Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/adft9gClh_5cLRsjg_tIKsse5c8.roa
File:                     adft9gClh_5cLRsjg_tIKsse5c8.roa (raw, json)
Hash identifier:          mOJk0iIwfTDt5ixEea0GhZ9TZ+LmcfXcF0RkG7cTHPU=
Subject key identifier:   69:D7:ED:F6:00:A5:87:FE:5C:2D:1B:23:83:FB:48:2A:CB:1E:E5:CF
Certificate issuer:       /CN=10721ead6a4575643cb703062c0968755e8281eb
Certificate serial:       019D301F1994DBB7544AA3908D7E3176F746
Authority key identifier: 10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/adft9gClh_5cLRsjg_tIKsse5c8.roa
Signing time:             Fri 27 Mar 2026 16:27:17 +0000
ROA not before:           Fri 27 Mar 2026 16:27:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     2856
IP address blocks:        91.236.216.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 04:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:1f:19:94:db:b7:54:4a:a3:90:8d:7e:31:76:f7:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10721ead6a4575643cb703062c0968755e8281eb
        Validity
            Not Before: Mar 27 16:27:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69d7edf600a587fe5c2d1b2383fb482acb1ee5cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a5:13:89:4d:31:1e:20:76:82:74:2f:f4:33:
                    7d:4c:62:2f:d1:59:be:b1:e2:1d:71:19:05:ea:8e:
                    63:e1:bb:74:f6:09:2f:a5:bb:4b:5b:4a:00:bf:e9:
                    3f:af:b0:2a:b6:85:68:61:08:0b:5c:99:f3:ac:b0:
                    27:6c:c6:92:d8:18:8a:85:4a:b3:99:91:ac:be:9a:
                    9b:93:3c:72:90:7f:89:05:32:f5:70:95:34:19:fd:
                    ec:4e:eb:07:65:5c:00:ac:0a:a8:c0:0a:d8:35:d6:
                    9d:a4:0a:35:09:48:c2:3d:45:b3:32:85:32:7a:cc:
                    1c:da:78:e1:e8:a9:60:c7:bc:e1:fe:98:df:c2:6b:
                    fd:57:51:6d:9c:92:f0:f9:76:49:4e:dd:a2:69:16:
                    3a:5e:4e:e3:76:b5:53:83:f5:57:e1:d7:fc:af:d0:
                    0f:7b:92:9f:5d:64:34:5e:25:cf:76:c0:82:2f:6a:
                    80:51:d9:d0:f5:34:5e:2c:44:63:a7:a3:73:62:6e:
                    5d:67:71:46:f4:fd:d1:8a:f0:c2:a9:1e:75:c6:7d:
                    d4:c5:c3:df:71:f1:7d:99:d2:90:cf:83:cf:9e:a3:
                    48:bc:9c:16:ef:da:3b:1b:86:33:21:22:26:56:01:
                    32:bd:1c:fc:83:26:b8:68:ce:54:ba:0f:bf:8c:3c:
                    b6:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:D7:ED:F6:00:A5:87:FE:5C:2D:1B:23:83:FB:48:2A:CB:1E:E5:CF
            X509v3 Authority Key Identifier:
                keyid:10:72:1E:AD:6A:45:75:64:3C:B7:03:06:2C:09:68:75:5E:82:81:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EHIerWpFdWQ8twMGLAlodV6Cges.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/adft9gClh_5cLRsjg_tIKsse5c8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/ca935b-2484-4020-b814-3d4ae80fc45d/1/EHIerWpFdWQ8twMGLAlodV6Cges.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a1:9d:b4:aa:20:fd:52:fc:49:5d:db:b9:11:2a:6c:01:52:28:
         22:73:74:30:c0:c4:36:e6:e0:06:19:1f:1b:a0:63:07:16:ae:
         4f:0e:ca:f3:e9:90:a6:f9:ef:25:08:72:13:69:45:c5:e7:ae:
         2d:cf:31:07:ea:74:32:39:0e:91:f1:97:c1:3c:c9:88:06:dc:
         2d:65:65:7e:d5:d5:e1:a3:7f:2a:4b:3f:cf:ed:71:1f:b6:9a:
         26:d0:fa:b8:ee:19:60:02:a7:26:1e:f7:c9:96:1c:96:61:15:
         12:af:4d:20:56:91:ea:c7:6b:3b:a5:be:3e:de:70:7d:d3:4e:
         5e:e7:15:cf:ee:a6:bb:f7:29:0d:fa:1b:6e:06:bf:71:c6:0c:
         8c:ad:06:9d:e9:79:9c:80:ac:87:fb:36:47:58:56:7d:60:15:
         48:31:41:9a:7c:44:cd:bd:7f:b5:9a:07:da:f2:ee:83:3c:24:
         40:43:d7:83:2d:eb:5e:2b:be:55:af:1e:50:3b:25:a0:d4:52:
         60:7d:3f:d2:9a:ca:6f:6e:9e:10:14:48:0c:d5:c9:2b:27:9a:
         9f:62:e7:c6:2f:72:e5:7c:49:45:e6:81:99:63:4e:81:35:2d:
         43:2a:24:4c:31:97:3b:fa:71:52:d1:87:98:3c:33:ba:16:66:
         98:7b:90:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0wHxmU27dUSqOQjX4xdvdGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNzIxZWFkNmE0NTc1NjQzY2I3MDMwNjJjMDk2ODc1NWU4
MjgxZWIwHhcNMjYwMzI3MTYyNzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWQ3ZWRmNjAwYTU4N2ZlNWMyZDFiMjM4M2ZiNDgyYWNiMWVlNWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6UTiU0xHiB2gnQv9DN9TGIv0Vm+
seIdcRkF6o5j4bt09gkvpbtLW0oAv+k/r7AqtoVoYQgLXJnzrLAnbMaS2BiKhUqz
mZGsvpqbkzxykH+JBTL1cJU0Gf3sTusHZVwArAqowArYNdadpAo1CUjCPUWzMoUy
eswc2njh6Klgx7zh/pjfwmv9V1FtnJLw+XZJTt2iaRY6Xk7jdrVTg/VX4df8r9AP
e5KfXWQ0XiXPdsCCL2qAUdnQ9TReLERjp6NzYm5dZ3FG9P3RivDCqR51xn3UxcPf
cfF9mdKQz4PPnqNIvJwW79o7G4YzISImVgEyvRz8gya4aM5Uug+/jDy2NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnX7fYApYf+XC0bI4P7SCrLHuXPMB8GA1UdIwQY
MBaAFBByHq1qRXVkPLcDBiwJaHVegoHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQt
M2Q0YWU4MGZjNDVkLzEvYWRmdDlnQ2xoXzVjTFJzamdfdElLc3NlNWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9jYTkzNWItMjQ4NC00MDIwLWI4MTQtM2Q0YWU4MGZjNDVk
LzEvRUhJZXJXcEZkV1E4dHdNR0xBbG9kVjZDZ2VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+zYMA0G
CSqGSIb3DQEBCwUAA4IBAQChnbSqIP1S/Eld27kRKmwBUigic3QwwMQ25uAGGR8b
oGMHFq5PDsrz6ZCm+e8lCHITaUXF564tzzEH6nQyOQ6R8ZfBPMmIBtwtZWV+1dXh
o38qSz/P7XEftpom0Pq47hlgAqcmHvfJlhyWYRUSr00gVpHqx2s7pb4+3nB9005e
5xXP7qa79ykN+htuBr9xxgyMrQad6XmcgKyH+zZHWFZ9YBVIMUGafETNvX+1mgfa
8u6DPCRAQ9eDLeteK75Vrx5QOyWg1FJgfT/Smspvbp4QFEgM1ckrJ5qfYufGL3Ll
fElF5oGZY06BNS1DKiRMMZc7+nFS0YeYPDO6FmaYe5BS
-----END CERTIFICATE-----