Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/140d04-cafb-46e3-8cfa-b05cde93d8e5/1/V7cyqG-pYyAMULVUem9DUD4mh5Y.roa
File:                     V7cyqG-pYyAMULVUem9DUD4mh5Y.roa (raw, json)
Hash identifier:          NfpPyZF7G0X8PIMTTllt/U0ECaL4KgW7SFDL7u8msig=
Subject key identifier:   57:B7:32:A8:6F:A9:63:20:0C:50:B5:54:7A:6F:43:50:3E:26:87:96
Certificate issuer:       /CN=144cf71a64057f8692906dbd99e9f684407d6e80
Certificate serial:       019CDCE881151BFF1C43890A2B70FBA6B1B0
Authority key identifier: 14:4C:F7:1A:64:05:7F:86:92:90:6D:BD:99:E9:F6:84:40:7D:6E:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FEz3GmQFf4aSkG29men2hEB9boA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/140d04-cafb-46e3-8cfa-b05cde93d8e5/1/V7cyqG-pYyAMULVUem9DUD4mh5Y.roa
Signing time:             Wed 11 Mar 2026 12:39:10 +0000
ROA not before:           Wed 11 Mar 2026 12:39:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29119
IP address blocks:        91.217.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/140d04-cafb-46e3-8cfa-b05cde93d8e5/1/FEz3GmQFf4aSkG29men2hEB9boA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/140d04-cafb-46e3-8cfa-b05cde93d8e5/1/FEz3GmQFf4aSkG29men2hEB9boA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FEz3GmQFf4aSkG29men2hEB9boA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 21:05:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:e8:81:15:1b:ff:1c:43:89:0a:2b:70:fb:a6:b1:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=144cf71a64057f8692906dbd99e9f684407d6e80
        Validity
            Not Before: Mar 11 12:39:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=57b732a86fa963200c50b5547a6f43503e268796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:57:b8:47:77:10:15:16:ef:02:98:8a:33:14:
                    21:ea:81:f0:68:73:d0:26:31:f2:24:1f:1e:ab:46:
                    66:3a:dc:8a:1e:79:e8:78:0d:fd:8b:84:b6:eb:d8:
                    14:4f:d7:07:2a:f4:2e:1b:b9:e8:07:89:8a:dc:df:
                    f5:18:22:b4:31:a7:be:1f:55:ad:df:e8:f9:8c:4b:
                    d9:dc:68:04:66:ba:b4:2b:9b:f4:2c:da:ff:56:c0:
                    8d:ab:23:0c:ba:c9:6e:37:5d:fe:bb:60:af:2c:6a:
                    0a:70:87:69:b2:07:c2:eb:b7:ce:bc:f9:ac:49:b9:
                    c3:0d:04:b8:72:8d:4e:84:8a:65:18:4c:68:76:78:
                    48:df:c4:e6:cd:84:5b:a1:29:72:29:8b:e6:53:c2:
                    5f:51:cc:9f:be:b4:94:99:fc:fa:47:a8:e6:78:20:
                    b5:6c:95:8c:c0:cf:24:8a:5b:20:2a:a9:d4:01:9b:
                    49:12:6a:3b:0b:c2:9e:65:f8:6f:fb:02:3f:b4:67:
                    48:c5:ff:69:bf:27:4f:cc:98:31:60:49:c0:ec:f8:
                    09:85:07:6b:53:30:92:b0:4a:49:ef:f1:05:ae:89:
                    cd:dc:79:b3:03:92:4e:79:44:cc:b8:9a:d4:a2:48:
                    99:10:b5:13:ca:3c:55:3a:72:2a:e5:b8:53:9d:c5:
                    ff:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:B7:32:A8:6F:A9:63:20:0C:50:B5:54:7A:6F:43:50:3E:26:87:96
            X509v3 Authority Key Identifier:
                keyid:14:4C:F7:1A:64:05:7F:86:92:90:6D:BD:99:E9:F6:84:40:7D:6E:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FEz3GmQFf4aSkG29men2hEB9boA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/140d04-cafb-46e3-8cfa-b05cde93d8e5/1/V7cyqG-pYyAMULVUem9DUD4mh5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/140d04-cafb-46e3-8cfa-b05cde93d8e5/1/FEz3GmQFf4aSkG29men2hEB9boA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:c7:52:65:46:a6:19:fb:f7:11:66:91:1f:eb:d8:42:c3:ae:
         ac:e9:78:2e:02:de:60:c5:ec:bc:80:b7:b8:7f:f1:46:2b:70:
         8a:be:fe:8c:1d:cd:86:02:77:c5:bc:76:9f:14:5c:6a:c4:31:
         8f:cb:e2:6d:84:d0:83:0b:75:15:c0:da:1f:18:d1:d9:02:d3:
         fa:2f:77:a6:1e:98:be:15:ec:00:13:66:d6:88:12:36:4d:0a:
         db:d6:42:03:b8:35:dd:9e:9a:35:f6:0a:4c:a5:7e:f0:b6:d9:
         19:64:0e:e9:af:f9:2c:55:01:bd:30:bb:9f:d1:46:ce:9a:3e:
         f6:ba:ac:74:8e:f3:c9:df:b5:77:39:db:4c:21:59:84:60:c4:
         ab:50:8a:62:ef:69:9e:3c:d7:3a:7c:dc:30:e4:1d:18:49:32:
         b1:c2:b5:50:85:85:dc:1e:ac:a0:09:55:e8:7e:8e:60:d6:4a:
         cb:6d:af:18:21:dd:73:9e:b6:5b:9d:42:3b:2c:03:4e:ce:13:
         b0:84:7e:16:a2:e5:2b:99:ee:bd:31:79:34:aa:08:e1:14:62:
         7a:08:0e:ac:4c:8d:98:38:68:5f:b9:43:f8:91:eb:37:a0:4f:
         e0:a5:0f:57:ec:36:bf:5f:d5:c9:bd:ea:c4:9c:f9:d2:d5:76:
         f8:05:4e:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzc6IEVG/8cQ4kKK3D7prGwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NGNmNzFhNjQwNTdmODY5MjkwNmRiZDk5ZTlmNjg0NDA3
ZDZlODAwHhcNMjYwMzExMTIzOTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2I3MzJhODZmYTk2MzIwMGM1MGI1NTQ3YTZmNDM1MDNlMjY4Nzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5le4R3cQFRbvApiKMxQh6oHwaHPQ
JjHyJB8eq0ZmOtyKHnnoeA39i4S269gUT9cHKvQuG7noB4mK3N/1GCK0Mae+H1Wt
3+j5jEvZ3GgEZrq0K5v0LNr/VsCNqyMMusluN13+u2CvLGoKcIdpsgfC67fOvPms
SbnDDQS4co1OhIplGExodnhI38TmzYRboSlyKYvmU8JfUcyfvrSUmfz6R6jmeCC1
bJWMwM8kilsgKqnUAZtJEmo7C8KeZfhv+wI/tGdIxf9pvydPzJgxYEnA7PgJhQdr
UzCSsEpJ7/EFronN3HmzA5JOeUTMuJrUokiZELUTyjxVOnIq5bhTncX/uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFe3MqhvqWMgDFC1VHpvQ1A+JoeWMB8GA1UdIwQY
MBaAFBRM9xpkBX+GkpBtvZnp9oRAfW6AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkV6M0dtUUZmNGFTa0cyOW1lbjJoRUI5Ym9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS8xNDBkMDQtY2FmYi00NmUzLThjZmEt
YjA1Y2RlOTNkOGU1LzEvVjdjeXFHLXBZeUFNVUxWVWVtOURVRDRtaDVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS8xNDBkMDQtY2FmYi00NmUzLThjZmEtYjA1Y2RlOTNkOGU1
LzEvRkV6M0dtUUZmNGFTa0cyOW1lbjJoRUI5Ym9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9kWMA0G
CSqGSIb3DQEBCwUAA4IBAQBbx1JlRqYZ+/cRZpEf69hCw66s6XguAt5gxey8gLe4
f/FGK3CKvv6MHc2GAnfFvHafFFxqxDGPy+JthNCDC3UVwNofGNHZAtP6L3emHpi+
FewAE2bWiBI2TQrb1kIDuDXdnpo19gpMpX7wttkZZA7pr/ksVQG9MLuf0UbOmj72
uqx0jvPJ37V3OdtMIVmEYMSrUIpi72mePNc6fNww5B0YSTKxwrVQhYXcHqygCVXo
fo5g1krLba8YId1znrZbnUI7LANOzhOwhH4WouUrme69MXk0qgjhFGJ6CA6sTI2Y
OGhfuUP4kes3oE/gpQ9X7Da/X9XJverEnPnS1Xb4BU5m
-----END CERTIFICATE-----