Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/4LiTUjwXcNYVafdM65pwT0SBtHo.roa
File:                     4LiTUjwXcNYVafdM65pwT0SBtHo.roa (raw, json)
Hash identifier:          aRRcAkpdwNbRnG0Mp4QvYoZmqIPlW1QZ3Z9Gc0YUkqo=
Subject key identifier:   E0:B8:93:52:3C:17:70:D6:15:69:F7:4C:EB:9A:70:4F:44:81:B4:7A
Certificate issuer:       /CN=41741c05d4ad7ed690e571ef5ed0f87522da47d7
Certificate serial:       019970CE795F06B2B9ED9C50BE68808D097D
Authority key identifier: 41:74:1C:05:D4:AD:7E:D6:90:E5:71:EF:5E:D0:F8:75:22:DA:47:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QXQcBdStftaQ5XHvXtD4dSLaR9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/4LiTUjwXcNYVafdM65pwT0SBtHo.roa
Signing time:             Mon 22 Sep 2025 09:43:23 +0000
ROA not before:           Mon 22 Sep 2025 09:43:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209183
IP address blocks:        91.211.12.0/24 maxlen: 24
                          91.211.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/QXQcBdStftaQ5XHvXtD4dSLaR9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/QXQcBdStftaQ5XHvXtD4dSLaR9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QXQcBdStftaQ5XHvXtD4dSLaR9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:70:ce:79:5f:06:b2:b9:ed:9c:50:be:68:80:8d:09:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41741c05d4ad7ed690e571ef5ed0f87522da47d7
        Validity
            Not Before: Sep 22 09:43:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0b893523c1770d61569f74ceb9a704f4481b47a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:76:48:db:3f:dc:a3:1d:e1:28:5f:6f:8f:42:
                    8b:cb:da:a6:6d:6b:b8:ce:c7:43:62:52:72:32:bd:
                    93:48:e9:fc:9f:f3:37:84:01:4d:e6:df:dc:01:b3:
                    40:b4:66:af:ec:19:1d:b6:db:b7:e5:13:a7:85:15:
                    4d:18:0c:9b:95:d7:0d:96:30:77:00:a3:05:67:e5:
                    50:89:95:6d:b1:6b:e9:e3:4a:cb:3c:48:a1:91:95:
                    3a:ea:5c:31:0a:ba:aa:16:c1:1a:d9:61:3d:cf:f7:
                    b8:63:15:c6:a1:37:e2:e8:b0:af:0f:4a:a2:36:1d:
                    d2:e2:8b:a2:dd:22:08:3d:bd:4c:b0:4d:1f:fb:6b:
                    42:63:e9:d3:e5:0b:d5:b7:85:55:aa:0c:5c:40:79:
                    24:ee:d6:3e:1c:68:3e:fb:ba:6a:69:1c:c5:e6:60:
                    2b:e4:19:e2:82:a1:0e:f5:83:13:96:fd:92:b5:29:
                    a6:28:5e:cc:d4:2f:4d:ee:05:98:99:91:d3:e2:c2:
                    aa:b4:ed:02:f5:53:7d:7c:6a:57:a5:d3:0b:70:a3:
                    ab:81:ad:61:50:7d:42:e0:fb:e3:c3:be:dd:d4:72:
                    fa:46:00:50:03:ea:a0:f3:26:09:74:ad:eb:9c:ee:
                    8e:60:6f:40:9d:ed:6e:48:c4:f4:1a:3c:32:18:a0:
                    b8:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:B8:93:52:3C:17:70:D6:15:69:F7:4C:EB:9A:70:4F:44:81:B4:7A
            X509v3 Authority Key Identifier:
                keyid:41:74:1C:05:D4:AD:7E:D6:90:E5:71:EF:5E:D0:F8:75:22:DA:47:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QXQcBdStftaQ5XHvXtD4dSLaR9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/4LiTUjwXcNYVafdM65pwT0SBtHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/a311ea-31b3-4ba4-b533-410322c702ff/1/QXQcBdStftaQ5XHvXtD4dSLaR9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.12.0/24
                  91.211.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:e5:fa:df:c1:ea:98:e6:0e:1b:3e:27:d7:46:6f:f9:41:14:
         e7:56:4f:11:d5:59:99:74:7f:46:ba:5c:22:0f:c4:b1:e2:93:
         00:a3:c2:bc:1d:33:ec:15:e5:a1:ae:42:64:eb:69:96:d9:3f:
         2b:13:3b:ec:4a:c4:56:70:e9:11:a9:27:ae:72:6a:be:3e:b3:
         42:26:b7:39:1e:34:cf:e2:11:f1:4d:40:ce:8a:ce:cf:67:fe:
         f3:fc:c5:67:f7:13:e1:26:c5:5f:51:da:e0:f6:b7:eb:1d:b3:
         3d:f3:88:56:da:bb:24:e0:02:e8:dc:08:01:ad:50:e3:6f:38:
         46:45:ef:e4:0b:1b:cf:70:fd:4c:a6:ac:46:57:e6:11:fb:85:
         72:c8:80:30:bb:1b:50:6b:c8:0d:37:da:74:49:c2:2f:b0:67:
         45:36:6f:22:9b:07:12:3e:92:06:26:8a:4c:d6:d7:74:d5:72:
         e1:6d:4e:34:ba:fc:a8:48:c1:3f:c6:3c:32:09:d8:13:1e:60:
         c8:3b:f3:6a:4f:bb:e9:5f:c0:61:cb:c1:f8:86:e6:73:72:76:
         5e:7d:2b:43:a3:5f:6b:1b:e7:af:92:6f:6b:8f:57:70:3b:f7:
         7d:55:4b:78:b7:9f:cd:e4:1e:9a:ad:35:8c:e4:d7:c9:a4:92:
         67:a9:7d:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZlwznlfBrK57ZxQvmiAjQl9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxNzQxYzA1ZDRhZDdlZDY5MGU1NzFlZjVlZDBmODc1MjJk
YTQ3ZDcwHhcNMjUwOTIyMDk0MzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGI4OTM1MjNjMTc3MGQ2MTU2OWY3NGNlYjlhNzA0ZjQ0ODFiNDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArHZI2z/cox3hKF9vj0KLy9qmbWu4
zsdDYlJyMr2TSOn8n/M3hAFN5t/cAbNAtGav7Bkdttu35ROnhRVNGAybldcNljB3
AKMFZ+VQiZVtsWvp40rLPEihkZU66lwxCrqqFsEa2WE9z/e4YxXGoTfi6LCvD0qi
Nh3S4oui3SIIPb1MsE0f+2tCY+nT5QvVt4VVqgxcQHkk7tY+HGg++7pqaRzF5mAr
5BnigqEO9YMTlv2StSmmKF7M1C9N7gWYmZHT4sKqtO0C9VN9fGpXpdMLcKOrga1h
UH1C4Pvjw77d1HL6RgBQA+qg8yYJdK3rnO6OYG9Ane1uSMT0GjwyGKC4hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOC4k1I8F3DWFWn3TOuacE9EgbR6MB8GA1UdIwQY
MBaAFEF0HAXUrX7WkOVx717Q+HUi2kfXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVhRY0JkU3RmdGFRNVhIdlh0RDRkU0xhUjljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9hMzExZWEtMzFiMy00YmE0LWI1MzMt
NDEwMzIyYzcwMmZmLzEvNExpVFVqd1hjTllWYWZkTTY1cHdUMFNCdEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9hMzExZWEtMzFiMy00YmE0LWI1MzMtNDEwMzIyYzcwMmZm
LzEvUVhRY0JkU3RmdGFRNVhIdlh0RDRkU0xhUjljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9MMAwQA
W9MPMA0GCSqGSIb3DQEBCwUAA4IBAQAi5frfweqY5g4bPifXRm/5QRTnVk8R1VmZ
dH9GulwiD8Sx4pMAo8K8HTPsFeWhrkJk62mW2T8rEzvsSsRWcOkRqSeucmq+PrNC
Jrc5HjTP4hHxTUDOis7PZ/7z/MVn9xPhJsVfUdrg9rfrHbM984hW2rsk4ALo3AgB
rVDjbzhGRe/kCxvPcP1MpqxGV+YR+4VyyIAwuxtQa8gNN9p0ScIvsGdFNm8imwcS
PpIGJopM1td01XLhbU40uvyoSME/xjwyCdgTHmDIO/NqT7vpX8Bhy8H4huZzcnZe
fStDo19rG+evkm9rj1dwO/d9VUt4t5/N5B6arTWM5NfJpJJnqX2r
-----END CERTIFICATE-----