Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/MDqkmVq0wqQhfctEVt435BlVKwE.roa
File:                     MDqkmVq0wqQhfctEVt435BlVKwE.roa (raw, json)
Hash identifier:          UBeCi32yoKfsLWvPk9g+GRflHLIlJW/EWzv3Gosv9dk=
Subject key identifier:   30:3A:A4:99:5A:B4:C2:A4:21:7D:CB:44:56:DE:37:E4:19:55:2B:01
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019CC23BD60B38551F20D28EF481612D99F5
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/MDqkmVq0wqQhfctEVt435BlVKwE.roa
Signing time:             Fri 06 Mar 2026 08:20:27 +0000
ROA not before:           Fri 06 Mar 2026 08:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        91.221.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c2:3b:d6:0b:38:55:1f:20:d2:8e:f4:81:61:2d:99:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Mar  6 08:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=303aa4995ab4c2a4217dcb4456de37e419552b01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:c3:4b:29:fd:ac:ee:b9:b3:99:5a:ae:a5:89:
                    ff:46:aa:a7:f5:30:1b:35:eb:1a:de:60:bf:59:4b:
                    0b:65:7d:ac:59:05:fd:e1:f3:42:c7:ea:b2:f0:4c:
                    f9:ca:56:e9:0f:2f:c9:4f:ab:da:22:29:e5:f1:68:
                    16:c5:5c:7f:8a:e4:05:ae:9e:6d:c0:9a:4d:b8:60:
                    26:1f:1a:8d:d1:b8:2d:91:12:c9:fa:dd:8d:3a:16:
                    85:88:60:9c:fa:22:ee:11:0a:00:2e:d7:e9:db:7a:
                    58:3b:c1:e5:f1:c1:b8:c9:3b:f2:9b:cf:d2:83:ad:
                    44:6f:a6:dc:a5:30:b1:58:b2:e2:e9:75:9e:db:ce:
                    bf:d3:de:ab:e3:26:22:d7:10:54:1d:33:cb:5f:6f:
                    b4:0b:33:fd:0b:3f:6f:ae:c4:2c:00:b8:f6:14:f9:
                    7c:29:b0:b8:57:71:9e:57:33:85:4f:7b:ff:07:25:
                    90:9f:57:c6:3c:66:a9:ce:e5:14:25:a2:5d:77:8f:
                    56:71:7a:0f:6f:c9:4d:5a:05:ab:f8:3a:d8:b0:8d:
                    11:05:da:d2:39:55:a6:63:bf:15:bf:d9:18:fe:47:
                    d3:df:ac:ca:32:62:9a:11:85:25:7a:a9:78:b0:4b:
                    bf:c5:95:d0:d5:40:70:3e:b8:4c:2d:9d:9f:12:71:
                    f5:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:3A:A4:99:5A:B4:C2:A4:21:7D:CB:44:56:DE:37:E4:19:55:2B:01
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/MDqkmVq0wqQhfctEVt435BlVKwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:22:ec:b1:fe:4d:67:f8:d8:be:d1:f4:9e:11:5d:f4:f1:1f:
         a1:60:ea:54:99:8b:cf:62:99:63:b3:8c:fa:ba:b0:22:06:86:
         ed:00:68:ef:68:f8:e3:cc:2a:4c:15:be:49:55:a9:3e:2b:4c:
         c6:4b:b8:c0:75:c6:d7:23:1c:43:ee:6e:81:59:a5:86:88:b2:
         9c:65:fa:35:f8:9e:64:90:87:34:a0:14:7f:41:2c:06:97:bc:
         18:7f:33:9e:b1:4c:20:88:78:58:5a:89:ff:17:52:a8:67:c5:
         c7:dd:2b:ba:41:96:2f:50:36:3a:ce:0c:55:00:4e:8d:69:65:
         85:00:db:90:99:61:90:14:e0:67:06:3f:70:ea:f5:67:12:00:
         57:63:37:a7:7f:64:39:3c:3c:9c:a6:3a:c2:ed:a5:d5:62:3c:
         45:ed:6f:6c:dd:e1:2d:49:15:5e:8d:a6:ef:95:68:8b:9f:80:
         39:19:11:fb:e7:ea:70:c9:5b:26:67:7c:72:3b:66:5d:f4:7c:
         4d:bb:8d:b1:42:00:7b:7b:30:f7:2f:9f:d2:fe:6e:01:8f:2a:
         f6:48:c9:9d:33:15:75:48:b7:4b:e0:f7:22:ad:da:5d:17:58:
         b0:fc:06:e8:85:53:94:0c:74:7c:ce:de:8b:b5:f0:cb:8b:a8:
         c9:5d:f1:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzCO9YLOFUfINKO9IFhLZn1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjYwMzA2MDgyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDNhYTQ5OTVhYjRjMmE0MjE3ZGNiNDQ1NmRlMzdlNDE5NTUyYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmsNLKf2s7rmzmVqupYn/Rqqn9TAb
Nesa3mC/WUsLZX2sWQX94fNCx+qy8Ez5ylbpDy/JT6vaIinl8WgWxVx/iuQFrp5t
wJpNuGAmHxqN0bgtkRLJ+t2NOhaFiGCc+iLuEQoALtfp23pYO8Hl8cG4yTvym8/S
g61Eb6bcpTCxWLLi6XWe286/096r4yYi1xBUHTPLX2+0CzP9Cz9vrsQsALj2FPl8
KbC4V3GeVzOFT3v/ByWQn1fGPGapzuUUJaJdd49WcXoPb8lNWgWr+DrYsI0RBdrS
OVWmY78Vv9kY/kfT36zKMmKaEYUleql4sEu/xZXQ1UBwPrhMLZ2fEnH10wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDA6pJlatMKkIX3LRFbeN+QZVSsBMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvTURxa21WcTB3cVFoZmN0RVZ0NDM1QmxWS3dFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW910MA0G
CSqGSIb3DQEBCwUAA4IBAQA8Iuyx/k1n+Ni+0fSeEV308R+hYOpUmYvPYpljs4z6
urAiBobtAGjvaPjjzCpMFb5JVak+K0zGS7jAdcbXIxxD7m6BWaWGiLKcZfo1+J5k
kIc0oBR/QSwGl7wYfzOesUwgiHhYWon/F1KoZ8XH3Su6QZYvUDY6zgxVAE6NaWWF
ANuQmWGQFOBnBj9w6vVnEgBXYzenf2Q5PDycpjrC7aXVYjxF7W9s3eEtSRVejabv
lWiLn4A5GRH75+pwyVsmZ3xyO2Zd9HxNu42xQgB7ezD3L5/S/m4Bjyr2SMmdMxV1
SLdL4PcirdpdF1iw/AbohVOUDHR8zt6LtfDLi6jJXfGH
-----END CERTIFICATE-----