Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/1caWY1h99shWYECynlPTo8_1vrA.roa
File:                     1caWY1h99shWYECynlPTo8_1vrA.roa (raw, json)
Hash identifier:          Aon6FQO3a7yW1GjMXQDU5WdJ0X3x57CSJl9oOPxCpMk=
Subject key identifier:   D5:C6:96:63:58:7D:F6:C8:56:60:40:B2:9E:53:D3:A3:CF:F5:BE:B0
Certificate issuer:       /CN=ea846006cf8b9e388f31451358092502cecc1136
Certificate serial:       0198344D6B573F2B01116AC1595D377E6C8D
Authority key identifier: EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/1caWY1h99shWYECynlPTo8_1vrA.roa
Signing time:             Tue 22 Jul 2025 22:42:25 +0000
ROA not before:           Tue 22 Jul 2025 22:42:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207252
IP address blocks:        91.197.55.0/24 maxlen: 24
                          2a06:8ac0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 07:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:34:4d:6b:57:3f:2b:01:11:6a:c1:59:5d:37:7e:6c:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea846006cf8b9e388f31451358092502cecc1136
        Validity
            Not Before: Jul 22 22:42:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5c69663587df6c8566040b29e53d3a3cff5beb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:cb:00:c1:d4:f5:1d:dd:df:dd:01:ca:75:27:
                    c0:e0:71:6c:98:7f:1d:9e:6e:08:17:f1:fa:c9:1e:
                    c4:ef:21:82:03:09:ce:85:0a:93:c0:f3:18:b3:97:
                    c1:64:d5:87:6b:30:46:07:df:23:29:4c:ca:6a:48:
                    63:b4:90:1d:07:90:b2:7d:2a:57:6d:5d:b7:4f:ad:
                    8d:93:24:75:28:84:20:f8:c8:e4:0b:0a:54:f5:1a:
                    4c:bc:36:df:45:d7:c0:0f:06:54:4d:9d:5c:ee:df:
                    6c:ac:b4:e0:eb:f7:e5:13:b7:9a:f5:fe:c3:88:1e:
                    35:14:c0:b9:33:3a:f3:d5:ac:cf:7b:b3:34:73:bd:
                    4b:ea:5f:3b:9f:2c:ad:93:62:28:df:12:d2:fa:77:
                    48:3e:38:d0:a2:24:94:e4:1d:20:18:18:2d:4a:03:
                    cb:7a:70:61:bc:92:2e:84:dc:a1:1e:14:36:b5:17:
                    36:7f:92:c6:e5:ae:65:e9:e1:06:60:91:04:5f:25:
                    7f:75:14:0a:e8:c1:9d:b8:64:10:bb:b7:86:16:12:
                    a4:ea:1e:cc:62:38:ce:3f:4a:5d:cd:d2:a3:b8:b1:
                    78:98:0d:4d:97:fb:35:06:25:a7:ac:50:5b:bd:ec:
                    db:18:d0:cf:70:bf:80:d3:7a:89:c0:03:4c:26:b0:
                    06:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:C6:96:63:58:7D:F6:C8:56:60:40:B2:9E:53:D3:A3:CF:F5:BE:B0
            X509v3 Authority Key Identifier:
                keyid:EA:84:60:06:CF:8B:9E:38:8F:31:45:13:58:09:25:02:CE:CC:11:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6oRgBs-LnjiPMUUTWAklAs7METY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/1caWY1h99shWYECynlPTo8_1vrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/21cd77-1eca-46b9-9aba-f74cccc4e0a1/1/6oRgBs-LnjiPMUUTWAklAs7METY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.55.0/24
