Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/TIKuMxTZ67ljS1MEaKEd5nJm30g.roa
File:                     TIKuMxTZ67ljS1MEaKEd5nJm30g.roa (raw, json)
Hash identifier:          i6fwhPwwZDpXVV8+0MCSm5gIe8Cd4dJDq48e6EPNPVA=
Subject key identifier:   4C:82:AE:33:14:D9:EB:B9:63:4B:53:04:68:A1:1D:E6:72:66:DF:48
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019DC914573CE9A4DCB7CC2F3E943C797250
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/TIKuMxTZ67ljS1MEaKEd5nJm30g.roa
Signing time:             Sun 26 Apr 2026 09:17:26 +0000
ROA not before:           Sun 26 Apr 2026 09:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42905
IP address blocks:        91.193.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c9:14:57:3c:e9:a4:dc:b7:cc:2f:3e:94:3c:79:72:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Apr 26 09:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c82ae3314d9ebb9634b530468a11de67266df48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fb:83:3f:52:5b:fd:33:2f:e6:ca:3e:ce:6e:
                    b8:e2:75:cd:71:55:f1:7f:bf:c5:83:ee:23:6c:0d:
                    c4:b2:57:a5:af:fc:bd:08:4b:25:1d:d5:6c:0c:c0:
                    f9:5f:f2:6a:4c:f3:68:8f:67:e7:3c:57:49:a4:74:
                    d4:2c:8d:33:5e:3f:8a:55:99:c1:39:0f:8a:e8:cc:
                    a4:69:04:1a:a6:42:45:4c:bc:e5:24:e5:78:ea:9e:
                    9e:83:d5:b3:3e:25:d1:22:bd:2f:07:dd:fb:ce:18:
                    64:59:a1:86:a0:b1:19:43:86:81:6e:3a:7d:18:14:
                    38:4c:6a:f2:71:17:bd:7d:4b:f1:c3:44:e7:4c:07:
                    8f:ff:1f:53:94:21:6c:c7:fa:30:e3:03:1c:a8:98:
                    a8:1e:a7:03:62:09:91:8b:31:03:e1:0c:16:9e:0c:
                    5f:86:ed:7d:b8:3b:a5:02:c3:31:9d:9a:19:57:2a:
                    a6:4b:6a:71:af:a7:cb:7b:37:ef:3e:1b:18:a8:17:
                    18:7a:99:07:fe:e4:3d:cc:6d:fd:11:90:ff:c6:1e:
                    10:c2:d9:5d:21:07:52:4e:08:dd:62:ce:29:0b:bc:
                    98:55:06:ae:98:b9:4d:44:d0:e3:89:28:e7:0c:db:
                    1e:a4:7e:dc:33:bd:79:eb:4d:7d:48:64:f6:b1:d6:
                    57:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:82:AE:33:14:D9:EB:B9:63:4B:53:04:68:A1:1D:E6:72:66:DF:48
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/TIKuMxTZ67ljS1MEaKEd5nJm30g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:8e:09:2b:83:6c:c0:8e:48:21:84:50:47:f3:f3:79:6e:d0:
         ef:99:65:fc:c3:dd:ca:02:02:bb:e6:4d:37:c9:35:e8:4b:dd:
         53:97:ad:8e:7b:30:7a:1a:88:d2:30:c1:0b:44:14:2f:06:da:
         3b:67:32:01:0f:0d:d0:e0:c1:ee:85:f0:0d:33:2c:77:ec:c0:
         4b:9e:d5:e4:2d:05:b5:26:9d:88:8d:2a:aa:ed:00:94:c1:94:
         96:9e:64:8f:5d:47:31:a9:e4:09:57:85:e6:23:39:7a:db:0b:
         4e:95:43:80:4a:1d:8c:cc:02:bb:a4:9e:8f:a2:00:d4:96:93:
         d9:4d:31:ec:5f:a6:46:ae:e5:8c:36:ac:7b:d3:f1:59:04:a1:
         1d:f1:33:79:15:37:bc:08:53:85:ba:0c:5e:b4:88:e7:e0:3e:
         8c:c1:f3:39:80:fc:8e:51:78:c4:17:3a:29:bd:0b:0a:67:eb:
         61:d4:31:4e:a4:b9:f1:cf:bf:ab:ab:d7:c9:a3:bf:d6:51:71:
         f9:af:92:ee:31:56:18:91:39:c9:7d:70:22:b2:0f:e4:b4:4b:
         07:60:97:dd:4b:6c:8f:9e:e1:b6:ff:e6:6c:2f:55:eb:e8:d1:
         cb:02:24:c3:64:33:9f:6a:52:75:87:ca:ae:e0:45:06:c8:98:
         25:e7:d3:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3JFFc86aTct8wvPpQ8eXJQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNDI2MDkxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzgyYWUzMzE0ZDllYmI5NjM0YjUzMDQ2OGExMWRlNjcyNjZkZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fuDP1Jb/TMv5so+zm644nXNcVXx
f7/Fg+4jbA3Eslelr/y9CEslHdVsDMD5X/JqTPNoj2fnPFdJpHTULI0zXj+KVZnB
OQ+K6MykaQQapkJFTLzlJOV46p6eg9WzPiXRIr0vB937zhhkWaGGoLEZQ4aBbjp9
GBQ4TGrycRe9fUvxw0TnTAeP/x9TlCFsx/ow4wMcqJioHqcDYgmRizED4QwWngxf
hu19uDulAsMxnZoZVyqmS2pxr6fLezfvPhsYqBcYepkH/uQ9zG39EZD/xh4Qwtld
IQdSTgjdYs4pC7yYVQaumLlNRNDjiSjnDNsepH7cM7156019SGT2sdZX7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEyCrjMU2eu5Y0tTBGihHeZyZt9IMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvVElLdU14VFo2N2xqUzFNRWFLRWQ1bkptMzBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8HCMA0G
CSqGSIb3DQEBCwUAA4IBAQACjgkrg2zAjkghhFBH8/N5btDvmWX8w93KAgK75k03
yTXoS91Tl62OezB6GojSMMELRBQvBto7ZzIBDw3Q4MHuhfANMyx37MBLntXkLQW1
Jp2IjSqq7QCUwZSWnmSPXUcxqeQJV4XmIzl62wtOlUOASh2MzAK7pJ6PogDUlpPZ
TTHsX6ZGruWMNqx70/FZBKEd8TN5FTe8CFOFugxetIjn4D6MwfM5gPyOUXjEFzop
vQsKZ+th1DFOpLnxz7+rq9fJo7/WUXH5r5LuMVYYkTnJfXAisg/ktEsHYJfdS2yP
nuG2/+ZsL1Xr6NHLAiTDZDOfalJ1h8qu4EUGyJgl59O3
-----END CERTIFICATE-----