Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/13v4LR-kEjAIRzbDQkbfPRC2xqA.roa
File:                     13v4LR-kEjAIRzbDQkbfPRC2xqA.roa (raw, json)
Hash identifier:          I9za9QTYUmGMdQFI8DmW9yvA4iSaksBWoeOdAw7Bnjc=
Subject key identifier:   D7:7B:F8:2D:1F:A4:12:30:08:47:36:C3:42:46:DF:3D:10:B6:C6:A0
Certificate issuer:       /CN=98901c7cffd19a4fea78f79b1004999266dcc224
Certificate serial:       019EFB47EA5B189F25B606B6906D16159D60
Authority key identifier: 98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/13v4LR-kEjAIRzbDQkbfPRC2xqA.roa
Signing time:             Wed 24 Jun 2026 20:17:34 +0000
ROA not before:           Wed 24 Jun 2026 20:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29550
IP address blocks:        91.210.232.0/22 maxlen: 24
                          185.43.232.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Jun 2026 19:30:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fb:47:ea:5b:18:9f:25:b6:06:b6:90:6d:16:15:9d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98901c7cffd19a4fea78f79b1004999266dcc224
        Validity
            Not Before: Jun 24 20:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d77bf82d1fa41230084736c34246df3d10b6c6a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:f0:54:91:6d:d6:54:d4:4b:b6:77:77:34:30:
                    2b:f8:dd:08:f4:3b:e8:e2:57:98:02:f5:f9:88:de:
                    50:4f:8f:c0:61:04:c2:fe:d1:90:e0:02:db:3f:59:
                    04:7c:0d:c2:f9:6a:ec:8b:d2:84:c3:a8:cd:5d:a5:
                    a9:9b:9a:93:7f:28:8e:a6:bc:b3:d9:17:8d:e0:28:
                    a1:c2:1d:db:a7:b8:e3:45:02:d0:13:ea:b8:2c:26:
                    5e:62:17:8a:cc:4c:8d:79:38:86:d0:06:74:26:83:
                    77:a3:37:25:86:68:a7:79:9f:76:fe:0f:b0:12:e6:
                    a1:43:09:a4:f4:1d:5e:4d:11:09:61:c6:67:5f:f8:
                    de:17:7c:f8:c9:05:2c:9b:9e:65:6c:99:69:c3:56:
                    37:eb:74:d4:d7:f2:c3:89:03:66:15:fc:f9:50:66:
                    e9:c2:d0:a9:7c:33:e9:c3:5c:d8:24:3c:6e:eb:ae:
                    74:e2:04:eb:22:05:64:e1:64:43:a1:8b:13:ab:5c:
                    0d:bd:75:12:20:b3:4e:5f:17:ac:67:39:1b:1d:9e:
                    65:5a:0d:19:1a:58:f1:fd:e9:a9:bb:25:53:17:c1:
                    cf:7a:58:53:e9:83:82:03:99:0b:d3:f1:42:c0:d7:
                    ef:ef:81:9e:da:9b:96:7a:3c:30:29:a1:83:49:8f:
                    b7:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7B:F8:2D:1F:A4:12:30:08:47:36:C3:42:46:DF:3D:10:B6:C6:A0
            X509v3 Authority Key Identifier:
                keyid:98:90:1C:7C:FF:D1:9A:4F:EA:78:F7:9B:10:04:99:92:66:DC:C2:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mJAcfP_Rmk_qePebEASZkmbcwiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/13v4LR-kEjAIRzbDQkbfPRC2xqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/e20c95-0f92-4598-96df-cbc2797c1d0a/1/mJAcfP_Rmk_qePebEASZkmbcwiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.232.0/22
                  185.43.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:77:35:fa:36:15:f6:23:1c:62:27:0d:c1:0a:79:e8:7e:96:
         06:65:89:5e:f2:74:dd:87:ee:e0:52:9e:e7:c3:b1:c0:f1:a3:
         f5:bb:28:5a:26:d7:c6:78:ac:ad:a9:64:f6:c2:32:9e:4b:43:
         f0:ed:83:10:d6:87:bd:cc:64:35:c5:6c:cf:05:5a:a1:4b:44:
         2b:c5:63:e2:1c:32:97:d2:a6:f5:87:f4:71:19:8f:c1:5c:c1:
         bc:58:56:7b:03:b3:4f:20:ab:67:f2:a2:a2:43:5e:3f:54:24:
         92:d2:38:08:b5:dc:a3:36:b7:a0:65:1a:4e:a3:c1:3c:31:b6:
         8e:b3:5b:e4:e0:f9:3a:2a:9c:57:f1:ab:13:ed:e6:c4:18:e9:
         f3:f6:f7:88:95:87:e9:9a:51:63:ce:86:11:f2:5a:ba:d9:3b:
         ea:a6:9a:3e:86:a3:e5:3e:ff:70:59:7c:0f:61:ed:69:1d:78:
         ee:c5:f6:e0:56:51:4f:b0:81:17:54:a9:80:41:de:54:72:d2:
         2c:b2:be:32:f1:70:ad:2f:4c:71:6c:8d:83:74:ee:57:b2:0f:
         cb:e5:37:75:8f:95:99:e6:59:50:d6:62:c4:38:b1:a4:ce:d7:
         4b:82:37:de:75:d1:70:5d:58:c7:06:4f:00:b7:91:26:36:d3:
         f5:eb:ee:14
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ77R+pbGJ8ltga2kG0WFZ1gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4OTAxYzdjZmZkMTlhNGZlYTc4Zjc5YjEwMDQ5OTkyNjZk
Y2MyMjQwHhcNMjYwNjI0MjAxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdiZjgyZDFmYTQxMjMwMDg0NzM2YzM0MjQ2ZGYzZDEwYjZjNmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyvBUkW3WVNRLtnd3NDAr+N0I9Dvo
4leYAvX5iN5QT4/AYQTC/tGQ4ALbP1kEfA3C+Wrsi9KEw6jNXaWpm5qTfyiOpryz
2ReN4Cihwh3bp7jjRQLQE+q4LCZeYheKzEyNeTiG0AZ0JoN3ozclhmineZ92/g+w
EuahQwmk9B1eTREJYcZnX/jeF3z4yQUsm55lbJlpw1Y363TU1/LDiQNmFfz5UGbp
wtCpfDPpw1zYJDxu66504gTrIgVk4WRDoYsTq1wNvXUSILNOXxesZzkbHZ5lWg0Z
Gljx/empuyVTF8HPelhT6YOCA5kL0/FCwNfv74Ge2puWejwwKaGDSY+30QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNd7+C0fpBIwCEc2w0JG3z0QtsagMB8GA1UdIwQY
MBaAFJiQHHz/0ZpP6nj3mxAEmZJm3MIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYt
Y2JjMjc5N2MxZDBhLzEvMTN2NExSLWtFakFJUnpiRFFrYmZQUkMyeHFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9lMjBjOTUtMGY5Mi00NTk4LTk2ZGYtY2JjMjc5N2MxZDBh
LzEvbUpBY2ZQX1Jta19xZVBlYkVBU1prbWJjd2lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9LoAwQC
uSvoMA0GCSqGSIb3DQEBCwUAA4IBAQBRdzX6NhX2IxxiJw3BCnnofpYGZYle8nTd
h+7gUp7nw7HA8aP1uyhaJtfGeKytqWT2wjKeS0Pw7YMQ1oe9zGQ1xWzPBVqhS0Qr
xWPiHDKX0qb1h/RxGY/BXMG8WFZ7A7NPIKtn8qKiQ14/VCSS0jgItdyjNregZRpO
o8E8MbaOs1vk4Pk6KpxX8asT7ebEGOnz9veIlYfpmlFjzoYR8lq62Tvqppo+hqPl
Pv9wWXwPYe1pHXjuxfbgVlFPsIEXVKmAQd5UctIssr4y8XCtL0xxbI2DdO5Xsg/L
5Td1j5WZ5llQ1mLEOLGkztdLgjfeddFwXVjHBk8At5EmNtP16+4U
-----END CERTIFICATE-----