Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/a8237d-1307-4dfb-aad6-f90b3e5493d4/1/e9ESBbCpXLampxKyfROKHhSNrlQ.roa
File:                     e9ESBbCpXLampxKyfROKHhSNrlQ.roa (raw, json)
Hash identifier:          tD7v+u/DQGlM+A9s6n4BBi5LAYT9sFcm9HvPxsWUOOU=
Subject key identifier:   7B:D1:12:05:B0:A9:5C:B6:A6:A7:12:B2:7D:13:8A:1E:14:8D:AE:54
Certificate issuer:       /CN=cfd2d4794e5bbac0e34c9d0189b26ef147158a23
Certificate serial:       019E87AB8B8EE1A90DF098F5F7C8214B9A1C
Authority key identifier: CF:D2:D4:79:4E:5B:BA:C0:E3:4C:9D:01:89:B2:6E:F1:47:15:8A:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z9LUeU5busDjTJ0BibJu8UcViiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/a8237d-1307-4dfb-aad6-f90b3e5493d4/1/e9ESBbCpXLampxKyfROKHhSNrlQ.roa
Signing time:             Tue 02 Jun 2026 09:30:26 +0000
ROA not before:           Tue 02 Jun 2026 09:30:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12741
IP address blocks:        91.208.78.0/24 maxlen: 24
                          193.41.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/a8237d-1307-4dfb-aad6-f90b3e5493d4/1/z9LUeU5busDjTJ0BibJu8UcViiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/a8237d-1307-4dfb-aad6-f90b3e5493d4/1/z9LUeU5busDjTJ0BibJu8UcViiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z9LUeU5busDjTJ0BibJu8UcViiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:ab:8b:8e:e1:a9:0d:f0:98:f5:f7:c8:21:4b:9a:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfd2d4794e5bbac0e34c9d0189b26ef147158a23
        Validity
            Not Before: Jun  2 09:30:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7bd11205b0a95cb6a6a712b27d138a1e148dae54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:13:dc:48:12:f8:c8:0f:14:21:a7:2c:30:fe:
                    dc:4d:be:5f:f3:7f:f4:58:ff:f9:64:f3:2c:9e:a2:
                    cc:d1:c9:22:e1:22:e7:78:3d:3d:ae:80:ac:56:4a:
                    88:8b:1b:45:3d:da:d3:ca:d6:42:91:12:18:46:4e:
                    14:f5:02:bb:18:29:6c:4e:07:9b:69:f2:64:3f:d7:
                    85:29:69:42:63:23:bd:4d:7b:93:f8:56:1e:cc:50:
                    c5:42:c1:80:f3:f0:f9:9c:20:a7:68:67:00:48:47:
                    5a:c8:b8:d2:7a:46:ff:cd:0f:9c:02:c9:f0:a3:c5:
                    6e:94:fd:0d:3d:54:1a:a0:b4:46:2a:97:b2:53:cb:
                    11:6e:90:f5:8e:26:9a:f6:7a:df:c2:71:23:ff:75:
                    64:19:d8:0b:5e:eb:3c:c1:a3:12:aa:2a:98:21:ac:
                    11:cc:bf:b0:77:22:6e:f8:28:b6:49:08:ea:f9:5f:
                    d7:f6:a7:55:00:9c:90:34:7b:e6:4e:de:2b:4a:8b:
                    90:ba:0f:05:83:70:06:84:86:ef:7b:00:31:36:14:
                    93:69:60:b2:90:13:f8:f1:17:a2:54:3d:ac:a9:14:
                    94:c6:4c:72:a6:c8:4c:a7:8d:67:5a:51:8f:66:24:
                    5a:b7:8b:6a:7a:85:94:8a:c6:57:54:99:6c:80:29:
                    88:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D1:12:05:B0:A9:5C:B6:A6:A7:12:B2:7D:13:8A:1E:14:8D:AE:54
            X509v3 Authority Key Identifier:
                keyid:CF:D2:D4:79:4E:5B:BA:C0:E3:4C:9D:01:89:B2:6E:F1:47:15:8A:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z9LUeU5busDjTJ0BibJu8UcViiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a8237d-1307-4dfb-aad6-f90b3e5493d4/1/e9ESBbCpXLampxKyfROKHhSNrlQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/a8237d-1307-4dfb-aad6-f90b3e5493d4/1/z9LUeU5busDjTJ0BibJu8UcViiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.78.0/24
                  193.41.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:f9:88:9f:44:66:91:10:da:4c:93:ce:d2:07:2c:83:3b:75:
         1b:fa:c2:a1:d2:b8:17:82:01:71:06:9b:16:2e:0e:0d:aa:36:
         7f:84:1d:b5:90:6e:2a:c0:d7:e7:c4:9a:58:88:8f:c5:74:ef:
         06:36:99:d1:98:18:6e:46:8d:44:cf:36:2e:64:f3:1a:07:17:
         cb:f4:25:33:6c:aa:be:46:3b:65:05:ca:1a:7e:d4:9a:29:05:
         05:af:93:7d:29:ed:32:80:52:13:2f:5c:84:62:21:24:a0:d0:
         89:0a:dc:ef:d1:bf:cb:27:c0:ef:53:1b:5a:65:60:b5:65:68:
         fd:56:c9:08:24:49:cd:7d:bc:e8:65:a7:09:b3:14:70:ca:59:
         15:1a:db:70:b3:e3:66:17:fa:5f:be:37:a4:4c:93:90:25:a1:
         01:f1:cc:94:8c:db:0e:e7:d9:22:7a:8f:15:76:76:b9:fb:db:
         8c:fd:b6:0a:8f:84:eb:c6:27:bc:d4:8c:74:66:5f:f2:50:96:
         e9:92:1c:01:eb:f1:cc:f5:1b:67:81:7c:22:b2:39:e3:c2:00:
         4b:7d:ce:6a:0a:9e:e3:c1:b7:22:9b:87:c6:4a:fa:70:e3:ed:
         05:3c:0d:2c:99:87:cb:21:96:5a:ed:9a:47:0b:8b:07:99:6f:
         cf:a7:95:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6Hq4uO4akN8Jj198ghS5ocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZDJkNDc5NGU1YmJhYzBlMzRjOWQwMTg5YjI2ZWYxNDcx
NThhMjMwHhcNMjYwNjAyMDkzMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQxMTIwNWIwYTk1Y2I2YTZhNzEyYjI3ZDEzOGExZTE0OGRhZTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RPcSBL4yA8UIacsMP7cTb5f83/0
WP/5ZPMsnqLM0cki4SLneD09roCsVkqIixtFPdrTytZCkRIYRk4U9QK7GClsTgeb
afJkP9eFKWlCYyO9TXuT+FYezFDFQsGA8/D5nCCnaGcASEdayLjSekb/zQ+cAsnw
o8VulP0NPVQaoLRGKpeyU8sRbpD1jiaa9nrfwnEj/3VkGdgLXus8waMSqiqYIawR
zL+wdyJu+Ci2SQjq+V/X9qdVAJyQNHvmTt4rSouQug8Fg3AGhIbvewAxNhSTaWCy
kBP48ReiVD2sqRSUxkxypshMp41nWlGPZiRat4tqeoWUisZXVJlsgCmIoQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHvREgWwqVy2pqcSsn0Tih4Uja5UMB8GA1UdIwQY
MBaAFM/S1HlOW7rA40ydAYmybvFHFYojMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejlMVWVVNWJ1c0RqVEowQmliSnU4VWNWaWlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9hODIzN2QtMTMwNy00ZGZiLWFhZDYt
ZjkwYjNlNTQ5M2Q0LzEvZTlFU0JiQ3BYTGFtcHhLeWZST0tIaFNOcmxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9hODIzN2QtMTMwNy00ZGZiLWFhZDYtZjkwYjNlNTQ5M2Q0
LzEvejlMVWVVNWJ1c0RqVEowQmliSnU4VWNWaWlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9BOAwQA
wSnAMA0GCSqGSIb3DQEBCwUAA4IBAQBI+YifRGaRENpMk87SByyDO3Ub+sKh0rgX
ggFxBpsWLg4NqjZ/hB21kG4qwNfnxJpYiI/FdO8GNpnRmBhuRo1EzzYuZPMaBxfL
9CUzbKq+RjtlBcoaftSaKQUFr5N9Ke0ygFITL1yEYiEkoNCJCtzv0b/LJ8DvUxta
ZWC1ZWj9VskIJEnNfbzoZacJsxRwylkVGttws+NmF/pfvjekTJOQJaEB8cyUjNsO
59kieo8Vdna5+9uM/bYKj4Trxie81Ix0Zl/yUJbpkhwB6/HM9RtngXwisjnjwgBL
fc5qCp7jwbcim4fGSvpw4+0FPA0smYfLIZZa7ZpHC4sHmW/Pp5VT
-----END CERTIFICATE-----