Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/KUwsCLnOj7UnQDO9AtqiQOPiYUc.roa
File:                     KUwsCLnOj7UnQDO9AtqiQOPiYUc.roa (raw, json)
Hash identifier:          lzqjyE+qupTSumf/vFQRsxydqU0oLJx0wnlyFUZtlvo=
Subject key identifier:   29:4C:2C:08:B9:CE:8F:B5:27:40:33:BD:02:DA:A2:40:E3:E2:61:47
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019E3100CE745ECF14DD7CE12B6196B6CC8A
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/KUwsCLnOj7UnQDO9AtqiQOPiYUc.roa
Signing time:             Sat 16 May 2026 13:36:36 +0000
ROA not before:           Sat 16 May 2026 13:36:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209057
IP address blocks:        91.199.230.0/24 maxlen: 24
                          2a0d:d940:90aa::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:31:00:ce:74:5e:cf:14:dd:7c:e1:2b:61:96:b6:cc:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: May 16 13:36:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=294c2c08b9ce8fb5274033bd02daa240e3e26147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:7e:c7:04:d8:4a:bf:d7:de:8e:fa:a9:81:0a:
                    05:9e:31:bf:2f:a5:3e:2f:5f:3d:97:dc:dc:79:01:
                    21:d0:b0:a2:d0:2a:20:d1:f4:c1:2c:9f:36:32:d3:
                    d0:3f:97:34:bb:74:47:a8:69:28:59:73:13:31:a9:
                    2d:18:20:cb:0c:d2:4d:eb:f7:df:93:3a:09:ab:2b:
                    22:0f:b0:64:82:44:65:3d:08:98:b8:0f:19:c4:3e:
                    01:e8:a4:e7:7d:d9:f4:94:1e:a2:06:9f:b7:d1:c0:
                    2a:6f:a4:20:4e:81:23:74:46:3d:f9:22:16:dc:45:
                    18:ee:26:fc:ea:b8:04:66:b4:98:9d:b0:e4:2f:2c:
                    50:62:e6:3c:b1:88:d0:9b:10:ba:ec:dd:f3:19:c7:
                    c2:48:b0:6a:30:53:14:70:fd:77:91:05:fc:8d:bb:
                    d7:cc:7f:05:47:9f:1b:f2:b3:42:f0:65:97:e2:ee:
                    d3:58:f7:32:51:ed:ce:6d:72:09:49:a3:23:a9:1b:
                    4f:29:ce:ac:e6:5d:f7:8f:23:24:95:fd:2f:32:a3:
                    db:8b:f7:c0:98:05:39:e1:5d:0d:40:90:af:73:b9:
                    a2:44:71:9c:c8:21:be:96:f4:83:a2:3d:bd:6e:97:
                    20:90:a1:cc:16:50:d2:8e:16:81:9e:84:e4:61:c1:
                    e0:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:4C:2C:08:B9:CE:8F:B5:27:40:33:BD:02:DA:A2:40:E3:E2:61:47
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/KUwsCLnOj7UnQDO9AtqiQOPiYUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.230.0/24
                IPv6:
                  2a0d:d940:90aa::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:18:b4:ba:df:01:2f:e5:8a:2b:f2:d2:f4:2c:f7:6b:a2:8b:
         ae:29:ac:d1:62:cf:99:69:50:87:b2:c2:b5:ce:cc:88:da:da:
         aa:7b:4a:2c:c0:60:e4:6a:a0:b1:db:b9:a2:26:b8:a6:34:fb:
         b0:38:2e:bb:0f:61:aa:8f:86:bd:54:c1:e6:ea:c3:9b:01:d3:
         62:27:55:9b:be:02:90:6d:ce:35:12:da:db:df:fd:00:aa:c6:
         19:e6:22:94:5d:78:ef:8d:8a:e7:b8:0d:50:40:f5:da:7f:15:
         60:1a:ac:f4:a7:ed:bc:e7:b9:0b:e0:31:ba:58:2e:75:0d:3b:
         fd:3f:d3:ff:02:12:fe:56:d9:78:08:b7:71:d8:43:74:dd:70:
         35:71:4d:1c:3b:3d:83:3c:f9:24:11:32:55:38:7a:34:7a:4b:
         9a:7f:7d:75:86:5c:8d:ed:d4:f1:a5:d1:14:d4:96:ed:cc:f3:
         af:0b:4c:c8:f8:de:15:2f:91:67:0f:a0:cf:9b:c0:c0:b4:ea:
         a5:9b:8c:b1:ec:f6:f8:b0:2e:04:89:ba:bd:03:1e:73:69:7b:
         af:3b:b7:dd:a6:78:2b:1f:ff:5f:31:83:75:2d:0b:e7:7f:ce:
         8a:47:7c:7a:94:37:c6:55:53:6a:1c:4d:78:e6:50:20:3a:ff:
         5a:7d:41:c8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ4xAM50Xs8U3XzhK2GWtsyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNTE2MTMzNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTRjMmMwOGI5Y2U4ZmI1Mjc0MDMzYmQwMmRhYTI0MGUzZTI2MTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjX7HBNhKv9fejvqpgQoFnjG/L6U+
L189l9zceQEh0LCi0Cog0fTBLJ82MtPQP5c0u3RHqGkoWXMTMaktGCDLDNJN6/ff
kzoJqysiD7BkgkRlPQiYuA8ZxD4B6KTnfdn0lB6iBp+30cAqb6QgToEjdEY9+SIW
3EUY7ib86rgEZrSYnbDkLyxQYuY8sYjQmxC67N3zGcfCSLBqMFMUcP13kQX8jbvX
zH8FR58b8rNC8GWX4u7TWPcyUe3ObXIJSaMjqRtPKc6s5l33jyMklf0vMqPbi/fA
mAU54V0NQJCvc7miRHGcyCG+lvSDoj29bpcgkKHMFlDSjhaBnoTkYcHgaQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFClMLAi5zo+1J0AzvQLaokDj4mFHMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvS1V3c0NMbk9qN1VuUURPOUF0cWlRT1BpWVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8fmMA8E
AgACMAkDBwAqDdlAkKowDQYJKoZIhvcNAQELBQADggEBAJoYtLrfAS/liivy0vQs
92uii64prNFiz5lpUIeywrXOzIja2qp7SizAYORqoLHbuaImuKY0+7A4LrsPYaqP
hr1Uwebqw5sB02InVZu+ApBtzjUS2tvf/QCqxhnmIpRdeO+Niue4DVBA9dp/FWAa
rPSn7bznuQvgMbpYLnUNO/0/0/8CEv5W2XgIt3HYQ3TdcDVxTRw7PYM8+SQRMlU4
ejR6S5p/fXWGXI3t1PGl0RTUlu3M868LTMj43hUvkWcPoM+bwMC06qWbjLHs9viw
LgSJur0DHnNpe687t92meCsf/18xg3UtC+d/zopHfHqUN8ZVU2ocTXjmUCA6/1p9
Qcg=
-----END CERTIFICATE-----