Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/KHE55IVfhkxEyRPjetKWMXa2fOg.roa
File:                     KHE55IVfhkxEyRPjetKWMXa2fOg.roa (raw, json)
Hash identifier:          yUvUxbUmijIWF7cOOamnBQm49nexWbf1vGMkvSs2OSs=
Subject key identifier:   28:71:39:E4:85:5F:86:4C:44:C9:13:E3:7A:D2:96:31:76:B6:7C:E8
Certificate issuer:       /CN=51f4b0b0469eb0d071994cd8238f34bef00c6fbe
Certificate serial:       01997BE0F3D572F4312E374AA4C5F218070E
Authority key identifier: 51:F4:B0:B0:46:9E:B0:D0:71:99:4C:D8:23:8F:34:BE:F0:0C:6F:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UfSwsEaesNBxmUzYI480vvAMb74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/KHE55IVfhkxEyRPjetKWMXa2fOg.roa
Signing time:             Wed 24 Sep 2025 13:19:24 +0000
ROA not before:           Wed 24 Sep 2025 13:19:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207685
IP address blocks:        91.234.10.0/24 maxlen: 24
                          91.234.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/UfSwsEaesNBxmUzYI480vvAMb74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/UfSwsEaesNBxmUzYI480vvAMb74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UfSwsEaesNBxmUzYI480vvAMb74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:e0:f3:d5:72:f4:31:2e:37:4a:a4:c5:f2:18:07:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51f4b0b0469eb0d071994cd8238f34bef00c6fbe
        Validity
            Not Before: Sep 24 13:19:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=287139e4855f864c44c913e37ad2963176b67ce8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:8c:25:43:f6:a0:92:66:48:e5:6e:e9:53:bc:
                    75:a5:61:aa:85:51:0e:74:d8:9b:0d:05:22:84:3d:
                    28:c0:81:6e:3a:3a:06:da:de:da:c6:d7:5a:ec:5e:
                    c3:01:60:c9:2d:2a:98:35:79:b6:f8:89:26:b9:01:
                    e4:4e:34:5b:a1:25:5e:8a:f7:cb:63:db:6a:e9:f4:
                    cb:ea:13:b5:91:eb:56:40:a9:8a:35:7c:c4:f4:18:
                    f5:17:71:37:4b:a7:fe:9e:86:95:06:65:1f:78:da:
                    68:6a:79:a2:0d:74:a2:66:53:15:bd:8b:75:52:f0:
                    d9:0f:b3:dc:a5:b5:3f:b3:1e:f1:17:74:bd:18:bc:
                    0d:a1:c5:39:cd:13:b0:5f:2b:b6:58:8e:94:21:fd:
                    3c:8e:2f:fe:8d:1d:37:dc:06:d5:b2:9b:c7:70:04:
                    b4:14:e4:d0:ff:81:45:43:d2:65:5f:01:97:19:4f:
                    7f:8e:6f:50:38:a7:5c:c7:99:65:e0:6e:37:e5:ef:
                    6d:0f:82:f7:8a:e3:43:f6:cf:06:da:c9:01:c6:5a:
                    a2:fb:52:40:08:17:2c:09:65:97:3f:4e:9c:f4:38:
                    ad:f6:15:13:b5:da:c8:b6:54:37:d7:c2:1b:07:bb:
                    e0:5d:26:b4:8f:c2:0e:9f:ea:2a:09:80:35:a3:14:
                    b4:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:71:39:E4:85:5F:86:4C:44:C9:13:E3:7A:D2:96:31:76:B6:7C:E8
            X509v3 Authority Key Identifier:
