Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/Ud-XAg37mML14PlGMC-MtLQMglE.roa
File:                     Ud-XAg37mML14PlGMC-MtLQMglE.roa (raw, json)
Hash identifier:          18isVv70Mwq2NQGwUDi88omuA2Y/FqQMJz3QrvT4ZPE=
Subject key identifier:   51:DF:97:02:0D:FB:98:C2:F5:E0:F9:46:30:2F:8C:B4:B4:0C:82:51
Certificate issuer:       /CN=08c7b65ba6659e27570773c508558754eb490dde
Certificate serial:       0199626C3A51CEFC58CE4B6A9F37ADEBCD1F
Authority key identifier: 08:C7:B6:5B:A6:65:9E:27:57:07:73:C5:08:55:87:54:EB:49:0D:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CMe2W6ZlnidXB3PFCFWHVOtJDd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/Ud-XAg37mML14PlGMC-MtLQMglE.roa
Signing time:             Fri 19 Sep 2025 14:41:23 +0000
ROA not before:           Fri 19 Sep 2025 14:41:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3289
IP address blocks:        91.226.2.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/CMe2W6ZlnidXB3PFCFWHVOtJDd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/CMe2W6ZlnidXB3PFCFWHVOtJDd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CMe2W6ZlnidXB3PFCFWHVOtJDd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:62:6c:3a:51:ce:fc:58:ce:4b:6a:9f:37:ad:eb:cd:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08c7b65ba6659e27570773c508558754eb490dde
        Validity
            Not Before: Sep 19 14:41:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=51df97020dfb98c2f5e0f946302f8cb4b40c8251
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ed:21:af:f9:4e:a1:73:38:7e:10:1d:2a:77:
                    9a:8c:f7:81:e8:77:a9:bd:12:23:b1:7c:f9:be:1d:
                    d1:13:06:d2:3b:02:ed:ef:d4:59:de:ae:8c:28:49:
                    b5:8b:ed:f7:54:e2:29:d1:6b:0d:63:66:ec:85:b9:
                    0a:fa:c9:a6:0d:14:a1:19:84:9c:35:a0:b0:2f:03:
                    89:5b:36:19:52:68:54:6d:a2:fd:ba:91:d7:0f:6e:
                    f6:04:7f:83:a9:19:9a:43:df:f9:b0:c1:d4:c4:75:
                    dc:8a:ec:c8:77:49:ee:40:36:a5:86:2c:d5:5e:6d:
                    2f:da:0e:5f:10:79:d5:c7:5b:d1:06:d0:c2:1a:a5:
                    36:ba:dd:99:88:3e:84:8c:f1:f5:30:c2:19:ef:b6:
                    6d:4f:46:dd:a3:5c:10:ff:84:24:6e:fc:7b:20:46:
                    98:28:7d:19:40:33:5f:b4:19:a2:3e:35:ef:28:0f:
                    52:06:60:fe:d1:69:99:0b:f8:58:94:7e:c3:3d:ac:
                    7c:3d:02:25:07:fe:23:55:c3:3a:73:03:3f:ae:8c:
                    03:af:4e:f0:bd:db:b8:3b:aa:05:fc:f5:b3:79:78:
                    1c:f1:3c:66:1a:3a:09:5b:d4:e5:78:ce:80:52:8d:
                    2f:79:00:12:f0:a6:1d:cd:83:59:77:84:0c:f2:14:
                    cb:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:DF:97:02:0D:FB:98:C2:F5:E0:F9:46:30:2F:8C:B4:B4:0C:82:51
            X509v3 Authority Key Identifier:
