Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/L76bfs9TWWZl8Bl96EFZVlzxzoE.roa
File:                     L76bfs9TWWZl8Bl96EFZVlzxzoE.roa (raw, json)
Hash identifier:          +NZoC7IOVINwP2lksSDULnc4emaNPZnnMnAXhFL6IOo=
Subject key identifier:   2F:BE:9B:7E:CF:53:59:66:65:F0:19:7D:E8:41:59:56:5C:F1:CE:81
Certificate issuer:       /CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
Certificate serial:       01997A992FAB5F336BB1098C7CDAFD8037F8
Authority key identifier: DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/L76bfs9TWWZl8Bl96EFZVlzxzoE.roa
Signing time:             Wed 24 Sep 2025 07:21:23 +0000
ROA not before:           Wed 24 Sep 2025 07:21:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40975
IP address blocks:        91.197.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7a:99:2f:ab:5f:33:6b:b1:09:8c:7c:da:fd:80:37:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc7821e1bcbf6e074ea4814aaa5c63e3ba813c5f
        Validity
            Not Before: Sep 24 07:21:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2fbe9b7ecf53596665f0197de84159565cf1ce81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ae:ec:f6:6c:71:3e:45:f6:63:f8:b5:75:01:
                    60:49:37:a5:09:e7:00:b8:fd:ce:72:08:9d:83:0d:
                    2e:c4:73:42:88:26:70:11:ea:df:0b:f1:8f:d7:07:
                    ba:71:c2:fb:07:51:9b:97:e6:e8:2d:84:95:e4:08:
                    3f:42:98:ab:b1:07:2d:56:c1:b8:e1:96:75:6b:70:
                    0c:2c:04:19:17:17:0b:13:50:d3:61:52:20:d2:ff:
                    c7:81:25:ee:21:57:0e:28:0f:3a:cc:19:fe:d4:83:
                    75:82:33:98:b6:f4:4d:0b:a1:86:e0:d1:bc:a9:4b:
                    81:36:2a:19:4a:63:9f:9f:33:c9:f9:e0:df:d2:93:
                    77:c9:08:c8:41:0d:85:d7:e4:6e:27:0f:4c:0b:a2:
                    a9:3b:cf:0d:e0:5d:5b:ac:0a:e4:d9:de:0a:2f:75:
                    4d:e9:1d:e6:d4:a2:65:fc:d7:d4:44:ed:40:7e:17:
                    b9:4b:1b:a4:90:d6:b6:b8:1b:40:66:c9:d6:4a:bf:
                    06:d7:a9:d5:1d:39:e4:ba:da:9d:ee:1c:59:b6:9e:
                    16:8c:3c:b0:12:68:b3:7c:2c:43:42:f8:e9:b3:d4:
                    c1:3d:60:51:64:2d:39:81:dd:78:47:cb:db:e5:6c:
                    fb:d9:3b:05:4d:29:c8:0f:8d:52:8b:a6:c9:1b:fa:
                    f3:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:BE:9B:7E:CF:53:59:66:65:F0:19:7D:E8:41:59:56:5C:F1:CE:81
            X509v3 Authority Key Identifier:
                keyid:DC:78:21:E1:BC:BF:6E:07:4E:A4:81:4A:AA:5C:63:E3:BA:81:3C:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Hgh4by_bgdOpIFKqlxj47qBPF8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/L76bfs9TWWZl8Bl96EFZVlzxzoE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/9daff4-f158-480f-b41f-d48b42ef159b/1/3Hgh4by_bgdOpIFKqlxj47qBPF8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:a0:43:65:55:85:58:84:e3:9b:84:b9:7e:50:13:e2:33:58:
         64:99:9b:54:23:bd:b0:c8:94:e0:c6:96:25:ef:a2:39:e1:79:
         e6:5e:84:e2:0e:4b:94:b5:5e:03:12:1b:e4:6b:f4:a3:6c:63:
         7f:e6:a9:e8:22:d0:ea:4d:59:ee:9c:d7:60:51:77:c8:51:e9:
         ca:df:88:31:41:b3:70:91:ca:83:b8:c0:cb:85:6e:7f:66:98:
         b5:e1:f9:3d:79:e1:cc:79:a3:ef:53:92:d5:b6:f8:56:7b:c2:
         06:c0:c6:c5:f6:e9:7e:d5:85:2c:55:1b:40:fc:eb:11:14:ba:
         2d:44:db:4c:ba:f0:f9:8b:d2:71:de:4c:14:3a:f2:75:a6:23:
         a8:d1:be:0e:25:74:c8:9f:c9:68:a0:b6:80:9a:03:6c:d6:3e:
         f3:37:29:af:0c:e0:5a:ff:04:ac:c6:c7:f1:d7:58:38:4d:a9:
         0b:0f:e7:34:ab:27:20:8e:d5:23:a6:b7:d8:b6:34:11:a3:1e:
         32:05:ef:ca:14:06:d2:07:b9:cf:3c:b9:ec:64:fc:9b:a3:ba:
         55:e2:78:15:10:a5:f5:1b:b7:7f:a6:57:ee:83:33:eb:69:5f:
         dd:17:d7:52:d6:61:0b:6f:92:a5:eb:14:ac:9f:55:69:25:c5:
         a6:e2:e1:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl6mS+rXzNrsQmMfNr9gDf4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNzgyMWUxYmNiZjZlMDc0ZWE0ODE0YWFhNWM2M2UzYmE4
MTNjNWYwHhcNMjUwOTI0MDcyMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmJlOWI3ZWNmNTM1OTY2NjVmMDE5N2RlODQxNTk1NjVjZjFjZTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq7s9mxxPkX2Y/i1dQFgSTelCecA
uP3Ocgidgw0uxHNCiCZwEerfC/GP1we6ccL7B1Gbl+boLYSV5Ag/QpirsQctVsG4
4ZZ1a3AMLAQZFxcLE1DTYVIg0v/HgSXuIVcOKA86zBn+1IN1gjOYtvRNC6GG4NG8
qUuBNioZSmOfnzPJ+eDf0pN3yQjIQQ2F1+RuJw9MC6KpO88N4F1brArk2d4KL3VN
6R3m1KJl/NfURO1Afhe5SxukkNa2uBtAZsnWSr8G16nVHTnkutqd7hxZtp4WjDyw
EmizfCxDQvjps9TBPWBRZC05gd14R8vb5Wz72TsFTSnID41Si6bJG/rzsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC++m37PU1lmZfAZfehBWVZc8c6BMB8GA1UdIwQY
MBaAFNx4IeG8v24HTqSBSqpcY+O6gTxfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYt
ZDQ4YjQyZWYxNTliLzEvTDc2YmZzOVRXV1psOEJsOTZFRlpWbHp4em9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC85ZGFmZjQtZjE1OC00ODBmLWI0MWYtZDQ4YjQyZWYxNTli
LzEvM0hnaDRieV9iZ2RPcElGS3FseGo0N3FCUEY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8X0MA0G
CSqGSIb3DQEBCwUAA4IBAQAPoENlVYVYhOObhLl+UBPiM1hkmZtUI72wyJTgxpYl
76I54XnmXoTiDkuUtV4DEhvka/SjbGN/5qnoItDqTVnunNdgUXfIUenK34gxQbNw
kcqDuMDLhW5/Zpi14fk9eeHMeaPvU5LVtvhWe8IGwMbF9ul+1YUsVRtA/OsRFLot
RNtMuvD5i9Jx3kwUOvJ1piOo0b4OJXTIn8looLaAmgNs1j7zNymvDOBa/wSsxsfx
11g4TakLD+c0qycgjtUjprfYtjQRox4yBe/KFAbSB7nPPLnsZPybo7pV4ngVEKX1
G7d/plfugzPraV/dF9dS1mELb5Kl6xSsn1VpJcWm4uFd
-----END CERTIFICATE-----