                keyid:51:F4:B0:B0:46:9E:B0:D0:71:99:4C:D8:23:8F:34:BE:F0:0C:6F:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UfSwsEaesNBxmUzYI480vvAMb74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/KHE55IVfhkxEyRPjetKWMXa2fOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/UfSwsEaesNBxmUzYI480vvAMb74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.10.0/24
                  91.234.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:3f:2b:9e:03:29:41:e9:62:d5:60:de:35:ac:32:5a:55:57:
         95:70:7e:95:37:2e:d9:80:bf:be:af:3a:5b:79:8c:50:c4:bb:
         40:a5:c7:68:46:21:d6:f7:cf:eb:a0:97:ca:d9:cc:d1:20:bb:
         e4:89:b0:84:8e:66:59:23:16:8f:69:27:be:d9:97:0a:62:e9:
         87:01:10:36:02:e8:a5:39:df:7c:56:47:c9:16:96:57:c2:de:
         d6:24:6a:81:00:68:4f:35:4a:b6:a5:a6:4f:3e:df:1b:87:61:
         7b:a2:83:56:4f:e1:da:bb:a4:3a:60:b3:23:db:2f:8c:65:92:
         49:b3:fa:e3:2a:98:bc:08:33:8c:94:48:c2:7a:8e:9b:9e:38:
         0e:a3:b7:ab:7a:0e:a3:39:76:ac:29:d8:a2:38:93:1a:4b:f4:
         4f:ef:83:8f:4a:97:93:b9:21:fc:cd:1b:8f:9f:58:d6:17:0f:
         05:50:77:58:64:3a:c8:7e:32:f2:97:48:3a:8f:55:71:45:3c:
         58:67:d1:47:f5:79:cb:79:d1:8a:83:f0:04:da:b6:c0:b3:8b:
         2f:82:8b:8a:03:87:ae:87:6c:46:39:6a:1d:c2:1e:05:9a:c0:
         04:4f:e9:b6:9b:38:97:cf:f9:ca:17:db:fd:e4:95:37:86:cc:
         11:ea:f3:41
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZl74PPVcvQxLjdKpMXyGAcOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZjRiMGIwNDY5ZWIwZDA3MTk5NGNkODIzOGYzNGJlZjAw
YzZmYmUwHhcNMjUwOTI0MTMxOTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODcxMzllNDg1NWY4NjRjNDRjOTEzZTM3YWQyOTYzMTc2YjY3Y2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyowlQ/agkmZI5W7pU7x1pWGqhVEO
dNibDQUihD0owIFuOjoG2t7axtda7F7DAWDJLSqYNXm2+IkmuQHkTjRboSVeivfL
Y9tq6fTL6hO1ketWQKmKNXzE9Bj1F3E3S6f+noaVBmUfeNpoanmiDXSiZlMVvYt1
UvDZD7PcpbU/sx7xF3S9GLwNocU5zROwXyu2WI6UIf08ji/+jR033AbVspvHcAS0
FOTQ/4FFQ9JlXwGXGU9/jm9QOKdcx5ll4G435e9tD4L3iuND9s8G2skBxlqi+1JA
CBcsCWWXP06c9Dit9hUTtdrItlQ318IbB7vgXSa0j8IOn+oqCYA1oxS04wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFChxOeSFX4ZMRMkT43rSljF2tnzoMB8GA1UdIwQY
MBaAFFH0sLBGnrDQcZlM2COPNL7wDG++MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWZTd3NFYWVzTkJ4bVV6WUk0ODB2dkFNYjc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9kM2FiMjgtN2Y0Ny00MWYzLWIyMzEt
Nzg4NDRlMTAxMTMzLzEvS0hFNTVJVmZoa3hFeVJQamV0S1dNWGEyZk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9kM2FiMjgtN2Y0Ny00MWYzLWIyMzEtNzg4NDRlMTAxMTMz
LzEvVWZTd3NFYWVzTkJ4bVV6WUk0ODB2dkFNYjc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+oKAwQA
W+oUMA0GCSqGSIb3DQEBCwUAA4IBAQAjPyueAylB6WLVYN41rDJaVVeVcH6VNy7Z
gL++rzpbeYxQxLtApcdoRiHW98/roJfK2czRILvkibCEjmZZIxaPaSe+2ZcKYumH
ARA2AuilOd98VkfJFpZXwt7WJGqBAGhPNUq2paZPPt8bh2F7ooNWT+Hau6Q6YLMj
2y+MZZJJs/rjKpi8CDOMlEjCeo6bnjgOo7ereg6jOXasKdiiOJMaS/RP74OPSpeT
uSH8zRuPn1jWFw8FUHdYZDrIfjLyl0g6j1VxRTxYZ9FH9XnLedGKg/AE2rbAs4sv
gouKA4euh2xGOWodwh4FmsAET+m2mziXz/nKF9v95JU3hswR6vNB
-----END CERTIFICATE-----