Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/nM83HlJMcq3XGr88tOJ2Jgml18Q.roa
File:                     nM83HlJMcq3XGr88tOJ2Jgml18Q.roa (raw, json)
Hash identifier:          iKLSCb2eHBRO55h1ctPBOi2BUx1jjcn6kLFniadlimw=
Subject key identifier:   9C:CF:37:1E:52:4C:72:AD:D7:1A:BF:3C:B4:E2:76:26:09:A5:D7:C4
Certificate issuer:       /CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
Certificate serial:       019E790BF4B981037BD517AD5D37D8CD3D40
Authority key identifier: B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/nM83HlJMcq3XGr88tOJ2Jgml18Q.roa
Signing time:             Sat 30 May 2026 13:21:26 +0000
ROA not before:           Sat 30 May 2026 13:21:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202391
IP address blocks:        91.216.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 07:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:79:0b:f4:b9:81:03:7b:d5:17:ad:5d:37:d8:cd:3d:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b31c4ce663e1ec245e747cd846f1a69ddb834b3b
        Validity
            Not Before: May 30 13:21:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ccf371e524c72add71abf3cb4e2762609a5d7c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:7a:da:33:72:03:ab:c0:e7:9e:1d:02:41:a6:
                    88:11:21:a1:b1:33:3e:36:1f:95:f8:e1:c6:44:a5:
                    ff:d1:f6:1f:e3:4e:5d:4e:41:6a:af:51:58:cc:c1:
                    f5:2e:2f:fb:86:c5:8f:b6:69:cb:ea:8e:bc:59:47:
                    b4:56:c6:ea:69:22:82:db:01:60:46:8a:8e:21:fd:
                    75:ab:a5:18:02:69:7f:eb:fb:5e:e5:3d:77:cb:56:
                    ca:4f:5c:e2:be:17:40:cb:d0:26:db:60:f9:ac:7a:
                    f0:59:b5:63:f4:8b:a7:b7:44:66:dc:da:46:6b:83:
                    b3:c7:16:58:4a:5f:28:1d:8a:64:3a:6d:7b:08:6b:
                    06:c4:d2:3a:bb:8b:35:b7:7a:4b:aa:b0:7e:3d:26:
                    30:a3:06:2c:7a:18:65:44:25:17:3f:60:62:d3:b4:
                    75:86:2a:2d:38:59:7b:c2:9e:04:40:01:74:13:4b:
                    6e:9b:a4:84:77:9f:26:b9:d5:29:b5:50:be:c0:1d:
                    7f:a4:52:a9:0b:68:a9:26:da:a6:42:60:11:3e:64:
                    c8:67:e1:50:60:7d:3b:67:88:f2:73:ef:32:0b:63:
                    f9:ef:cb:fb:4b:c6:ff:78:ba:a2:7b:77:15:30:59:
                    0a:9c:92:f6:d6:e5:1d:8a:f0:38:2c:92:fc:5b:10:
                    77:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:CF:37:1E:52:4C:72:AD:D7:1A:BF:3C:B4:E2:76:26:09:A5:D7:C4
            X509v3 Authority Key Identifier:
                keyid:B3:1C:4C:E6:63:E1:EC:24:5E:74:7C:D8:46:F1:A6:9D:DB:83:4B:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sxxM5mPh7CRedHzYRvGmnduDSzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/nM83HlJMcq3XGr88tOJ2Jgml18Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/84d476-3233-4131-8ffc-465adc2959f2/1/sxxM5mPh7CRedHzYRvGmnduDSzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:67:03:8d:24:36:a0:ff:c9:76:7e:37:df:3b:cc:47:c1:a5:
