Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/AXI0xi2qyLNJTikoPIbIYoXGSqM.roa
File:                     AXI0xi2qyLNJTikoPIbIYoXGSqM.roa (raw, json)
Hash identifier:          J6dTdi70cC+Xgn0MoRDsaTnvDGyEQm26GOPrxZ/rg18=
Subject key identifier:   01:72:34:C6:2D:AA:C8:B3:49:4E:29:28:3C:86:C8:62:85:C6:4A:A3
Certificate issuer:       /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial:       0198646740745689BCEA2815B1FBFB29FBCD
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/AXI0xi2qyLNJTikoPIbIYoXGSqM.roa
Signing time:             Fri 01 Aug 2025 06:52:24 +0000
ROA not before:           Fri 01 Aug 2025 06:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200590
IP address blocks:        91.198.101.0/24 maxlen: 24
                          91.231.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:64:67:40:74:56:89:bc:ea:28:15:b1:fb:fb:29:fb:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
        Validity
            Not Before: Aug  1 06:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=017234c62daac8b3494e29283c86c86285c64aa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:20:7d:fc:18:fb:81:a2:c7:55:ba:2b:cf:fd:
                    b1:d3:04:28:63:ef:90:b6:86:1a:95:9e:40:86:d4:
                    2e:c7:03:d7:2a:c6:29:d7:27:e5:f7:7a:de:0a:92:
                    29:2e:c3:60:1b:24:05:60:4b:13:e8:6a:fe:35:7a:
                    70:fe:40:a7:3d:dd:94:71:ac:e6:be:7a:9b:2e:c5:
                    64:62:b4:b6:ac:1e:18:22:a5:db:ac:e1:26:5a:e0:
                    03:50:4b:a5:63:03:e1:db:b0:c1:31:13:17:38:ea:
                    55:a4:bd:d1:c6:ad:16:98:02:ae:b1:46:32:1a:d1:
                    f7:c8:a5:28:e3:3c:06:43:cf:24:f9:1d:f5:61:b6:
                    55:04:3a:fd:fd:5a:94:94:98:92:eb:80:33:14:03:
                    76:0a:f2:75:ff:93:1d:b0:57:a3:ae:5b:9d:09:c0:
                    0d:90:62:a6:2e:7d:8f:89:a8:10:99:6f:35:e6:23:
                    53:4b:f3:57:7e:7a:a2:29:75:83:07:e4:b3:46:8a:
                    b8:29:d9:fe:16:08:f3:f3:0a:61:9c:59:3c:f9:6d:
                    50:3d:7b:eb:1c:4c:71:00:66:a3:70:b0:f9:85:04:
                    d1:e8:7a:db:7b:d3:f4:3a:f2:d8:6c:f7:a5:73:f1:
                    1d:58:38:9f:e0:3b:2f:7c:c5:5e:51:2b:d5:51:6d:
                    54:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:72:34:C6:2D:AA:C8:B3:49:4E:29:28:3C:86:C8:62:85:C6:4A:A3
            X509v3 Authority Key Identifier:
                keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/AXI0xi2qyLNJTikoPIbIYoXGSqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.101.0/24
                  91.231.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:c1:31:5f:2c:d3:ec:98:62:50:7d:af:d6:41:5c:fe:03:31:
         a5:b0:c9:03:df:62:1f:c5:36:ae:ab:ac:7a:ba:97:6c:1f:56:
         28:48:f7:08:af:a7:fd:2b:1f:3f:5e:00:89:05:29:17:84:97:
         b9:9f:46:c9:02:54:97:0e:4e:0a:69:9a:06:5f:e7:6a:7a:e4:
         2a:15:1e:5b:80:fc:e4:52:1e:09:ce:65:bc:5d:5f:df:7b:7d:
         2e:d7:12:55:e2:03:98:19:87:af:f8:73:fb:3c:95:d0:8d:07:
         05:04:d9:19:d8:03:13:09:c3:19:b3:82:cb:bd:a4:45:f3:50:
         20:bd:f3:cf:7f:e0:a4:7f:77:29:57:e1:05:54:6b:7b:2a:10:
         6d:60:c1:d9:9d:9d:70:1e:54:fe:e9:45:5e:1e:d7:a6:7a:75:
         31:6a:e4:4e:a9:9f:31:6d:c9:e3:4c:89:f3:56:39:df:49:32:
         4c:fb:a0:16:19:3e:99:86:48:50:f7:7b:9a:f7:ee:7a:6f:90:
         88:62:91:56:04:30:d7:5a:38:2b:33:2d:2d:a0:a1:c5:9e:2f:
         25:1e:c6:80:b0:46:76:0c:c0:6b:53:a2:f3:a9:ae:03:56:9d:
         2c:90:e1:0c:d1:99:9c:58:be:9f:81:c7:8b:82:6a:8a:8e:de:
         95:25:6f:e9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhkZ0B0Vom86igVsfv7KfvNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjUwODAxMDY1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTcyMzRjNjJkYWFjOGIzNDk0ZTI5MjgzYzg2Yzg2Mjg1YzY0YWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiB9/Bj7gaLHVborz/2x0wQoY++Q
toYalZ5AhtQuxwPXKsYp1yfl93reCpIpLsNgGyQFYEsT6Gr+NXpw/kCnPd2Ucazm
vnqbLsVkYrS2rB4YIqXbrOEmWuADUEulYwPh27DBMRMXOOpVpL3Rxq0WmAKusUYy
GtH3yKUo4zwGQ88k+R31YbZVBDr9/VqUlJiS64AzFAN2CvJ1/5MdsFejrludCcAN
kGKmLn2PiagQmW815iNTS/NXfnqiKXWDB+SzRoq4Kdn+Fgjz8wphnFk8+W1QPXvr
HExxAGajcLD5hQTR6Hrbe9P0OvLYbPelc/EdWDif4DsvfMVeUSvVUW1UzwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAFyNMYtqsizSU4pKDyGyGKFxkqjMB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvQVhJMHhpMnF5TE5KVGlrb1BJYklZb1hHU3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8ZlAwQA
W+dCMA0GCSqGSIb3DQEBCwUAA4IBAQCIwTFfLNPsmGJQfa/WQVz+AzGlsMkD32If
xTauq6x6updsH1YoSPcIr6f9Kx8/XgCJBSkXhJe5n0bJAlSXDk4KaZoGX+dqeuQq
FR5bgPzkUh4JzmW8XV/fe30u1xJV4gOYGYev+HP7PJXQjQcFBNkZ2AMTCcMZs4LL
vaRF81AgvfPPf+Ckf3cpV+EFVGt7KhBtYMHZnZ1wHlT+6UVeHtemenUxauROqZ8x
bcnjTInzVjnfSTJM+6AWGT6ZhkhQ93ua9+56b5CIYpFWBDDXWjgrMy0toKHFni8l
HsaAsEZ2DMBrU6Lzqa4DVp0skOEM0ZmcWL6fgceLgmqKjt6VJW/p
-----END CERTIFICATE-----