Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/1-D2GFlBLHLUdF-GPWG_RTfujAmM.roa
File:                     1-D2GFlBLHLUdF-GPWG_RTfujAmM.roa (raw, json)
Hash identifier:          9y0cEqPuSQFS0cq+UBb/Wv95mgX8ehkW5+8lmKcelMI=
Subject key identifier:   F8:3D:86:16:50:4B:1C:B5:1D:17:E1:8F:58:6F:D1:4D:FB:A3:02:63
Certificate issuer:       /CN=04d3c5de9ff3cce131c8bfcdcce333947d92635e
Certificate serial:       019DF2371493C9C69FAE310D97091BB4FCA3
Authority key identifier: 04:D3:C5:DE:9F:F3:CC:E1:31:C8:BF:CD:CC:E3:33:94:7D:92:63:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BNPF3p_zzOExyL_NzOMzlH2SY14.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/1-D2GFlBLHLUdF-GPWG_RTfujAmM.roa
Signing time:             Mon 04 May 2026 08:59:49 +0000
ROA not before:           Mon 04 May 2026 08:59:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        91.226.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/BNPF3p_zzOExyL_NzOMzlH2SY14.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/BNPF3p_zzOExyL_NzOMzlH2SY14.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BNPF3p_zzOExyL_NzOMzlH2SY14.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:37:14:93:c9:c6:9f:ae:31:0d:97:09:1b:b4:fc:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04d3c5de9ff3cce131c8bfcdcce333947d92635e
        Validity
            Not Before: May  4 08:59:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f83d8616504b1cb51d17e18f586fd14dfba30263
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9d:98:a6:00:75:8d:aa:31:b2:a2:43:11:85:
                    b7:8b:f4:a2:50:6d:97:c6:3c:d5:58:89:0a:6b:28:
                    50:36:12:ed:88:72:93:0c:b7:0f:56:6c:c7:e4:a2:
                    65:03:df:af:e1:a0:53:a6:0d:9b:28:ca:6d:50:22:
                    a2:c5:8b:65:29:3c:6b:f2:c1:1f:e0:39:a0:64:b0:
                    9b:20:9b:57:f7:82:29:34:30:b2:94:ff:9b:56:36:
                    e4:a9:83:ac:9a:1f:1f:34:b7:78:fe:eb:36:64:c7:
                    d3:21:35:21:80:d2:87:1a:fe:8c:91:ea:13:70:cb:
                    94:11:ed:32:17:0a:73:e3:a4:02:23:6e:26:f7:6b:
                    e2:a0:be:a3:3d:bb:b6:34:19:0f:d3:9b:b0:9a:87:
                    82:76:28:f5:bd:c3:3a:bc:a7:27:7c:47:cb:91:8e:
                    9e:ec:9e:3b:02:c4:50:22:e2:03:12:22:28:a9:4f:
                    e7:ea:6f:c4:25:a2:f7:4c:e4:c5:ce:ec:38:ca:d3:
                    b5:ab:3b:cf:12:73:de:62:07:37:b1:4e:15:a5:6a:
                    0c:b8:ad:e5:dc:c1:ba:f3:29:f8:66:d1:3e:62:88:
                    44:91:cf:4b:0d:6e:dc:34:1b:55:d1:a4:c4:ba:d1:
                    31:53:95:c3:58:c8:38:0d:86:02:54:07:03:8f:71:
                    5d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:3D:86:16:50:4B:1C:B5:1D:17:E1:8F:58:6F:D1:4D:FB:A3:02:63
            X509v3 Authority Key Identifier:
                keyid:04:D3:C5:DE:9F:F3:CC:E1:31:C8:BF:CD:CC:E3:33:94:7D:92:63:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BNPF3p_zzOExyL_NzOMzlH2SY14.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/1-D2GFlBLHLUdF-GPWG_RTfujAmM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/2607fb-6b84-456e-aa09-9d8bc8115f68/1/BNPF3p_zzOExyL_NzOMzlH2SY14.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:cb:60:5d:9c:65:c8:d6:32:56:ff:6f:47:72:f7:f1:b4:86:
         c3:47:6e:50:17:6e:d6:c3:3f:ac:cf:36:32:ac:8a:fc:56:77:
         fd:d3:32:d9:1a:9b:3e:6f:39:06:c7:12:b3:55:aa:f3:ab:9b:
         f3:c7:b6:40:8c:a3:c0:78:fb:56:6a:0f:8e:f6:92:96:12:b4:
         97:c8:ad:2b:c6:77:b3:6a:bb:8a:b5:9f:96:03:c2:97:77:9d:
         0b:af:7b:4b:29:9a:b8:79:21:aa:32:47:b4:aa:96:24:d2:9e:
         7e:ee:ef:e9:bb:82:c3:f3:d2:ab:e6:87:86:d9:aa:c0:f7:51:
         84:0b:bf:33:a6:b0:72:f7:13:55:da:ff:46:a5:7d:f1:93:3d:
         c4:85:63:54:03:9b:74:20:3d:f1:94:7d:e2:70:16:0d:6a:b0:
         c1:28:96:2b:17:5b:a6:ae:ed:3e:3e:e0:2f:92:52:80:6f:7a:
         94:69:ad:b6:7d:88:47:4e:49:ab:e3:1f:c8:58:8e:cb:ec:4b:
         28:ad:96:d1:86:ef:ec:27:24:e7:c7:47:4e:f7:0a:7e:9a:24:
         b7:90:26:38:77:53:d3:2b:5a:a7:c7:b2:bc:1d:dd:eb:95:cd:
         99:c5:49:17:5b:b8:f1:81:34:01:3b:ba:b9:13:b8:7c:b4:9d:
         02:1a:c9:18
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3yNxSTycafrjENlwkbtPyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZDNjNWRlOWZmM2NjZTEzMWM4YmZjZGNjZTMzMzk0N2Q5
MjYzNWUwHhcNMjYwNTA0MDg1OTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODNkODYxNjUwNGIxY2I1MWQxN2UxOGY1ODZmZDE0ZGZiYTMwMjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy52YpgB1jaoxsqJDEYW3i/SiUG2X
xjzVWIkKayhQNhLtiHKTDLcPVmzH5KJlA9+v4aBTpg2bKMptUCKixYtlKTxr8sEf
4DmgZLCbIJtX94IpNDCylP+bVjbkqYOsmh8fNLd4/us2ZMfTITUhgNKHGv6MkeoT
cMuUEe0yFwpz46QCI24m92vioL6jPbu2NBkP05uwmoeCdij1vcM6vKcnfEfLkY6e
7J47AsRQIuIDEiIoqU/n6m/EJaL3TOTFzuw4ytO1qzvPEnPeYgc3sU4VpWoMuK3l
3MG68yn4ZtE+YohEkc9LDW7cNBtV0aTEutExU5XDWMg4DYYCVAcDj3FdswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPg9hhZQSxy1HRfhj1hv0U37owJjMB8GA1UdIwQY
MBaAFATTxd6f88zhMci/zczjM5R9kmNeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk5QRjNwX3p6T0V4eUxfTnpPTXpsSDJTWTE0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8yNjA3ZmItNmI4NC00NTZlLWFhMDkt
OWQ4YmM4MTE1ZjY4LzEvMS1EMkdGbEJMSExVZEYtR1BXR19SVGZ1akFtTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjEvMjYwN2ZiLTZiODQtNDU2ZS1hYTA5LTlkOGJjODExNWY2
OC8xL0JOUEYzcF96ek9FeHlMX056T016bEgyU1kxNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvi9DAN
BgkqhkiG9w0BAQsFAAOCAQEAgstgXZxlyNYyVv9vR3L38bSGw0duUBdu1sM/rM82
MqyK/FZ3/dMy2RqbPm85BscSs1Wq86ub88e2QIyjwHj7VmoPjvaSlhK0l8itK8Z3
s2q7irWflgPCl3edC697SymauHkhqjJHtKqWJNKefu7v6buCw/PSq+aHhtmqwPdR
hAu/M6awcvcTVdr/RqV98ZM9xIVjVAObdCA98ZR94nAWDWqwwSiWKxdbpq7tPj7g
L5JSgG96lGmttn2IR05Jq+MfyFiOy+xLKK2W0Ybv7Cck58dHTvcKfpokt5AmOHdT
0ytap8eyvB3d65XNmcVJF1u48YE0ATu6uRO4fLSdAhrJGA==
-----END CERTIFICATE-----