Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/DP6W5mZd2SOB-Uj8tbt4V4TsScc.roa
File:                     DP6W5mZd2SOB-Uj8tbt4V4TsScc.roa (raw, json)
Hash identifier:          525uqcMQrlLx8hMHVZRXLc6TEI5O4/DeN/yL3pcseB8=
Subject key identifier:   0C:FE:96:E6:66:5D:D9:23:81:F9:48:FC:B5:BB:78:57:84:EC:49:C7
Certificate issuer:       /CN=560d1e89b4e742e69062a95d351deea96b5178fb
Certificate serial:       019DFDF66727E08A0DA8D8546158708ADD16
Authority key identifier: 56:0D:1E:89:B4:E7:42:E6:90:62:A9:5D:35:1D:EE:A9:6B:51:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vg0eibTnQuaQYqldNR3uqWtRePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/DP6W5mZd2SOB-Uj8tbt4V4TsScc.roa
Signing time:             Wed 06 May 2026 15:44:37 +0000
ROA not before:           Wed 06 May 2026 15:44:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197769
IP address blocks:        91.231.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/Vg0eibTnQuaQYqldNR3uqWtRePs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/Vg0eibTnQuaQYqldNR3uqWtRePs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vg0eibTnQuaQYqldNR3uqWtRePs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 May 2026 14:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:f6:67:27:e0:8a:0d:a8:d8:54:61:58:70:8a:dd:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=560d1e89b4e742e69062a95d351deea96b5178fb
        Validity
            Not Before: May  6 15:44:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0cfe96e6665dd92381f948fcb5bb785784ec49c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:50:76:90:c2:98:ac:1a:eb:37:eb:9c:b7:c6:
                    27:08:52:a4:54:14:8f:64:a4:89:d8:39:8d:6a:dd:
                    9d:2f:87:96:f4:cc:f7:f1:37:2f:4e:49:c8:01:d2:
                    57:19:a8:1a:2d:f0:fd:27:5c:ce:0f:5f:18:0f:46:
                    01:f3:72:e6:37:d7:23:be:a0:7b:1a:4d:1a:b3:b5:
                    09:11:c5:f5:b6:db:35:ea:e1:77:22:a9:63:58:5e:
                    71:92:34:62:1f:a9:10:e8:2a:20:9f:5b:28:d1:50:
                    c4:04:ab:5a:f2:53:5f:69:53:48:3b:a3:dd:ad:9a:
                    5a:01:37:65:14:a3:af:b4:18:5f:85:9e:15:45:e9:
                    5b:03:5a:a7:63:99:3f:ad:ff:46:f9:d5:b2:fe:d7:
                    e1:3e:35:5a:db:f3:23:c1:cd:f2:84:b6:e9:9a:f1:
                    fc:c7:74:cf:0b:0b:45:22:9e:4c:4d:63:18:ac:bf:
                    a6:c7:8c:a6:6d:4f:39:3b:9b:b1:b1:0a:5a:05:92:
                    6f:4f:6d:db:24:6b:5f:47:95:cb:1c:39:c4:31:8a:
                    db:af:47:bf:8e:26:f2:1d:9d:37:bd:0c:07:fb:33:
                    28:7b:c6:e2:47:4d:72:27:db:d6:75:61:5b:c9:97:
                    3b:99:8a:a7:4b:c8:35:2c:01:14:19:1b:17:78:63:
                    60:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:FE:96:E6:66:5D:D9:23:81:F9:48:FC:B5:BB:78:57:84:EC:49:C7
            X509v3 Authority Key Identifier:
                keyid:56:0D:1E:89:B4:E7:42:E6:90:62:A9:5D:35:1D:EE:A9:6B:51:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vg0eibTnQuaQYqldNR3uqWtRePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/DP6W5mZd2SOB-Uj8tbt4V4TsScc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/8a734a-d2b8-411e-a557-50d6ba6aacb8/1/Vg0eibTnQuaQYqldNR3uqWtRePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:3c:42:47:b5:a3:f6:63:26:20:92:7b:0f:a6:82:2d:39:01:
         b0:5d:ac:d7:41:e8:52:9f:ea:f9:7c:dc:18:39:3b:b4:52:27:
         1f:a5:40:c0:07:03:48:e2:cd:b4:62:f8:e5:98:7c:ec:6b:de:
         4d:9f:c6:a8:ca:b6:bd:66:bd:b9:31:a4:9f:78:92:41:c2:af:
         46:d4:90:32:56:fa:71:f3:cb:da:b1:f3:99:34:0b:4d:d4:19:
         61:7a:c8:30:47:87:6a:0d:26:f2:20:85:f4:45:45:ee:93:66:
         17:f9:e8:2b:f9:97:7a:40:9a:b1:f9:f8:56:ee:cf:00:15:2d:
         d1:28:82:e5:a6:25:24:98:66:d7:09:20:8e:ef:f9:d6:80:62:
         18:02:8f:d2:1c:15:7e:6b:57:e1:6e:d6:8e:72:b6:50:f8:82:
         24:16:43:d2:51:e5:86:35:36:8f:0b:ee:82:27:0b:c3:36:c9:
         cc:a3:7a:78:42:98:30:b8:79:e6:c7:95:66:81:9f:79:15:2a:
         11:b1:bd:96:55:e5:93:8d:5e:46:cf:22:95:8e:82:b1:7d:18:
         fa:dd:3c:8b:5f:fa:8c:2f:a6:31:e2:96:11:de:11:c9:89:c5:
         cf:0a:e9:c4:c8:a8:13:b4:86:50:a2:7e:84:da:89:10:26:df:
         ac:55:42:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ399mcn4IoNqNhUYVhwit0WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2MGQxZTg5YjRlNzQyZTY5MDYyYTk1ZDM1MWRlZWE5NmI1
MTc4ZmIwHhcNMjYwNTA2MTU0NDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2ZlOTZlNjY2NWRkOTIzODFmOTQ4ZmNiNWJiNzg1Nzg0ZWM0OWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FB2kMKYrBrrN+uct8YnCFKkVBSP
ZKSJ2DmNat2dL4eW9Mz38TcvTknIAdJXGagaLfD9J1zOD18YD0YB83LmN9cjvqB7
Gk0as7UJEcX1tts16uF3IqljWF5xkjRiH6kQ6Cogn1so0VDEBKta8lNfaVNIO6Pd
rZpaATdlFKOvtBhfhZ4VRelbA1qnY5k/rf9G+dWy/tfhPjVa2/Mjwc3yhLbpmvH8
x3TPCwtFIp5MTWMYrL+mx4ymbU85O5uxsQpaBZJvT23bJGtfR5XLHDnEMYrbr0e/
jibyHZ03vQwH+zMoe8biR01yJ9vWdWFbyZc7mYqnS8g1LAEUGRsXeGNgvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAz+luZmXdkjgflI/LW7eFeE7EnHMB8GA1UdIwQY
MBaAFFYNHom050LmkGKpXTUd7qlrUXj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmcwZWliVG5RdWFRWXFsZE5SM3VxV3RSZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS84YTczNGEtZDJiOC00MTFlLWE1NTct
NTBkNmJhNmFhY2I4LzEvRFA2VzVtWmQyU09CLVVqOHRidDRWNFRzU2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS84YTczNGEtZDJiOC00MTFlLWE1NTctNTBkNmJhNmFhY2I4
LzEvVmcwZWliVG5RdWFRWXFsZE5SM3VxV3RSZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+feMA0G
CSqGSIb3DQEBCwUAA4IBAQBPPEJHtaP2YyYgknsPpoItOQGwXazXQehSn+r5fNwY
OTu0UicfpUDABwNI4s20YvjlmHzsa95Nn8aoyra9Zr25MaSfeJJBwq9G1JAyVvpx
88vasfOZNAtN1BlhesgwR4dqDSbyIIX0RUXuk2YX+egr+Zd6QJqx+fhW7s8AFS3R
KILlpiUkmGbXCSCO7/nWgGIYAo/SHBV+a1fhbtaOcrZQ+IIkFkPSUeWGNTaPC+6C
JwvDNsnMo3p4QpgwuHnmx5VmgZ95FSoRsb2WVeWTjV5GzyKVjoKxfRj63TyLX/qM
L6Yx4pYR3hHJicXPCunEyKgTtIZQon6E2okQJt+sVUIq
-----END CERTIFICATE-----