Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/JoGj50pnCfcj4YvYSQZxvyclrO4.roa
File:                     JoGj50pnCfcj4YvYSQZxvyclrO4.roa (raw, json)
Hash identifier:          Ehuefj6YltqorbH3ONfFXlgZF7FUv/1f+bkYNPhv4tU=
Subject key identifier:   26:81:A3:E7:4A:67:09:F7:23:E1:8B:D8:49:06:71:BF:27:25:AC:EE
Certificate issuer:       /CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
Certificate serial:       0199EE693FB468FBD92B25610D4E03BF2E5E
Authority key identifier: 45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/JoGj50pnCfcj4YvYSQZxvyclrO4.roa
Signing time:             Thu 16 Oct 2025 19:04:58 +0000
ROA not before:           Thu 16 Oct 2025 19:04:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        91.217.149.0/24 maxlen: 24
                          2a01:f440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ee:69:3f:b4:68:fb:d9:2b:25:61:0d:4e:03:bf:2e:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45effe98c24c3d6d6087c8d1d3f901b8ccd40088
        Validity
            Not Before: Oct 16 19:04:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2681a3e74a6709f723e18bd8490671bf2725acee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fa:6f:da:c2:b5:72:f8:03:c8:4a:e1:85:cc:
                    8d:f9:0c:6a:10:d7:68:16:d7:7e:c1:a5:a2:41:13:
                    6f:ef:be:67:25:99:c2:0a:db:e8:58:04:2a:d5:09:
                    a6:1c:1f:bf:f6:d9:e9:b7:88:58:9b:ba:32:d5:5a:
                    e4:2a:ef:9c:a0:53:f1:6e:2d:e2:8a:46:4b:08:8f:
                    1f:f5:3b:3b:ab:d8:30:12:d8:8f:43:d6:dd:32:9e:
                    52:6f:a4:0d:08:10:2f:13:37:54:f2:fe:65:8c:32:
                    63:45:3c:56:7d:ee:b5:44:ad:6d:9f:e7:01:51:01:
                    07:24:d2:d1:fb:14:bd:6e:33:10:9d:34:a4:99:59:
                    dd:6a:16:16:09:94:73:57:04:af:e6:dc:7c:fd:7a:
                    3f:8e:83:ab:c9:47:e7:ce:42:09:2f:e5:d3:57:68:
                    4d:b4:1c:40:98:1e:af:72:94:6b:4c:ab:ec:19:1f:
                    cb:03:77:2c:08:0e:d4:67:18:a4:7e:f1:2e:23:0c:
                    d1:86:3e:5f:90:73:a6:22:f6:20:78:40:2e:3e:69:
                    8f:35:b6:17:59:0b:5d:28:78:e3:2b:30:e1:90:14:
                    79:6b:44:0c:02:f5:2b:95:6e:98:67:c3:24:0c:43:
                    5f:54:ff:57:46:42:f3:3a:23:bc:a5:0b:59:b1:9e:
                    67:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:81:A3:E7:4A:67:09:F7:23:E1:8B:D8:49:06:71:BF:27:25:AC:EE
            X509v3 Authority Key Identifier:
                keyid:45:EF:FE:98:C2:4C:3D:6D:60:87:C8:D1:D3:F9:01:B8:CC:D4:00:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Re_-mMJMPW1gh8jR0_kBuMzUAIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/JoGj50pnCfcj4YvYSQZxvyclrO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/1e4a64-7aa0-4c94-9bb0-deb7b9189169/1/Re_-mMJMPW1gh8jR0_kBuMzUAIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.149.0/24
