Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/FnEFmJCKdHk7bysnxmMOnQ1m2-E.roa
File:                     FnEFmJCKdHk7bysnxmMOnQ1m2-E.roa (raw, json)
Hash identifier:          601aDMLF6shq3cPPa6X6iOVdRo8AE66iVQ59SXSNf6I=
Subject key identifier:   16:71:05:98:90:8A:74:79:3B:6F:2B:27:C6:63:0E:9D:0D:66:DB:E1
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019DC91282D3CA280A7109AE178FCC4F65DE
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/FnEFmJCKdHk7bysnxmMOnQ1m2-E.roa
Signing time:             Sun 26 Apr 2026 09:15:26 +0000
ROA not before:           Sun 26 Apr 2026 09:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202483
IP address blocks:        91.193.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c9:12:82:d3:ca:28:0a:71:09:ae:17:8f:cc:4f:65:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Apr 26 09:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16710598908a74793b6f2b27c6630e9d0d66dbe1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b4:57:8d:e2:a4:6a:11:82:72:d0:a5:70:5b:
                    d0:58:21:7f:53:63:d8:11:55:3b:fb:e1:5c:c6:c0:
                    fe:27:8a:ea:d8:5e:26:a2:d8:6c:43:fb:67:e9:72:
                    31:4e:49:0b:7d:69:ac:02:42:20:d5:ca:71:96:b1:
                    ec:ef:9e:79:61:72:bc:20:52:ec:8c:3f:65:66:77:
                    54:f9:b3:3d:ea:52:54:75:46:51:87:0b:2d:7c:0b:
                    9a:97:36:2b:2a:ca:a8:d4:d6:0d:88:4d:57:af:9e:
                    e1:08:17:37:62:0e:93:ea:ed:ab:55:3d:f9:98:eb:
                    af:ac:36:5c:7e:de:7c:cc:d0:01:02:bd:a4:93:24:
                    a1:0d:cd:d5:54:e6:ab:28:42:d5:e1:85:cf:89:51:
                    ad:8f:d7:e0:55:0f:26:f7:59:9b:88:ad:49:18:48:
                    2f:de:a3:3e:0b:c7:26:e5:86:16:2a:68:fa:1c:0e:
                    3e:d9:f7:f1:bf:c3:28:6c:ae:f0:02:df:bf:d0:89:
                    cc:1f:16:57:2c:18:55:25:3b:21:d8:97:7e:1b:5d:
                    b0:41:6c:55:b5:ca:2a:3f:aa:35:2b:d9:5c:7f:59:
                    21:82:2c:8c:2c:3c:2f:a7:22:1f:70:7c:c6:05:61:
                    d5:dc:ab:8a:fe:16:50:cf:1d:f4:03:70:64:04:0e:
                    45:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:71:05:98:90:8A:74:79:3B:6F:2B:27:C6:63:0E:9D:0D:66:DB:E1
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/FnEFmJCKdHk7bysnxmMOnQ1m2-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:78:8d:42:5c:ea:0d:ca:61:83:39:67:aa:f9:88:45:6f:24:
         80:80:20:3c:cb:d7:9f:2f:da:cf:31:30:1a:8c:47:92:cd:03:
         68:0d:2d:79:71:f0:8a:fb:7f:32:d6:a9:e2:3e:a2:99:ec:32:
         54:d1:e4:f5:f6:00:3d:5f:30:81:20:ab:d3:38:0d:85:d5:34:
         c4:17:66:48:fc:33:60:8e:b4:df:3d:61:16:41:01:06:cd:04:
         77:39:4e:66:f2:ff:0e:e8:c2:be:44:13:f8:90:18:ac:9c:1e:
         7e:81:f3:86:7f:d8:b9:5d:72:87:a5:15:6a:43:b4:e5:0d:8d:
         7b:a1:a6:e0:d8:31:e9:0e:cf:f1:16:c2:25:0b:d4:51:f5:b3:
         c6:0e:d9:d8:d5:67:5e:7d:41:f3:2e:be:5d:8c:64:d0:ae:98:
         91:8f:0d:2b:98:9b:7b:a5:1c:da:e1:8a:4f:60:25:40:fb:5f:
         18:8d:05:c7:1d:69:eb:6e:13:c9:43:da:21:4b:43:c2:9b:86:
         a9:1a:2a:66:48:3b:8e:8b:ee:b5:49:d0:6b:31:0c:89:6b:35:
         06:45:cb:e3:6a:da:bf:99:eb:b7:b0:d8:20:d2:f7:f4:23:b7:
         4c:be:1a:46:cd:f7:95:10:01:dc:f9:a5:d2:5e:4e:b9:b2:47:
         9b:63:ae:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3JEoLTyigKcQmuF4/MT2XeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNDI2MDkxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjcxMDU5ODkwOGE3NDc5M2I2ZjJiMjdjNjYzMGU5ZDBkNjZkYmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLRXjeKkahGCctClcFvQWCF/U2PY
EVU7++FcxsD+J4rq2F4mothsQ/tn6XIxTkkLfWmsAkIg1cpxlrHs7555YXK8IFLs
jD9lZndU+bM96lJUdUZRhwstfAualzYrKsqo1NYNiE1Xr57hCBc3Yg6T6u2rVT35
mOuvrDZcft58zNABAr2kkyShDc3VVOarKELV4YXPiVGtj9fgVQ8m91mbiK1JGEgv
3qM+C8cm5YYWKmj6HA4+2ffxv8MobK7wAt+/0InMHxZXLBhVJTsh2Jd+G12wQWxV
tcoqP6o1K9lcf1khgiyMLDwvpyIfcHzGBWHV3KuK/hZQzx30A3BkBA5FOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBZxBZiQinR5O28rJ8ZjDp0NZtvhMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvRm5FRm1KQ0tkSGs3YnlzbnhtTU9uUTFtMi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8HBMA0G
CSqGSIb3DQEBCwUAA4IBAQA3eI1CXOoNymGDOWeq+YhFbySAgCA8y9efL9rPMTAa
jEeSzQNoDS15cfCK+38y1qniPqKZ7DJU0eT19gA9XzCBIKvTOA2F1TTEF2ZI/DNg
jrTfPWEWQQEGzQR3OU5m8v8O6MK+RBP4kBisnB5+gfOGf9i5XXKHpRVqQ7TlDY17
oabg2DHpDs/xFsIlC9RR9bPGDtnY1WdefUHzLr5djGTQrpiRjw0rmJt7pRza4YpP
YCVA+18YjQXHHWnrbhPJQ9ohS0PCm4apGipmSDuOi+61SdBrMQyJazUGRcvjatq/
meu3sNgg0vf0I7dMvhpGzfeVEAHc+aXSXk65skebY65P
-----END CERTIFICATE-----