Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/ed4a4c-e565-4604-999f-c5274399458b/1/1JGl546XdWjk0oOy56nI8pHJhWk.roa
File:                     1JGl546XdWjk0oOy56nI8pHJhWk.roa (raw, json)
Hash identifier:          uscShTP+qNfU1RA7Q+pYfpaR8pLkQ13vtqeKOAQVAxU=
Subject key identifier:   D4:91:A5:E7:8E:97:75:68:E4:D2:83:B2:E7:A9:C8:F2:91:C9:85:69
Certificate issuer:       /CN=d0c3f954885483cf12a9aed05cce60357fa4b4be
Certificate serial:       019D3E84416E6137D332734046357D273613
Authority key identifier: D0:C3:F9:54:88:54:83:CF:12:A9:AE:D0:5C:CE:60:35:7F:A4:B4:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0MP5VIhUg88Sqa7QXM5gNX-ktL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/ed4a4c-e565-4604-999f-c5274399458b/1/1JGl546XdWjk0oOy56nI8pHJhWk.roa
Signing time:             Mon 30 Mar 2026 11:32:28 +0000
ROA not before:           Mon 30 Mar 2026 11:32:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        91.211.196.0/22 maxlen: 24
                          193.109.152.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/ed4a4c-e565-4604-999f-c5274399458b/1/0MP5VIhUg88Sqa7QXM5gNX-ktL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/ed4a4c-e565-4604-999f-c5274399458b/1/0MP5VIhUg88Sqa7QXM5gNX-ktL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0MP5VIhUg88Sqa7QXM5gNX-ktL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:84:41:6e:61:37:d3:32:73:40:46:35:7d:27:36:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0c3f954885483cf12a9aed05cce60357fa4b4be
        Validity
            Not Before: Mar 30 11:32:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d491a5e78e977568e4d283b2e7a9c8f291c98569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bc:a6:ea:f9:c3:bf:82:2d:0c:20:60:5f:9e:
                    44:99:c8:75:b4:2a:2a:b4:38:44:8b:70:eb:0e:d8:
                    a8:e0:1b:1b:6b:f6:ba:44:1d:99:cb:7c:3a:b3:a9:
                    1b:f4:dd:96:7e:05:01:7e:22:29:77:2e:71:f4:e2:
                    85:f5:63:49:72:f5:c3:51:42:8b:06:53:8a:6b:54:
                    78:35:fc:4b:c5:41:9f:8d:41:5b:7c:5a:3f:1d:c6:
                    8d:17:d9:48:6d:0c:05:25:08:67:af:fa:6f:d3:85:
                    00:68:10:a9:cd:a2:6f:53:23:09:63:fd:f2:c1:1b:
                    a2:3f:46:78:00:36:9a:fd:d4:34:75:fa:5e:db:87:
                    82:7c:f2:06:ee:21:96:c6:a7:d0:80:c4:ec:85:c4:
                    79:10:9f:dd:cd:c3:4d:46:17:f2:22:fa:69:c9:a9:
                    20:d2:2e:9d:ae:72:d8:49:45:f4:f9:01:73:ef:2e:
                    7b:55:ac:44:94:46:d3:46:59:1f:76:b1:f3:c4:b6:
                    34:7c:5a:51:fb:32:18:0c:db:e1:85:bc:13:17:09:
                    44:25:4e:32:9f:fc:74:ad:ea:ae:d1:1b:b8:72:07:
                    78:00:98:64:27:4b:d3:f3:ee:46:53:fc:45:3d:8f:
                    de:7d:3a:27:b5:87:ba:8e:4d:15:1f:0e:39:13:bf:
                    5c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:91:A5:E7:8E:97:75:68:E4:D2:83:B2:E7:A9:C8:F2:91:C9:85:69
            X509v3 Authority Key Identifier:
                keyid:D0:C3:F9:54:88:54:83:CF:12:A9:AE:D0:5C:CE:60:35:7F:A4:B4:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0MP5VIhUg88Sqa7QXM5gNX-ktL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/ed4a4c-e565-4604-999f-c5274399458b/1/1JGl546XdWjk0oOy56nI8pHJhWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/ed4a4c-e565-4604-999f-c5274399458b/1/0MP5VIhUg88Sqa7QXM5gNX-ktL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.196.0/22
                  193.109.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         0c:75:12:98:bb:2c:e9:91:8b:5a:a6:b8:f1:98:2b:a6:e6:f9:
         51:ca:c3:d8:16:9d:63:2c:31:94:a9:8b:fa:b8:20:fa:3a:23:
         5e:a7:ea:1e:2d:59:7a:30:63:16:f6:93:3f:fb:08:6b:26:21:
         3b:0f:c9:63:dc:76:20:a9:ae:d2:6b:46:c7:69:7f:da:0a:d6:
         05:55:3f:3e:c5:66:f8:5e:dc:49:1b:cd:a4:19:cf:1d:54:0a:
         95:80:97:e2:c3:91:52:dc:ac:dc:95:d7:c5:2f:91:ef:53:93:
         fb:60:26:57:71:48:5e:f2:4f:09:13:4f:73:32:25:65:0a:b2:
         f4:d1:00:2c:4e:6f:ff:45:db:31:e4:f7:05:ba:36:ad:07:59:
         96:23:fa:77:40:50:fd:a4:72:4d:72:b1:82:9b:c2:92:d1:d7:
         34:be:b6:a7:20:8c:6f:cf:49:3c:2c:0a:15:7d:e7:ac:7d:16:
         62:1c:d8:75:98:0c:3f:4b:66:fe:9a:39:c2:ce:00:ab:24:6b:
         1d:c3:8a:1b:c3:b2:4b:f3:0b:aa:b1:0b:07:fb:bc:c1:52:07:
         ae:1c:32:6e:51:b5:48:c7:b3:cd:a4:5f:6c:22:45:6f:78:46:
         28:67:7f:90:92:ac:f0:27:72:45:8e:fa:bd:a8:37:54:3d:6e:
         6f:5b:5b:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0+hEFuYTfTMnNARjV9JzYTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYzNmOTU0ODg1NDgzY2YxMmE5YWVkMDVjY2U2MDM1N2Zh
NGI0YmUwHhcNMjYwMzMwMTEzMjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDkxYTVlNzhlOTc3NTY4ZTRkMjgzYjJlN2E5YzhmMjkxYzk4NTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLym6vnDv4ItDCBgX55Emch1tCoq
tDhEi3DrDtio4Bsba/a6RB2Zy3w6s6kb9N2WfgUBfiIpdy5x9OKF9WNJcvXDUUKL
BlOKa1R4NfxLxUGfjUFbfFo/HcaNF9lIbQwFJQhnr/pv04UAaBCpzaJvUyMJY/3y
wRuiP0Z4ADaa/dQ0dfpe24eCfPIG7iGWxqfQgMTshcR5EJ/dzcNNRhfyIvppyakg
0i6drnLYSUX0+QFz7y57VaxElEbTRlkfdrHzxLY0fFpR+zIYDNvhhbwTFwlEJU4y
n/x0requ0Ru4cgd4AJhkJ0vT8+5GU/xFPY/efTontYe6jk0VHw45E79cKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNSRpeeOl3Vo5NKDsuepyPKRyYVpMB8GA1UdIwQY
MBaAFNDD+VSIVIPPEqmu0FzOYDV/pLS+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvME1QNVZJaFVnODhTcWE3UVhNNWdOWC1rdEw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9lZDRhNGMtZTU2NS00NjA0LTk5OWYt
YzUyNzQzOTk0NThiLzEvMUpHbDU0NlhkV2prMG9PeTU2bkk4cEhKaFdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9lZDRhNGMtZTU2NS00NjA0LTk5OWYtYzUyNzQzOTk0NThi
LzEvME1QNVZJaFVnODhTcWE3UVhNNWdOWC1rdEw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9PEAwQD
wW2YMA0GCSqGSIb3DQEBCwUAA4IBAQAMdRKYuyzpkYtaprjxmCum5vlRysPYFp1j
LDGUqYv6uCD6OiNep+oeLVl6MGMW9pM/+whrJiE7D8lj3HYgqa7Sa0bHaX/aCtYF
VT8+xWb4XtxJG82kGc8dVAqVgJfiw5FS3KzcldfFL5HvU5P7YCZXcUhe8k8JE09z
MiVlCrL00QAsTm//Rdsx5PcFujatB1mWI/p3QFD9pHJNcrGCm8KS0dc0vranIIxv
z0k8LAoVfeesfRZiHNh1mAw/S2b+mjnCzgCrJGsdw4obw7JL8wuqsQsH+7zBUgeu
HDJuUbVIx7PNpF9sIkVveEYoZ3+QkqzwJ3JFjvq9qDdUPW5vW1u1
-----END CERTIFICATE-----