Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/7h1Vbhmm5gf8J-_5IjJpoeOBap8.roa
File:                     7h1Vbhmm5gf8J-_5IjJpoeOBap8.roa (raw, json)
Hash identifier:          BzRVE6RrY3y0kWVGZkbu1XvrtIC4s5eG6qRWe7XRbfY=
Subject key identifier:   EE:1D:55:6E:19:A6:E6:07:FC:27:EF:F9:22:32:69:A1:E3:81:6A:9F
Certificate issuer:       /CN=83ecfb64bda5213708ff67bad4c83950b1ffdc38
Certificate serial:       0199CE8442494C9884813EE77F171D434FE2
Authority key identifier: 83:EC:FB:64:BD:A5:21:37:08:FF:67:BA:D4:C8:39:50:B1:FF:DC:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/7h1Vbhmm5gf8J-_5IjJpoeOBap8.roa
Signing time:             Fri 10 Oct 2025 14:26:37 +0000
ROA not before:           Fri 10 Oct 2025 14:26:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57757
IP address blocks:        91.213.19.0/24 maxlen: 24
                          2001:67c:fe8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:84:42:49:4c:98:84:81:3e:e7:7f:17:1d:43:4f:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83ecfb64bda5213708ff67bad4c83950b1ffdc38
        Validity
            Not Before: Oct 10 14:26:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee1d556e19a6e607fc27eff9223269a1e3816a9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:57:d5:c1:58:04:c7:dc:d6:2f:28:13:91:e3:
                    37:23:ab:06:4f:7a:1b:13:4d:ee:2b:f8:df:e8:5f:
                    6e:90:73:7a:fb:b9:ed:5a:49:58:2b:36:3b:a8:76:
                    75:33:89:e5:36:a8:91:a9:66:bf:17:8f:33:84:96:
                    26:8d:9e:b5:31:15:b1:10:89:09:25:a3:59:4b:f3:
                    17:cb:0d:71:2e:98:0a:31:6a:33:bc:e5:5d:c7:ee:
                    fc:23:31:27:fe:9d:3e:99:d9:62:d9:08:2a:de:fe:
                    ed:f4:31:e5:96:6d:5f:8c:e9:cf:5d:72:e3:d7:a6:
                    12:bd:df:62:b9:2c:f2:e8:21:13:ab:b5:6d:cd:40:
                    55:73:0d:20:ce:a3:67:18:a8:19:b9:a6:09:ff:f8:
                    79:5c:1e:e0:da:4e:4b:1e:ed:e1:c4:bf:ec:57:3e:
                    ac:71:68:b0:bb:6f:d4:3c:da:3d:db:9a:c4:bb:01:
                    59:ce:63:73:35:68:d5:07:56:49:0c:0c:7d:d8:87:
                    53:ab:fc:9b:5b:34:8a:f8:08:6f:e4:e3:01:51:0d:
                    5b:45:ec:cf:b4:8f:60:44:b1:13:e4:47:1d:47:f8:
                    b7:3d:8e:20:62:89:ac:01:51:64:f4:7e:44:dd:3d:
                    14:43:14:6a:d1:59:6b:3b:07:58:56:9d:51:15:83:
                    05:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:1D:55:6E:19:A6:E6:07:FC:27:EF:F9:22:32:69:A1:E3:81:6A:9F
            X509v3 Authority Key Identifier:
                keyid:83:EC:FB:64:BD:A5:21:37:08:FF:67:BA:D4:C8:39:50:B1:FF:DC:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/7h1Vbhmm5gf8J-_5IjJpoeOBap8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/031463-58e6-4fcb-8ca1-1fcfd0c8bdf5/1/g-z7ZL2lITcI_2e61Mg5ULH_3Dg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.19.0/24
