Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/hTvlytGQdE4bMSxFpu4pwOqOzAs.roa
File:                     hTvlytGQdE4bMSxFpu4pwOqOzAs.roa (raw, json)
Hash identifier:          sjwfg5+KO0tm6ztHfkhFPbdkaAWRxRv1HZmf8qkebNc=
Subject key identifier:   85:3B:E5:CA:D1:90:74:4E:1B:31:2C:45:A6:EE:29:C0:EA:8E:CC:0B
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       0199E219AFD293C3B8E7A90EEDBFCC003A9E
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/hTvlytGQdE4bMSxFpu4pwOqOzAs.roa
Signing time:             Tue 14 Oct 2025 09:42:38 +0000
ROA not before:           Tue 14 Oct 2025 09:42:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401937
IP address blocks:        91.190.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e2:19:af:d2:93:c3:b8:e7:a9:0e:ed:bf:cc:00:3a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: Oct 14 09:42:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=853be5cad190744e1b312c45a6ee29c0ea8ecc0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:61:cf:7f:ce:d1:8c:bd:d4:ba:16:3c:ac:e7:
                    b0:dd:f0:cf:b3:6d:6d:e3:4c:f6:f9:d9:b0:66:04:
                    2e:fb:58:ce:ba:0e:81:6d:a9:e7:c7:41:c8:7d:52:
                    f9:08:39:9d:1e:27:5f:db:aa:be:40:78:b2:52:f1:
                    cc:85:9f:dd:fc:9a:95:fc:fd:7f:bd:85:93:f2:64:
                    8b:68:22:12:ca:c5:09:84:3c:3e:8e:6b:c5:4d:b3:
                    c5:1e:bd:d9:91:5b:95:4b:ff:ef:cc:7a:1a:75:a7:
                    9d:29:e3:da:d4:0b:54:3a:fb:4a:df:df:e6:7c:c0:
                    35:49:b0:59:ea:36:da:f9:a3:4e:91:50:fd:08:87:
                    4f:39:e1:92:7a:64:3f:e4:9b:96:bc:94:59:18:d0:
                    77:d6:b6:e1:55:f3:cd:1b:68:bc:04:08:2f:a9:85:
                    33:89:cb:d8:13:72:18:16:63:9d:0c:ac:e5:8b:3f:
                    3b:cb:16:e5:aa:94:ac:34:b6:3c:93:b4:77:20:82:
                    df:71:b2:0a:47:fb:4d:2e:9d:be:b4:ce:6d:cd:32:
                    99:1f:2e:6e:84:03:6f:bc:61:c5:7a:d5:6d:2a:bd:
                    aa:e6:70:4b:0e:7f:c0:e1:91:62:b4:f6:bd:26:22:
                    12:47:40:9d:e8:4c:c0:c7:fc:7d:ae:7b:21:a6:73:
                    54:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:3B:E5:CA:D1:90:74:4E:1B:31:2C:45:A6:EE:29:C0:EA:8E:CC:0B
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/hTvlytGQdE4bMSxFpu4pwOqOzAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:87:eb:d4:9c:87:63:9c:b0:bd:80:80:6d:1b:c6:e8:46:b7:
         d0:38:48:51:e3:be:c3:ac:5c:3b:93:27:4f:dc:fc:f9:99:cb:
         8a:41:05:dd:4c:52:9a:3b:4c:32:07:49:a0:66:b5:d5:83:fc:
         e6:fd:d4:28:20:80:77:ff:20:be:ee:23:53:ce:57:1c:7d:7c:
         dd:32:51:25:9b:04:79:05:d5:aa:e2:b9:7b:a2:9f:5e:75:4d:
         a2:66:f2:ca:ae:af:1b:7a:0d:0a:fb:ac:7f:2e:02:5f:24:c8:
         70:32:5f:c5:8a:33:a8:bd:51:ba:18:df:60:a6:c1:7b:cc:f2:
         a5:d6:63:09:41:68:1a:a5:12:8f:49:3c:d1:4d:5d:ea:c2:31:
         4e:94:c7:5c:54:21:b1:55:e8:23:ad:7a:3c:a1:ca:01:dd:e1:
         de:ee:f1:a7:51:5b:f5:71:4a:3d:be:15:2e:43:4f:da:7c:75:
         4a:df:0c:60:cd:f7:cc:10:ef:7a:52:2f:97:65:c2:27:c4:ed:
         e0:54:ff:a4:4c:2c:6e:60:b1:37:e3:47:d4:de:10:45:5b:fd:
         ce:be:5a:ca:63:34:b7:dd:51:30:64:6c:fb:a6:3e:f2:ad:f1:
         53:48:77:3b:37:0e:6a:54:1b:e5:c2:ff:6f:aa:8f:cf:2a:af:
         47:2a:14:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZniGa/Sk8O456kO7b/MADqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjUxMDE0MDk0MjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTNiZTVjYWQxOTA3NDRlMWIzMTJjNDVhNmVlMjljMGVhOGVjYzBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmHPf87RjL3UuhY8rOew3fDPs21t
40z2+dmwZgQu+1jOug6Bbannx0HIfVL5CDmdHidf26q+QHiyUvHMhZ/d/JqV/P1/
vYWT8mSLaCISysUJhDw+jmvFTbPFHr3ZkVuVS//vzHoadaedKePa1AtUOvtK39/m
fMA1SbBZ6jba+aNOkVD9CIdPOeGSemQ/5JuWvJRZGNB31rbhVfPNG2i8BAgvqYUz
icvYE3IYFmOdDKzliz87yxblqpSsNLY8k7R3IILfcbIKR/tNLp2+tM5tzTKZHy5u
hANvvGHFetVtKr2q5nBLDn/A4ZFitPa9JiISR0Cd6EzAx/x9rnshpnNUswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIU75crRkHROGzEsRabuKcDqjswLMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvaFR2bHl0R1FkRTRiTVN4RnB1NHB3T3FPekFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW767MA0G
CSqGSIb3DQEBCwUAA4IBAQC4h+vUnIdjnLC9gIBtG8boRrfQOEhR477DrFw7kydP
3Pz5mcuKQQXdTFKaO0wyB0mgZrXVg/zm/dQoIIB3/yC+7iNTzlccfXzdMlElmwR5
BdWq4rl7op9edU2iZvLKrq8beg0K+6x/LgJfJMhwMl/FijOovVG6GN9gpsF7zPKl
1mMJQWgapRKPSTzRTV3qwjFOlMdcVCGxVegjrXo8ocoB3eHe7vGnUVv1cUo9vhUu
Q0/afHVK3wxgzffMEO96Ui+XZcInxO3gVP+kTCxuYLE340fU3hBFW/3OvlrKYzS3
3VEwZGz7pj7yrfFTSHc7Nw5qVBvlwv9vqo/PKq9HKhRy
-----END CERTIFICATE-----