Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/DeB0Xt-6RphvnKaJhBcgtFFOHhM.roa
File:                     DeB0Xt-6RphvnKaJhBcgtFFOHhM.roa (raw, json)
Hash identifier:          ZLUOwjyV4wQGSZZuzCSytuVCG5xLZsCp/YXTv8tLW+M=
Subject key identifier:   0D:E0:74:5E:DF:BA:46:98:6F:9C:A6:89:84:17:20:B4:51:4E:1E:13
Certificate issuer:       /CN=f3bfb88678d5888ec79ed4e0d7d8e89650670201
Certificate serial:       019DD41304B9FD6D2C574336C066F61F6173
Authority key identifier: F3:BF:B8:86:78:D5:88:8E:C7:9E:D4:E0:D7:D8:E8:96:50:67:02:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/87-4hnjViI7HntTg19jollBnAgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/DeB0Xt-6RphvnKaJhBcgtFFOHhM.roa
Signing time:             Tue 28 Apr 2026 12:31:49 +0000
ROA not before:           Tue 28 Apr 2026 12:31:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214208
IP address blocks:        185.91.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/87-4hnjViI7HntTg19jollBnAgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/87-4hnjViI7HntTg19jollBnAgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/87-4hnjViI7HntTg19jollBnAgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 15:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:13:04:b9:fd:6d:2c:57:43:36:c0:66:f6:1f:61:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3bfb88678d5888ec79ed4e0d7d8e89650670201
        Validity
            Not Before: Apr 28 12:31:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0de0745edfba46986f9ca689841720b4514e1e13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:ff:9e:42:36:06:e2:ae:17:2c:1d:60:c4:3c:
                    32:e8:03:70:d6:34:21:d9:70:ca:f3:ee:e4:35:3e:
                    bc:0e:f5:dc:95:c7:23:a1:7d:d5:96:5e:cb:f3:6e:
                    2d:79:d0:ad:fa:c0:47:b9:13:24:52:2f:55:99:cc:
                    53:4f:31:c9:1a:26:fb:50:c1:1a:78:dd:fe:f1:8a:
                    f8:ee:3e:d4:0b:32:96:c9:0c:f2:b0:be:56:c1:53:
                    50:6a:18:46:47:0c:62:3d:04:d1:fd:6b:42:b1:76:
                    88:49:2c:ab:0f:e6:e0:95:4e:16:ce:bb:91:d9:a1:
                    a7:a4:1c:3e:f4:23:55:8f:29:06:98:e9:af:78:a3:
                    4b:f1:b8:ec:ae:67:fd:fb:23:6d:2c:c8:d3:45:33:
                    b2:7f:2e:a1:94:78:92:77:84:70:7b:18:8e:b0:71:
                    d2:b6:ef:62:60:a9:de:cf:0c:1f:b2:ec:40:1c:10:
                    31:cb:8f:11:4c:d9:8f:f0:42:77:80:bd:d1:30:1e:
                    25:3c:28:1f:6d:db:b4:77:fb:6d:1c:c4:4f:30:06:
                    e9:a2:5a:50:ee:50:97:46:5d:6b:45:47:c5:84:6b:
                    46:de:32:64:d3:6b:9c:9d:68:35:4b:4c:94:78:cb:
                    62:c8:b6:ea:1c:68:61:03:28:74:4b:2d:b2:d5:b6:
                    13:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E0:74:5E:DF:BA:46:98:6F:9C:A6:89:84:17:20:B4:51:4E:1E:13
            X509v3 Authority Key Identifier:
                keyid:F3:BF:B8:86:78:D5:88:8E:C7:9E:D4:E0:D7:D8:E8:96:50:67:02:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/87-4hnjViI7HntTg19jollBnAgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/DeB0Xt-6RphvnKaJhBcgtFFOHhM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/76ad5a-d1fc-4c81-961e-9264012007ec/1/87-4hnjViI7HntTg19jollBnAgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.91.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:fe:3f:60:bc:95:91:a9:15:ac:2a:45:4c:13:32:ff:ce:7e:
         b9:f7:88:e2:c9:3d:a1:9f:ca:9e:b5:70:32:1e:41:dc:25:23:
         29:1d:9f:f8:8d:94:b3:1e:b9:77:af:82:17:ce:41:69:82:f6:
         4a:12:13:3e:bd:4c:a5:1b:44:c3:44:ea:c1:55:10:ad:86:b5:
         b8:b4:3c:d8:70:d4:f9:d7:dc:aa:de:63:cb:7c:98:2b:4d:c5:
         98:8b:e9:6d:2a:a4:98:b2:39:50:bb:46:49:6c:59:67:e3:34:
         99:80:c1:c7:e7:e7:e1:4c:76:dc:8e:27:e9:6f:ef:41:cc:e6:
         57:db:fe:53:74:b7:35:5e:12:b5:38:72:ee:4e:6d:87:bb:f8:
         a2:67:ac:7b:67:2b:fd:e5:e6:ff:ff:62:3d:2a:91:39:f2:12:
         1f:a1:ce:11:1b:ec:09:8d:5b:9d:b7:f5:f8:4b:dc:48:98:84:
         36:e0:4d:42:c7:5a:f5:4c:4d:bb:e9:f8:6b:5d:30:9b:8e:e9:
         83:c0:21:9c:e6:05:3e:16:28:99:ed:f8:96:a8:f8:3c:82:cf:
         90:f6:0f:1e:d3:c1:8d:27:49:dd:cd:9c:0f:2d:20:a1:49:30:
         90:05:f7:4e:69:0b:1c:a0:72:a8:d4:47:91:7a:95:ab:35:fb:
         b9:12:f9:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3UEwS5/W0sV0M2wGb2H2FzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYmZiODg2NzhkNTg4OGVjNzllZDRlMGQ3ZDhlODk2NTA2
NzAyMDEwHhcNMjYwNDI4MTIzMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGUwNzQ1ZWRmYmE0Njk4NmY5Y2E2ODk4NDE3MjBiNDUxNGUxZTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8v+eQjYG4q4XLB1gxDwy6ANw1jQh
2XDK8+7kNT68DvXclccjoX3Vll7L824tedCt+sBHuRMkUi9VmcxTTzHJGib7UMEa
eN3+8Yr47j7UCzKWyQzysL5WwVNQahhGRwxiPQTR/WtCsXaISSyrD+bglU4WzruR
2aGnpBw+9CNVjykGmOmveKNL8bjsrmf9+yNtLMjTRTOyfy6hlHiSd4RwexiOsHHS
tu9iYKnezwwfsuxAHBAxy48RTNmP8EJ3gL3RMB4lPCgfbdu0d/ttHMRPMAbpolpQ
7lCXRl1rRUfFhGtG3jJk02ucnWg1S0yUeMtiyLbqHGhhAyh0Sy2y1bYTiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3gdF7fukaYb5ymiYQXILRRTh4TMB8GA1UdIwQY
MBaAFPO/uIZ41YiOx57U4NfY6JZQZwIBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODctNGhualZpSTdIbnRUZzE5am9sbEJuQWdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi83NmFkNWEtZDFmYy00YzgxLTk2MWUt
OTI2NDAxMjAwN2VjLzEvRGVCMFh0LTZScGh2bkthSmhCY2d0RkZPSGhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi83NmFkNWEtZDFmYy00YzgxLTk2MWUtOTI2NDAxMjAwN2Vj
LzEvODctNGhualZpSTdIbnRUZzE5am9sbEJuQWdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVtxMA0G
CSqGSIb3DQEBCwUAA4IBAQCH/j9gvJWRqRWsKkVMEzL/zn6594jiyT2hn8qetXAy
HkHcJSMpHZ/4jZSzHrl3r4IXzkFpgvZKEhM+vUylG0TDROrBVRCthrW4tDzYcNT5
19yq3mPLfJgrTcWYi+ltKqSYsjlQu0ZJbFln4zSZgMHH5+fhTHbcjifpb+9BzOZX
2/5TdLc1XhK1OHLuTm2Hu/iiZ6x7Zyv95eb//2I9KpE58hIfoc4RG+wJjVudt/X4
S9xImIQ24E1Cx1r1TE276fhrXTCbjumDwCGc5gU+FiiZ7fiWqPg8gs+Q9g8e08GN
J0ndzZwPLSChSTCQBfdOaQscoHKo1EeRepWrNfu5EvlB
-----END CERTIFICATE-----