Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/624d06-870f-4b4d-ad75-15876d952275/1/2nCCDGIY-zgjtBGd6Ratic4BUZk.roa
File:                     2nCCDGIY-zgjtBGd6Ratic4BUZk.roa (raw, json)
Hash identifier:          ypGUracRtSQozaYCuAAYU3ve4jp+TLuRdz+sdn4iE+c=
Subject key identifier:   DA:70:82:0C:62:18:FB:38:23:B4:11:9D:E9:16:AD:89:CE:01:51:99
Certificate issuer:       /CN=a07931069affc9c99de518c826060e19cb475a6a
Certificate serial:       019CD1999BC4CA58EF380730CBCC5CFE6051
Authority key identifier: A0:79:31:06:9A:FF:C9:C9:9D:E5:18:C8:26:06:0E:19:CB:47:5A:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oHkxBpr_ycmd5RjIJgYOGctHWmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/624d06-870f-4b4d-ad75-15876d952275/1/2nCCDGIY-zgjtBGd6Ratic4BUZk.roa
Signing time:             Mon 09 Mar 2026 07:57:10 +0000
ROA not before:           Mon 09 Mar 2026 07:57:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50005
IP address blocks:        91.220.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/624d06-870f-4b4d-ad75-15876d952275/1/oHkxBpr_ycmd5RjIJgYOGctHWmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/624d06-870f-4b4d-ad75-15876d952275/1/oHkxBpr_ycmd5RjIJgYOGctHWmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oHkxBpr_ycmd5RjIJgYOGctHWmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 22:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d1:99:9b:c4:ca:58:ef:38:07:30:cb:cc:5c:fe:60:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a07931069affc9c99de518c826060e19cb475a6a
        Validity
            Not Before: Mar  9 07:57:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da70820c6218fb3823b4119de916ad89ce015199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4f:70:3e:41:44:85:c8:9c:7c:c2:dd:16:83:
                    10:05:91:48:bf:67:69:e6:89:70:c8:f8:f3:06:f7:
                    5c:91:a5:9b:c1:55:ac:fb:b2:71:36:6c:c9:5c:ec:
                    52:dc:32:c9:dc:5f:79:06:1e:be:1c:15:e9:5e:05:
                    d3:99:74:96:2c:1c:78:4f:c1:c1:fe:36:1b:77:ef:
                    52:cf:9c:7f:7b:77:6d:17:1f:05:31:2e:47:a0:5b:
                    6f:5d:fe:24:aa:2b:6d:22:3c:3c:e3:5e:ce:0b:13:
                    f0:47:df:54:d4:b5:9c:60:de:a7:08:93:86:d8:3f:
                    2b:38:c3:f6:63:eb:6e:e4:76:b9:92:92:c0:af:cb:
                    80:97:6d:7d:cb:f9:d5:6d:d1:49:dd:e8:5d:ae:8f:
                    01:9e:a2:62:48:c3:c6:c8:c9:bc:e3:70:a9:e9:76:
                    d1:56:b7:fa:b3:bf:dd:3e:b5:b9:60:63:5f:4b:7b:
                    ca:94:9d:c9:cd:28:73:eb:57:56:5d:1f:d6:ec:93:
                    ce:2e:ca:34:42:04:9f:d6:94:62:5d:9b:6b:1b:25:
                    88:84:6e:65:23:8f:cd:47:d5:b0:91:8a:33:f7:aa:
                    8e:77:66:f2:89:86:cc:19:63:c0:e1:ff:3b:e9:fe:
                    93:c5:60:24:2b:b2:d3:45:06:e5:fd:fd:f2:08:63:
                    c0:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:70:82:0C:62:18:FB:38:23:B4:11:9D:E9:16:AD:89:CE:01:51:99
            X509v3 Authority Key Identifier:
                keyid:A0:79:31:06:9A:FF:C9:C9:9D:E5:18:C8:26:06:0E:19:CB:47:5A:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oHkxBpr_ycmd5RjIJgYOGctHWmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/624d06-870f-4b4d-ad75-15876d952275/1/2nCCDGIY-zgjtBGd6Ratic4BUZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/624d06-870f-4b4d-ad75-15876d952275/1/oHkxBpr_ycmd5RjIJgYOGctHWmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:2c:42:58:a2:79:4e:84:0b:1a:b5:ad:75:b2:e4:5e:69:0b:
         6a:4b:93:99:06:1c:55:fc:5a:22:5b:09:7b:10:c7:57:59:a8:
         53:54:66:02:84:4d:e4:27:39:d8:10:bc:0d:1a:4b:35:74:0f:
         56:ba:c2:9c:64:87:f9:5b:1f:36:ab:ac:92:3b:ae:91:32:a4:
         04:f1:3d:b0:ad:0f:d8:bd:b8:e7:1c:2f:48:de:71:63:fc:cc:
         1f:8c:7b:ba:4a:56:25:de:c9:57:57:24:8c:3e:c5:78:16:6a:
         8d:a4:6e:6b:cc:ba:75:9e:f9:b8:fa:f2:1c:a5:00:1b:0c:27:
         ad:78:e5:40:cb:31:11:aa:50:05:32:f5:a9:6d:ad:9e:4e:2a:
         7e:b3:d5:bb:0f:3f:e1:78:fd:69:d1:e9:ed:ff:72:7b:e0:9c:
         f6:37:47:d1:3d:73:6e:e8:a4:52:7a:3a:9a:5d:c1:6a:39:6c:
         cd:f2:ff:ee:ee:6b:ce:95:8a:b2:3c:1f:95:24:e4:12:0d:d1:
         b1:f9:ff:40:3f:54:d2:0f:87:54:d3:58:4a:70:95:30:34:97:
         98:a3:23:c8:cc:2d:9f:dd:cc:b2:7f:51:26:e9:6f:f7:24:8a:
         b9:3f:b0:6d:5d:40:5d:a7:89:f9:5f:3e:1a:e3:92:76:9c:3a:
         80:94:eb:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzRmZvEyljvOAcwy8xc/mBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwNzkzMTA2OWFmZmM5Yzk5ZGU1MThjODI2MDYwZTE5Y2I0
NzVhNmEwHhcNMjYwMzA5MDc1NzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTcwODIwYzYyMThmYjM4MjNiNDExOWRlOTE2YWQ4OWNlMDE1MTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv09wPkFEhcicfMLdFoMQBZFIv2dp
5olwyPjzBvdckaWbwVWs+7JxNmzJXOxS3DLJ3F95Bh6+HBXpXgXTmXSWLBx4T8HB
/jYbd+9Sz5x/e3dtFx8FMS5HoFtvXf4kqittIjw8417OCxPwR99U1LWcYN6nCJOG
2D8rOMP2Y+tu5Ha5kpLAr8uAl219y/nVbdFJ3ehdro8BnqJiSMPGyMm843Cp6XbR
Vrf6s7/dPrW5YGNfS3vKlJ3JzShz61dWXR/W7JPOLso0QgSf1pRiXZtrGyWIhG5l
I4/NR9WwkYoz96qOd2byiYbMGWPA4f876f6TxWAkK7LTRQbl/f3yCGPA4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNpwggxiGPs4I7QRnekWrYnOAVGZMB8GA1UdIwQY
MBaAFKB5MQaa/8nJneUYyCYGDhnLR1pqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0hreEJwcl95Y21kNVJqSUpnWU9HY3RIV21vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS82MjRkMDYtODcwZi00YjRkLWFkNzUt
MTU4NzZkOTUyMjc1LzEvMm5DQ0RHSVktemdqdEJHZDZSYXRpYzRCVVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS82MjRkMDYtODcwZi00YjRkLWFkNzUtMTU4NzZkOTUyMjc1
LzEvb0hreEJwcl95Y21kNVJqSUpnWU9HY3RIV21vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9yXMA0G
CSqGSIb3DQEBCwUAA4IBAQA3LEJYonlOhAsata11suReaQtqS5OZBhxV/FoiWwl7
EMdXWahTVGYChE3kJznYELwNGks1dA9WusKcZIf5Wx82q6ySO66RMqQE8T2wrQ/Y
vbjnHC9I3nFj/MwfjHu6SlYl3slXVySMPsV4FmqNpG5rzLp1nvm4+vIcpQAbDCet
eOVAyzERqlAFMvWpba2eTip+s9W7Dz/heP1p0ent/3J74Jz2N0fRPXNu6KRSejqa
XcFqOWzN8v/u7mvOlYqyPB+VJOQSDdGx+f9AP1TSD4dU01hKcJUwNJeYoyPIzC2f
3cyyf1Em6W/3JIq5P7BtXUBdp4n5Xz4a45J2nDqAlOvP
-----END CERTIFICATE-----