Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/O9IOyxP8h4lseEmgSAoGGPv8Vsw.roa
File:                     O9IOyxP8h4lseEmgSAoGGPv8Vsw.roa (raw, json)
Hash identifier:          AJyOJoJMgWD7BGOJs3PUaH2nLGyMrSS+qzh/C2ebL1w=
Subject key identifier:   3B:D2:0E:CB:13:FC:87:89:6C:78:49:A0:48:0A:06:18:FB:FC:56:CC
Certificate issuer:       /CN=ebcb0e7b99415f986f4d08177f88b5b8f7eba7f9
Certificate serial:       019B797DE18807BB89F82F0C4EC434FD4DDE
Authority key identifier: EB:CB:0E:7B:99:41:5F:98:6F:4D:08:17:7F:88:B5:B8:F7:EB:A7:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/68sOe5lBX5hvTQgXf4i1uPfrp_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/O9IOyxP8h4lseEmgSAoGGPv8Vsw.roa
Signing time:             Thu 01 Jan 2026 12:17:31 +0000
ROA not before:           Thu 01 Jan 2026 12:17:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197544
IP address blocks:        91.193.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/68sOe5lBX5hvTQgXf4i1uPfrp_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/68sOe5lBX5hvTQgXf4i1uPfrp_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/68sOe5lBX5hvTQgXf4i1uPfrp_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7d:e1:88:07:bb:89:f8:2f:0c:4e:c4:34:fd:4d:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebcb0e7b99415f986f4d08177f88b5b8f7eba7f9
        Validity
            Not Before: Jan  1 12:17:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bd20ecb13fc87896c7849a0480a0618fbfc56cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:1e:65:0f:62:a8:e0:03:c7:0f:12:ea:5e:11:
                    0e:00:82:3e:79:33:1e:2e:07:05:3f:1e:11:9a:65:
                    23:59:d0:b5:7f:45:e0:90:77:49:44:3d:ce:b9:62:
                    91:53:b0:27:47:c4:7e:f2:2f:66:e4:bd:ae:4a:cc:
                    e5:15:f7:08:8c:75:60:c0:b3:c7:a6:9c:31:e0:ef:
                    4f:90:d5:af:ab:18:d8:37:f9:9f:4f:1b:66:72:6f:
                    57:b4:f4:7b:26:a9:32:63:12:d9:1e:39:1e:e0:3e:
                    52:25:96:34:53:9b:c2:11:50:db:ef:47:03:9b:be:
                    34:9f:62:10:ed:f6:24:59:40:ab:cf:0f:51:f9:fb:
                    8d:8a:75:af:7f:f1:d1:8b:51:ce:ad:77:42:29:3a:
                    90:a0:2d:43:07:64:0e:2c:8b:70:62:9c:6c:b6:72:
                    ba:a8:3b:7a:d6:84:e4:3a:c6:07:76:bb:f2:63:59:
                    5d:04:be:ce:a5:89:d4:a9:c6:8e:04:08:39:f7:8f:
                    74:93:ef:96:13:fd:da:ce:63:4d:2b:36:25:8a:0e:
                    38:20:44:1b:60:ac:66:6c:7b:49:b5:98:a4:77:00:
                    33:c3:ec:c8:ad:69:58:90:57:fa:8d:76:01:0b:bb:
                    1e:37:96:79:f2:77:3b:24:72:9f:11:79:c1:db:b8:
                    5f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:D2:0E:CB:13:FC:87:89:6C:78:49:A0:48:0A:06:18:FB:FC:56:CC
            X509v3 Authority Key Identifier:
