c0:69:
                    9c:4a:9b:10:20:44:6a:b2:0e:e8:21:e6:24:da:9d:
                    8c:54:ea:98:0b:23:10:67:29:c5:55:23:08:17:aa:
                    ed:35:6d:1e:f5:60:b6:98:5d:15:d8:63:11:86:4c:
                    7b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:78:C1:CF:34:E1:D6:73:8B:B4:79:FE:33:27:13:F9:5F:71:B3:55
            X509v3 Authority Key Identifier:
                keyid:F6:09:0B:4D:B0:6A:4D:65:93:51:41:BA:C9:80:98:12:7A:8B:8F:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9gkLTbBqTWWTUUG6yYCYEnqLj1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/wnjBzzTh1nOLtHn-MycT-V9xs1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/2dc7af-2c8c-457b-aeb0-4e1dc1505260/1/9gkLTbBqTWWTUUG6yYCYEnqLj1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:44:76:3a:51:cc:ff:fd:e1:10:e4:41:99:e0:a5:47:f9:3e:
         b6:16:06:ac:1c:98:d2:ef:71:79:64:ec:90:e1:78:6b:33:11:
         23:2a:72:21:56:bb:dd:60:37:49:f4:eb:f5:73:d5:0d:56:6a:
         5a:72:80:17:44:1b:d6:d7:11:64:1e:de:0c:13:11:8c:4e:26:
         ad:50:01:33:3c:2a:16:a3:25:3a:59:29:5b:da:b3:43:c0:03:
         da:d9:d9:92:31:7b:5a:85:73:c5:18:49:57:d2:ad:51:f5:2f:
         0d:2a:65:d4:16:3e:de:57:ef:bd:76:0c:7c:8c:d7:77:29:c6:
         a9:1d:53:44:d2:6a:f5:cf:a5:d6:07:f5:ae:f0:44:4c:e8:80:
         c1:1f:ce:8c:b3:77:32:46:95:30:ef:84:7c:70:6c:2c:2b:d3:
         1c:05:bb:7c:c2:eb:25:c8:38:7f:c0:ef:e6:ba:f4:af:68:6d:
         f5:38:01:b3:09:75:d1:f7:75:19:65:54:a6:0a:80:cd:4d:a6:
         1e:73:b0:9c:5d:14:fe:80:4d:d6:7b:3e:ab:8c:a4:49:53:f0:
         e2:7b:32:19:67:2f:85:af:28:b7:6c:7a:6c:e3:ee:a1:3c:a2:
         2c:29:79:f5:2f:e6:e1:aa:d7:8c:4b:0a:46:8f:c7:84:07:fb:
         b9:b0:a7:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiJWKRkulgn8Cth1bT0wS3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MDkwYjRkYjA2YTRkNjU5MzUxNDFiYWM5ODA5ODEyN2E4
YjhmNWEwHhcNMjUwODA4MTEwMjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjc4YzFjZjM0ZTFkNjczOGJiNDc5ZmUzMzI3MTNmOTVmNzFiMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYTd3bKA4UCU0gA9lunGklTl5Ge9
t/URU+1GHq7TvwVu58JGzBDLdplQV8LaSh2gHEFk2WOX1e7QYS+tHChyXag7rCOK
4iaFqWHAEMcv1FYvLdVGPSkoXerWUzrLDQw73m2QtRJBEzB+vNAre23dnNocH41t
MGuK+jtPLbSmr+vWqUy8MN06CCMX95uWPW9AyPxYMHsPZsJkBld0oyOaDNzz/grv
kBIjG5W7U0u91vfyTpP8ZkZRBl7SzWbrTgT+nT9xHKLQjvCXDHXDxb3twGmcSpsQ
IERqsg7oIeYk2p2MVOqYCyMQZynFVSMIF6rtNW0e9WC2mF0V2GMRhkx71wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMJ4wc804dZzi7R5/jMnE/lfcbNVMB8GA1UdIwQY
MBaAFPYJC02wak1lk1FBusmAmBJ6i49aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAt
NGUxZGMxNTA1MjYwLzEvd25qQnp6VGgxbk9MdEhuLU15Y1QtVjl4czFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8yZGM3YWYtMmM4Yy00NTdiLWFlYjAtNGUxZGMxNTA1MjYw
LzEvOWdrTFRiQnFUV1dUVVVHNnlZQ1lFbnFMajFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BxMA0G
CSqGSIb3DQEBCwUAA4IBAQA8RHY6Ucz//eEQ5EGZ4KVH+T62FgasHJjS73F5ZOyQ
4XhrMxEjKnIhVrvdYDdJ9Ov1c9UNVmpacoAXRBvW1xFkHt4MExGMTiatUAEzPCoW
oyU6WSlb2rNDwAPa2dmSMXtahXPFGElX0q1R9S8NKmXUFj7eV++9dgx8jNd3Kcap
HVNE0mr1z6XWB/Wu8ERM6IDBH86Ms3cyRpUw74R8cGwsK9McBbt8wuslyDh/wO/m
uvSvaG31OAGzCXXR93UZZVSmCoDNTaYec7CcXRT+gE3Wez6rjKRJU/DiezIZZy+F
ryi3bHps4+6hPKIsKXn1L+bhqteMSwpGj8eEB/u5sKdW
-----END CERTIFICATE-----