Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/qJ3z1ihZIOwElkJSoUeKWwqew00.roa
File:                     qJ3z1ihZIOwElkJSoUeKWwqew00.roa (raw, json)
Hash identifier:          oNBQlAijhAtDnA03PxF8fUwBG0UV/qjZqXRIo/Dqekg=
Subject key identifier:   A8:9D:F3:D6:28:59:20:EC:04:96:42:52:A1:47:8A:5B:0A:9E:C3:4D
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019DA2B1E48C8F21D2DCCE757FC0A2369FC6
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/qJ3z1ihZIOwElkJSoUeKWwqew00.roa
Signing time:             Sat 18 Apr 2026 22:24:20 +0000
ROA not before:           Sat 18 Apr 2026 22:24:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        91.186.210.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a2:b1:e4:8c:8f:21:d2:dc:ce:75:7f:c0:a2:36:9f:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr 18 22:24:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a89df3d6285920ec04964252a1478a5b0a9ec34d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:b6:01:fc:5a:5c:34:83:d0:09:19:a3:68:9a:
                    a0:f9:e9:b7:cc:fe:e4:02:20:4b:2f:88:1a:b0:1a:
                    36:73:3c:a1:81:ce:1f:ae:e0:58:e2:e0:f5:ab:76:
                    3a:79:c2:54:73:e0:53:f4:e7:95:4d:fe:6f:11:8f:
                    9b:44:bd:a7:7d:6a:03:bc:d1:89:db:a5:6f:56:7b:
                    1a:c2:99:e3:cb:a5:8a:0b:c4:d6:60:68:58:4d:eb:
                    3e:d1:37:7c:fd:25:65:bd:35:cd:42:96:10:ea:9e:
                    36:55:af:fb:eb:9b:3a:7a:a9:27:c6:2e:40:50:38:
                    56:9c:51:27:21:d0:ec:5a:6e:66:95:74:d9:34:55:
                    bd:ff:3d:2c:1a:04:1a:14:ef:93:19:74:d9:30:e3:
                    7e:fb:08:19:e3:a6:92:b3:84:8f:22:08:5a:9e:86:
                    96:22:02:37:be:23:56:a4:9e:18:32:0e:2d:85:0b:
                    db:91:fa:af:b8:86:e6:e6:d5:0d:e7:42:4b:c7:68:
                    a3:e3:c4:f2:9e:28:5f:c3:0e:f7:e1:ad:5e:17:23:
                    ea:80:ae:c8:89:ce:1b:6e:9d:3b:14:66:e0:ec:6a:
                    59:35:b0:18:d0:09:ab:46:b7:6a:73:86:e5:17:29:
                    3f:11:89:b1:33:dc:a4:9e:65:1c:cd:79:37:48:5c:
                    47:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:9D:F3:D6:28:59:20:EC:04:96:42:52:A1:47:8A:5B:0A:9E:C3:4D
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/qJ3z1ihZIOwElkJSoUeKWwqew00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:1b:0f:d0:ab:45:82:08:66:08:0e:80:e6:30:be:50:a0:5e:
         64:82:a0:7c:a9:c0:f8:6c:28:e7:f4:42:7e:9e:bd:c9:83:2f:
         52:88:41:30:19:b2:81:ca:2f:33:07:d0:07:cf:76:51:da:63:
         7d:83:86:30:9c:78:d3:f3:ac:23:97:6b:a4:c9:da:4b:e3:4b:
         cb:2d:8d:2f:6b:73:44:c8:49:6e:c5:e0:7e:d3:09:3e:1a:66:
         cd:e1:1d:60:b3:49:8f:bf:c1:da:63:12:fc:39:ce:35:b4:2f:
         59:4d:d5:2f:35:c1:77:25:72:ec:8a:ce:48:ac:5a:ab:a1:92:
         8b:51:da:c9:dc:d2:87:90:b4:09:39:5b:9f:45:c8:6d:28:38:
         a7:56:bf:31:b1:a1:87:7a:10:15:3d:fd:b3:13:71:a3:15:cc:
         1a:36:60:74:1b:24:91:82:93:07:57:86:b3:e4:c4:d8:cd:1b:
         28:94:c7:1d:a7:96:51:34:c3:f4:ae:5f:63:65:82:76:ab:d3:
         05:12:8f:b0:34:75:f7:94:e9:86:6c:a8:90:2d:6c:c5:17:8b:
         87:70:6e:80:e8:81:9e:2a:e0:f0:ac:ad:a0:23:e7:d3:89:93:
         03:29:5c:00:68:84:0b:bb:ad:97:db:5c:2e:6a:5f:e5:37:ec:
         ae:14:fe:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2iseSMjyHS3M51f8CiNp/GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDE4MjIyNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODlkZjNkNjI4NTkyMGVjMDQ5NjQyNTJhMTQ3OGE1YjBhOWVjMzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzLYB/FpcNIPQCRmjaJqg+em3zP7k
AiBLL4gasBo2czyhgc4fruBY4uD1q3Y6ecJUc+BT9OeVTf5vEY+bRL2nfWoDvNGJ
26VvVnsawpnjy6WKC8TWYGhYTes+0Td8/SVlvTXNQpYQ6p42Va/765s6eqknxi5A
UDhWnFEnIdDsWm5mlXTZNFW9/z0sGgQaFO+TGXTZMON++wgZ46aSs4SPIghanoaW
IgI3viNWpJ4YMg4thQvbkfqvuIbm5tUN50JLx2ij48Tynihfww734a1eFyPqgK7I
ic4bbp07FGbg7GpZNbAY0AmrRrdqc4blFyk/EYmxM9yknmUczXk3SFxH/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKid89YoWSDsBJZCUqFHilsKnsNNMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvcUozejFpaFpJT3dFbGtKU29VZUtXd3FldzAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW7rSMA0G
CSqGSIb3DQEBCwUAA4IBAQA3Gw/Qq0WCCGYIDoDmML5QoF5kgqB8qcD4bCjn9EJ+
nr3Jgy9SiEEwGbKByi8zB9AHz3ZR2mN9g4YwnHjT86wjl2ukydpL40vLLY0va3NE
yEluxeB+0wk+GmbN4R1gs0mPv8HaYxL8Oc41tC9ZTdUvNcF3JXLsis5IrFqroZKL
UdrJ3NKHkLQJOVufRchtKDinVr8xsaGHehAVPf2zE3GjFcwaNmB0GySRgpMHV4az
5MTYzRsolMcdp5ZRNMP0rl9jZYJ2q9MFEo+wNHX3lOmGbKiQLWzFF4uHcG6A6IGe
KuDwrK2gI+fTiZMDKVwAaIQLu62X21wual/lN+yuFP6A
-----END CERTIFICATE-----