Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/MM7zZMvy7w6ip77FxbNuRr-gev8.roa
File:                     MM7zZMvy7w6ip77FxbNuRr-gev8.roa (raw, json)
Hash identifier:          wIsK7TgxxlI440VljQbzu8BtyEVQ+ALNnGxkjq3nyGA=
Subject key identifier:   30:CE:F3:64:CB:F2:EF:0E:A2:A7:BE:C5:C5:B3:6E:46:BF:A0:7A:FF
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019DE242EAA4503D6FC6AC1550F8013E23B5
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/MM7zZMvy7w6ip77FxbNuRr-gev8.roa
Signing time:             Fri 01 May 2026 06:38:49 +0000
ROA not before:           Fri 01 May 2026 06:38:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214556
IP address blocks:        91.226.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e2:42:ea:a4:50:3d:6f:c6:ac:15:50:f8:01:3e:23:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May  1 06:38:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30cef364cbf2ef0ea2a7bec5c5b36e46bfa07aff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:4b:de:a0:17:77:bf:06:76:8b:2f:e9:06:ac:
                    8b:97:a1:fc:e5:87:69:e0:7f:ca:be:5a:db:b2:f1:
                    09:21:a8:45:70:ea:82:9e:02:62:82:82:64:70:43:
                    01:fc:98:4d:83:72:e5:7b:58:6a:63:db:f9:c0:05:
                    df:b0:16:9a:5d:57:ce:79:d8:d7:e7:d4:3a:ee:32:
                    8d:e8:10:0a:b6:32:b9:51:eb:25:32:b2:4e:dc:bc:
                    16:67:f0:91:f1:50:72:be:53:ef:68:ce:28:0c:61:
                    a3:c6:99:07:c5:b9:b2:b5:c4:2c:af:74:ec:67:44:
                    78:35:df:f1:79:37:f2:65:81:6a:2e:0f:12:0c:73:
                    d3:1e:4e:3b:a5:3e:74:85:c2:85:9f:f5:50:ee:62:
                    cf:10:fb:0e:43:54:ef:03:71:f0:6e:6f:ef:2f:1b:
                    9b:f9:43:1c:90:93:83:e6:38:d4:aa:f8:44:92:ac:
                    e3:a4:b3:55:42:69:46:52:f5:62:49:25:dc:14:28:
                    0b:96:e7:5f:a2:a7:07:d5:fc:15:14:73:10:1b:da:
                    1b:59:66:e7:e7:05:55:17:80:99:41:7b:a7:26:14:
                    00:63:63:18:94:e2:bc:0e:2e:6f:f4:d1:7e:a6:6a:
                    94:ff:65:4a:e1:0c:08:d1:c2:d7:bc:20:b8:0d:9a:
                    ae:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:CE:F3:64:CB:F2:EF:0E:A2:A7:BE:C5:C5:B3:6E:46:BF:A0:7A:FF
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/MM7zZMvy7w6ip77FxbNuRr-gev8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:50:16:73:53:98:72:2c:05:10:c5:ca:37:ba:ea:e2:ae:00:
         45:7a:64:ba:69:e6:10:17:8d:c4:54:90:cf:b5:86:80:e3:51:
         6c:8c:01:2d:49:d7:42:07:d3:c3:ed:44:56:2b:52:07:3d:bf:
         d4:5a:2b:3a:fe:d8:af:9e:86:be:08:1e:f4:4a:b9:18:4b:99:
         76:c9:b6:fc:64:d7:41:7d:e5:f6:59:8f:d9:cb:20:44:62:bc:
         2b:9c:9a:9d:1c:01:64:20:80:2d:03:94:82:96:cc:9e:a3:91:
         6e:00:6f:a1:18:32:af:7e:69:c9:d7:aa:ec:67:fa:ca:3e:4b:
         50:cd:6b:06:a6:0e:ec:a0:1f:16:47:9d:2a:fb:79:f6:78:0f:
         aa:d1:30:c1:b4:60:a1:82:d9:51:90:e2:bd:88:30:58:71:60:
         4b:f5:92:82:ee:4f:9b:fc:65:2c:e8:f4:a6:e1:fc:95:73:f5:
         fe:9e:67:3c:d0:5c:9b:78:42:6d:c7:37:e0:ed:b4:34:64:3e:
         d0:9a:7d:66:e7:ee:f2:58:5f:14:e6:d7:7d:ac:9d:0f:fa:4d:
         42:dc:2b:d2:cf:87:7f:08:e5:3d:07:d9:4d:dd:41:97:2c:4f:
         c8:06:e8:bc:5b:18:de:d3:0c:be:7c:41:4f:a5:d4:ac:b6:70:
         43:cc:26:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3iQuqkUD1vxqwVUPgBPiO1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNTAxMDYzODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGNlZjM2NGNiZjJlZjBlYTJhN2JlYzVjNWIzNmU0NmJmYTA3YWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kveoBd3vwZ2iy/pBqyLl6H85Ydp
4H/KvlrbsvEJIahFcOqCngJigoJkcEMB/JhNg3Lle1hqY9v5wAXfsBaaXVfOedjX
59Q67jKN6BAKtjK5UeslMrJO3LwWZ/CR8VByvlPvaM4oDGGjxpkHxbmytcQsr3Ts
Z0R4Nd/xeTfyZYFqLg8SDHPTHk47pT50hcKFn/VQ7mLPEPsOQ1TvA3Hwbm/vLxub
+UMckJOD5jjUqvhEkqzjpLNVQmlGUvViSSXcFCgLludfoqcH1fwVFHMQG9obWWbn
5wVVF4CZQXunJhQAY2MYlOK8Di5v9NF+pmqU/2VK4QwI0cLXvCC4DZquNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDO82TL8u8Ooqe+xcWzbka/oHr/MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvTU03elpNdnk3dzZpcDc3RnhiTnVSci1nZXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+I4MA0G
CSqGSIb3DQEBCwUAA4IBAQALUBZzU5hyLAUQxco3uurirgBFemS6aeYQF43EVJDP
tYaA41FsjAEtSddCB9PD7URWK1IHPb/UWis6/tivnoa+CB70SrkYS5l2ybb8ZNdB
feX2WY/ZyyBEYrwrnJqdHAFkIIAtA5SClsyeo5FuAG+hGDKvfmnJ16rsZ/rKPktQ
zWsGpg7soB8WR50q+3n2eA+q0TDBtGChgtlRkOK9iDBYcWBL9ZKC7k+b/GUs6PSm
4fyVc/X+nmc80FybeEJtxzfg7bQ0ZD7Qmn1m5+7yWF8U5td9rJ0P+k1C3CvSz4d/
COU9B9lN3UGXLE/IBui8Wxje0wy+fEFPpdSstnBDzCY5
-----END CERTIFICATE-----