Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/roPnxkS_TI_SjXTipSKY7TP-VJU.roa
File:                     roPnxkS_TI_SjXTipSKY7TP-VJU.roa (raw, json)
Hash identifier:          CNJacRI5tOOEcZvKvjPl2ycQI2Rr4ol7MTIxvtqeEhw=
Subject key identifier:   AE:83:E7:C6:44:BF:4C:8F:D2:8D:74:E2:A5:22:98:ED:33:FE:54:95
Certificate issuer:       /CN=26ad7d3560134e0a8ae46fc5b32c5acb61dde39c
Certificate serial:       01980E258CB234DB8DC0AED299EEA0F33D24
Authority key identifier: 26:AD:7D:35:60:13:4E:0A:8A:E4:6F:C5:B3:2C:5A:CB:61:DD:E3:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/roPnxkS_TI_SjXTipSKY7TP-VJU.roa
Signing time:             Tue 15 Jul 2025 12:53:18 +0000
ROA not before:           Tue 15 Jul 2025 12:53:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207462
IP address blocks:        91.205.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0e:25:8c:b2:34:db:8d:c0:ae:d2:99:ee:a0:f3:3d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=26ad7d3560134e0a8ae46fc5b32c5acb61dde39c
        Validity
            Not Before: Jul 15 12:53:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae83e7c644bf4c8fd28d74e2a52298ed33fe5495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d7:b6:f0:78:a9:42:a0:d6:09:e0:84:dd:67:
                    71:23:19:9e:3e:72:86:0c:6d:33:d8:74:7d:81:91:
                    d8:9b:6a:4f:a9:6e:6c:1d:2e:44:8c:58:f3:01:07:
                    79:d0:1a:db:a9:99:56:e1:a3:df:a4:36:50:1b:3b:
                    73:b4:56:8d:ae:d7:bb:44:5a:97:88:e3:c5:a0:85:
                    07:79:d5:fa:18:b8:73:1d:d7:e3:fc:b6:97:3b:c7:
                    7f:d7:e5:30:f0:b4:f4:91:ba:88:f8:64:0b:40:51:
                    5b:2f:ce:25:46:0c:cb:14:e2:11:b6:54:ae:43:4f:
                    d1:44:b0:6e:1b:24:67:bd:3f:3d:28:42:55:be:76:
                    4f:e1:fb:38:73:f8:5a:e6:38:21:a6:96:6e:9b:e3:
                    04:e8:c6:fd:e5:a5:c6:0f:39:04:52:74:5d:ca:c0:
                    c3:46:99:a0:90:e6:79:49:3f:db:54:8c:25:bc:58:
                    46:7c:de:c4:08:4f:12:b3:b5:82:e6:63:95:cf:da:
                    c4:af:8c:8d:1a:e2:1d:9e:3b:80:9b:8c:07:56:0d:
                    08:48:de:64:85:1c:d9:48:83:60:9e:a9:b1:bc:16:
                    21:2f:21:fc:d0:1d:0b:e7:bf:4b:97:22:34:ec:fb:
                    41:d0:82:3d:01:94:26:25:ea:87:e9:05:f0:13:c6:
                    23:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:83:E7:C6:44:BF:4C:8F:D2:8D:74:E2:A5:22:98:ED:33:FE:54:95
            X509v3 Authority Key Identifier:
                keyid:26:AD:7D:35:60:13:4E:0A:8A:E4:6F:C5:B3:2C:5A:CB:61:DD:E3:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jq19NWATTgqK5G_Fsyxay2Hd45w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/roPnxkS_TI_SjXTipSKY7TP-VJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/98fcb5-87a7-4fde-9847-4902a66b2d95/1/Jq19NWATTgqK5G_Fsyxay2Hd45w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:29:6b:c8:c3:9f:41:31:b1:ed:c8:2f:72:80:90:30:c4:6b:
         d2:08:4a:dd:49:88:37:88:55:80:b1:b8:a0:ca:a6:fd:c3:32:
         be:bd:00:3b:1e:df:ad:73:31:7b:a2:50:1e:ff:ec:45:38:1d:
         8a:98:ac:13:f8:c5:b7:6f:8f:a0:d7:90:9b:cc:6b:8e:ef:3f:
         f0:e1:2f:f1:61:a7:63:2f:e4:f1:91:a4:75:3d:4e:e8:ab:81:
         c2:85:96:51:84:8b:ab:d2:be:9e:96:ee:2c:4e:d5:03:3a:73:
         8b:4f:d7:69:ed:7c:bf:7d:c5:ab:d1:81:df:dc:4f:2b:9f:eb:
         09:da:12:2b:c0:c7:f2:23:b1:5f:99:7d:a9:72:fa:a7:c1:bb:
         6a:18:25:1e:b5:75:b9:ff:b3:5f:08:bf:e6:4c:b2:2e:b1:53:
         02:1e:36:5e:38:3a:6f:d2:57:b6:b9:c9:f3:e2:6c:ff:ce:79:
         3e:00:78:12:eb:d9:3f:ed:65:d1:01:3c:e4:3f:6c:0c:10:cf:
         30:a3:6e:df:40:fe:43:2e:39:d8:60:b2:93:d9:09:41:1d:d7:
         28:93:72:23:d4:a9:bd:50:a0:16:ac:1b:70:b7:cd:b1:3a:dd:
         44:7c:57:a2:03:59:42:86:51:00:04:ae:1b:aa:5c:40:e1:12:
         46:f0:e8:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgOJYyyNNuNwK7Sme6g8z0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2YWQ3ZDM1NjAxMzRlMGE4YWU0NmZjNWIzMmM1YWNiNjFk
ZGUzOWMwHhcNMjUwNzE1MTI1MzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTgzZTdjNjQ0YmY0YzhmZDI4ZDc0ZTJhNTIyOThlZDMzZmU1NDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9e28HipQqDWCeCE3WdxIxmePnKG
DG0z2HR9gZHYm2pPqW5sHS5EjFjzAQd50BrbqZlW4aPfpDZQGztztFaNrte7RFqX
iOPFoIUHedX6GLhzHdfj/LaXO8d/1+Uw8LT0kbqI+GQLQFFbL84lRgzLFOIRtlSu
Q0/RRLBuGyRnvT89KEJVvnZP4fs4c/ha5jghppZum+ME6Mb95aXGDzkEUnRdysDD
RpmgkOZ5ST/bVIwlvFhGfN7ECE8Ss7WC5mOVz9rEr4yNGuIdnjuAm4wHVg0ISN5k
hRzZSINgnqmxvBYhLyH80B0L579LlyI07PtB0II9AZQmJeqH6QXwE8YjSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK6D58ZEv0yP0o104qUimO0z/lSVMB8GA1UdIwQY
MBaAFCatfTVgE04KiuRvxbMsWsth3eOcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnExOU5XQVRUZ3FLNUdfRnN5eGF5MkhkNDV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni85OGZjYjUtODdhNy00ZmRlLTk4NDct
NDkwMmE2NmIyZDk1LzEvcm9QbnhrU19USV9TalhUaXBTS1k3VFAtVkpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni85OGZjYjUtODdhNy00ZmRlLTk4NDctNDkwMmE2NmIyZDk1
LzEvSnExOU5XQVRUZ3FLNUdfRnN5eGF5MkhkNDV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW80qMA0G
CSqGSIb3DQEBCwUAA4IBAQBoKWvIw59BMbHtyC9ygJAwxGvSCErdSYg3iFWAsbig
yqb9wzK+vQA7Ht+tczF7olAe/+xFOB2KmKwT+MW3b4+g15CbzGuO7z/w4S/xYadj
L+TxkaR1PU7oq4HChZZRhIur0r6elu4sTtUDOnOLT9dp7Xy/fcWr0YHf3E8rn+sJ
2hIrwMfyI7FfmX2pcvqnwbtqGCUetXW5/7NfCL/mTLIusVMCHjZeODpv0le2ucnz
4mz/znk+AHgS69k/7WXRATzkP2wMEM8wo27fQP5DLjnYYLKT2QlBHdcok3Ij1Km9
UKAWrBtwt82xOt1EfFeiA1lChlEABK4bqlxA4RJG8OiI
-----END CERTIFICATE-----