Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/7b5433-09f2-4fb4-8f1f-379aba6085d9/1/ET3eFznWxgwShRfiYGjFvNy7SKc.roa
File:                     ET3eFznWxgwShRfiYGjFvNy7SKc.roa (raw, json)
Hash identifier:          63hlRULAYmLDM6pg7yiYDSDNZ9FprmQDZcz9CFNIYXc=
Subject key identifier:   11:3D:DE:17:39:D6:C6:0C:12:85:17:E2:60:68:C5:BC:DC:BB:48:A7
Certificate issuer:       /CN=4c175e2d4329bfc4aad1f955d8e6edf7aa49cb03
Certificate serial:       019E97269AB75EF79585A4FEC3F6DF059A6B
Authority key identifier: 4C:17:5E:2D:43:29:BF:C4:AA:D1:F9:55:D8:E6:ED:F7:AA:49:CB:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TBdeLUMpv8Sq0flV2Obt96pJywM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/7b5433-09f2-4fb4-8f1f-379aba6085d9/1/ET3eFznWxgwShRfiYGjFvNy7SKc.roa
Signing time:             Fri 05 Jun 2026 09:39:10 +0000
ROA not before:           Fri 05 Jun 2026 09:39:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59711
IP address blocks:        91.223.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/7b5433-09f2-4fb4-8f1f-379aba6085d9/1/TBdeLUMpv8Sq0flV2Obt96pJywM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/7b5433-09f2-4fb4-8f1f-379aba6085d9/1/TBdeLUMpv8Sq0flV2Obt96pJywM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TBdeLUMpv8Sq0flV2Obt96pJywM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 09:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:26:9a:b7:5e:f7:95:85:a4:fe:c3:f6:df:05:9a:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c175e2d4329bfc4aad1f955d8e6edf7aa49cb03
        Validity
            Not Before: Jun  5 09:39:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=113dde1739d6c60c128517e26068c5bcdcbb48a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:f8:1b:f8:87:d7:ee:44:4f:68:47:16:c4:a0:
                    85:ad:75:1f:51:f0:54:4e:c7:d5:20:d0:cd:5e:bf:
                    a1:fc:7c:eb:01:39:14:10:1c:29:95:da:aa:17:b2:
                    d4:c2:93:64:e0:03:ab:cd:be:8d:bd:28:32:bc:28:
                    8d:ed:08:f7:51:4c:83:60:bf:62:2a:a8:70:84:c0:
                    58:9b:d1:9b:49:53:cd:7e:13:61:44:c5:ac:96:5a:
                    65:1b:f5:d8:3b:44:14:8a:51:33:c6:01:2b:54:91:
                    c4:c0:4c:5c:85:0f:38:48:31:46:81:3d:23:6e:de:
                    8a:0a:e4:71:2a:72:a0:5b:08:02:dc:e5:a7:b6:b2:
                    28:08:74:13:50:ba:9b:b6:fa:49:11:32:85:ae:18:
                    13:ef:66:2a:a4:97:9a:c7:67:a0:5a:8b:f7:76:0f:
                    21:5a:f0:33:60:96:f3:28:d1:bc:6d:4f:aa:78:26:
                    0e:0b:93:6d:6c:3f:1a:c4:19:8d:38:fc:90:07:79:
                    56:b6:9b:37:fe:5b:c1:a2:60:9d:58:f1:db:13:ce:
                    2b:97:81:4c:8b:88:26:f9:0b:c1:34:b3:74:a0:a3:
                    f0:c5:44:22:0f:29:ef:06:06:4a:7b:b1:02:76:ff:
                    57:e1:74:b0:38:ce:f1:b1:28:d2:4f:8d:82:0e:de:
                    9d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:3D:DE:17:39:D6:C6:0C:12:85:17:E2:60:68:C5:BC:DC:BB:48:A7
            X509v3 Authority Key Identifier:
                keyid:4C:17:5E:2D:43:29:BF:C4:AA:D1:F9:55:D8:E6:ED:F7:AA:49:CB:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TBdeLUMpv8Sq0flV2Obt96pJywM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7b5433-09f2-4fb4-8f1f-379aba6085d9/1/ET3eFznWxgwShRfiYGjFvNy7SKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/7b5433-09f2-4fb4-8f1f-379aba6085d9/1/TBdeLUMpv8Sq0flV2Obt96pJywM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:42:41:42:9b:df:a5:c4:9d:98:72:9e:a8:ca:de:16:f3:c5:
         0c:a6:d6:f6:6a:ab:44:79:8a:76:43:df:9c:55:5d:66:67:6b:
         1a:04:03:fc:ea:f3:17:3c:8b:cf:db:93:30:21:0e:04:0b:27:
         b9:c3:ca:c7:a0:89:d5:61:68:99:8a:e1:d6:0f:dc:fe:84:3c:
         b3:53:c6:87:8a:15:8c:9c:3b:4c:7c:dc:95:03:98:3b:a3:23:
         55:b3:b7:28:13:7a:72:bc:cc:92:e4:2c:b0:58:a3:af:c3:b0:
         f2:de:43:e4:13:44:6f:59:35:2b:45:fd:0b:0f:47:1a:50:3f:
         2c:cc:84:83:4b:a8:95:8c:6e:08:6f:79:a6:51:16:46:56:99:
         8c:d5:ac:84:be:7e:6b:48:14:3b:15:77:b6:2d:a7:e5:4d:b3:
         73:c2:3a:04:63:b0:9c:52:86:7e:27:54:c5:bb:48:ac:ab:b0:
         8e:ec:da:c0:31:bb:f4:39:74:6d:89:69:05:1a:c2:99:0d:f6:
         56:4d:ea:83:63:84:ab:74:18:03:7d:2f:81:3a:b3:d0:8f:86:
         99:ed:a0:57:a7:72:b7:79:4e:21:bf:40:81:9d:39:02:f7:5b:
         80:39:74:0d:54:a9:fd:57:dd:1e:87:3b:38:69:e4:7c:d8:86:
         e6:1d:cf:3c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6XJpq3XveVhaT+w/bfBZprMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjMTc1ZTJkNDMyOWJmYzRhYWQxZjk1NWQ4ZTZlZGY3YWE0
OWNiMDMwHhcNMjYwNjA1MDkzOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTNkZGUxNzM5ZDZjNjBjMTI4NTE3ZTI2MDY4YzViY2RjYmI0OGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq/gb+IfX7kRPaEcWxKCFrXUfUfBU
TsfVINDNXr+h/HzrATkUEBwpldqqF7LUwpNk4AOrzb6NvSgyvCiN7Qj3UUyDYL9i
KqhwhMBYm9GbSVPNfhNhRMWsllplG/XYO0QUilEzxgErVJHEwExchQ84SDFGgT0j
bt6KCuRxKnKgWwgC3OWntrIoCHQTULqbtvpJETKFrhgT72YqpJeax2egWov3dg8h
WvAzYJbzKNG8bU+qeCYOC5NtbD8axBmNOPyQB3lWtps3/lvBomCdWPHbE84rl4FM
i4gm+QvBNLN0oKPwxUQiDynvBgZKe7ECdv9X4XSwOM7xsSjST42CDt6dEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBE93hc51sYMEoUX4mBoxbzcu0inMB8GA1UdIwQY
MBaAFEwXXi1DKb/EqtH5Vdjm7feqScsDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEJkZUxVTXB2OFNxMGZsVjJPYnQ5NnBKeXdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi83YjU0MzMtMDlmMi00ZmI0LThmMWYt
Mzc5YWJhNjA4NWQ5LzEvRVQzZUZ6bld4Z3dTaFJmaVlHakZ2Tnk3U0tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi83YjU0MzMtMDlmMi00ZmI0LThmMWYtMzc5YWJhNjA4NWQ5
LzEvVEJkZUxVTXB2OFNxMGZsVjJPYnQ5NnBKeXdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9+IMA0G
CSqGSIb3DQEBCwUAA4IBAQAvQkFCm9+lxJ2Ycp6oyt4W88UMptb2aqtEeYp2Q9+c
VV1mZ2saBAP86vMXPIvP25MwIQ4ECye5w8rHoInVYWiZiuHWD9z+hDyzU8aHihWM
nDtMfNyVA5g7oyNVs7coE3pyvMyS5CywWKOvw7Dy3kPkE0RvWTUrRf0LD0caUD8s
zISDS6iVjG4Ib3mmURZGVpmM1ayEvn5rSBQ7FXe2LaflTbNzwjoEY7CcUoZ+J1TF
u0isq7CO7NrAMbv0OXRtiWkFGsKZDfZWTeqDY4SrdBgDfS+BOrPQj4aZ7aBXp3K3
eU4hv0CBnTkC91uAOXQNVKn9V90ehzs4aeR82IbmHc88
-----END CERTIFICATE-----