Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/oqdpV3Xk0NT7skwENXjSQjVV8BM.roa
File:                     oqdpV3Xk0NT7skwENXjSQjVV8BM.roa (raw, json)
Hash identifier:          16NskiWXB3ABFUN6srz9/Gadxy8aqe8x+NDzXv8hAB8=
Subject key identifier:   A2:A7:69:57:75:E4:D0:D4:FB:B2:4C:04:35:78:D2:42:35:55:F0:13
Certificate issuer:       /CN=82468b53967545e28e9267ccbf0069d87b259869
Certificate serial:       01996C60228D874589078A014F6078282CBA
Authority key identifier: 82:46:8B:53:96:75:45:E2:8E:92:67:CC:BF:00:69:D8:7B:25:98:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gkaLU5Z1ReKOkmfMvwBp2HslmGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/oqdpV3Xk0NT7skwENXjSQjVV8BM.roa
Signing time:             Sun 21 Sep 2025 13:04:23 +0000
ROA not before:           Sun 21 Sep 2025 13:04:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56523
IP address blocks:        91.224.224.0/23 maxlen: 23
                          185.38.221.0/24 maxlen: 24
                          2a04:7840::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/gkaLU5Z1ReKOkmfMvwBp2HslmGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/gkaLU5Z1ReKOkmfMvwBp2HslmGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gkaLU5Z1ReKOkmfMvwBp2HslmGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 16:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6c:60:22:8d:87:45:89:07:8a:01:4f:60:78:28:2c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=82468b53967545e28e9267ccbf0069d87b259869
        Validity
            Not Before: Sep 21 13:04:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2a7695775e4d0d4fbb24c043578d2423555f013
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3e:ca:4e:4a:0e:de:b7:ee:c8:e2:a0:08:b9:
                    71:b4:cf:40:2a:bd:98:84:af:0d:81:a6:d1:18:84:
                    b9:f7:c9:05:98:ff:90:32:9e:78:2c:f1:20:9c:3a:
                    3d:48:15:73:9c:40:44:52:d0:d4:f5:b5:a0:5d:3a:
                    34:2c:6c:0b:ff:d4:cb:7a:33:6e:51:93:91:d9:2a:
                    97:b7:ca:7d:4b:38:3e:b8:a2:05:a0:fe:1d:1d:62:
                    10:d0:bd:76:8d:15:aa:0f:71:35:8a:8f:1f:d2:a8:
                    0c:fb:47:49:25:a3:21:ee:90:5f:22:a4:ae:38:02:
                    6c:a3:58:44:73:71:96:51:12:27:b0:2b:f5:51:21:
                    d8:89:5c:6f:50:b9:0f:94:c9:f1:f7:97:6b:0e:57:
                    a3:f7:ef:4d:9c:d9:f4:4c:52:a2:73:1f:12:bd:04:
                    df:91:7e:c3:36:48:ae:a2:65:c9:6b:46:8c:ed:3b:
                    cd:5c:d8:84:35:7d:32:36:b3:20:3e:29:84:3c:a4:
                    e3:cc:da:db:8e:3f:ee:d4:f6:9c:56:8d:aa:b6:bd:
                    f4:b7:be:fd:17:03:55:b9:76:31:99:45:89:0e:dd:
                    40:33:6e:34:9b:81:02:3c:8e:bc:6e:fb:a3:0b:4f:
                    8f:16:0d:73:73:80:48:ae:a6:82:1d:3b:7e:dc:09:
                    b9:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:A7:69:57:75:E4:D0:D4:FB:B2:4C:04:35:78:D2:42:35:55:F0:13
            X509v3 Authority Key Identifier:
                keyid:82:46:8B:53:96:75:45:E2:8E:92:67:CC:BF:00:69:D8:7B:25:98:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gkaLU5Z1ReKOkmfMvwBp2HslmGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/oqdpV3Xk0NT7skwENXjSQjVV8BM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/9cdacf-53e9-4139-bb4a-8ac2baf696c8/1/gkaLU5Z1ReKOkmfMvwBp2HslmGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.224.0/23
                  185.38.221.0/24
                IPv6:
                  2a04:7840::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:1b:e7:ac:bc:71:61:53:f4:a9:89:9d:36:c3:3a:13:a4:03:
         b0:25:cb:35:e5:4a:05:f6:a9:14:e5:6a:89:66:58:83:96:60:
         5c:7c:f9:88:21:ed:3f:74:4a:6f:74:41:91:b7:d6:89:48:19:
         15:52:2d:28:0c:1b:ed:58:e0:90:90:d9:4f:87:e2:1e:b8:88:
         0f:13:13:8a:cc:9c:cb:ca:ad:e1:bf:ef:12:66:a5:09:c1:dc:
         76:8b:06:be:84:df:bc:dc:f7:4d:ac:6f:88:4e:bf:39:a4:79:
         77:55:b5:4b:a2:32:98:aa:f9:5d:2c:18:74:69:2e:4c:c6:92:
         c7:d1:b0:a0:56:d5:e2:69:9a:21:0e:db:db:45:72:5f:07:69:
         c1:ba:4b:77:53:55:2b:e8:68:c9:a6:73:de:98:2a:55:9b:50:
         56:4b:69:ad:6e:62:de:d7:a0:05:95:ab:ec:6b:49:6d:29:2f:
         fd:59:d4:a4:da:eb:01:77:d1:16:5c:25:1a:cd:60:cc:28:2a:
         20:61:59:db:3f:21:da:de:f0:24:3b:34:2a:d0:1b:fc:32:73:
         29:ca:bd:b2:81:f8:05:93:32:4d:2f:4a:a4:96:cb:8b:e1:51:
         67:70:b6:af:bb:09:34:f9:63:18:15:56:47:35:31:0a:6f:45:
         14:bd:cb:21
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZlsYCKNh0WJB4oBT2B4KCy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNDY4YjUzOTY3NTQ1ZTI4ZTkyNjdjY2JmMDA2OWQ4N2Iy
NTk4NjkwHhcNMjUwOTIxMTMwNDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmE3Njk1Nzc1ZTRkMGQ0ZmJiMjRjMDQzNTc4ZDI0MjM1NTVmMDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz7KTkoO3rfuyOKgCLlxtM9AKr2Y
hK8NgabRGIS598kFmP+QMp54LPEgnDo9SBVznEBEUtDU9bWgXTo0LGwL/9TLejNu
UZOR2SqXt8p9Szg+uKIFoP4dHWIQ0L12jRWqD3E1io8f0qgM+0dJJaMh7pBfIqSu
OAJso1hEc3GWURInsCv1USHYiVxvULkPlMnx95drDlej9+9NnNn0TFKicx8SvQTf
kX7DNkiuomXJa0aM7TvNXNiENX0yNrMgPimEPKTjzNrbjj/u1PacVo2qtr30t779
FwNVuXYxmUWJDt1AM240m4ECPI68bvujC0+PFg1zc4BIrqaCHTt+3Am5AQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKKnaVd15NDU+7JMBDV40kI1VfATMB8GA1UdIwQY
MBaAFIJGi1OWdUXijpJnzL8Aadh7JZhpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2thTFU1WjFSZUtPa21mTXZ3QnAySHNsbUdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS85Y2RhY2YtNTNlOS00MTM5LWJiNGEt
OGFjMmJhZjY5NmM4LzEvb3FkcFYzWGswTlQ3c2t3RU5YalNRalZWOEJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS85Y2RhY2YtNTNlOS00MTM5LWJiNGEtOGFjMmJhZjY5NmM4
LzEvZ2thTFU1WjFSZUtPa21mTXZ3QnAySHNsbUdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQBW+DgAwQA
uSbdMA0EAgACMAcDBQAqBHhAMA0GCSqGSIb3DQEBCwUAA4IBAQBlG+esvHFhU/Sp
iZ02wzoTpAOwJcs15UoF9qkU5WqJZliDlmBcfPmIIe0/dEpvdEGRt9aJSBkVUi0o
DBvtWOCQkNlPh+IeuIgPExOKzJzLyq3hv+8SZqUJwdx2iwa+hN+83PdNrG+ITr85
pHl3VbVLojKYqvldLBh0aS5MxpLH0bCgVtXiaZohDtvbRXJfB2nBukt3U1Ur6GjJ
pnPemCpVm1BWS2mtbmLe16AFlavsa0ltKS/9WdSk2usBd9EWXCUazWDMKCogYVnb
PyHa3vAkOzQq0Bv8MnMpyr2ygfgFkzJNL0qklsuL4VFncLavuwk0+WMYFVZHNTEK
b0UUvcsh
-----END CERTIFICATE-----