Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/1-TiFvh7L9BQVK4wRLUj5HxxK24U.roa
File:                     1-TiFvh7L9BQVK4wRLUj5HxxK24U.roa (raw, json)
Hash identifier:          PTObSICX6ACJJQG4goDLXWCQj+8arc/GovctzTFGHic=
Subject key identifier:   F9:38:85:BE:1E:CB:F4:14:15:2B:8C:11:2D:48:F9:1F:1C:4A:DB:85
Certificate issuer:       /CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
Certificate serial:       019DF76ED6B7E5735222618C8A731E39EAA9
Authority key identifier: A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/1-TiFvh7L9BQVK4wRLUj5HxxK24U.roa
Signing time:             Tue 05 May 2026 09:18:49 +0000
ROA not before:           Tue 05 May 2026 09:18:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198486
IP address blocks:        188.214.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f7:6e:d6:b7:e5:73:52:22:61:8c:8a:73:1e:39:ea:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2088e06d553cff293d277f4d76c3a710bd8b2f7
        Validity
            Not Before: May  5 09:18:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f93885be1ecbf414152b8c112d48f91f1c4adb85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d8:6f:66:df:45:49:f2:d4:11:ef:e6:eb:ea:
                    06:37:6f:0d:8d:99:cc:38:2c:d3:b2:72:55:4d:85:
                    02:ac:4f:2f:f3:fc:f2:8e:9f:38:81:49:e5:ef:2e:
                    70:39:f3:f6:9e:65:ae:54:7f:8f:e1:c3:ec:45:05:
                    bf:82:58:fb:82:ec:b6:98:58:0e:32:34:a1:68:69:
                    22:f7:58:af:fa:04:49:f9:fa:3c:b6:7f:fc:14:25:
                    d8:b8:7c:97:c1:89:d3:27:83:25:13:2c:c9:23:23:
                    04:e7:58:ec:59:d1:1e:68:6e:e3:f6:6b:66:e2:c7:
                    88:5e:ac:da:85:92:83:7a:92:25:1c:9a:22:1c:f6:
                    f8:b6:7f:f5:cb:ad:9d:28:58:b0:b7:bb:fe:86:19:
                    84:01:15:a8:9a:c2:9c:a8:ea:23:0b:27:1c:56:1b:
                    43:c7:01:83:71:99:9c:03:bb:75:3c:a8:2f:ab:8d:
                    0d:4e:c7:66:3f:52:0d:4b:e3:fd:e7:45:22:15:25:
                    6b:af:6f:c4:2f:7e:b6:13:80:19:27:76:d4:56:21:
                    d4:20:9b:bd:ce:27:6d:f5:8d:4a:d3:14:6b:9f:18:
                    d3:33:8e:14:74:0e:bd:c5:dd:c4:9a:f5:49:0d:f5:
                    a1:bb:01:64:15:87:0c:31:cf:1b:51:5b:b4:8f:6e:
                    6a:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:38:85:BE:1E:CB:F4:14:15:2B:8C:11:2D:48:F9:1F:1C:4A:DB:85
            X509v3 Authority Key Identifier:
                keyid:A2:08:8E:06:D5:53:CF:F2:93:D2:77:F4:D7:6C:3A:71:0B:D8:B2:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ogiOBtVTz_KT0nf012w6cQvYsvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/1-TiFvh7L9BQVK4wRLUj5HxxK24U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b45d79-a4d7-4460-bfe7-bbea2918e102/1/ogiOBtVTz_KT0nf012w6cQvYsvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.214.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:33:65:f5:36:28:7d:d4:c4:e4:0c:b9:d9:3c:df:a4:8c:56:
         89:72:b4:8d:37:3b:2d:65:2d:ad:8c:c7:6e:6e:cc:d3:a3:61:
         ac:e6:1d:6a:b9:69:22:4f:1a:b2:3c:18:d1:f8:4a:cf:f2:e5:
         f1:70:05:7e:f2:0d:89:25:2c:6c:eb:11:5e:d2:d0:a8:0d:86:
         59:18:49:d8:ac:e6:89:05:a9:dd:be:6b:a6:cf:d9:be:f0:f6:
         6b:f9:9d:4e:2a:60:54:13:2e:e2:63:42:46:40:1f:f4:63:03:
         6d:df:cc:ce:87:f7:8b:40:c5:ff:95:39:f7:98:1c:58:bf:6f:
         82:35:f1:7d:aa:6e:7c:97:91:74:26:a8:6a:4d:c7:70:ce:2e:
         b2:05:bf:6a:de:b7:c5:b1:a0:78:34:d7:1f:ff:5c:21:86:13:
         3d:80:0a:2a:2b:b6:c4:11:d3:47:cc:66:ce:2f:2a:be:b7:f1:
         9e:29:d4:67:7b:23:5d:d5:7b:64:e5:e5:5b:8d:00:89:50:c0:
         0c:03:26:ce:4b:5a:a8:14:df:ce:fc:1b:9c:5f:82:cf:1c:b2:
         3b:31:88:48:66:76:b7:8c:cf:e7:0d:59:bf:19:1f:33:23:9d:
         06:97:1c:09:33:2f:b7:30:31:f0:cd:b7:38:ca:4b:04:90:fd:
         11:29:95:a7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ33bta35XNSImGMinMeOeqpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyMDg4ZTA2ZDU1M2NmZjI5M2QyNzdmNGQ3NmMzYTcxMGJk
OGIyZjcwHhcNMjYwNTA1MDkxODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTM4ODViZTFlY2JmNDE0MTUyYjhjMTEyZDQ4ZjkxZjFjNGFkYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNhvZt9FSfLUEe/m6+oGN28NjZnM
OCzTsnJVTYUCrE8v8/zyjp84gUnl7y5wOfP2nmWuVH+P4cPsRQW/glj7guy2mFgO
MjShaGki91iv+gRJ+fo8tn/8FCXYuHyXwYnTJ4MlEyzJIyME51jsWdEeaG7j9mtm
4seIXqzahZKDepIlHJoiHPb4tn/1y62dKFiwt7v+hhmEARWomsKcqOojCyccVhtD
xwGDcZmcA7t1PKgvq40NTsdmP1INS+P950UiFSVrr2/EL362E4AZJ3bUViHUIJu9
zidt9Y1K0xRrnxjTM44UdA69xd3EmvVJDfWhuwFkFYcMMc8bUVu0j25qqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPk4hb4ey/QUFSuMES1I+R8cStuFMB8GA1UdIwQY
MBaAFKIIjgbVU8/yk9J39NdsOnEL2LL3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2dpT0J0VlR6X0tUMG5mMDEydzZjUXZZc3ZjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iNDVkNzktYTRkNy00NDYwLWJmZTct
YmJlYTI5MThlMTAyLzEvMS1UaUZ2aDdMOUJRVks0d1JMVWo1SHh4SzI0VS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTEvYjQ1ZDc5LWE0ZDctNDQ2MC1iZmU3LWJiZWEyOTE4ZTEw
Mi8xL29naU9CdFZUel9LVDBuZjAxMnc2Y1F2WXN2Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArzW5DAN
BgkqhkiG9w0BAQsFAAOCAQEAjTNl9TYofdTE5Ay52TzfpIxWiXK0jTc7LWUtrYzH
bm7M06NhrOYdarlpIk8asjwY0fhKz/Ll8XAFfvINiSUsbOsRXtLQqA2GWRhJ2Kzm
iQWp3b5rps/ZvvD2a/mdTipgVBMu4mNCRkAf9GMDbd/Mzof3i0DF/5U595gcWL9v
gjXxfapufJeRdCaoak3HcM4usgW/at63xbGgeDTXH/9cIYYTPYAKKiu2xBHTR8xm
zi8qvrfxninUZ3sjXdV7ZOXlW40AiVDADAMmzktaqBTfzvwbnF+CzxyyOzGISGZ2
t4zP5w1ZvxkfMyOdBpccCTMvtzAx8M23OMpLBJD9ESmVpw==
-----END CERTIFICATE-----