Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/ibQR5d1f9YuNRleB1lEGG40hVjI.roa
File:                     ibQR5d1f9YuNRleB1lEGG40hVjI.roa (raw, json)
Hash identifier:          eJ7NUjjHSZG0K+6u15PytmHxHDBWRH5YWbs+72aktr8=
Subject key identifier:   89:B4:11:E5:DD:5F:F5:8B:8D:46:57:81:D6:51:06:1B:8D:21:56:32
Certificate issuer:       /CN=834544e1a3e228c4d3647f62a9d8c96ace9e2c31
Certificate serial:       019B7D5C56D639E08B9FCE0C0D0ED8B50F10
Authority key identifier: 83:45:44:E1:A3:E2:28:C4:D3:64:7F:62:A9:D8:C9:6A:CE:9E:2C:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g0VE4aPiKMTTZH9iqdjJas6eLDE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/ibQR5d1f9YuNRleB1lEGG40hVjI.roa
Signing time:             Fri 02 Jan 2026 06:19:22 +0000
ROA not before:           Fri 02 Jan 2026 06:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205431
IP address blocks:        91.207.74.0/23 maxlen: 23
                          2a0a:6a40::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/g0VE4aPiKMTTZH9iqdjJas6eLDE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/g0VE4aPiKMTTZH9iqdjJas6eLDE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g0VE4aPiKMTTZH9iqdjJas6eLDE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5c:56:d6:39:e0:8b:9f:ce:0c:0d:0e:d8:b5:0f:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=834544e1a3e228c4d3647f62a9d8c96ace9e2c31
        Validity
            Not Before: Jan  2 06:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89b411e5dd5ff58b8d465781d651061b8d215632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:71:27:09:ef:39:06:1c:00:7b:35:a0:aa:5b:
                    c8:5c:c2:40:3b:85:24:9c:13:e4:41:9c:e8:9f:6e:
                    89:91:3b:27:ba:a6:d5:4f:d5:0e:a4:54:a6:95:ba:
                    c9:6a:de:05:78:19:87:d1:f4:95:ba:d9:b7:af:73:
                    b4:d2:6b:15:dd:59:6c:49:97:17:b5:d5:90:db:a1:
                    d8:31:2c:61:61:fd:ab:32:71:c4:a5:92:06:c5:ec:
                    35:d9:a1:f6:b9:73:7c:ff:23:45:3d:df:df:11:04:
                    6e:f9:1d:f9:44:9e:5a:b7:84:13:fd:46:98:0a:73:
                    fa:ac:66:3d:06:53:cf:d2:ff:1a:1b:f9:e6:72:38:
                    51:a1:03:8c:0b:8b:ce:f7:a4:c3:58:f3:f3:0b:99:
                    5e:14:18:59:3d:f6:94:94:16:e4:18:2a:20:86:e0:
                    fa:38:bf:83:34:43:67:ad:55:bc:d3:7e:fd:80:ef:
                    87:28:18:93:de:29:f5:fd:3a:4c:ca:b3:12:85:40:
                    c5:97:67:e9:2e:9a:6c:99:38:11:42:c1:a3:10:5d:
                    b1:d1:87:31:b4:ff:ac:34:e4:47:0e:fe:01:32:5c:
                    19:7e:e8:a7:4f:9f:24:2c:11:bd:7c:8d:82:b2:f5:
                    5d:04:95:62:03:30:bc:ab:f6:07:ff:64:b5:05:d4:
                    3f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:B4:11:E5:DD:5F:F5:8B:8D:46:57:81:D6:51:06:1B:8D:21:56:32
            X509v3 Authority Key Identifier:
                keyid:83:45:44:E1:A3:E2:28:C4:D3:64:7F:62:A9:D8:C9:6A:CE:9E:2C:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g0VE4aPiKMTTZH9iqdjJas6eLDE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/ibQR5d1f9YuNRleB1lEGG40hVjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/b2eaa8-898b-4f33-afb9-89267e528009/1/g0VE4aPiKMTTZH9iqdjJas6eLDE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.207.74.0/23
                IPv6:
                  2a0a:6a40::/32

    Signature Algorithm: sha256WithRSAEncryption
         54:4f:62:19:e8:2b:14:6e:31:f7:16:54:a5:c5:fb:8c:21:c1:
         76:d2:ee:87:53:8a:95:af:e1:f3:e3:6d:89:72:62:fa:3d:ca:
         ef:a5:a1:eb:22:b5:45:40:13:f5:8d:fb:f1:64:49:9a:e5:55:
         f1:d8:d7:03:64:cf:cf:f3:de:69:09:fe:57:ec:f4:6b:dd:82:
         fd:aa:b3:df:b7:1f:e2:ad:c3:d4:16:a3:3b:cf:85:c5:8f:36:
         4d:e3:55:56:28:00:ca:fd:2e:5b:fe:45:8b:4f:b5:41:68:99:
         5f:bd:ae:60:4b:10:35:dd:b6:cf:bc:14:03:46:82:f3:1b:bf:
         de:97:30:11:ba:f6:39:ea:c7:b7:25:54:c0:6e:6c:58:ff:48:
         4e:00:82:e4:99:27:6c:66:bb:ae:84:73:f2:b0:6d:25:b1:21:
         7b:08:89:4d:a8:94:9d:b4:44:52:d7:18:96:13:45:fe:0c:ae:
         da:be:ef:56:0f:c2:9d:6c:69:04:35:bb:bd:45:ad:a7:54:b9:
         6a:e5:dd:5a:44:a7:59:2f:fe:aa:9c:54:94:f6:8a:04:4b:c4:
         31:8e:d6:86:48:8f:21:f7:b2:80:16:8c:43:5d:4c:5e:2b:9c:
         1d:2f:3b:2e:90:e9:1f:f6:73:17:a6:76:e7:a4:90:54:46:4a:
         dc:99:20:5c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZt9XFbWOeCLn84MDQ7YtQ8QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNDU0NGUxYTNlMjI4YzRkMzY0N2Y2MmE5ZDhjOTZhY2U5
ZTJjMzEwHhcNMjYwMTAyMDYxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWI0MTFlNWRkNWZmNThiOGQ0NjU3ODFkNjUxMDYxYjhkMjE1NjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2XEnCe85BhwAezWgqlvIXMJAO4Uk
nBPkQZzon26JkTsnuqbVT9UOpFSmlbrJat4FeBmH0fSVutm3r3O00msV3VlsSZcX
tdWQ26HYMSxhYf2rMnHEpZIGxew12aH2uXN8/yNFPd/fEQRu+R35RJ5at4QT/UaY
CnP6rGY9BlPP0v8aG/nmcjhRoQOMC4vO96TDWPPzC5leFBhZPfaUlBbkGCoghuD6
OL+DNENnrVW80379gO+HKBiT3in1/TpMyrMShUDFl2fpLppsmTgRQsGjEF2x0Ycx
tP+sNORHDv4BMlwZfuinT58kLBG9fI2CsvVdBJViAzC8q/YH/2S1BdQ/rwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIm0EeXdX/WLjUZXgdZRBhuNIVYyMB8GA1UdIwQY
MBaAFINFROGj4ijE02R/YqnYyWrOniwxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzBWRTRhUGlLTVRUWkg5aXFkakphczZlTERFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9iMmVhYTgtODk4Yi00ZjMzLWFmYjkt
ODkyNjdlNTI4MDA5LzEvaWJRUjVkMWY5WXVOUmxlQjFsRUdHNDBoVmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9iMmVhYTgtODk4Yi00ZjMzLWFmYjktODkyNjdlNTI4MDA5
LzEvZzBWRTRhUGlLTVRUWkg5aXFkakphczZlTERFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBW89KMA0E
AgACMAcDBQAqCmpAMA0GCSqGSIb3DQEBCwUAA4IBAQBUT2IZ6CsUbjH3FlSlxfuM
IcF20u6HU4qVr+Hz422JcmL6PcrvpaHrIrVFQBP1jfvxZEma5VXx2NcDZM/P895p
Cf5X7PRr3YL9qrPftx/ircPUFqM7z4XFjzZN41VWKADK/S5b/kWLT7VBaJlfva5g
SxA13bbPvBQDRoLzG7/elzARuvY56se3JVTAbmxY/0hOAILkmSdsZruuhHPysG0l
sSF7CIlNqJSdtERS1xiWE0X+DK7avu9WD8KdbGkENbu9Ra2nVLlq5d1aRKdZL/6q
nFSU9ooES8QxjtaGSI8h97KAFoxDXUxeK5wdLzsukOkf9nMXpnbnpJBURkrcmSBc
-----END CERTIFICATE-----