                keyid:EB:CB:0E:7B:99:41:5F:98:6F:4D:08:17:7F:88:B5:B8:F7:EB:A7:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/68sOe5lBX5hvTQgXf4i1uPfrp_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/O9IOyxP8h4lseEmgSAoGGPv8Vsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1fcadf-8060-4395-926d-dee9ce394991/1/68sOe5lBX5hvTQgXf4i1uPfrp_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.193.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:b4:fc:f1:b9:15:69:e6:f6:f5:af:3e:b2:8d:85:67:30:ef:
         d6:b2:83:cf:b6:6d:22:a6:b5:fd:92:c6:5b:28:74:f6:c3:82:
         6d:32:b1:8d:18:7c:10:d9:21:c1:45:1d:62:e0:15:57:ce:c1:
         9f:7f:d8:79:01:e9:2a:47:05:bd:52:af:e3:23:cb:e2:c5:95:
         0d:18:46:db:bd:01:60:eb:13:b1:c2:e9:34:1f:c5:5f:12:6a:
         88:38:35:bf:3f:9b:4c:2f:e3:e6:04:7a:5d:f5:06:b1:dd:48:
         6c:5f:2b:eb:bf:f8:56:17:18:ba:89:fa:f1:c2:c8:50:73:a0:
         81:a5:bb:c6:30:28:e0:71:14:b3:c2:35:63:95:01:58:0b:dc:
         0d:cb:ed:d0:3d:4e:25:9d:28:3d:33:1a:59:ea:d9:06:97:78:
         e8:11:bb:a7:10:9e:b3:d3:ba:db:ed:94:0d:f6:29:7c:af:ce:
         59:f6:7c:f0:a2:9a:20:fa:be:df:7a:d1:3e:e3:11:59:7c:26:
         c9:01:77:b9:77:06:ae:c1:d8:33:2a:ba:fb:89:22:1a:8f:9f:
         b5:5a:8b:ad:ec:04:a9:c2:a9:c4:d2:4e:8c:fe:8d:22:6b:8b:
         4f:5a:0c:ff:03:55:70:dd:9d:19:3f:5a:55:49:d9:49:ac:2a:
         83:29:f8:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt5feGIB7uJ+C8MTsQ0/U3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViY2IwZTdiOTk0MTVmOTg2ZjRkMDgxNzdmODhiNWI4Zjdl
YmE3ZjkwHhcNMjYwMTAxMTIxNzMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmQyMGVjYjEzZmM4Nzg5NmM3ODQ5YTA0ODBhMDYxOGZiZmM1NmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8B5lD2Ko4APHDxLqXhEOAII+eTMe
LgcFPx4RmmUjWdC1f0XgkHdJRD3OuWKRU7AnR8R+8i9m5L2uSszlFfcIjHVgwLPH
ppwx4O9PkNWvqxjYN/mfTxtmcm9XtPR7JqkyYxLZHjke4D5SJZY0U5vCEVDb70cD
m740n2IQ7fYkWUCrzw9R+fuNinWvf/HRi1HOrXdCKTqQoC1DB2QOLItwYpxstnK6
qDt61oTkOsYHdrvyY1ldBL7OpYnUqcaOBAg59490k++WE/3azmNNKzYlig44IEQb
YKxmbHtJtZikdwAzw+zIrWlYkFf6jXYBC7seN5Z58nc7JHKfEXnB27hfSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDvSDssT/IeJbHhJoEgKBhj7/FbMMB8GA1UdIwQY
MBaAFOvLDnuZQV+Yb00IF3+Itbj366f5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjhzT2U1bEJYNWh2VFFnWGY0aTF1UGZycF9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZmNhZGYtODA2MC00Mzk1LTkyNmQt
ZGVlOWNlMzk0OTkxLzEvTzlJT3l4UDhoNGxzZUVtZ1NBb0dHUHY4VnN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZmNhZGYtODA2MC00Mzk1LTkyNmQtZGVlOWNlMzk0OTkx
LzEvNjhzT2U1bEJYNWh2VFFnWGY0aTF1UGZycF9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8GQMA0G
CSqGSIb3DQEBCwUAA4IBAQCetPzxuRVp5vb1rz6yjYVnMO/WsoPPtm0iprX9ksZb
KHT2w4JtMrGNGHwQ2SHBRR1i4BVXzsGff9h5AekqRwW9Uq/jI8vixZUNGEbbvQFg
6xOxwuk0H8VfEmqIODW/P5tML+PmBHpd9Qax3UhsXyvrv/hWFxi6ifrxwshQc6CB
pbvGMCjgcRSzwjVjlQFYC9wNy+3QPU4lnSg9MxpZ6tkGl3joEbunEJ6z07rb7ZQN
9il8r85Z9nzwopog+r7fetE+4xFZfCbJAXe5dwauwdgzKrr7iSIaj5+1Wout7ASp
wqnE0k6M/o0ia4tPWgz/A1Vw3Z0ZP1pVSdlJrCqDKfgi
-----END CERTIFICATE-----