         5a:39:17:a2:27:37:ab:b3:c3:c6:24:48:da:14:79:bf:96:09:
         57:c4:bc:15:f9:e5:58:61:7f:41:10:87:76:9e:e4:45:26:63:
         78:d6:6b:f7:50:8b:b7:ab:94:af:c2:b8:18:b9:95:50:d4:07:
         74:11:9d:83:55:1a:26:f9:47:17:e5:c8:38:9b:34:92:61:7e:
         4f:85:ff:cb:94:bb:fb:f7:ef:94:6b:0f:ac:91:f3:76:ec:ad:
         96:71:14:e5:84:a5:7a:37:52:f4:1a:32:f2:25:47:7d:23:33:
         67:96:c6:37:60:98:94:a3:38:24:dd:ac:b3:6f:c9:cb:eb:d3:
         8c:ee:d0:71:8b:55:88:c9:ba:67:c2:88:c0:fe:1c:27:07:ce:
         59:1d:0a:7e:98:ac:19:63:dc:08:a0:85:11:18:1c:80:90:aa:
         7f:7f:6b:f5:2a:af:ab:0c:b1:c5:a9:76:0a:ec:83:8a:6e:76:
         f4:19:50:4b:72:8c:f6:18:7b:94:b4:cd:ac:50:d4:48:42:7c:
         b2:8d:37:e9:fb:f8:3c:48:e1:d3:6a:4c:af:1c:d3:14:0f:b8:
         33:f8:8c:bc:cd:ba:71:e7:4d:9b:c8:04:85:ff:1d:88:8f:6a:
         46:51:0c:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ55C/S5gQN71RetXTfYzT1AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMWM0Y2U2NjNlMWVjMjQ1ZTc0N2NkODQ2ZjFhNjlkZGI4
MzRiM2IwHhcNMjYwNTMwMTMyMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2NmMzcxZTUyNGM3MmFkZDcxYWJmM2NiNGUyNzYyNjA5YTVkN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznraM3IDq8Dnnh0CQaaIESGhsTM+
Nh+V+OHGRKX/0fYf405dTkFqr1FYzMH1Li/7hsWPtmnL6o68WUe0VsbqaSKC2wFg
RoqOIf11q6UYAml/6/te5T13y1bKT1zivhdAy9Am22D5rHrwWbVj9Iunt0Rm3NpG
a4OzxxZYSl8oHYpkOm17CGsGxNI6u4s1t3pLqrB+PSYwowYsehhlRCUXP2Bi07R1
hiotOFl7wp4EQAF0E0tum6SEd58mudUptVC+wB1/pFKpC2ipJtqmQmARPmTIZ+FQ
YH07Z4jyc+8yC2P578v7S8b/eLqie3cVMFkKnJL21uUdivA4LJL8WxB30QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJzPNx5STHKt1xq/PLTidiYJpdfEMB8GA1UdIwQY
MBaAFLMcTOZj4ewkXnR82Ebxpp3bg0s7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3h4TTVtUGg3Q1JlZEh6WVJ2R21uZHVEU3pzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy84NGQ0NzYtMzIzMy00MTMxLThmZmMt
NDY1YWRjMjk1OWYyLzEvbk04M0hsSk1jcTNYR3I4OHRPSjJKZ21sMThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy84NGQ0NzYtMzIzMy00MTMxLThmZmMtNDY1YWRjMjk1OWYy
LzEvc3h4TTVtUGg3Q1JlZEh6WVJ2R21uZHVEU3pzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hHMA0G
CSqGSIb3DQEBCwUAA4IBAQCOZwONJDag/8l2fjffO8xHwaVaOReiJzers8PGJEja
FHm/lglXxLwV+eVYYX9BEId2nuRFJmN41mv3UIu3q5SvwrgYuZVQ1Ad0EZ2DVRom
+UcX5cg4mzSSYX5Phf/LlLv79++Uaw+skfN27K2WcRTlhKV6N1L0GjLyJUd9IzNn
lsY3YJiUozgk3ayzb8nL69OM7tBxi1WIybpnwojA/hwnB85ZHQp+mKwZY9wIoIUR
GByAkKp/f2v1Kq+rDLHFqXYK7IOKbnb0GVBLcoz2GHuUtM2sUNRIQnyyjTfp+/g8
SOHTakyvHNMUD7gz+Iy8zbpx502byASF/x2Ij2pGUQzN
-----END CERTIFICATE-----