Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/c07bIsHBnYan2_awwduVtTU7DUI.roa
File:                     c07bIsHBnYan2_awwduVtTU7DUI.roa (raw, json)
Hash identifier:          mqMh/xKPr8DCyDidpLkePZTFgnIP6RdmLVjUadJSWGE=
Subject key identifier:   73:4E:DB:22:C1:C1:9D:86:A7:DB:F6:B0:C1:DB:95:B5:35:3B:0D:42
Certificate issuer:       /CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
Certificate serial:       019D492441A19247703F3BB0333FA46EBC37
Authority key identifier: DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/c07bIsHBnYan2_awwduVtTU7DUI.roa
Signing time:             Wed 01 Apr 2026 13:03:25 +0000
ROA not before:           Wed 01 Apr 2026 13:03:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        91.212.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:49:24:41:a1:92:47:70:3f:3b:b0:33:3f:a4:6e:bc:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
        Validity
            Not Before: Apr  1 13:03:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=734edb22c1c19d86a7dbf6b0c1db95b5353b0d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e7:bd:09:9c:ee:15:09:45:19:53:75:c3:fb:
                    77:05:f1:13:5c:5d:b1:88:71:a0:21:9f:1e:ce:41:
                    40:2f:b3:f5:f3:9c:a8:0f:99:76:9c:74:66:a8:4d:
                    33:2c:37:80:11:47:e1:9b:cb:35:51:ef:3e:96:4a:
                    65:2f:2c:eb:71:da:c0:fb:21:aa:ff:3d:dd:86:7d:
                    7b:1e:a8:6b:a5:78:e3:30:7d:f4:48:7f:fb:b6:03:
                    f7:0b:b9:b0:00:bc:54:23:0a:5c:8e:0e:26:36:87:
                    a7:0e:b8:7e:89:7f:db:dc:c2:1a:f7:67:39:6f:cd:
                    7e:2f:5d:94:69:9c:43:1c:17:af:48:0a:e5:b8:5a:
                    4c:c8:3a:82:9a:f8:17:e3:29:77:0a:e4:18:67:d5:
                    d9:63:e9:d5:30:69:c4:d7:50:03:93:69:a2:4e:d9:
                    51:f6:fd:3f:f7:45:5b:f9:f8:01:00:f3:73:88:97:
                    43:11:26:34:fc:64:d1:8a:91:ef:17:47:75:36:da:
                    64:d3:4d:1f:d0:29:5e:0a:4c:79:5a:7f:bb:5e:07:
                    5f:15:35:05:08:76:56:a3:73:e3:d0:31:f6:2c:6b:
                    b2:3f:9f:89:99:97:60:4a:d9:54:5f:45:0b:03:4c:
                    19:68:df:48:b9:03:6d:db:bc:c0:9e:46:ca:c5:81:
                    07:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:4E:DB:22:C1:C1:9D:86:A7:DB:F6:B0:C1:DB:95:B5:35:3B:0D:42
            X509v3 Authority Key Identifier:
                keyid:DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/c07bIsHBnYan2_awwduVtTU7DUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:2b:e3:b6:a4:1a:10:1f:d2:1f:58:d6:d0:ea:22:af:20:b5:
         94:5b:50:6b:59:7f:2c:2b:e1:21:3f:01:97:3b:6e:a4:cd:be:
         01:fd:45:00:a4:f5:bb:a9:f1:b8:c0:2b:f6:48:a2:8b:a6:57:
         02:e3:9f:11:af:fb:4f:e1:59:e6:02:08:ea:b1:24:22:c4:1b:
         a5:55:ad:89:73:07:9c:5e:d5:25:eb:4e:02:54:5b:3c:0b:e6:
         68:75:70:49:ac:ba:e2:f6:f5:21:4a:3d:c1:3e:39:fa:3d:8b:
         dc:0f:01:b8:01:0f:f9:19:b5:d2:22:ee:17:26:cd:f2:99:41:
         74:95:a4:52:9b:b4:1f:c6:72:8e:30:fc:24:ce:16:d5:b4:86:
         9b:cf:4b:37:1f:0a:70:95:ef:6f:82:a2:e4:39:f3:65:02:e4:
         48:24:cf:c3:99:6e:21:48:e1:ca:50:62:8c:76:15:57:83:8b:
         a1:a1:74:f3:bd:6f:6c:7c:f4:c2:e8:1f:b5:90:7c:5e:d5:79:
         a6:64:b0:db:d5:61:1d:c1:9b:31:8b:03:26:f4:44:a7:83:80:
         5b:c0:58:6d:7a:ae:99:a0:02:75:95:4d:1c:92:07:86:d7:87:
         b0:b3:a0:85:45:cc:ac:73:ae:d5:19:c9:11:1f:14:03:b5:f9:
         de:bc:4c:b0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1JJEGhkkdwPzuwMz+kbrw3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGU5MWEwZmIxZjRkZDE3OTAwZDA2ZGI2ZTg4MzM2Zjc4
YjVjMDUwHhcNMjYwNDAxMTMwMzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzRlZGIyMmMxYzE5ZDg2YTdkYmY2YjBjMWRiOTViNTM1M2IwZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoee9CZzuFQlFGVN1w/t3BfETXF2x
iHGgIZ8ezkFAL7P185yoD5l2nHRmqE0zLDeAEUfhm8s1Ue8+lkplLyzrcdrA+yGq
/z3dhn17HqhrpXjjMH30SH/7tgP3C7mwALxUIwpcjg4mNoenDrh+iX/b3MIa92c5
b81+L12UaZxDHBevSArluFpMyDqCmvgX4yl3CuQYZ9XZY+nVMGnE11ADk2miTtlR
9v0/90Vb+fgBAPNziJdDESY0/GTRipHvF0d1Ntpk000f0CleCkx5Wn+7XgdfFTUF
CHZWo3Pj0DH2LGuyP5+JmZdgStlUX0ULA0wZaN9IuQNt27zAnkbKxYEHXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHNO2yLBwZ2Gp9v2sMHblbU1Ow1CMB8GA1UdIwQY
MBaAFN7ekaD7H03ReQDQbbbogzb3i1wFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMt
MjFhNzAwYzcxMTlmLzEvYzA3YklzSEJuWWFuMl9hd3dkdVZ0VFU3RFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMtMjFhNzAwYzcxMTlm
LzEvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9R9MA0G
CSqGSIb3DQEBCwUAA4IBAQCWK+O2pBoQH9IfWNbQ6iKvILWUW1BrWX8sK+EhPwGX
O26kzb4B/UUApPW7qfG4wCv2SKKLplcC458Rr/tP4VnmAgjqsSQixBulVa2Jcwec
XtUl604CVFs8C+ZodXBJrLri9vUhSj3BPjn6PYvcDwG4AQ/5GbXSIu4XJs3ymUF0
laRSm7QfxnKOMPwkzhbVtIabz0s3Hwpwle9vgqLkOfNlAuRIJM/DmW4hSOHKUGKM
dhVXg4uhoXTzvW9sfPTC6B+1kHxe1XmmZLDb1WEdwZsxiwMm9ESng4BbwFhteq6Z
oAJ1lU0ckgeG14ews6CFRcysc67VGckRHxQDtfnevEyw
-----END CERTIFICATE-----