Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/ikf3_u9Wu_UNk6ihdRqAXnsXeWA.roa
File:                     ikf3_u9Wu_UNk6ihdRqAXnsXeWA.roa (raw, json)
Hash identifier:          spXBGwPpS5VGNMfJIEd9bR+FvD0p9WrBQ4QDpFz4ZGo=
Subject key identifier:   8A:47:F7:FE:EF:56:BB:F5:0D:93:A8:A1:75:1A:80:5E:7B:17:79:60
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019E81972628898C886C4700586ADE482F18
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/ikf3_u9Wu_UNk6ihdRqAXnsXeWA.roa
Signing time:             Mon 01 Jun 2026 05:10:27 +0000
ROA not before:           Mon 01 Jun 2026 05:10:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201949
IP address blocks:        91.221.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:81:97:26:28:89:8c:88:6c:47:00:58:6a:de:48:2f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jun  1 05:10:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a47f7feef56bbf50d93a8a1751a805e7b177960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:88:25:9b:fb:45:a2:7c:de:9e:7b:55:29:b7:
                    88:a3:a8:86:cd:69:30:2c:0b:4f:c3:a8:62:c7:05:
                    2a:90:31:fa:5b:c9:84:92:0c:d7:d9:4c:15:25:68:
                    56:31:f4:97:c2:d4:d7:70:d3:ef:a8:4e:1c:0e:81:
                    be:5f:49:d8:39:d3:fa:c7:71:e5:06:a5:56:cd:19:
                    e8:bd:da:48:92:6f:99:15:47:31:b0:9a:1c:8e:c8:
                    a1:21:0c:35:69:3b:e3:b7:ba:96:15:36:c7:6a:3f:
                    7b:d8:9b:3c:b8:25:e7:7f:fd:ed:27:50:aa:9a:62:
                    13:b7:d6:1b:1f:f7:a0:ef:ff:f3:6c:82:a5:d3:a1:
                    68:34:20:c5:f6:da:c4:79:d5:7a:11:60:dc:9d:4a:
                    a8:0c:f5:f6:37:c9:ea:e8:ea:27:0f:f6:9d:25:b5:
                    1d:ff:ea:95:1b:e2:ab:bf:65:4c:73:2a:07:80:2a:
                    f6:35:80:dd:76:c9:19:af:b2:00:49:c4:c1:47:32:
                    29:8e:38:43:4b:44:52:1a:13:3f:b6:37:1a:55:42:
                    68:ec:8e:d1:da:a1:13:5c:b7:7d:39:f6:fb:f3:9d:
                    93:ea:99:e9:1b:5a:a4:26:44:8a:eb:d6:6d:a1:9c:
                    18:6e:09:8c:22:9e:d6:50:1c:42:74:a0:fc:40:20:
                    75:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:47:F7:FE:EF:56:BB:F5:0D:93:A8:A1:75:1A:80:5E:7B:17:79:60
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/ikf3_u9Wu_UNk6ihdRqAXnsXeWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:3b:dd:b3:31:10:4c:19:d2:6b:e3:24:c8:7f:8e:48:4d:ef:
         69:88:c2:3a:0a:cb:78:f6:4a:49:a5:cb:c9:1d:5d:b3:82:5b:
         44:b9:62:c3:04:5d:9b:02:1f:7f:ae:cf:14:3a:b8:91:c7:7b:
         4e:75:e2:3d:f2:0f:b3:f7:2c:48:73:30:15:0f:35:09:c0:b3:
         e4:5d:73:18:41:7b:ff:56:8e:6b:72:7c:de:1c:24:23:14:e9:
         41:fc:36:9e:9e:cb:74:a7:83:cd:cf:8e:b5:11:4b:51:0f:48:
         08:19:da:72:7d:91:6e:16:cc:c3:8c:18:54:8d:0f:6c:7e:10:
         95:5d:98:1a:fa:90:3f:6b:6d:10:b3:38:8b:9e:fe:80:7a:40:
         c9:a1:7b:6f:cd:cb:e4:87:35:9f:55:af:a1:9f:7f:3a:f6:de:
         ee:bf:b4:10:c2:35:d0:20:93:cd:a5:d3:19:8e:7b:f6:bd:8c:
         4d:5d:7c:6e:7a:0f:5c:52:71:03:75:75:39:c5:34:56:1d:d1:
         5a:2f:5f:94:da:1b:de:e4:55:01:47:54:f3:9b:59:ac:d8:8e:
         51:5c:d1:7b:1b:fb:4a:7b:77:ab:5a:7f:2a:be:7d:1c:aa:eb:
         13:bd:e6:ad:5e:e0:82:69:07:42:86:75:ae:00:26:b7:52:e0:
         66:1e:2f:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6BlyYoiYyIbEcAWGreSC8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjYwNjAxMDUxMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQ3ZjdmZWVmNTZiYmY1MGQ5M2E4YTE3NTFhODA1ZTdiMTc3OTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmIglm/tFonzenntVKbeIo6iGzWkw
LAtPw6hixwUqkDH6W8mEkgzX2UwVJWhWMfSXwtTXcNPvqE4cDoG+X0nYOdP6x3Hl
BqVWzRnovdpIkm+ZFUcxsJocjsihIQw1aTvjt7qWFTbHaj972Js8uCXnf/3tJ1Cq
mmITt9YbH/eg7//zbIKl06FoNCDF9trEedV6EWDcnUqoDPX2N8nq6OonD/adJbUd
/+qVG+Krv2VMcyoHgCr2NYDddskZr7IAScTBRzIpjjhDS0RSGhM/tjcaVUJo7I7R
2qETXLd9Ofb7852T6pnpG1qkJkSK69ZtoZwYbgmMIp7WUBxCdKD8QCB1uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpH9/7vVrv1DZOooXUagF57F3lgMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvaWtmM191OVd1X1VOazZpaGRScUFYbnNYZVdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW910MA0G
CSqGSIb3DQEBCwUAA4IBAQBvO92zMRBMGdJr4yTIf45ITe9piMI6Cst49kpJpcvJ
HV2zgltEuWLDBF2bAh9/rs8UOriRx3tOdeI98g+z9yxIczAVDzUJwLPkXXMYQXv/
Vo5rcnzeHCQjFOlB/Daenst0p4PNz461EUtRD0gIGdpyfZFuFszDjBhUjQ9sfhCV
XZga+pA/a20QsziLnv6AekDJoXtvzcvkhzWfVa+hn3869t7uv7QQwjXQIJPNpdMZ
jnv2vYxNXXxueg9cUnEDdXU5xTRWHdFaL1+U2hve5FUBR1Tzm1ms2I5RXNF7G/tK
e3erWn8qvn0cqusTveatXuCCaQdChnWuACa3UuBmHi/W
-----END CERTIFICATE-----