Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/acfb75-4cd5-4595-9b3e-192d6a343da2/1/kDV5J5gvUfs2AruPi1AigNxO3No.roa
File:                     kDV5J5gvUfs2AruPi1AigNxO3No.roa (raw, json)
Hash identifier:          3eVKTOaVyZXfdZN443tZ94OFDw3eJah+bPWk0bbkQQw=
Subject key identifier:   90:35:79:27:98:2F:51:FB:36:02:BB:8F:8B:50:22:80:DC:4E:DC:DA
Certificate issuer:       /CN=f70e3b7b5eb24f04b18cb65c42681dda42d516c6
Certificate serial:       019D2F4A18B10CFF78708E8420CB1F95DE4F
Authority key identifier: F7:0E:3B:7B:5E:B2:4F:04:B1:8C:B6:5C:42:68:1D:DA:42:D5:16:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9w47e16yTwSxjLZcQmgd2kLVFsY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/acfb75-4cd5-4595-9b3e-192d6a343da2/1/kDV5J5gvUfs2AruPi1AigNxO3No.roa
Signing time:             Fri 27 Mar 2026 12:34:38 +0000
ROA not before:           Fri 27 Mar 2026 12:34:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51065
IP address blocks:        91.216.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/acfb75-4cd5-4595-9b3e-192d6a343da2/1/9w47e16yTwSxjLZcQmgd2kLVFsY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/acfb75-4cd5-4595-9b3e-192d6a343da2/1/9w47e16yTwSxjLZcQmgd2kLVFsY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9w47e16yTwSxjLZcQmgd2kLVFsY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2f:4a:18:b1:0c:ff:78:70:8e:84:20:cb:1f:95:de:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f70e3b7b5eb24f04b18cb65c42681dda42d516c6
        Validity
            Not Before: Mar 27 12:34:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90357927982f51fb3602bb8f8b502280dc4edcda
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:a7:fc:ee:c5:fc:97:60:2c:49:77:f1:e5:ee:
                    b1:ad:4a:d4:4b:74:89:30:ba:2f:3f:68:e8:01:10:
                    38:24:91:8f:5d:8e:0c:68:5b:6c:0d:04:f0:b0:fe:
                    4f:24:f7:93:f6:b9:cd:42:c0:53:75:b4:c1:ff:54:
                    45:31:13:06:63:58:7d:05:9c:65:a9:00:2c:cc:eb:
                    15:64:23:46:cf:4f:04:b9:92:f0:8c:1a:9f:a0:c1:
                    be:67:85:f5:e1:3b:60:6a:2f:93:41:4b:04:18:a5:
                    ab:9d:d7:57:0b:a0:8a:19:3a:10:63:96:96:7e:15:
                    89:c9:0e:5b:d4:59:c8:89:e9:c4:c5:2c:87:50:18:
                    7a:0e:50:a9:8f:61:8f:7d:90:ec:df:a8:a0:9d:82:
                    2b:49:7e:79:ef:86:15:6c:a0:cd:83:34:21:78:37:
                    8a:f1:7a:11:ba:d9:f5:33:3a:f3:de:e7:4b:d5:dc:
                    8b:54:67:89:55:7c:16:9c:fc:9d:26:a6:33:88:a7:
                    85:43:9a:1b:ba:c9:5d:58:df:64:cb:00:33:28:15:
                    d9:33:49:6c:03:fd:b4:6e:17:a0:33:44:b8:d3:3e:
                    5d:98:fd:c1:6e:f9:cb:79:d0:d3:62:e6:e4:e4:4f:
                    c4:01:57:b6:19:ab:cc:f6:70:b3:88:d1:32:f7:0c:
                    ba:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:35:79:27:98:2F:51:FB:36:02:BB:8F:8B:50:22:80:DC:4E:DC:DA
            X509v3 Authority Key Identifier:
                keyid:F7:0E:3B:7B:5E:B2:4F:04:B1:8C:B6:5C:42:68:1D:DA:42:D5:16:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9w47e16yTwSxjLZcQmgd2kLVFsY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/acfb75-4cd5-4595-9b3e-192d6a343da2/1/kDV5J5gvUfs2AruPi1AigNxO3No.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/acfb75-4cd5-4595-9b3e-192d6a343da2/1/9w47e16yTwSxjLZcQmgd2kLVFsY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:75:82:8d:00:2e:ad:e1:df:5b:87:34:ba:c8:ab:c6:4f:7f:
         41:df:9c:70:7a:64:56:ba:01:9c:db:af:69:13:d3:3c:ab:4d:
         f7:0d:0f:31:bf:8d:e8:e3:55:2d:f2:14:d0:e2:e8:ef:9b:bb:
         31:1e:93:e5:fa:5f:ad:12:aa:a8:7d:dd:56:cf:2a:80:cb:61:
         84:d0:4b:93:3c:38:b0:3e:97:fa:9a:1e:9a:77:09:66:e6:50:
         c3:ed:bf:95:9e:9f:32:1c:59:0b:17:bb:9b:3d:3c:2d:aa:35:
         dd:8f:11:71:39:be:31:6c:49:d7:66:df:65:d7:b0:13:b4:73:
         40:76:7f:7c:1a:f3:4b:58:04:01:d0:54:b9:ee:54:ef:cc:cd:
         a7:87:a2:20:ba:bc:81:77:cc:c2:6c:e9:c5:e3:cd:cf:ad:42:
         b1:ee:f5:23:47:09:79:4c:21:c9:ff:58:59:3f:43:50:cd:a6:
         f8:3d:07:c7:67:1a:a5:23:78:4d:41:39:01:cc:8e:c5:7f:34:
         af:76:2c:14:38:a4:3e:c0:ed:8b:40:00:b3:8e:ba:61:d2:d4:
         0b:6a:ce:f5:83:2f:05:a2:2d:fa:60:6e:29:40:b6:0b:9a:44:
         57:4a:a3:81:ed:0f:3d:5f:96:94:0c:27:6f:90:55:05:91:be:
         3d:ea:42:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0vShixDP94cI6EIMsfld5PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MGUzYjdiNWViMjRmMDRiMThjYjY1YzQyNjgxZGRhNDJk
NTE2YzYwHhcNMjYwMzI3MTIzNDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDM1NzkyNzk4MmY1MWZiMzYwMmJiOGY4YjUwMjI4MGRjNGVkY2RhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraf87sX8l2AsSXfx5e6xrUrUS3SJ
MLovP2joARA4JJGPXY4MaFtsDQTwsP5PJPeT9rnNQsBTdbTB/1RFMRMGY1h9BZxl
qQAszOsVZCNGz08EuZLwjBqfoMG+Z4X14Ttgai+TQUsEGKWrnddXC6CKGToQY5aW
fhWJyQ5b1FnIienExSyHUBh6DlCpj2GPfZDs36ignYIrSX5574YVbKDNgzQheDeK
8XoRutn1Mzrz3udL1dyLVGeJVXwWnPydJqYziKeFQ5obusldWN9kywAzKBXZM0ls
A/20bhegM0S40z5dmP3BbvnLedDTYubk5E/EAVe2GavM9nCziNEy9wy66QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJA1eSeYL1H7NgK7j4tQIoDcTtzaMB8GA1UdIwQY
MBaAFPcOO3tesk8EsYy2XEJoHdpC1RbGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXc0N2UxNnlUd1N4akxaY1FtZ2Qya0xWRnNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9hY2ZiNzUtNGNkNS00NTk1LTliM2Ut
MTkyZDZhMzQzZGEyLzEva0RWNUo1Z3ZVZnMyQXJ1UGkxQWlnTnhPM05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9hY2ZiNzUtNGNkNS00NTk1LTliM2UtMTkyZDZhMzQzZGEy
LzEvOXc0N2UxNnlUd1N4akxaY1FtZ2Qya0xWRnNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9h/MA0G
CSqGSIb3DQEBCwUAA4IBAQBydYKNAC6t4d9bhzS6yKvGT39B35xwemRWugGc269p
E9M8q033DQ8xv43o41Ut8hTQ4ujvm7sxHpPl+l+tEqqofd1WzyqAy2GE0EuTPDiw
Ppf6mh6adwlm5lDD7b+Vnp8yHFkLF7ubPTwtqjXdjxFxOb4xbEnXZt9l17ATtHNA
dn98GvNLWAQB0FS57lTvzM2nh6IguryBd8zCbOnF483PrUKx7vUjRwl5TCHJ/1hZ
P0NQzab4PQfHZxqlI3hNQTkBzI7FfzSvdiwUOKQ+wO2LQACzjrph0tQLas71gy8F
oi36YG4pQLYLmkRXSqOB7Q89X5aUDCdvkFUFkb496kLZ
-----END CERTIFICATE-----