Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/JgoOvXvrswEOgbBkM7mOX2KwPkM.roa
File:                     JgoOvXvrswEOgbBkM7mOX2KwPkM.roa (raw, json)
Hash identifier:          0lHrFGf5p+iWNP5B3Ka8kAz0C85fbyYK54kTcYnj/rA=
Subject key identifier:   26:0A:0E:BD:7B:EB:B3:01:0E:81:B0:64:33:B9:8E:5F:62:B0:3E:43
Certificate issuer:       /CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
Certificate serial:       01999BAC95DBAFAB04B46E02C4D9C874CFE1
Authority key identifier: 57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/JgoOvXvrswEOgbBkM7mOX2KwPkM.roa
Signing time:             Tue 30 Sep 2025 17:30:02 +0000
ROA not before:           Tue 30 Sep 2025 17:30:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33659
IP address blocks:        91.200.136.0/22 maxlen: 22
                          185.188.192.0/22 maxlen: 22
                          195.211.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9b:ac:95:db:af:ab:04:b4:6e:02:c4:d9:c8:74:cf:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
        Validity
            Not Before: Sep 30 17:30:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=260a0ebd7bebb3010e81b06433b98e5f62b03e43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ec:b3:bf:3c:89:0f:6c:eb:42:98:fd:fb:17:
                    42:71:4f:b7:a9:18:d0:4f:c4:3b:7e:6c:ba:6d:3f:
                    bb:6f:ed:95:b7:11:f7:2a:29:7c:57:cf:2c:26:87:
                    e8:29:a3:60:b3:bf:73:d0:25:2a:3e:fd:7a:5e:5e:
                    c1:68:82:fa:11:ad:8c:89:ad:9e:47:e2:a6:71:d5:
                    00:9f:5b:2e:50:28:f6:56:2d:94:f1:d3:d1:01:ab:
                    e9:af:c0:dd:e6:1e:d3:ce:2d:61:1a:d9:12:f3:b0:
                    d3:28:7e:50:36:63:a5:84:16:51:f9:95:a7:b3:0b:
                    00:99:bf:4b:1c:cd:38:6f:36:35:cb:b6:1c:12:e4:
                    92:47:c5:7c:bf:90:50:fb:6e:72:86:80:8d:e6:d0:
                    c6:6c:40:59:4d:fb:64:f9:d6:1e:6a:c4:0e:67:62:
                    3f:8b:ad:9e:e4:36:79:e5:25:e4:ee:dd:0d:d5:c1:
                    77:41:74:eb:55:35:af:c9:ed:05:fa:4b:d3:bd:51:
                    49:4e:d1:bb:f2:82:6e:59:85:a6:d9:63:28:68:7f:
                    73:ad:60:97:65:c9:a1:9f:1c:11:98:2d:20:a2:02:
                    23:09:9f:13:ef:9c:e7:ba:5e:e1:8e:b8:a2:14:56:
                    d7:7f:3f:93:cb:d2:62:2f:62:42:c2:82:1a:32:86:
                    5d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:0A:0E:BD:7B:EB:B3:01:0E:81:B0:64:33:B9:8E:5F:62:B0:3E:43
            X509v3 Authority Key Identifier:
                keyid:57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/JgoOvXvrswEOgbBkM7mOX2KwPkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.136.0/22
                  185.188.192.0/22
                  195.211.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:20:92:74:b0:90:d1:c8:4a:78:c9:ae:83:18:dd:e2:18:d2:
         43:7d:6f:22:04:f7:16:83:38:2e:4c:90:e7:3b:a5:5f:7b:59:
         3e:32:03:38:81:8a:86:4a:37:a0:2b:d3:10:de:98:f0:37:73:
         6a:92:f0:c5:5a:ad:f3:c1:cd:e7:b8:b8:17:1e:00:c9:98:8f:
         64:9e:65:b0:a9:99:a9:02:77:6a:91:4a:9b:1a:a0:d9:35:a3:
         39:56:cb:d2:6f:2c:71:b0:5d:4b:0f:a7:1a:e1:27:74:16:80:
         d6:21:69:39:6d:ad:c4:41:be:9d:2c:be:86:dd:83:ff:3e:f9:
         a1:59:1c:a4:cf:c3:0d:e2:55:e1:0a:6f:81:1d:72:b2:3b:c9:
         c6:fe:08:a4:0c:ae:50:d2:18:cc:15:aa:a0:64:d0:a1:f8:f9:
         17:91:33:84:f5:26:66:fc:64:d7:1e:a7:45:ad:8a:11:68:5a:
         50:be:e0:61:bb:da:a6:72:98:5e:f5:26:4a:93:ad:87:72:92:
         d0:59:dc:f5:39:3a:0d:c6:78:e6:85:ac:e1:cd:b5:c5:6c:e1:
         2d:d6:d7:87:c2:ab:93:58:fe:46:6a:28:51:52:2c:e7:86:68:
         f8:9f:7e:68:23:2f:e6:ba:52:d0:74:22:71:f5:de:ed:b1:cf:
         1a:85:c3:da
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZmbrJXbr6sEtG4CxNnIdM/hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MWNiNTFjYmE2OGViN2VmOTg2N2E3NWQxN2FiMjgwMTgx
OTZhYTEwHhcNMjUwOTMwMTczMDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjBhMGViZDdiZWJiMzAxMGU4MWIwNjQzM2I5OGU1ZjYyYjAzZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuyzvzyJD2zrQpj9+xdCcU+3qRjQ
T8Q7fmy6bT+7b+2VtxH3Kil8V88sJofoKaNgs79z0CUqPv16Xl7BaIL6Ea2Mia2e
R+KmcdUAn1suUCj2Vi2U8dPRAavpr8Dd5h7Tzi1hGtkS87DTKH5QNmOlhBZR+ZWn
swsAmb9LHM04bzY1y7YcEuSSR8V8v5BQ+25yhoCN5tDGbEBZTftk+dYeasQOZ2I/
i62e5DZ55SXk7t0N1cF3QXTrVTWvye0F+kvTvVFJTtG78oJuWYWm2WMoaH9zrWCX
ZcmhnxwRmC0gogIjCZ8T75znul7hjriiFFbXfz+Ty9JiL2JCwoIaMoZdnQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCYKDr1767MBDoGwZDO5jl9isD5DMB8GA1UdIwQY
MBaAFFcctRy6aOt++YZ6ddF6soAYGWqhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3Yzkt
ZGQ4NjI3NzRhMDkyLzEvSmdvT3ZYdnJzd0VPZ2JCa003bU9YMkt3UGtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3YzktZGQ4NjI3NzRhMDky
LzEvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCW8iIAwQC
ubzAAwQCw9N0MA0GCSqGSIb3DQEBCwUAA4IBAQCiIJJ0sJDRyEp4ya6DGN3iGNJD
fW8iBPcWgzguTJDnO6Vfe1k+MgM4gYqGSjegK9MQ3pjwN3NqkvDFWq3zwc3nuLgX
HgDJmI9knmWwqZmpAndqkUqbGqDZNaM5VsvSbyxxsF1LD6ca4Sd0FoDWIWk5ba3E
Qb6dLL6G3YP/PvmhWRykz8MN4lXhCm+BHXKyO8nG/gikDK5Q0hjMFaqgZNCh+PkX
kTOE9SZm/GTXHqdFrYoRaFpQvuBhu9qmcphe9SZKk62HcpLQWdz1OToNxnjmhazh
zbXFbOEt1teHwquTWP5GaihRUiznhmj4n35oIy/mulLQdCJx9d7tsc8ahcPa
-----END CERTIFICATE-----