Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/aq9niQ1ZlLfgZPSmUPOgIOI3M2c.roa
File:                     aq9niQ1ZlLfgZPSmUPOgIOI3M2c.roa (raw, json)
Hash identifier:          dNTF2xB3WZEo4xS7rRBBdp1UPiHc48uFIsc0/3W0AY8=
Subject key identifier:   6A:AF:67:89:0D:59:94:B7:E0:64:F4:A6:50:F3:A0:20:E2:37:33:67
Certificate issuer:       /CN=51f4b0b0469eb0d071994cd8238f34bef00c6fbe
Certificate serial:       019F0419CA343D09042C75C2A0CE1C652665
Authority key identifier: 51:F4:B0:B0:46:9E:B0:D0:71:99:4C:D8:23:8F:34:BE:F0:0C:6F:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UfSwsEaesNBxmUzYI480vvAMb74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/aq9niQ1ZlLfgZPSmUPOgIOI3M2c.roa
Signing time:             Fri 26 Jun 2026 13:23:46 +0000
ROA not before:           Fri 26 Jun 2026 13:23:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200217
IP address blocks:        91.212.135.0/24 maxlen: 24
                          91.212.149.0/24 maxlen: 24
                          193.142.60.0/24 maxlen: 24
                          194.153.72.0/23 maxlen: 24
                          217.71.192.0/23 maxlen: 24
                          217.71.194.0/23 maxlen: 24
                          217.71.196.0/23 maxlen: 24
                          217.71.198.0/23 maxlen: 24
                          2a13:7bc0::/48 maxlen: 48
                          2a13:7bc0:1::/48 maxlen: 48
                          2a13:7bc0:2::/48 maxlen: 48
                          2a13:7bc0:3::/48 maxlen: 48
                          2a13:7bc0:4::/48 maxlen: 48
                          2a13:7bc0:5::/48 maxlen: 48
                          2a13:7bc0:6::/48 maxlen: 48
                          2a13:7bc0:7::/48 maxlen: 48
                          2a13:7bc0:8::/48 maxlen: 48
                          2a13:7bc0:9::/48 maxlen: 48
                          2a13:7bc0:a::/48 maxlen: 48
                          2a13:7bc0:b::/48 maxlen: 48
                          2a13:7bc0:c::/48 maxlen: 48
                          2a13:7bc0:d::/48 maxlen: 48
                          2a13:7bc0:e::/48 maxlen: 48
                          2a13:7bc0:f::/48 maxlen: 48
                          2a13:7bc0:10::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/UfSwsEaesNBxmUzYI480vvAMb74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/UfSwsEaesNBxmUzYI480vvAMb74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UfSwsEaesNBxmUzYI480vvAMb74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 16:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:04:19:ca:34:3d:09:04:2c:75:c2:a0:ce:1c:65:26:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51f4b0b0469eb0d071994cd8238f34bef00c6fbe
        Validity
            Not Before: Jun 26 13:23:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6aaf67890d5994b7e064f4a650f3a020e2373367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:91:dc:2f:89:a0:6a:b1:ad:d5:6a:cb:04:d4:
                    b5:ad:9a:c7:de:51:0a:97:f1:72:e5:00:3c:21:94:
                    7d:ec:b3:c2:7f:42:1c:b2:d9:b7:a8:73:41:1a:01:
                    b2:02:e1:78:89:e5:4e:97:b8:22:0a:75:ae:3a:6d:
                    f8:fc:7e:0e:2e:63:57:40:45:a2:96:ff:6b:9a:76:
                    93:24:13:23:6f:06:c9:4e:84:9e:0e:b8:5c:10:c7:
                    c5:76:40:48:01:24:5c:e3:9b:70:c5:65:af:b4:cb:
                    49:b6:b2:2b:1b:8a:fd:db:d1:c4:32:5a:67:23:45:
                    a0:04:69:62:fb:c5:ec:de:a0:33:f7:89:c3:bf:2a:
                    b8:39:3c:b2:98:51:22:64:a5:52:8b:92:63:88:fd:
                    67:d9:e7:41:78:33:ac:03:bc:17:a9:dd:82:ba:65:
                    c6:24:ca:37:6b:92:0e:86:1e:75:ee:d7:02:28:22:
                    8c:72:3a:5c:57:d4:27:70:aa:f0:d7:9d:49:aa:41:
                    2e:51:5b:de:1a:34:da:69:b0:29:c3:7e:33:24:14:
                    ed:2a:d8:3b:9b:9e:fd:00:c4:18:ef:2a:96:77:8a:
                    b2:b1:d1:3c:aa:e0:87:ac:a0:c9:d7:a3:03:8e:4d:
                    3c:dc:59:55:fa:2f:4b:62:aa:65:b2:5c:2a:f7:81:
                    28:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:AF:67:89:0D:59:94:B7:E0:64:F4:A6:50:F3:A0:20:E2:37:33:67
            X509v3 Authority Key Identifier:
                keyid:51:F4:B0:B0:46:9E:B0:D0:71:99:4C:D8:23:8F:34:BE:F0:0C:6F:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UfSwsEaesNBxmUzYI480vvAMb74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/aq9niQ1ZlLfgZPSmUPOgIOI3M2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/d3ab28-7f47-41f3-b231-78844e101133/1/UfSwsEaesNBxmUzYI480vvAMb74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.135.0/24
                  91.212.149.0/24
                  193.142.60.0/24
                  194.153.72.0/23
                  217.71.192.0/21
                IPv6:
                  2a13:7bc0::-2a13:7bc0:10:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         34:6e:d4:da:dd:4a:74:69:ba:77:95:c6:b7:65:56:8e:47:3d:
         9c:6f:30:e1:26:7c:11:4c:0f:bf:fe:35:0d:1b:f1:ab:df:b3:
         cb:a0:cf:ff:ea:91:9e:f2:b2:64:51:c1:0e:f8:63:d9:bf:a9:
         4b:63:e5:ed:88:fc:89:6a:bc:6c:0f:1d:aa:92:ee:ac:29:ad:
         2f:02:59:8e:e7:4a:b3:6d:45:3c:73:38:51:4e:90:5e:d0:e4:
         a6:97:d6:ac:fc:c3:c7:a3:c4:bb:1a:2d:c1:27:60:4f:db:20:
         ae:3a:f6:66:3c:97:73:19:40:a1:73:b8:08:1e:d2:23:7f:bc:
         4f:52:26:fa:b0:e3:af:9e:1b:79:52:74:3f:e5:24:71:99:ef:
         ad:85:26:5f:9a:32:f8:c9:30:29:c3:e3:ba:0b:75:4b:fb:1c:
         7e:3f:67:34:14:3d:71:d2:ec:33:09:9e:75:af:7b:54:4b:ca:
         88:7b:f1:dc:75:1d:7b:88:b8:3f:cb:70:33:a6:d7:7e:51:7b:
         eb:35:c6:c1:d1:73:e7:bb:9a:06:91:d5:2a:29:1b:c1:54:5f:
         59:e7:cb:10:10:0c:4f:ba:e5:37:34:f6:b8:17:45:20:8e:c5:
         12:6f:7e:54:b8:ab:86:46:88:80:bf:21:e1:08:6d:0a:d8:0c:
         f9:5e:33:7f
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAZ8EGco0PQkELHXCoM4cZSZlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZjRiMGIwNDY5ZWIwZDA3MTk5NGNkODIzOGYzNGJlZjAw
YzZmYmUwHhcNMjYwNjI2MTMyMzQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWFmNjc4OTBkNTk5NGI3ZTA2NGY0YTY1MGYzYTAyMGUyMzczMzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpHcL4mgarGt1WrLBNS1rZrH3lEK
l/Fy5QA8IZR97LPCf0Icstm3qHNBGgGyAuF4ieVOl7giCnWuOm34/H4OLmNXQEWi
lv9rmnaTJBMjbwbJToSeDrhcEMfFdkBIASRc45twxWWvtMtJtrIrG4r929HEMlpn
I0WgBGli+8Xs3qAz94nDvyq4OTyymFEiZKVSi5JjiP1n2edBeDOsA7wXqd2CumXG
JMo3a5IOhh517tcCKCKMcjpcV9QncKrw151JqkEuUVveGjTaabApw34zJBTtKtg7
m579AMQY7yqWd4qysdE8quCHrKDJ16MDjk083FlV+i9LYqplslwq94EoeQIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFGqvZ4kNWZS34GT0plDzoCDiNzNnMB8GA1UdIwQY
MBaAFFH0sLBGnrDQcZlM2COPNL7wDG++MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWZTd3NFYWVzTkJ4bVV6WUk0ODB2dkFNYjc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi9kM2FiMjgtN2Y0Ny00MWYzLWIyMzEt
Nzg4NDRlMTAxMTMzLzEvYXE5bmlRMVpsTGZnWlBTbVVQT2dJT0kzTTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi9kM2FiMjgtN2Y0Ny00MWYzLWIyMzEtNzg4NDRlMTAxMTMz
LzEvVWZTd3NFYWVzTkJ4bVV6WUk0ODB2dkFNYjc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDAkBAIAATAeAwQAW9SHAwQA
W9SVAwQAwY48AwQBwplIAwQD2UfAMBgEAgACMBIwEAMFBioTe8ADBwAqE3vAABAw
DQYJKoZIhvcNAQELBQADggEBADRu1NrdSnRpuneVxrdlVo5HPZxvMOEmfBFMD7/+
NQ0b8avfs8ugz//qkZ7ysmRRwQ74Y9m/qUtj5e2I/IlqvGwPHaqS7qwprS8CWY7n
SrNtRTxzOFFOkF7Q5KaX1qz8w8ejxLsaLcEnYE/bIK469mY8l3MZQKFzuAge0iN/
vE9SJvqw46+eG3lSdD/lJHGZ762FJl+aMvjJMCnD47oLdUv7HH4/ZzQUPXHS7DMJ
nnWve1RLyoh78dx1HXuIuD/LcDOm135Re+s1xsHRc+e7mgaR1SopG8FUX1nnyxAQ
DE+65Tc09rgXRSCOxRJvflS4q4ZGiIC/IeEIbQrYDPleM38=
-----END CERTIFICATE-----
Generated at Fri Jul 3 22:29:53 2026 by rpki-client