Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/sddBokvX4KqNLpoep4FgR7zwiWk.roa
File:                     sddBokvX4KqNLpoep4FgR7zwiWk.roa (raw, json)
Hash identifier:          lI+iTMWX9Cf+aooth8J1xMcv+CYd4i145U8SqXcpH68=
Subject key identifier:   B1:D7:41:A2:4B:D7:E0:AA:8D:2E:9A:1E:A7:81:60:47:BC:F0:89:69
Certificate issuer:       /CN=926587a7c42c261fa254b0b82e7bc0719cc64812
Certificate serial:       019A501631CFDEFF0EE549F486F344DD39A6
Authority key identifier: 92:65:87:A7:C4:2C:26:1F:A2:54:B0:B8:2E:7B:C0:71:9C:C6:48:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/sddBokvX4KqNLpoep4FgR7zwiWk.roa
Signing time:             Tue 04 Nov 2025 18:17:03 +0000
ROA not before:           Tue 04 Nov 2025 18:17:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215925
IP address blocks:        91.239.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:16:31:cf:de:ff:0e:e5:49:f4:86:f3:44:dd:39:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=926587a7c42c261fa254b0b82e7bc0719cc64812
        Validity
            Not Before: Nov  4 18:17:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1d741a24bd7e0aa8d2e9a1ea7816047bcf08969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:88:17:eb:07:1d:ae:a9:af:c9:b5:4b:47:38:
                    c6:8f:f6:d3:23:20:25:09:24:44:90:d7:02:37:4b:
                    e8:3c:01:40:1e:bd:83:e1:fb:27:14:91:60:69:c6:
                    75:79:b1:10:df:3a:89:ad:9d:c6:a1:0f:84:9c:eb:
                    c0:29:02:ba:a1:9f:b9:68:d8:db:b7:de:a7:21:31:
                    5e:de:62:0d:e9:76:df:7a:32:35:37:1e:5d:3a:5d:
                    44:8e:07:03:9b:f6:52:70:b4:e6:60:77:1c:5a:3a:
                    59:99:f8:33:bc:0e:99:8f:ff:e0:85:e5:59:63:9e:
                    44:31:a3:2c:5d:f0:3d:3a:96:47:a5:af:0f:3c:9d:
                    3a:84:15:dc:b8:28:05:6e:f6:01:74:93:d2:82:b6:
                    d4:3d:ed:4d:1a:8f:c7:ee:9e:6d:45:83:27:f4:7e:
                    63:8e:47:4e:ca:81:c3:39:8d:94:da:9c:de:7c:f1:
                    df:90:88:64:3f:73:fc:d9:51:5b:6f:82:31:bc:e9:
                    8c:1e:f1:3b:4c:a1:80:fc:1e:f0:56:9a:04:88:0b:
                    64:41:0f:44:8f:17:fd:29:d5:eb:e8:69:bd:2f:50:
                    b3:fe:55:36:46:e7:18:ae:6e:3d:23:21:2b:51:4e:
                    3f:d3:4f:e3:f2:6b:16:8c:17:f4:7d:29:16:c0:29:
                    c8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D7:41:A2:4B:D7:E0:AA:8D:2E:9A:1E:A7:81:60:47:BC:F0:89:69
            X509v3 Authority Key Identifier:
                keyid:92:65:87:A7:C4:2C:26:1F:A2:54:B0:B8:2E:7B:C0:71:9C:C6:48:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kmWHp8QsJh-iVLC4LnvAcZzGSBI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/sddBokvX4KqNLpoep4FgR7zwiWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/bd2005-fb7b-4052-b3f2-88fa3b6eb006/1/kmWHp8QsJh-iVLC4LnvAcZzGSBI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:f5:68:34:dc:4b:08:b0:7b:40:14:23:e8:ee:53:3f:6c:c9:
         05:cb:cb:04:a3:4c:ed:3a:fc:5f:b9:3a:7c:6d:a1:ba:bc:54:
         bc:17:1e:7a:b1:4b:5c:af:16:8f:c9:67:06:6e:6e:dc:2e:20:
         f9:b0:99:5b:08:e2:11:48:dc:28:e2:03:a2:0d:15:dc:a2:e5:
         ef:bd:47:e4:26:7a:9e:2a:70:26:f3:f2:f1:8f:09:8c:c0:9c:
         6c:5f:83:be:1a:3c:35:9c:58:66:56:3e:9c:65:2e:3a:a1:c3:
         e8:b1:b7:97:83:27:3c:e2:98:a8:57:0b:0b:7e:2c:04:90:10:
         15:98:b6:d3:43:fa:7f:8f:31:f4:1d:23:a0:c3:64:8a:63:80:
         72:bd:c5:0f:d0:b7:a3:70:96:4f:e4:7c:d6:ec:3d:ba:b1:a2:
         e2:e6:66:b3:07:10:dc:4b:73:79:ee:83:45:dd:25:b6:69:5f:
         da:f0:a0:37:9e:46:ef:18:71:f5:7c:5a:18:07:35:ca:fa:0c:
         0d:36:7c:3f:1b:86:05:cc:37:06:f3:ce:23:c2:d6:a2:ff:bf:
         bb:6b:54:bd:3d:e3:f3:52:21:9a:2c:be:93:0e:85:c6:b7:f0:
         d2:85:bb:42:6c:1c:86:a2:32:21:5a:c7:f3:d1:0e:47:d4:6f:
         b2:ec:f2:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpQFjHP3v8O5Un0hvNE3TmmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNjU4N2E3YzQyYzI2MWZhMjU0YjBiODJlN2JjMDcxOWNj
NjQ4MTIwHhcNMjUxMTA0MTgxNzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQ3NDFhMjRiZDdlMGFhOGQyZTlhMWVhNzgxNjA0N2JjZjA4OTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApIgX6wcdrqmvybVLRzjGj/bTIyAl
CSREkNcCN0voPAFAHr2D4fsnFJFgacZ1ebEQ3zqJrZ3GoQ+EnOvAKQK6oZ+5aNjb
t96nITFe3mIN6XbfejI1Nx5dOl1EjgcDm/ZScLTmYHccWjpZmfgzvA6Zj//gheVZ
Y55EMaMsXfA9OpZHpa8PPJ06hBXcuCgFbvYBdJPSgrbUPe1NGo/H7p5tRYMn9H5j
jkdOyoHDOY2U2pzefPHfkIhkP3P82VFbb4IxvOmMHvE7TKGA/B7wVpoEiAtkQQ9E
jxf9KdXr6Gm9L1Cz/lU2RucYrm49IyErUU4/00/j8msWjBf0fSkWwCnIJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHXQaJL1+CqjS6aHqeBYEe88IlpMB8GA1UdIwQY
MBaAFJJlh6fELCYfolSwuC57wHGcxkgSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva21XSHA4UXNKaC1pVkxDNExudkFjWnpHU0JJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9iZDIwMDUtZmI3Yi00MDUyLWIzZjIt
ODhmYTNiNmViMDA2LzEvc2RkQm9rdlg0S3FOTHBvZXA0RmdSN3p3aVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9iZDIwMDUtZmI3Yi00MDUyLWIzZjItODhmYTNiNmViMDA2
LzEva21XSHA4UXNKaC1pVkxDNExudkFjWnpHU0JJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/YMA0G
CSqGSIb3DQEBCwUAA4IBAQB29Wg03EsIsHtAFCPo7lM/bMkFy8sEo0ztOvxfuTp8
baG6vFS8Fx56sUtcrxaPyWcGbm7cLiD5sJlbCOIRSNwo4gOiDRXcouXvvUfkJnqe
KnAm8/LxjwmMwJxsX4O+Gjw1nFhmVj6cZS46ocPosbeXgyc84pioVwsLfiwEkBAV
mLbTQ/p/jzH0HSOgw2SKY4ByvcUP0LejcJZP5HzW7D26saLi5mazBxDcS3N57oNF
3SW2aV/a8KA3nkbvGHH1fFoYBzXK+gwNNnw/G4YFzDcG884jwtai/7+7a1S9PePz
UiGaLL6TDoXGt/DShbtCbByGojIhWsfz0Q5H1G+y7PIv
-----END CERTIFICATE-----