Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/E_z1rRm2dPIkXYCFMVviLLfSyVg.roa
File:                     E_z1rRm2dPIkXYCFMVviLLfSyVg.roa (raw, json)
Hash identifier:          VusW0dej7Bb9Ooea4R8NVWxaK/HakKSdSQk63k3jQc4=
Subject key identifier:   13:FC:F5:AD:19:B6:74:F2:24:5D:80:85:31:5B:E2:2C:B7:D2:C9:58
Certificate issuer:       /CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
Certificate serial:       0199631105A47FF447F95E4B7B08B43A7D39
Authority key identifier: 1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/E_z1rRm2dPIkXYCFMVviLLfSyVg.roa
Signing time:             Fri 19 Sep 2025 17:41:23 +0000
ROA not before:           Fri 19 Sep 2025 17:41:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        91.234.22.0/24 maxlen: 24
                          194.59.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:63:11:05:a4:7f:f4:47:f9:5e:4b:7b:08:b4:3a:7d:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7ad7754795ddd605f28838bb7cc359df7a266a
        Validity
            Not Before: Sep 19 17:41:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13fcf5ad19b674f2245d8085315be22cb7d2c958
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:26:ac:08:4d:2e:27:7b:b0:71:47:c6:f5:8b:
                    8b:5a:36:b9:75:58:72:6b:5e:b2:f9:b7:f5:22:ed:
                    06:84:6b:4d:24:8b:4b:bb:75:48:8d:d1:c7:8e:4e:
                    93:bf:f9:0f:cb:50:32:51:e2:33:05:61:f8:94:71:
                    82:aa:30:2e:dc:81:3d:02:8c:37:19:c1:e4:14:78:
                    4d:38:96:05:3a:e5:90:16:b9:d6:7a:12:72:60:57:
                    c0:ae:f9:38:82:a1:06:49:36:21:45:2e:e8:57:55:
                    bb:24:22:b9:8c:dc:3c:dc:00:60:d0:19:8f:ae:d7:
                    fb:88:bb:de:bc:39:62:a9:be:c5:1b:83:6e:77:23:
                    35:f6:4a:a9:df:08:13:77:f1:d9:a7:2b:eb:16:b2:
                    a5:89:36:e4:a4:74:ef:21:91:77:71:67:98:5e:71:
                    2b:54:05:1b:5a:c4:ac:a1:7e:91:32:cd:0f:89:9a:
                    a9:24:2d:7f:90:c2:a2:ca:c7:16:1d:2d:ae:66:ec:
                    2a:19:24:59:e5:1e:c6:70:d4:bd:79:c8:a3:f4:9a:
                    44:4f:0c:66:85:d3:21:c9:fa:85:e0:7e:d3:e2:90:
                    fe:6a:7a:53:94:69:89:f5:1d:bb:b6:cf:df:0c:fc:
                    08:03:f9:c0:5f:49:15:69:ac:8d:5e:b5:6e:51:7f:
                    5c:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:FC:F5:AD:19:B6:74:F2:24:5D:80:85:31:5B:E2:2C:B7:D2:C9:58
            X509v3 Authority Key Identifier:
                keyid:1C:7A:D7:75:47:95:DD:D6:05:F2:88:38:BB:7C:C3:59:DF:7A:26:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHrXdUeV3dYF8og4u3zDWd96Jmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/E_z1rRm2dPIkXYCFMVviLLfSyVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/c5a9e3-6722-4b6a-be58-ada5c20e3f7b/1/HHrXdUeV3dYF8og4u3zDWd96Jmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.22.0/24
