Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/YIsKwwvCfYeQ3ro-L8t-CuRS2Qo.roa
File:                     YIsKwwvCfYeQ3ro-L8t-CuRS2Qo.roa (raw, json)
Hash identifier:          Az8B8niIcPnTkpmEOwRs6eOUmDJEyD6QYlEEdIYgVnw=
Subject key identifier:   60:8B:0A:C3:0B:C2:7D:87:90:DE:BA:3E:2F:CB:7E:0A:E4:52:D9:0A
Certificate issuer:       /CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
Certificate serial:       019D9BF434E3FCA5CCA047538AE5B6B6EC4C
Authority key identifier: C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/YIsKwwvCfYeQ3ro-L8t-CuRS2Qo.roa
Signing time:             Fri 17 Apr 2026 14:59:25 +0000
ROA not before:           Fri 17 Apr 2026 14:59:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198855
IP address blocks:        91.108.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 22:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9b:f4:34:e3:fc:a5:cc:a0:47:53:8a:e5:b6:b6:ec:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2ee45426e12e50fe30e8ffc39e04485d8f73339
        Validity
            Not Before: Apr 17 14:59:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=608b0ac30bc27d8790deba3e2fcb7e0ae452d90a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:06:66:49:6e:c3:c2:8c:99:7f:8c:c1:38:8b:
                    8a:20:c5:58:7e:0b:c2:11:f3:53:30:6b:34:6f:65:
                    ed:c8:18:63:ad:17:a3:eb:a4:b6:bb:40:80:a7:e8:
                    08:cb:ab:6e:f8:b1:ad:2e:28:67:fd:b4:1d:66:2c:
                    1e:3f:a1:59:45:bf:22:33:c1:82:a8:61:9e:a5:f6:
                    bf:32:6a:0c:37:47:b9:8e:dc:a1:47:b9:6f:3f:16:
                    e6:fc:03:c9:83:33:0f:65:d3:53:2e:4c:44:38:db:
                    5b:c8:0e:8e:cf:55:90:29:8d:9c:a0:53:ce:d1:05:
                    e6:0e:f4:ea:be:3e:15:eb:74:8e:10:57:a8:15:3b:
                    09:14:66:a4:f8:f7:40:28:1b:83:af:1f:af:d9:0c:
                    84:3d:5b:30:1d:2c:67:02:40:bf:aa:0e:48:8a:e4:
                    53:98:47:c9:92:b9:1b:3d:57:e3:67:52:6f:12:c0:
                    b9:70:a6:8e:ab:71:ef:d2:ee:b9:0f:e0:35:1e:c1:
                    24:77:0c:4c:ae:f8:82:29:77:4f:3f:ba:0a:09:f1:
                    9b:ca:f0:b8:b1:d7:a2:2a:47:6d:1d:98:b5:a0:45:
                    45:c7:15:43:45:d8:2e:29:ca:2a:38:16:c5:e7:95:
                    ae:ae:9f:f6:11:dd:c6:25:d8:26:dc:a2:54:62:6e:
                    1a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:8B:0A:C3:0B:C2:7D:87:90:DE:BA:3E:2F:CB:7E:0A:E4:52:D9:0A
            X509v3 Authority Key Identifier:
