Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/qNWONomvIPPaw1vxRbdPf7PE9Uc.roa
File:                     qNWONomvIPPaw1vxRbdPf7PE9Uc.roa (raw, json)
Hash identifier:          t+YKiZGgYPsEg6VbvrRY3eQ8DDKCYaJgu+YJ080oVJQ=
Subject key identifier:   A8:D5:8E:36:89:AF:20:F3:DA:C3:5B:F1:45:B7:4F:7F:B3:C4:F5:47
Certificate issuer:       /CN=9c1394768c9a39a6112674d7375972a6696b4680
Certificate serial:       019DBEF566E07AB2D08AF1662F248F36D64B
Authority key identifier: 9C:13:94:76:8C:9A:39:A6:11:26:74:D7:37:59:72:A6:69:6B:46:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nBOUdoyaOaYRJnTXN1lypmlrRoA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/qNWONomvIPPaw1vxRbdPf7PE9Uc.roa
Signing time:             Fri 24 Apr 2026 10:07:26 +0000
ROA not before:           Fri 24 Apr 2026 10:07:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9115
IP address blocks:        91.136.0.0/17 maxlen: 24
                          2a01:7f60::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/nBOUdoyaOaYRJnTXN1lypmlrRoA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/nBOUdoyaOaYRJnTXN1lypmlrRoA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nBOUdoyaOaYRJnTXN1lypmlrRoA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 May 2026 13:02:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:be:f5:66:e0:7a:b2:d0:8a:f1:66:2f:24:8f:36:d6:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c1394768c9a39a6112674d7375972a6696b4680
        Validity
            Not Before: Apr 24 10:07:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8d58e3689af20f3dac35bf145b74f7fb3c4f547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:cc:0b:1b:1d:5e:db:68:a6:15:39:ff:fa:de:
                    2a:e2:e3:b9:da:a6:2d:b5:9b:90:1b:08:61:b5:69:
                    88:c1:a1:05:cb:b5:07:73:f9:32:ed:12:cb:c7:19:
                    7a:1a:bf:fc:f2:f7:38:18:80:39:d7:26:f7:9d:14:
                    fd:da:27:d6:b3:f2:3f:ed:c1:28:85:cc:5d:4f:a5:
                    83:d0:bc:86:3a:80:0d:b8:ce:5d:b8:89:a4:29:55:
                    f3:d0:92:57:f0:ff:20:39:6b:65:6a:82:47:6f:a7:
                    ec:07:e1:c7:26:67:48:71:ac:a0:6d:4a:bf:20:e7:
                    b2:cc:1b:9d:b9:ed:de:4a:bc:06:b5:52:9b:24:81:
                    36:b5:b7:5d:28:e6:49:0b:6d:f7:85:29:0c:6b:10:
                    d2:92:36:21:3c:c9:a9:37:3d:14:9c:fd:3d:0d:95:
                    98:2f:c9:9e:e2:f7:32:7f:3e:7e:32:31:ca:96:6b:
                    36:67:9c:73:dc:34:a2:77:e2:d1:f9:0a:d4:a1:cf:
                    17:d7:a2:d4:da:aa:d0:2a:ec:f3:f4:7e:dc:84:ce:
                    a8:ee:f2:f4:0a:ae:8c:d9:e5:34:4e:19:ed:f9:ee:
                    14:59:d6:00:11:6f:3e:94:dc:d3:01:ce:5c:42:a4:
                    30:6f:f3:de:eb:f3:41:69:aa:58:2a:0d:10:66:56:
                    71:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:D5:8E:36:89:AF:20:F3:DA:C3:5B:F1:45:B7:4F:7F:B3:C4:F5:47
            X509v3 Authority Key Identifier:
                keyid:9C:13:94:76:8C:9A:39:A6:11:26:74:D7:37:59:72:A6:69:6B:46:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nBOUdoyaOaYRJnTXN1lypmlrRoA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/qNWONomvIPPaw1vxRbdPf7PE9Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/3e7210-0528-4456-b68e-a713a1915c90/1/nBOUdoyaOaYRJnTXN1lypmlrRoA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.136.0.0/17
                IPv6:
                  2a01:7f60::/32

    Signature Algorithm: sha256WithRSAEncryption
         4b:65:aa:60:fb:f9:44:bf:52:0b:dd:f9:81:91:6f:bd:05:dd:
         2c:4b:9a:33:b7:35:c2:a8:07:f9:78:22:54:70:77:df:05:1a:
         9e:7e:a7:00:cd:37:1a:2c:a5:52:43:a0:11:2b:9d:41:6c:91:
         fb:f7:0f:4b:73:a3:00:a8:92:56:cc:2e:c4:18:29:b1:08:05:
         5d:d3:01:cb:8a:5e:2e:1d:70:06:5b:76:5c:b8:1d:cc:4f:6d:
         8e:53:95:08:65:0b:5d:fa:30:03:8d:dd:84:d5:33:e8:28:49:
         93:84:99:be:19:35:ad:ff:f4:f6:cb:a6:75:9e:a6:90:aa:cb:
         a0:cc:da:d9:60:47:f1:80:fd:20:a4:af:5f:d5:79:c4:2b:42:
         cd:bc:8b:b9:52:03:c3:e2:f1:e3:03:cb:d7:d3:66:4d:ae:8c:
         18:9d:23:5e:43:b2:94:f0:68:c3:72:c1:17:d6:81:aa:32:ed:
         61:80:d0:30:d8:64:9e:44:90:8c:03:90:89:e0:6d:ac:7e:34:
         78:68:1e:dd:a6:b8:0e:31:dd:7e:25:31:91:d5:67:25:9e:94:
         6c:3a:ca:d7:45:35:ab:fe:c1:ab:1f:a3:81:eb:b3:33:cd:94:
         fb:05:f2:92:a0:e7:1b:25:11:71:a4:23:fd:05:d1:a5:ff:7c:
         58:ba:23:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ2+9WbgerLQivFmLySPNtZLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljMTM5NDc2OGM5YTM5YTYxMTI2NzRkNzM3NTk3MmE2Njk2
YjQ2ODAwHhcNMjYwNDI0MTAwNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGQ1OGUzNjg5YWYyMGYzZGFjMzViZjE0NWI3NGY3ZmIzYzRmNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6MwLGx1e22imFTn/+t4q4uO52qYt
tZuQGwhhtWmIwaEFy7UHc/ky7RLLxxl6Gr/88vc4GIA51yb3nRT92ifWs/I/7cEo
hcxdT6WD0LyGOoANuM5duImkKVXz0JJX8P8gOWtlaoJHb6fsB+HHJmdIcaygbUq/
IOeyzBudue3eSrwGtVKbJIE2tbddKOZJC233hSkMaxDSkjYhPMmpNz0UnP09DZWY
L8me4vcyfz5+MjHKlms2Z5xz3DSid+LR+QrUoc8X16LU2qrQKuzz9H7chM6o7vL0
Cq6M2eU0Thnt+e4UWdYAEW8+lNzTAc5cQqQwb/Pe6/NBaapYKg0QZlZxNwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKjVjjaJryDz2sNb8UW3T3+zxPVHMB8GA1UdIwQY
MBaAFJwTlHaMmjmmESZ01zdZcqZpa0aAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkJPVWRveWFPYVlSSm5UWE4xbHlwbWxyUm9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy8zZTcyMTAtMDUyOC00NDU2LWI2OGUt
YTcxM2ExOTE1YzkwLzEvcU5XT05vbXZJUFBhdzF2eFJiZFBmN1BFOVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy8zZTcyMTAtMDUyOC00NDU2LWI2OGUtYTcxM2ExOTE1Yzkw
LzEvbkJPVWRveWFPYVlSSm5UWE4xbHlwbWxyUm9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQHW4gAMA0E
AgACMAcDBQAqAX9gMA0GCSqGSIb3DQEBCwUAA4IBAQBLZapg+/lEv1IL3fmBkW+9
Bd0sS5oztzXCqAf5eCJUcHffBRqefqcAzTcaLKVSQ6ARK51BbJH79w9Lc6MAqJJW
zC7EGCmxCAVd0wHLil4uHXAGW3ZcuB3MT22OU5UIZQtd+jADjd2E1TPoKEmThJm+
GTWt//T2y6Z1nqaQqsugzNrZYEfxgP0gpK9f1XnEK0LNvIu5UgPD4vHjA8vX02ZN
rowYnSNeQ7KU8GjDcsEX1oGqMu1hgNAw2GSeRJCMA5CJ4G2sfjR4aB7dprgOMd1+
JTGR1WclnpRsOsrXRTWr/sGrH6OB67MzzZT7BfKSoOcbJRFxpCP9BdGl/3xYuiNT
-----END CERTIFICATE-----