Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/WnjDTxLEaqOui0Ha0cHV61JSgqM.roa
File:                     WnjDTxLEaqOui0Ha0cHV61JSgqM.roa (raw, json)
Hash identifier:          /Hg6cfcRzcdPSVYjlpQQ2lt5H6wf7ZaOp41HGAyx/Ko=
Subject key identifier:   5A:78:C3:4F:12:C4:6A:A3:AE:8B:41:DA:D1:C1:D5:EB:52:52:82:A3
Certificate issuer:       /CN=20e23dd05849cc813255ab8d1b853fb9c45d8694
Certificate serial:       0198513665B5A57F0074C478B68DEB7F6460
Authority key identifier: 20:E2:3D:D0:58:49:CC:81:32:55:AB:8D:1B:85:3F:B9:C4:5D:86:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IOI90FhJzIEyVauNG4U_ucRdhpQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/WnjDTxLEaqOui0Ha0cHV61JSgqM.roa
Signing time:             Mon 28 Jul 2025 13:26:16 +0000
ROA not before:           Mon 28 Jul 2025 13:26:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214526
IP address blocks:        91.234.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/IOI90FhJzIEyVauNG4U_ucRdhpQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/IOI90FhJzIEyVauNG4U_ucRdhpQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IOI90FhJzIEyVauNG4U_ucRdhpQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 19:02:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:51:36:65:b5:a5:7f:00:74:c4:78:b6:8d:eb:7f:64:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=20e23dd05849cc813255ab8d1b853fb9c45d8694
        Validity
            Not Before: Jul 28 13:26:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a78c34f12c46aa3ae8b41dad1c1d5eb525282a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:25:d4:51:8c:15:41:33:a7:02:e9:02:b6:0e:
                    4e:af:87:f5:b5:54:59:56:6e:13:0d:d0:48:71:b7:
                    2f:89:56:f8:b5:0a:22:14:2e:fd:e2:67:9c:bb:b9:
                    c8:00:21:44:ef:d6:88:de:ce:a2:45:ca:c9:0e:c1:
                    95:45:34:33:56:f6:ad:58:b9:3b:f0:5a:f2:be:81:
                    c9:3f:8d:02:36:85:43:3a:d9:20:ea:5a:d7:02:7b:
                    84:7b:e0:23:27:37:a2:f1:aa:af:1f:f8:7d:59:fe:
                    17:b5:9f:4e:22:ad:32:65:1d:79:9b:62:2a:d9:a4:
                    ed:dd:5a:7b:70:3d:c1:ba:ba:7a:ee:0e:8e:19:85:
                    45:e7:94:3c:b1:81:d2:03:29:6f:de:c3:74:2e:a4:
                    ee:ab:a2:c3:53:59:e0:20:5d:ca:31:12:7c:33:ce:
                    46:55:58:31:43:4d:87:a6:4b:d4:77:d0:95:e3:77:
                    0f:34:a4:9e:09:b9:81:63:f4:b3:e5:bc:25:05:27:
                    b7:77:37:1e:cd:52:ac:33:b0:bf:68:7e:a2:66:b9:
                    83:4d:0a:0f:9c:9e:ce:49:78:2e:5c:8f:6a:1a:46:
                    3f:f3:8f:09:44:eb:ba:73:6a:fc:63:31:d6:61:62:
                    a8:ca:8c:e6:11:c8:c8:28:16:f1:6c:f4:51:b2:64:
                    8a:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:78:C3:4F:12:C4:6A:A3:AE:8B:41:DA:D1:C1:D5:EB:52:52:82:A3
            X509v3 Authority Key Identifier:
                keyid:20:E2:3D:D0:58:49:CC:81:32:55:AB:8D:1B:85:3F:B9:C4:5D:86:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IOI90FhJzIEyVauNG4U_ucRdhpQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/WnjDTxLEaqOui0Ha0cHV61JSgqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/c16717-855d-4391-b79f-b888a3124454/1/IOI90FhJzIEyVauNG4U_ucRdhpQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:ad:e8:04:33:85:3a:c0:07:6a:db:b6:2c:a3:d6:68:c2:e2:
         8b:1a:5e:fd:34:54:9a:81:c4:d8:de:98:e1:f0:eb:b4:2a:9d:
         f6:1d:d2:e9:e1:64:2a:15:8f:aa:2f:8c:89:01:05:c1:12:67:
         0f:6b:7f:05:33:a6:8b:2a:1a:71:02:93:f1:f6:16:4f:98:13:
         d0:d9:f4:9c:58:14:6b:2b:48:c5:ce:11:62:99:39:61:1d:93:
         68:90:0a:8b:7e:a2:be:73:29:d6:63:9d:d6:5d:18:40:3f:16:
         84:15:75:81:03:73:d2:7b:16:fd:a7:a7:c7:6d:78:c3:ee:41:
         47:37:e5:eb:6a:2b:39:b0:68:b7:41:80:ca:08:62:de:8f:2f:
         0a:2e:01:e4:a1:e7:a5:05:22:e1:b3:79:19:52:10:b2:c9:55:
         18:18:9d:30:b5:0a:db:a5:8e:2b:f0:90:04:ca:30:33:e4:84:
         13:ba:06:a6:9a:55:f5:d4:4c:d6:8e:e4:74:5f:77:df:28:d2:
         ee:4b:fb:bd:3b:f8:07:f3:e3:20:55:db:9f:98:09:75:cd:b6:
         11:61:8e:6c:1f:42:a9:1c:fd:5a:c3:f9:c9:6c:21:87:04:e5:
         3c:62:ed:ad:f0:9c:33:c6:72:c5:cc:13:3a:a9:f6:33:f0:c7:
         3b:35:d9:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhRNmW1pX8AdMR4to3rf2RgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwZTIzZGQwNTg0OWNjODEzMjU1YWI4ZDFiODUzZmI5YzQ1
ZDg2OTQwHhcNMjUwNzI4MTMyNjE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTc4YzM0ZjEyYzQ2YWEzYWU4YjQxZGFkMWMxZDVlYjUyNTI4MmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiXUUYwVQTOnAukCtg5Or4f1tVRZ
Vm4TDdBIcbcviVb4tQoiFC794mecu7nIACFE79aI3s6iRcrJDsGVRTQzVvatWLk7
8FryvoHJP40CNoVDOtkg6lrXAnuEe+AjJzei8aqvH/h9Wf4XtZ9OIq0yZR15m2Iq
2aTt3Vp7cD3Burp67g6OGYVF55Q8sYHSAylv3sN0LqTuq6LDU1ngIF3KMRJ8M85G
VVgxQ02HpkvUd9CV43cPNKSeCbmBY/Sz5bwlBSe3dzcezVKsM7C/aH6iZrmDTQoP
nJ7OSXguXI9qGkY/848JROu6c2r8YzHWYWKoyozmEcjIKBbxbPRRsmSKRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFp4w08SxGqjrotB2tHB1etSUoKjMB8GA1UdIwQY
MBaAFCDiPdBYScyBMlWrjRuFP7nEXYaUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSU9JOTBGaEp6SUV5VmF1Tkc0VV91Y1JkaHBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9jMTY3MTctODU1ZC00MzkxLWI3OWYt
Yjg4OGEzMTI0NDU0LzEvV25qRFR4TEVhcU91aTBIYTBjSFY2MUpTZ3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9jMTY3MTctODU1ZC00MzkxLWI3OWYtYjg4OGEzMTI0NDU0
LzEvSU9JOTBGaEp6SUV5VmF1Tkc0VV91Y1JkaHBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+qTMA0G
CSqGSIb3DQEBCwUAA4IBAQAgregEM4U6wAdq27Yso9ZowuKLGl79NFSagcTY3pjh
8Ou0Kp32HdLp4WQqFY+qL4yJAQXBEmcPa38FM6aLKhpxApPx9hZPmBPQ2fScWBRr
K0jFzhFimTlhHZNokAqLfqK+cynWY53WXRhAPxaEFXWBA3PSexb9p6fHbXjD7kFH
N+Xrais5sGi3QYDKCGLejy8KLgHkoeelBSLhs3kZUhCyyVUYGJ0wtQrbpY4r8JAE
yjAz5IQTugammlX11EzWjuR0X3ffKNLuS/u9O/gH8+MgVdufmAl1zbYRYY5sH0Kp
HP1aw/nJbCGHBOU8Yu2t8JwzxnLFzBM6qfYz8Mc7NdkX
-----END CERTIFICATE-----