                IPv6:
                  2a01:f440::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:56:f6:20:11:64:ad:55:9f:7a:19:ad:e5:9a:53:94:a7:1f:
         fe:d2:7f:7f:44:d2:a1:13:10:8b:25:06:47:51:60:35:f9:b1:
         01:8c:66:e2:49:8b:3a:4d:32:31:76:f9:54:61:1b:76:ae:2c:
         99:88:46:e6:14:71:2e:4c:23:8f:8e:7f:2e:76:77:0c:60:34:
         d7:ce:8a:19:2d:57:9d:d0:9d:5f:f0:f2:ae:d8:af:7c:d2:a0:
         0b:2b:44:42:16:0c:08:ed:01:48:7f:9b:ef:05:a2:ec:4d:01:
         12:42:ed:ec:e9:af:5c:44:2b:6f:72:7c:e0:58:4d:6a:06:50:
         02:dc:46:ca:2e:69:d7:18:5b:3b:96:9a:ec:15:34:68:79:50:
         c9:00:c7:ca:bc:6e:43:b6:af:c2:26:f0:ee:b8:8d:1f:44:da:
         b5:5f:b3:cf:90:01:55:2e:c4:2a:5c:cd:8d:b1:e6:e5:fb:ab:
         7c:6f:f8:72:0d:eb:2d:f3:8d:0d:6b:bb:04:c3:00:94:8d:9e:
         9d:e5:54:05:b3:17:54:da:54:bc:60:f7:7a:49:6b:a2:43:7b:
         53:ee:20:53:04:3c:99:fe:45:88:95:3d:51:4f:1f:89:b6:fd:
         06:33:4b:7d:b1:34:98:c8:0d:02:fd:b7:8f:71:02:6e:dd:75:
         9d:c8:96:6e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZnuaT+0aPvZKyVhDU4Dvy5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1ZWZmZTk4YzI0YzNkNmQ2MDg3YzhkMWQzZjkwMWI4Y2Nk
NDAwODgwHhcNMjUxMDE2MTkwNDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjgxYTNlNzRhNjcwOWY3MjNlMThiZDg0OTA2NzFiZjI3MjVhY2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPpv2sK1cvgDyErhhcyN+QxqENdo
Ftd+waWiQRNv775nJZnCCtvoWAQq1QmmHB+/9tnpt4hYm7oy1VrkKu+coFPxbi3i
ikZLCI8f9Ts7q9gwEtiPQ9bdMp5Sb6QNCBAvEzdU8v5ljDJjRTxWfe61RK1tn+cB
UQEHJNLR+xS9bjMQnTSkmVndahYWCZRzVwSv5tx8/Xo/joOryUfnzkIJL+XTV2hN
tBxAmB6vcpRrTKvsGR/LA3csCA7UZxikfvEuIwzRhj5fkHOmIvYgeEAuPmmPNbYX
WQtdKHjjKzDhkBR5a0QMAvUrlW6YZ8MkDENfVP9XRkLzOiO8pQtZsZ5ntwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCaBo+dKZwn3I+GL2EkGcb8nJazuMB8GA1UdIwQY
MBaAFEXv/pjCTD1tYIfI0dP5AbjM1ACIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAt
ZGViN2I5MTg5MTY5LzEvSm9HajUwcG5DZmNqNFl2WVNRWnh2eWNsck80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS8xZTRhNjQtN2FhMC00Yzk0LTliYjAtZGViN2I5MTg5MTY5
LzEvUmVfLW1NSk1QVzFnaDhqUjBfa0J1TXpVQUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9mVMA0E
AgACMAcDBQMqAfRAMA0GCSqGSIb3DQEBCwUAA4IBAQAJVvYgEWStVZ96Ga3lmlOU
px/+0n9/RNKhExCLJQZHUWA1+bEBjGbiSYs6TTIxdvlUYRt2riyZiEbmFHEuTCOP
jn8udncMYDTXzooZLVed0J1f8PKu2K980qALK0RCFgwI7QFIf5vvBaLsTQESQu3s
6a9cRCtvcnzgWE1qBlAC3EbKLmnXGFs7lprsFTRoeVDJAMfKvG5Dtq/CJvDuuI0f
RNq1X7PPkAFVLsQqXM2Nsebl+6t8b/hyDest840Na7sEwwCUjZ6d5VQFsxdU2lS8
YPd6SWuiQ3tT7iBTBDyZ/kWIlT1RTx+Jtv0GM0t9sTSYyA0C/bePcQJu3XWdyJZu
-----END CERTIFICATE-----