Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/T1QvCUExSo8qr1TiSPtj6C8JDfo.roa
File:                     T1QvCUExSo8qr1TiSPtj6C8JDfo.roa (raw, json)
Hash identifier:          ddOyimVHprxiShYhUJs1GLZ9yZYCZEn6Fr22m9Sbc8U=
Subject key identifier:   4F:54:2F:09:41:31:4A:8F:2A:AF:54:E2:48:FB:63:E8:2F:09:0D:FA
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019D9C477145D12A9CECE85ADCBF3845E3CD
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/T1QvCUExSo8qr1TiSPtj6C8JDfo.roa
Signing time:             Fri 17 Apr 2026 16:30:20 +0000
ROA not before:           Fri 17 Apr 2026 16:30:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200367
IP address blocks:        91.108.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 22:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:47:71:45:d1:2a:9c:ec:e8:5a:dc:bf:38:45:e3:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Apr 17 16:30:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f542f0941314a8f2aaf54e248fb63e82f090dfa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a7:66:b7:45:7c:2b:e3:ae:e3:ae:45:ce:d1:
                    0b:70:d6:4a:48:6c:ee:2f:d5:ab:f8:aa:64:43:16:
                    b9:c4:29:8f:0c:aa:b9:7b:9a:3b:51:58:ba:04:f7:
                    12:6e:1d:47:90:8d:a2:28:cb:65:1b:b5:8f:f1:9a:
                    6a:d3:46:5f:7c:ad:ca:09:8b:b4:33:8a:27:65:7b:
                    87:f6:07:48:b7:e3:60:29:c1:72:02:1b:e4:0d:45:
                    62:95:ee:19:41:7f:c9:74:28:1b:08:9d:dc:6b:d2:
                    b5:a3:a5:31:69:25:dd:8d:16:b5:71:94:84:38:af:
                    37:c3:69:3c:58:d8:2c:94:7d:f9:3f:0d:a1:f1:de:
                    c2:06:97:eb:6c:e0:6c:c8:58:37:d2:1b:2f:72:2c:
                    49:0e:04:95:89:16:5b:e5:02:18:4e:db:9d:4a:5f:
                    d5:5a:c1:16:9b:54:38:e7:23:8f:1f:7b:fb:ba:40:
                    d8:fa:49:63:23:b4:33:67:67:3c:80:69:63:29:31:
                    86:33:e9:58:a2:1f:13:df:bb:32:3d:f6:d9:61:a3:
                    e5:81:db:34:4f:8b:d5:a8:fb:45:d5:70:76:0b:3f:
                    f9:52:11:d5:c4:3e:c1:5f:62:7a:70:5c:e2:15:73:
                    18:15:cc:fe:9d:58:40:fc:7d:7f:b5:d3:6a:cf:82:
                    f4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:54:2F:09:41:31:4A:8F:2A:AF:54:E2:48:FB:63:E8:2F:09:0D:FA
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/T1QvCUExSo8qr1TiSPtj6C8JDfo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:5b:7f:62:05:c3:f1:9c:8e:26:4f:b6:37:40:80:9d:40:94:
         2a:97:b5:ac:f2:d2:ac:13:dd:c4:bd:0f:1a:a5:70:d4:bf:76:
         53:f9:80:4c:ef:84:6a:09:70:30:80:46:1f:38:1a:73:17:80:
         d9:cd:bd:de:cc:e1:23:93:74:8e:8e:ec:dc:5f:08:75:ff:e2:
         ed:8d:11:f3:b0:0c:9e:d3:9c:e2:90:a9:75:54:b5:94:07:c2:
         01:77:29:72:d1:45:9a:73:d0:c9:85:34:03:70:1a:f8:f9:05:
         9f:31:5b:23:9c:e6:0d:1f:aa:6d:f5:6f:5f:95:9e:41:a6:e6:
         fa:f7:7f:c0:8b:be:cc:00:ff:b8:3b:be:c7:e0:a9:39:58:74:
         ec:d0:bb:90:36:4f:9a:14:61:46:c2:47:69:a7:bd:d4:03:12:
         7e:e8:b5:0b:7b:01:46:e1:6a:fa:df:34:d6:60:1e:08:7b:c0:
         1b:61:12:3a:0a:b1:c3:7a:1c:60:38:c7:a1:b9:16:fd:cb:4a:
         2a:d1:df:eb:7e:87:6c:bb:66:82:ce:91:92:45:9a:d1:22:9e:
         2b:d6:bb:87:27:a3:75:8f:59:2b:28:b6:b6:38:cb:34:de:03:
         dd:be:ed:51:17:75:12:89:ff:89:0a:f8:64:0b:4b:27:b2:71:
         a9:55:c5:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2cR3FF0Sqc7Oha3L84RePNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjYwNDE3MTYzMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjU0MmYwOTQxMzE0YThmMmFhZjU0ZTI0OGZiNjNlODJmMDkwZGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6dmt0V8K+Ou465FztELcNZKSGzu
L9Wr+KpkQxa5xCmPDKq5e5o7UVi6BPcSbh1HkI2iKMtlG7WP8Zpq00ZffK3KCYu0
M4onZXuH9gdIt+NgKcFyAhvkDUVile4ZQX/JdCgbCJ3ca9K1o6UxaSXdjRa1cZSE
OK83w2k8WNgslH35Pw2h8d7CBpfrbOBsyFg30hsvcixJDgSViRZb5QIYTtudSl/V
WsEWm1Q45yOPH3v7ukDY+kljI7QzZ2c8gGljKTGGM+lYoh8T37syPfbZYaPlgds0
T4vVqPtF1XB2Cz/5UhHVxD7BX2J6cFziFXMYFcz+nVhA/H1/tdNqz4L0KwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE9ULwlBMUqPKq9U4kj7Y+gvCQ36MB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvVDFRdkNVRXhTbzhxcjFUaVNQdGo2QzhKRGZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2z7MA0G
CSqGSIb3DQEBCwUAA4IBAQAaW39iBcPxnI4mT7Y3QICdQJQql7Ws8tKsE93EvQ8a
pXDUv3ZT+YBM74RqCXAwgEYfOBpzF4DZzb3ezOEjk3SOjuzcXwh1/+LtjRHzsAye
05zikKl1VLWUB8IBdyly0UWac9DJhTQDcBr4+QWfMVsjnOYNH6pt9W9flZ5Bpub6
93/Ai77MAP+4O77H4Kk5WHTs0LuQNk+aFGFGwkdpp73UAxJ+6LULewFG4Wr63zTW
YB4Ie8AbYRI6CrHDehxgOMehuRb9y0oq0d/rfodsu2aCzpGSRZrRIp4r1ruHJ6N1
j1krKLa2OMs03gPdvu1RF3USif+JCvhkC0snsnGpVcXa
-----END CERTIFICATE-----