Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/qWBQvxFFNTJ53h-JlbpSTrwH4TQ.roa
File:                     qWBQvxFFNTJ53h-JlbpSTrwH4TQ.roa (raw, json)
Hash identifier:          D3v5rIT2QSfN5wowyofrOD0QNhYzT3/GdvEXdUnsujM=
Subject key identifier:   A9:60:50:BF:11:45:35:32:79:DE:1F:89:95:BA:52:4E:BC:07:E1:34
Certificate issuer:       /CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
Certificate serial:       019EA5E55336B109836E5AB1B2CCE1CBB19F
Authority key identifier: D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/qWBQvxFFNTJ53h-JlbpSTrwH4TQ.roa
Signing time:             Mon 08 Jun 2026 06:22:10 +0000
ROA not before:           Mon 08 Jun 2026 06:22:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198566
IP address blocks:        91.213.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 10:27:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a5:e5:53:36:b1:09:83:6e:5a:b1:b2:cc:e1:cb:b1:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4b95330734c9aaf66d11bcd2bedd380f410f93f
        Validity
            Not Before: Jun  8 06:22:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a96050bf1145353279de1f8995ba524ebc07e134
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4e:a2:0c:fc:52:b8:ef:63:ce:40:c2:ae:2c:
                    e1:f3:eb:50:ec:db:6d:49:0c:dd:19:44:15:5e:11:
                    2d:80:e8:8a:ca:f1:70:50:d4:7d:6a:9f:de:71:97:
                    e6:fe:e1:90:77:14:d1:5a:a1:6c:bd:03:86:1a:f4:
                    c6:69:97:9d:2a:3f:db:7a:8d:d1:28:d8:a4:ce:61:
                    52:62:bf:ab:1a:eb:04:7b:a9:62:7f:5d:09:7f:cd:
                    09:05:85:cb:8b:7a:b9:99:57:53:c6:af:3c:0c:95:
                    ec:31:77:14:4b:b1:2c:e7:a7:0c:d9:1d:f1:f9:07:
                    d6:56:24:52:75:bc:16:9d:88:c7:a3:db:c2:52:e5:
                    45:58:18:47:bf:80:e8:f7:18:7b:c9:c7:12:fc:3d:
                    26:7e:12:ff:62:d6:f5:8b:94:ff:a1:28:75:71:a3:
                    d2:f8:a1:7e:c6:94:ee:45:50:6a:f0:65:48:c5:08:
                    d4:d3:dd:29:37:83:11:4d:32:c3:fb:44:68:c9:55:
                    f2:8e:87:45:81:b0:7f:35:7a:a7:45:3c:7a:68:ec:
                    85:35:64:ec:54:ef:e6:34:0b:cb:c1:34:61:76:fb:
                    c6:76:ba:66:16:90:96:13:b1:3d:dd:bd:6f:b4:7d:
                    f1:7e:26:48:dd:48:85:9d:1e:5b:87:f4:b1:79:5a:
                    77:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:60:50:BF:11:45:35:32:79:DE:1F:89:95:BA:52:4E:BC:07:E1:34
            X509v3 Authority Key Identifier:
                keyid:D4:B9:53:30:73:4C:9A:AF:66:D1:1B:CD:2B:ED:D3:80:F4:10:F9:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/qWBQvxFFNTJ53h-JlbpSTrwH4TQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/15d271-05cd-461e-a7b6-43013b28d9d6/1/1LlTMHNMmq9m0RvNK-3TgPQQ-T8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:a4:46:dd:3f:bb:84:d3:44:a9:09:df:1f:3f:97:58:5c:2a:
         35:c6:9d:13:49:46:25:cd:f1:16:d8:2f:e4:11:64:45:e0:14:
         90:41:00:4e:ac:96:21:0f:f9:15:d2:36:01:e2:7f:f1:1d:ea:
         e0:7a:30:fd:ae:77:ee:cc:1d:86:b9:71:51:71:fd:da:b8:06:
         e9:95:2e:a9:fa:bf:9e:50:34:6c:cb:61:58:40:a8:98:13:9e:
         bb:df:e9:3f:86:34:df:80:00:b3:ee:34:21:56:32:50:f7:8b:
         fa:b2:a3:8d:2c:fc:33:8d:88:f6:c4:27:7a:1a:16:a9:a7:dc:
         c1:49:aa:7d:4d:a6:3d:2d:21:50:a4:df:c1:bb:41:dd:35:87:
         09:f9:c3:cd:86:00:f7:50:6f:3f:eb:a5:de:b0:8c:d1:26:31:
         13:14:a4:7d:91:72:3a:8e:c2:f1:e8:95:5e:b3:ca:ff:41:5a:
         35:77:97:05:be:31:bb:67:d5:2f:71:f8:ef:d2:d7:62:d5:67:
         6d:09:9b:d8:4a:3f:ae:d4:ab:0d:40:ca:2c:3b:bc:be:1f:53:
         9f:07:a3:05:72:f7:a2:40:a3:d8:2f:df:3c:2d:37:57:06:a2:
         03:4b:2f:91:7d:de:e8:5b:c9:66:33:c2:2e:1d:86:3c:d1:5f:
         77:0f:bf:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6l5VM2sQmDblqxsszhy7GfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Yjk1MzMwNzM0YzlhYWY2NmQxMWJjZDJiZWRkMzgwZjQx
MGY5M2YwHhcNMjYwNjA4MDYyMjEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTYwNTBiZjExNDUzNTMyNzlkZTFmODk5NWJhNTI0ZWJjMDdlMTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlE6iDPxSuO9jzkDCrizh8+tQ7Ntt
SQzdGUQVXhEtgOiKyvFwUNR9ap/ecZfm/uGQdxTRWqFsvQOGGvTGaZedKj/beo3R
KNikzmFSYr+rGusEe6lif10Jf80JBYXLi3q5mVdTxq88DJXsMXcUS7Es56cM2R3x
+QfWViRSdbwWnYjHo9vCUuVFWBhHv4Do9xh7yccS/D0mfhL/Ytb1i5T/oSh1caPS
+KF+xpTuRVBq8GVIxQjU090pN4MRTTLD+0RoyVXyjodFgbB/NXqnRTx6aOyFNWTs
VO/mNAvLwTRhdvvGdrpmFpCWE7E93b1vtH3xfiZI3UiFnR5bh/SxeVp3twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlgUL8RRTUyed4fiZW6Uk68B+E0MB8GA1UdIwQY
MBaAFNS5UzBzTJqvZtEbzSvt04D0EPk/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYt
NDMwMTNiMjhkOWQ2LzEvcVdCUXZ4RkZOVEo1M2gtSmxicFNUcndINFRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xNWQyNzEtMDVjZC00NjFlLWE3YjYtNDMwMTNiMjhkOWQ2
LzEvMUxsVE1ITk1tcTltMFJ2TkstM1RnUFFRLVQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9WMMA0G
CSqGSIb3DQEBCwUAA4IBAQAHpEbdP7uE00SpCd8fP5dYXCo1xp0TSUYlzfEW2C/k
EWRF4BSQQQBOrJYhD/kV0jYB4n/xHergejD9rnfuzB2GuXFRcf3auAbplS6p+r+e
UDRsy2FYQKiYE5673+k/hjTfgACz7jQhVjJQ94v6sqONLPwzjYj2xCd6Ghapp9zB
Sap9TaY9LSFQpN/Bu0HdNYcJ+cPNhgD3UG8/66XesIzRJjETFKR9kXI6jsLx6JVe
s8r/QVo1d5cFvjG7Z9Uvcfjv0tdi1WdtCZvYSj+u1KsNQMosO7y+H1OfB6MFcvei
QKPYL988LTdXBqIDSy+Rfd7oW8lmM8IuHYY80V93D78G
-----END CERTIFICATE-----