Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/ODfm3Yxukkk8Zy5VhsFGvCnVz3Q.roa
File:                     ODfm3Yxukkk8Zy5VhsFGvCnVz3Q.roa (raw, json)
Hash identifier:          rPqaG7a4NES3BlfPeVXwXTW0FGFWtg1TVkdyJef/wvg=
Subject key identifier:   38:37:E6:DD:8C:6E:92:49:3C:67:2E:55:86:C1:46:BC:29:D5:CF:74
Certificate issuer:       /CN=59a9cb4e8066c4b7df04b4fd0d712016b5586051
Certificate serial:       019DFD6C145C18F5CB6176DE5E87E7FBEA24
Authority key identifier: 59:A9:CB:4E:80:66:C4:B7:DF:04:B4:FD:0D:71:20:16:B5:58:60:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WanLToBmxLffBLT9DXEgFrVYYFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/ODfm3Yxukkk8Zy5VhsFGvCnVz3Q.roa
Signing time:             Wed 06 May 2026 13:13:31 +0000
ROA not before:           Wed 06 May 2026 13:13:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49303
IP address blocks:        91.212.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/WanLToBmxLffBLT9DXEgFrVYYFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/WanLToBmxLffBLT9DXEgFrVYYFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WanLToBmxLffBLT9DXEgFrVYYFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:6c:14:5c:18:f5:cb:61:76:de:5e:87:e7:fb:ea:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59a9cb4e8066c4b7df04b4fd0d712016b5586051
        Validity
            Not Before: May  6 13:13:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3837e6dd8c6e92493c672e5586c146bc29d5cf74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:dd:b7:e8:e9:04:f5:83:ba:18:c0:cb:10:17:
                    72:df:c1:16:d0:34:3e:d0:d4:b9:72:3d:81:f2:ac:
                    8e:1d:a2:5f:da:fc:da:33:aa:dc:99:95:4e:60:c1:
                    fb:30:f1:d6:86:e1:10:4a:bc:88:50:b5:58:1f:8a:
                    9e:d0:ee:8f:8f:2a:df:92:23:22:7c:df:9d:f5:e5:
                    5b:a8:dc:2e:7c:03:95:e2:eb:05:4e:61:42:ad:35:
                    d5:67:05:21:ca:69:99:83:e3:08:51:54:42:0c:62:
                    7c:65:66:81:27:15:db:58:77:c0:fe:7e:7a:cd:22:
                    3d:eb:99:33:3c:44:51:08:c5:27:09:b8:2b:48:0a:
                    bb:23:81:fe:f1:a3:a2:1d:e9:1b:3e:25:61:b3:19:
                    88:da:6e:9e:19:9f:e3:00:a2:12:82:7a:99:94:56:
                    32:22:43:5c:64:ee:20:4f:5a:48:50:7a:e7:0d:06:
                    25:dc:58:c9:09:59:4f:66:b5:0b:52:c4:fa:0f:d1:
                    ca:a9:55:3f:ec:01:fe:54:20:bf:c5:0b:20:d8:89:
                    da:19:82:98:77:fb:8d:43:a6:ce:36:8e:dd:e8:bd:
                    8c:8a:9f:c1:65:47:be:ba:5c:bc:f8:7a:3b:3c:a6:
                    7b:38:73:de:97:2d:1a:38:47:ae:35:b4:52:01:5c:
                    c3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:37:E6:DD:8C:6E:92:49:3C:67:2E:55:86:C1:46:BC:29:D5:CF:74
            X509v3 Authority Key Identifier:
                keyid:59:A9:CB:4E:80:66:C4:B7:DF:04:B4:FD:0D:71:20:16:B5:58:60:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WanLToBmxLffBLT9DXEgFrVYYFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/ODfm3Yxukkk8Zy5VhsFGvCnVz3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/854e31-7faf-40fc-b2aa-7e52c37052bf/1/WanLToBmxLffBLT9DXEgFrVYYFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:58:6f:30:4a:f6:43:3c:5c:b6:f4:e0:06:93:7e:48:ba:01:
         dd:4e:36:e8:e5:79:c6:f7:22:af:31:16:c8:d0:a7:9b:f9:0d:
         40:24:b5:b9:c2:b6:ee:e8:c1:71:f7:90:12:c0:a5:b2:dc:aa:
         9a:16:b3:c0:79:71:4a:e5:7a:33:e7:43:86:30:65:cd:0c:23:
         e0:56:80:dd:32:fa:fa:be:bc:fd:5d:1b:e6:f3:b9:f8:2e:91:
         8c:cb:34:c7:2e:de:41:93:08:f9:27:a9:b0:a2:3b:e3:2f:8c:
         83:7b:e7:5c:68:5b:81:46:f5:a7:d5:35:52:0e:78:1a:a5:d9:
         04:fe:27:8c:b6:50:9f:39:8a:c4:50:75:43:9a:22:8f:14:9c:
         77:2a:86:ac:a7:24:ba:53:1d:eb:61:80:90:c9:52:9c:45:6a:
         15:79:01:61:9a:7b:3a:4c:a5:6a:3d:3c:92:46:19:a1:d2:47:
         e4:45:b1:e3:07:cb:fe:dc:a5:eb:ad:c9:e0:1f:84:bc:1a:bf:
         a8:db:f6:c7:fa:87:d4:94:ee:7e:81:c1:c5:87:61:ed:87:e2:
         61:bf:b7:75:ea:4d:60:5c:72:57:09:33:5a:93:9a:41:9e:b4:
         91:3c:40:06:04:67:63:82:ea:1c:5a:4c:fa:21:61:b6:b6:96:
         4e:89:88:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39bBRcGPXLYXbeXofn++okMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5YTljYjRlODA2NmM0YjdkZjA0YjRmZDBkNzEyMDE2YjU1
ODYwNTEwHhcNMjYwNTA2MTMxMzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM3ZTZkZDhjNmU5MjQ5M2M2NzJlNTU4NmMxNDZiYzI5ZDVjZjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN236OkE9YO6GMDLEBdy38EW0DQ+
0NS5cj2B8qyOHaJf2vzaM6rcmZVOYMH7MPHWhuEQSryIULVYH4qe0O6PjyrfkiMi
fN+d9eVbqNwufAOV4usFTmFCrTXVZwUhymmZg+MIUVRCDGJ8ZWaBJxXbWHfA/n56
zSI965kzPERRCMUnCbgrSAq7I4H+8aOiHekbPiVhsxmI2m6eGZ/jAKISgnqZlFYy
IkNcZO4gT1pIUHrnDQYl3FjJCVlPZrULUsT6D9HKqVU/7AH+VCC/xQsg2InaGYKY
d/uNQ6bONo7d6L2Mip/BZUe+uly8+Ho7PKZ7OHPely0aOEeuNbRSAVzDawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDg35t2MbpJJPGcuVYbBRrwp1c90MB8GA1UdIwQY
MBaAFFmpy06AZsS33wS0/Q1xIBa1WGBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV2FuTFRvQm14TGZmQkxUOURYRWdGclZZWUZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS84NTRlMzEtN2ZhZi00MGZjLWIyYWEt
N2U1MmMzNzA1MmJmLzEvT0RmbTNZeHVra2s4Wnk1VmhzRkd2Q25WejNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS84NTRlMzEtN2ZhZi00MGZjLWIyYWEtN2U1MmMzNzA1MmJm
LzEvV2FuTFRvQm14TGZmQkxUOURYRWdGclZZWUZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9S8MA0G
CSqGSIb3DQEBCwUAA4IBAQC1WG8wSvZDPFy29OAGk35IugHdTjbo5XnG9yKvMRbI
0Keb+Q1AJLW5wrbu6MFx95ASwKWy3KqaFrPAeXFK5Xoz50OGMGXNDCPgVoDdMvr6
vrz9XRvm87n4LpGMyzTHLt5Bkwj5J6mwojvjL4yDe+dcaFuBRvWn1TVSDngapdkE
/ieMtlCfOYrEUHVDmiKPFJx3KoaspyS6Ux3rYYCQyVKcRWoVeQFhmns6TKVqPTyS
Rhmh0kfkRbHjB8v+3KXrrcngH4S8Gr+o2/bH+ofUlO5+gcHFh2Hth+Jhv7d16k1g
XHJXCTNak5pBnrSRPEAGBGdjguocWkz6IWG2tpZOiYgl
-----END CERTIFICATE-----