                keyid:C2:EE:45:42:6E:12:E5:0F:E3:0E:8F:FC:39:E0:44:85:D8:F7:33:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/YIsKwwvCfYeQ3ro-L8t-CuRS2Qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/70aa32-9607-4db7-8f1e-da75430b16f6/1/wu5FQm4S5Q_jDo_8OeBEhdj3Mzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:32:28:94:f5:cb:cd:e4:70:26:d0:af:09:8d:8b:d9:14:15:
         5c:33:b7:bc:87:f0:8e:8e:6c:de:9c:a0:5b:07:8a:a9:2a:fd:
         a4:28:4f:2a:41:15:a1:6a:ee:0c:b6:20:27:7c:2c:f3:d3:dd:
         1e:fd:00:c5:d7:8c:28:cd:e7:d1:f0:d7:7d:48:52:66:cc:94:
         2d:e5:36:02:90:a8:07:ea:52:3b:1a:f9:d9:f1:e1:9f:e7:63:
         1f:0f:40:c5:c8:c1:6c:eb:3c:15:79:98:c1:65:cd:73:e3:91:
         fa:07:bf:fd:db:fd:46:aa:d9:96:0f:cd:97:e2:38:0c:1f:a0:
         34:0e:2f:4b:45:be:90:5a:f8:7a:d7:c0:c8:3f:bb:e3:40:1f:
         94:ea:d4:a6:2a:07:77:8b:70:dd:d5:cd:3a:c5:44:be:e5:da:
         2f:a1:b1:cf:43:55:fc:ad:4f:9d:be:53:ba:43:8b:3c:57:7e:
         1e:49:f6:19:b7:3b:55:1a:ba:80:7b:b7:9b:37:bd:10:f2:bf:
         c8:68:ce:db:72:7f:00:0c:fe:11:09:7e:ee:e0:65:2a:59:d4:
         e5:f8:9d:bb:4f:fb:e1:82:93:04:bd:42:ec:6d:69:c8:37:26:
         7b:39:c6:73:af:ef:2d:6c:7a:2e:5b:30:02:82:3f:45:a3:05:
         05:aa:47:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2b9DTj/KXMoEdTiuW2tuxMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZWU0NTQyNmUxMmU1MGZlMzBlOGZmYzM5ZTA0NDg1ZDhm
NzMzMzkwHhcNMjYwNDE3MTQ1OTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDhiMGFjMzBiYzI3ZDg3OTBkZWJhM2UyZmNiN2UwYWU0NTJkOTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwZmSW7DwoyZf4zBOIuKIMVYfgvC
EfNTMGs0b2XtyBhjrRej66S2u0CAp+gIy6tu+LGtLihn/bQdZiweP6FZRb8iM8GC
qGGepfa/MmoMN0e5jtyhR7lvPxbm/APJgzMPZdNTLkxEONtbyA6Oz1WQKY2coFPO
0QXmDvTqvj4V63SOEFeoFTsJFGak+PdAKBuDrx+v2QyEPVswHSxnAkC/qg5IiuRT
mEfJkrkbPVfjZ1JvEsC5cKaOq3Hv0u65D+A1HsEkdwxMrviCKXdPP7oKCfGbyvC4
sdeiKkdtHZi1oEVFxxVDRdguKcoqOBbF55Wurp/2Ed3GJdgm3KJUYm4a1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCLCsMLwn2HkN66Pi/LfgrkUtkKMB8GA1UdIwQY
MBaAFMLuRUJuEuUP4w6P/DngRIXY9zM5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUt
ZGE3NTQzMGIxNmY2LzEvWUlzS3d3dkNmWWVRM3JvLUw4dC1DdVJTMlFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC83MGFhMzItOTYwNy00ZGI3LThmMWUtZGE3NTQzMGIxNmY2
LzEvd3U1RlFtNFM1UV9qRG9fOE9lQkVoZGozTXprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2z5MA0G
CSqGSIb3DQEBCwUAA4IBAQC2MiiU9cvN5HAm0K8JjYvZFBVcM7e8h/COjmzenKBb
B4qpKv2kKE8qQRWhau4MtiAnfCzz090e/QDF14wozefR8Nd9SFJmzJQt5TYCkKgH
6lI7GvnZ8eGf52MfD0DFyMFs6zwVeZjBZc1z45H6B7/92/1GqtmWD82X4jgMH6A0
Di9LRb6QWvh618DIP7vjQB+U6tSmKgd3i3Dd1c06xUS+5dovobHPQ1X8rU+dvlO6
Q4s8V34eSfYZtztVGrqAe7ebN70Q8r/IaM7bcn8ADP4RCX7u4GUqWdTl+J27T/vh
gpMEvULsbWnINyZ7OcZzr+8tbHouWzACgj9FowUFqkf1
-----END CERTIFICATE-----