                IPv6:
                  2001:67c:fe8::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:c1:ee:85:88:2b:df:27:0e:a1:ad:65:8f:6d:28:ea:de:f6:
         01:57:49:f2:61:84:be:09:10:c5:77:a5:fb:48:c5:f8:38:1f:
         72:d2:ee:14:bf:cb:31:b2:23:70:e7:85:d9:e1:3a:8d:fa:89:
         f6:f3:a1:ac:8c:73:91:87:56:f1:1e:0c:23:e9:9e:4f:df:fd:
         a8:68:a9:62:34:d4:f8:54:48:0c:2e:74:31:4b:e3:8a:2b:43:
         37:fa:50:46:e8:3e:f9:f1:38:69:45:91:e8:b0:75:37:c7:50:
         33:75:18:f4:f0:27:20:70:74:d7:dd:f6:8c:82:bb:84:64:ab:
         77:d1:e0:3d:79:07:dc:44:2f:af:e4:f2:9a:d0:86:ad:00:a1:
         a0:5d:e9:4b:69:1a:01:4b:70:de:62:38:51:e0:53:f9:a6:35:
         f1:d5:e0:23:55:b7:a0:f6:b8:0f:c5:b1:81:d6:0f:e5:9e:45:
         3a:9d:ec:ad:47:fd:3a:1f:74:a4:eb:79:5f:c5:50:80:7b:9b:
         27:55:01:ca:7c:ab:1e:15:9a:81:38:12:2f:1a:34:8a:27:84:
         1d:e5:55:42:24:0c:1e:ce:7a:8a:3f:ad:06:e3:e4:9d:eb:d3:
         1f:84:b8:b1:b3:8b:32:f1:9a:30:37:51:4c:d7:a3:42:9a:3b:
         b6:60:20:2e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZnOhEJJTJiEgT7nfxcdQ0/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZWNmYjY0YmRhNTIxMzcwOGZmNjdiYWQ0YzgzOTUwYjFm
ZmRjMzgwHhcNMjUxMDEwMTQyNjM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTFkNTU2ZTE5YTZlNjA3ZmMyN2VmZjkyMjMyNjlhMWUzODE2YTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1fVwVgEx9zWLygTkeM3I6sGT3ob
E03uK/jf6F9ukHN6+7ntWklYKzY7qHZ1M4nlNqiRqWa/F48zhJYmjZ61MRWxEIkJ
JaNZS/MXyw1xLpgKMWozvOVdx+78IzEn/p0+mdli2Qgq3v7t9DHllm1fjOnPXXLj
16YSvd9iuSzy6CETq7VtzUBVcw0gzqNnGKgZuaYJ//h5XB7g2k5LHu3hxL/sVz6s
cWiwu2/UPNo925rEuwFZzmNzNWjVB1ZJDAx92IdTq/ybWzSK+Ahv5OMBUQ1bRezP
tI9gRLET5EcdR/i3PY4gYomsAVFk9H5E3T0UQxRq0VlrOwdYVp1RFYMFUQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFO4dVW4ZpuYH/Cfv+SIyaaHjgWqfMB8GA1UdIwQY
MBaAFIPs+2S9pSE3CP9nutTIOVCx/9w4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZy16N1pMMmxJVGNJXzJlNjFNZzVVTEhfM0RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC8wMzE0NjMtNThlNi00ZmNiLThjYTEt
MWZjZmQwYzhiZGY1LzEvN2gxVmJobW01Z2Y4Si1fNUlqSnBvZU9CYXA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC8wMzE0NjMtNThlNi00ZmNiLThjYTEtMWZjZmQwYzhiZGY1
LzEvZy16N1pMMmxJVGNJXzJlNjFNZzVVTEhfM0RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9UTMA8E
AgACMAkDBwAgAQZ8D+gwDQYJKoZIhvcNAQELBQADggEBAHfB7oWIK98nDqGtZY9t
KOre9gFXSfJhhL4JEMV3pftIxfg4H3LS7hS/yzGyI3DnhdnhOo36ifbzoayMc5GH
VvEeDCPpnk/f/ahoqWI01PhUSAwudDFL44orQzf6UEboPvnxOGlFkeiwdTfHUDN1
GPTwJyBwdNfd9oyCu4Rkq3fR4D15B9xEL6/k8prQhq0AoaBd6UtpGgFLcN5iOFHg
U/mmNfHV4CNVt6D2uA/FsYHWD+WeRTqd7K1H/TofdKTreV/FUIB7mydVAcp8qx4V
moE4Ei8aNIonhB3lVUIkDB7Oeoo/rQbj5J3r0x+EuLGzizLxmjA3UUzXo0KaO7Zg
IC4=
-----END CERTIFICATE-----