Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/02b7d6-269b-4bb2-b455-391768573496/1/wH96db_-C9VUfQdNn4b1PYGCqCI.roa
File:                     wH96db_-C9VUfQdNn4b1PYGCqCI.roa (raw, json)
Hash identifier:          2589EowJoi7EXD9EuyqYUkU7v9gg7wZoU3Av2wN5lyk=
Subject key identifier:   C0:7F:7A:75:BF:FE:0B:D5:54:7D:07:4D:9F:86:F5:3D:81:82:A8:22
Certificate issuer:       /CN=4e34ba6e3e2694c7b38e4651afee061b0b21deae
Certificate serial:       019ECCA65657401546EB96B8C59782D63930
Authority key identifier: 4E:34:BA:6E:3E:26:94:C7:B3:8E:46:51:AF:EE:06:1B:0B:21:DE:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TjS6bj4mlMezjkZRr-4GGwsh3q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/02b7d6-269b-4bb2-b455-391768573496/1/wH96db_-C9VUfQdNn4b1PYGCqCI.roa
Signing time:             Mon 15 Jun 2026 18:58:33 +0000
ROA not before:           Mon 15 Jun 2026 18:58:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213513
IP address blocks:        91.198.40.0/24 maxlen: 24
                          2a13:5700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/02b7d6-269b-4bb2-b455-391768573496/1/TjS6bj4mlMezjkZRr-4GGwsh3q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/02b7d6-269b-4bb2-b455-391768573496/1/TjS6bj4mlMezjkZRr-4GGwsh3q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TjS6bj4mlMezjkZRr-4GGwsh3q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 06:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cc:a6:56:57:40:15:46:eb:96:b8:c5:97:82:d6:39:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e34ba6e3e2694c7b38e4651afee061b0b21deae
        Validity
            Not Before: Jun 15 18:58:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c07f7a75bffe0bd5547d074d9f86f53d8182a822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:15:5e:09:3a:21:80:5e:21:0a:90:c7:fa:b3:
                    a6:d6:ca:16:1b:46:e8:94:47:23:af:1e:fc:52:57:
                    65:0e:0d:82:df:c6:38:74:b2:4b:74:f9:e2:54:37:
                    2f:0e:44:09:42:5f:4b:8d:ed:59:ac:a9:45:80:d0:
                    57:95:e4:72:f1:ef:ec:fa:f7:c6:aa:c3:d6:fd:85:
                    5d:aa:59:6e:7a:df:71:a2:76:ba:4f:db:11:c9:fd:
                    b8:12:4f:c7:0a:bc:fd:c8:3b:67:ff:a6:bc:a2:92:
                    b5:05:0f:d0:a6:88:41:83:7e:00:a5:ab:2c:b6:a9:
                    24:e1:31:fd:f8:f4:34:1f:cf:1c:1a:8d:dc:7c:c9:
                    60:65:fa:4f:4c:80:16:f5:7f:84:c2:22:6d:2f:63:
                    17:04:f0:37:cf:f0:66:0a:19:0b:37:2d:f2:d8:92:
                    41:88:0f:ee:a9:e4:56:d4:8b:36:23:88:67:7c:9e:
                    9a:3f:57:6e:ed:31:56:5e:47:f1:25:86:d9:4e:76:
                    dc:99:aa:74:4a:e3:e9:5b:e5:cf:28:e2:90:87:b3:
                    86:35:8f:07:9e:1b:df:a3:92:4e:71:c8:a6:c9:0c:
                    90:62:db:35:8c:f1:2a:2c:8a:59:35:3b:3b:2d:5b:
                    03:8f:8f:14:43:d3:25:96:1f:70:d8:a2:c1:6a:f4:
                    a1:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:7F:7A:75:BF:FE:0B:D5:54:7D:07:4D:9F:86:F5:3D:81:82:A8:22
            X509v3 Authority Key Identifier:
                keyid:4E:34:BA:6E:3E:26:94:C7:B3:8E:46:51:AF:EE:06:1B:0B:21:DE:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TjS6bj4mlMezjkZRr-4GGwsh3q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/02b7d6-269b-4bb2-b455-391768573496/1/wH96db_-C9VUfQdNn4b1PYGCqCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/02b7d6-269b-4bb2-b455-391768573496/1/TjS6bj4mlMezjkZRr-4GGwsh3q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.40.0/24
                IPv6:
                  2a13:5700::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:bf:53:c8:15:ff:84:f0:ac:43:d6:2a:8a:d0:bd:d5:0a:34:
         27:ef:07:85:f7:98:33:58:6e:a0:52:83:0f:7e:59:50:82:ec:
         55:7a:8d:21:c0:84:58:96:45:76:5b:6b:9f:7d:7f:3d:6b:76:
         a9:ef:ae:66:b5:47:55:a7:9f:ce:26:09:5b:21:d8:04:c1:18:
         eb:f3:31:e8:d4:d5:36:1a:db:6a:f4:2a:ee:91:4a:45:a5:c0:
         76:a2:56:85:2c:6e:54:54:63:42:fe:5e:24:f3:f7:6e:37:21:
         94:d7:21:cd:d2:7e:4d:2a:28:62:af:b8:7a:2f:73:be:2b:f7:
         48:31:24:42:e8:b5:83:69:77:3b:d7:14:6f:8c:60:8f:b6:5c:
         ec:fc:81:c7:7c:be:5f:6a:09:8a:19:fb:b2:58:89:d7:0d:a3:
         20:6e:d0:3f:d7:d9:57:7d:1f:8f:b3:90:9b:39:e4:09:5e:ca:
         26:ef:cd:68:a2:c9:3f:07:1f:24:92:be:a6:33:99:ba:85:b1:
         72:c8:ef:a9:29:e9:2c:35:b9:2a:bf:ba:90:6a:93:52:fc:0b:
         40:3d:11:5f:99:4a:fb:93:6f:0f:0c:60:f9:e3:34:e9:46:a4:
         ee:49:e2:46:dc:51:d5:49:45:0c:b5:42:57:c1:c3:81:c7:d8:
         ed:ee:b2:c3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ7MplZXQBVG65a4xZeC1jkwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMzRiYTZlM2UyNjk0YzdiMzhlNDY1MWFmZWUwNjFiMGIy
MWRlYWUwHhcNMjYwNjE1MTg1ODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDdmN2E3NWJmZmUwYmQ1NTQ3ZDA3NGQ5Zjg2ZjUzZDgxODJhODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArhVeCTohgF4hCpDH+rOm1soWG0bo
lEcjrx78UldlDg2C38Y4dLJLdPniVDcvDkQJQl9Lje1ZrKlFgNBXleRy8e/s+vfG
qsPW/YVdqlluet9xona6T9sRyf24Ek/HCrz9yDtn/6a8opK1BQ/QpohBg34Apass
tqkk4TH9+PQ0H88cGo3cfMlgZfpPTIAW9X+EwiJtL2MXBPA3z/BmChkLNy3y2JJB
iA/uqeRW1Is2I4hnfJ6aP1du7TFWXkfxJYbZTnbcmap0SuPpW+XPKOKQh7OGNY8H
nhvfo5JOccimyQyQYts1jPEqLIpZNTs7LVsDj48UQ9Mllh9w2KLBavShPwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMB/enW//gvVVH0HTZ+G9T2BgqgiMB8GA1UdIwQY
MBaAFE40um4+JpTHs45GUa/uBhsLId6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGpTNmJqNG1sTWV6amtaUnItNEdHd3NoM3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8wMmI3ZDYtMjY5Yi00YmIyLWI0NTUt
MzkxNzY4NTczNDk2LzEvd0g5NmRiXy1DOVZVZlFkTm40YjFQWUdDcUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8wMmI3ZDYtMjY5Yi00YmIyLWI0NTUtMzkxNzY4NTczNDk2
LzEvVGpTNmJqNG1sTWV6amtaUnItNEdHd3NoM3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW8YoMA0E
AgACMAcDBQMqE1cAMA0GCSqGSIb3DQEBCwUAA4IBAQAMv1PIFf+E8KxD1iqK0L3V
CjQn7weF95gzWG6gUoMPfllQguxVeo0hwIRYlkV2W2uffX89a3ap765mtUdVp5/O
JglbIdgEwRjr8zHo1NU2Gttq9CrukUpFpcB2olaFLG5UVGNC/l4k8/duNyGU1yHN
0n5NKihir7h6L3O+K/dIMSRC6LWDaXc71xRvjGCPtlzs/IHHfL5fagmKGfuyWInX
DaMgbtA/19lXfR+Ps5CbOeQJXsom781oosk/Bx8kkr6mM5m6hbFyyO+pKeksNbkq
v7qQapNS/AtAPRFfmUr7k28PDGD54zTpRqTuSeJG3FHVSUUMtUJXwcOBx9jt7rLD
-----END CERTIFICATE-----