                  194.59.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:f1:15:d7:05:5b:ff:be:6f:fd:e0:de:25:4d:21:5e:f2:bc:
         bf:b8:43:81:bd:7e:86:5d:fe:9b:86:ba:41:9b:19:69:6d:d1:
         34:99:ec:c0:4f:92:ad:4b:81:87:ea:bb:74:08:3b:47:9e:9f:
         b7:71:b7:b2:3f:20:1f:c2:28:61:46:fc:18:04:98:92:c2:ea:
         98:79:32:3e:d2:b8:47:d9:fa:13:7e:58:2c:91:97:01:9d:47:
         3a:d6:d9:cb:7e:90:c7:84:71:36:fb:30:44:3f:e6:da:7c:7c:
         ec:9a:d5:bf:5c:d1:a7:c1:b7:e8:5a:17:02:fb:21:a4:b3:e6:
         f7:95:a0:ab:c4:42:35:1d:27:8f:a9:7c:d4:9d:b1:05:3e:7f:
         e5:1e:40:c8:5e:c1:1b:4d:22:91:92:2f:d1:f8:d3:d8:0d:bb:
         3a:35:39:be:44:36:8b:60:44:76:5a:64:31:17:c2:10:d9:eb:
         8d:33:c0:0c:31:5c:7b:67:96:69:78:60:5a:41:e6:68:b4:d6:
         23:c7:17:02:e0:7f:a9:dd:61:f7:8a:30:1d:c8:16:d6:3d:6c:
         f0:99:97:28:4c:92:07:88:82:b2:7e:ed:fc:5a:9b:6a:2d:fb:
         b6:0a:42:92:6a:62:4e:d5:6f:e7:8f:f4:70:b7:39:81:66:69:
         df:92:47:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZljEQWkf/RH+V5Lewi0On05MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2FkNzc1NDc5NWRkZDYwNWYyODgzOGJiN2NjMzU5ZGY3
YTI2NmEwHhcNMjUwOTE5MTc0MTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2ZjZjVhZDE5YjY3NGYyMjQ1ZDgwODUzMTViZTIyY2I3ZDJjOTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvSasCE0uJ3uwcUfG9YuLWja5dVhy
a16y+bf1Iu0GhGtNJItLu3VIjdHHjk6Tv/kPy1AyUeIzBWH4lHGCqjAu3IE9Aow3
GcHkFHhNOJYFOuWQFrnWehJyYFfArvk4gqEGSTYhRS7oV1W7JCK5jNw83ABg0BmP
rtf7iLvevDliqb7FG4NudyM19kqp3wgTd/HZpyvrFrKliTbkpHTvIZF3cWeYXnEr
VAUbWsSsoX6RMs0PiZqpJC1/kMKiyscWHS2uZuwqGSRZ5R7GcNS9ecij9JpETwxm
hdMhyfqF4H7T4pD+anpTlGmJ9R27ts/fDPwIA/nAX0kVaayNXrVuUX9c1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBP89a0ZtnTyJF2AhTFb4iy30slYMB8GA1UdIwQY
MBaAFBx613VHld3WBfKIOLt8w1nfeiZqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgt
YWRhNWMyMGUzZjdiLzEvRV96MXJSbTJkUElrWFlDRk1WdmlMTGZTeVZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9jNWE5ZTMtNjcyMi00YjZhLWJlNTgtYWRhNWMyMGUzZjdi
LzEvSEhyWGRVZVYzZFlGOG9nNHUzekRXZDk2Sm1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+oWAwQA
wjsGMA0GCSqGSIb3DQEBCwUAA4IBAQA48RXXBVv/vm/94N4lTSFe8ry/uEOBvX6G
Xf6bhrpBmxlpbdE0mezAT5KtS4GH6rt0CDtHnp+3cbeyPyAfwihhRvwYBJiSwuqY
eTI+0rhH2foTflgskZcBnUc61tnLfpDHhHE2+zBEP+bafHzsmtW/XNGnwbfoWhcC
+yGks+b3laCrxEI1HSePqXzUnbEFPn/lHkDIXsEbTSKRki/R+NPYDbs6NTm+RDaL
YER2WmQxF8IQ2euNM8AMMVx7Z5ZpeGBaQeZotNYjxxcC4H+p3WH3ijAdyBbWPWzw
mZcoTJIHiIKyfu38WptqLfu2CkKSamJO1W/nj/RwtzmBZmnfkkeC
-----END CERTIFICATE-----