                IPv6:
                  2a06:8ac0::/44

    Signature Algorithm: sha256WithRSAEncryption
         ab:da:90:3e:8b:9d:e0:98:30:02:45:15:19:1b:88:80:d9:84:
         1c:44:fb:a9:76:b1:a8:2a:89:c3:a5:e6:48:b1:e8:27:53:dc:
         3d:bd:ce:88:3e:e5:1f:0d:a8:92:10:78:f9:6a:55:fe:5d:0b:
         40:29:07:52:43:54:60:00:f7:b1:f0:9b:ce:6e:01:28:0e:6d:
         e7:d6:22:6d:bf:65:af:7d:c5:46:c3:04:a3:d0:ed:e6:88:45:
         f1:0f:a8:be:18:eb:86:6d:42:cc:39:0b:c3:42:b9:9c:44:30:
         08:f6:33:e5:00:a8:6a:cd:55:0a:f2:04:f9:a9:83:7d:7a:b7:
         5f:4c:16:a6:71:f9:46:fa:03:80:04:b4:e0:f4:b0:44:1e:db:
         d6:c3:6e:fa:e1:6a:f1:4c:5a:3f:08:05:4e:d0:8b:bc:31:3b:
         8b:94:3c:bf:ef:bd:16:82:e3:13:64:7d:c1:84:37:bf:4b:63:
         dc:c2:2e:78:4c:a8:fc:0d:fc:e3:18:32:8d:54:5e:1a:30:93:
         36:b1:ca:a8:8c:b9:cf:9c:c5:93:0c:ac:dc:46:ee:fc:e2:87:
         4c:93:6c:34:7f:c1:07:78:39:c5:07:99:1e:26:a2:36:f6:0d:
         db:23:96:9b:5a:cc:3e:1e:e4:1e:5e:4f:20:36:0a:02:c0:ad:
         ed:0c:6e:93
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZg0TWtXPysBEWrBWV03fmyNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhODQ2MDA2Y2Y4YjllMzg4ZjMxNDUxMzU4MDkyNTAyY2Vj
YzExMzYwHhcNMjUwNzIyMjI0MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWM2OTY2MzU4N2RmNmM4NTY2MDQwYjI5ZTUzZDNhM2NmZjViZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MsAwdT1Hd3f3QHKdSfA4HFsmH8d
nm4IF/H6yR7E7yGCAwnOhQqTwPMYs5fBZNWHazBGB98jKUzKakhjtJAdB5CyfSpX
bV23T62NkyR1KIQg+MjkCwpU9RpMvDbfRdfADwZUTZ1c7t9srLTg6/flE7ea9f7D
iB41FMC5Mzrz1azPe7M0c71L6l87nyytk2Io3xLS+ndIPjjQoiSU5B0gGBgtSgPL
enBhvJIuhNyhHhQ2tRc2f5LG5a5l6eEGYJEEXyV/dRQK6MGduGQQu7eGFhKk6h7M
YjjOP0pdzdKjuLF4mA1Nl/s1BiWnrFBbvezbGNDPcL+A03qJwANMJrAG9QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNXGlmNYffbIVmBAsp5T06PP9b6wMB8GA1UdIwQY
MBaAFOqEYAbPi544jzFFE1gJJQLOzBE2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEt
Zjc0Y2NjYzRlMGExLzEvMWNhV1kxaDk5c2hXWUVDeW5sUFRvOF8xdnJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8yMWNkNzctMWVjYS00NmI5LTlhYmEtZjc0Y2NjYzRlMGEx
LzEvNm9SZ0JzLUxuamlQTVVVVFdBa2xBczdNRVRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8U3MA8E
AgACMAkDBwQqBorAAAAwDQYJKoZIhvcNAQELBQADggEBAKvakD6LneCYMAJFFRkb
iIDZhBxE+6l2sagqicOl5kix6CdT3D29zog+5R8NqJIQePlqVf5dC0ApB1JDVGAA
97Hwm85uASgObefWIm2/Za99xUbDBKPQ7eaIRfEPqL4Y64ZtQsw5C8NCuZxEMAj2
M+UAqGrNVQryBPmpg316t19MFqZx+Ub6A4AEtOD0sEQe29bDbvrhavFMWj8IBU7Q
i7wxO4uUPL/vvRaC4xNkfcGEN79LY9zCLnhMqPwN/OMYMo1UXhowkzaxyqiMuc+c
xZMMrNxG7vzih0yTbDR/wQd4OcUHmR4mojb2DdsjlptazD4e5B5eTyA2CgLAre0M
bpM=
-----END CERTIFICATE-----