                keyid:08:C7:B6:5B:A6:65:9E:27:57:07:73:C5:08:55:87:54:EB:49:0D:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CMe2W6ZlnidXB3PFCFWHVOtJDd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/Ud-XAg37mML14PlGMC-MtLQMglE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/CMe2W6ZlnidXB3PFCFWHVOtJDd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:bd:63:ac:d4:37:c3:85:cf:0a:f4:f0:e5:14:52:74:b5:e3:
         2a:92:c7:a1:f7:cd:00:07:fc:9e:40:d0:76:64:ca:a4:25:b3:
         29:61:15:e3:90:ad:1e:7b:cd:c6:d4:5c:8a:1c:a1:ad:51:fe:
         fd:40:cd:e8:12:77:33:81:ba:c9:2a:04:03:26:5e:62:18:c1:
         c1:26:78:47:0c:28:fc:3b:c0:9e:3e:0d:b6:d3:a3:36:72:f9:
         e0:86:c1:bf:93:8a:58:9d:eb:57:15:c6:af:76:1e:ac:22:33:
         17:e5:95:50:b5:cd:1e:0d:fb:70:43:d2:ac:9d:73:37:27:be:
         e8:36:77:d3:07:7c:72:13:ce:63:94:8b:3f:64:6a:76:66:e3:
         85:38:4b:53:a3:ed:44:71:2f:ed:58:8b:97:36:58:9f:f8:a2:
         5e:a4:ca:0e:e5:e7:b8:c7:0d:8a:7d:f8:cb:f5:8a:47:d8:5a:
         56:34:8c:47:32:02:d9:d1:74:12:55:15:da:38:ff:0b:09:10:
         62:89:81:5b:ca:7c:57:b1:57:84:90:24:7e:c3:d2:36:70:ca:
         4e:ee:c6:d7:2a:49:8f:94:a1:ea:0e:8b:11:50:34:bc:a6:9c:
         9c:24:28:e1:bb:5a:64:40:c3:79:77:15:1f:d9:63:0d:60:3c:
         10:6b:b9:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlibDpRzvxYzktqnzet680fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YzdiNjViYTY2NTllMjc1NzA3NzNjNTA4NTU4NzU0ZWI0
OTBkZGUwHhcNMjUwOTE5MTQ0MTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWRmOTcwMjBkZmI5OGMyZjVlMGY5NDYzMDJmOGNiNGI0MGM4MjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqO0hr/lOoXM4fhAdKneajPeB6Hep
vRIjsXz5vh3REwbSOwLt79RZ3q6MKEm1i+33VOIp0WsNY2bshbkK+smmDRShGYSc
NaCwLwOJWzYZUmhUbaL9upHXD272BH+DqRmaQ9/5sMHUxHXciuzId0nuQDalhizV
Xm0v2g5fEHnVx1vRBtDCGqU2ut2ZiD6EjPH1MMIZ77ZtT0bdo1wQ/4Qkbvx7IEaY
KH0ZQDNftBmiPjXvKA9SBmD+0WmZC/hYlH7DPax8PQIlB/4jVcM6cwM/rowDr07w
vdu4O6oF/PWzeXgc8TxmGjoJW9TleM6AUo0veQAS8KYdzYNZd4QM8hTLQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFHflwIN+5jC9eD5RjAvjLS0DIJRMB8GA1UdIwQY
MBaAFAjHtlumZZ4nVwdzxQhVh1TrSQ3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ01lMlc2WmxuaWRYQjNQRkNGV0hWT3RKRGQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xNjZiMzMtZjc5ZC00MzA4LWFkMDct
NWI3Yjk1NzAwOTllLzEvVWQtWEFnMzdtTUwxNFBsR01DLU10TFFNZ2xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xNjZiMzMtZjc5ZC00MzA4LWFkMDctNWI3Yjk1NzAwOTll
LzEvQ01lMlc2WmxuaWRYQjNQRkNGV0hWT3RKRGQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+ICMA0G
CSqGSIb3DQEBCwUAA4IBAQCbvWOs1DfDhc8K9PDlFFJ0teMqkseh980AB/yeQNB2
ZMqkJbMpYRXjkK0ee83G1FyKHKGtUf79QM3oEnczgbrJKgQDJl5iGMHBJnhHDCj8
O8CePg2206M2cvnghsG/k4pYnetXFcavdh6sIjMX5ZVQtc0eDftwQ9KsnXM3J77o
NnfTB3xyE85jlIs/ZGp2ZuOFOEtTo+1EcS/tWIuXNlif+KJepMoO5ee4xw2KffjL
9YpH2FpWNIxHMgLZ0XQSVRXaOP8LCRBiiYFbynxXsVeEkCR+w9I2cMpO7sbXKkmP
lKHqDosRUDS8ppycJCjhu1pkQMN5dxUf2WMNYDwQa7lh
-----END CERTIFICATE-----