Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/yVNkXVkYAsUkDHmi1iOR26VcPwA.roa
File:                     yVNkXVkYAsUkDHmi1iOR26VcPwA.roa (raw, json)
Hash identifier:          9IcESbTw/7zUxZn/VITc3/gUtOCZh9x6GgV2B2YugRU=
Subject key identifier:   C9:53:64:5D:59:18:02:C5:24:0C:79:A2:D6:23:91:DB:A5:5C:3F:00
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       019D1F323D7B26FD45DD745F79A94D984836
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/yVNkXVkYAsUkDHmi1iOR26VcPwA.roa
Signing time:             Tue 24 Mar 2026 09:34:39 +0000
ROA not before:           Tue 24 Mar 2026 09:34:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        91.228.12.0/24 maxlen: 24
                          91.228.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:32:3d:7b:26:fd:45:dd:74:5f:79:a9:4d:98:48:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Mar 24 09:34:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c953645d591802c5240c79a2d62391dba55c3f00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a0:ea:50:bb:bf:d2:dc:f3:a2:ff:2a:de:97:
                    fb:09:66:4f:43:e3:b8:e4:b6:e1:9f:80:85:85:8d:
                    a5:ba:4d:c3:83:f2:44:74:41:cf:4b:8e:b7:c7:ad:
                    ab:26:ae:4f:c2:80:db:ac:07:38:38:bb:57:a3:6d:
                    94:54:75:cd:b7:d4:d3:98:a1:e6:2d:94:71:67:1c:
                    6f:d9:6c:ae:d3:5b:48:f9:86:4b:e2:5f:df:86:f7:
                    55:ed:0f:94:6c:63:58:55:58:a4:ed:50:92:f4:04:
                    92:8b:2d:e7:04:8b:ba:ff:fb:5b:4f:48:42:c5:72:
                    de:11:99:8a:bd:62:81:08:39:a2:87:dc:33:40:be:
                    f1:64:6c:d5:b3:01:a9:11:10:b7:d4:31:02:9c:fa:
                    7e:cd:11:b8:c1:ad:90:b5:c6:97:4f:16:35:ba:09:
                    ae:3b:c6:cb:29:24:fb:19:37:78:75:88:57:73:0c:
                    3e:9d:a3:86:7e:25:7b:b6:b3:e9:d7:30:5e:21:8c:
                    4c:c4:1a:03:40:a9:b2:7c:b4:08:70:31:d1:49:ae:
                    51:9a:d7:c4:39:23:f6:28:cd:5b:8b:19:16:c3:64:
                    25:11:53:18:0c:0e:fe:dc:3d:06:03:ab:68:70:9c:
                    8a:44:9b:75:3b:cd:ab:6a:b7:19:23:6a:73:33:33:
                    e6:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:53:64:5D:59:18:02:C5:24:0C:79:A2:D6:23:91:DB:A5:5C:3F:00
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/yVNkXVkYAsUkDHmi1iOR26VcPwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.12.0/24
                  91.228.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:66:06:c8:72:5f:e7:7b:81:78:6f:be:4e:42:8a:a5:89:6a:
         97:dc:c9:aa:5a:1f:f0:39:4b:ce:80:3b:2a:ce:fa:59:82:3c:
         9d:17:cb:c7:0a:35:e9:04:2c:5b:11:98:7f:9d:af:92:a7:a7:
         97:8e:cd:7b:39:0c:10:38:cf:2f:07:29:44:9a:18:f8:84:38:
         31:43:16:26:9d:0c:50:bf:05:4d:e0:88:ac:86:38:62:a3:a5:
         51:a5:a4:01:61:34:e9:82:b3:6b:11:a4:67:85:27:8c:d0:ef:
         47:ea:80:0e:cf:0d:d9:50:9e:cf:89:3e:99:46:e3:14:cc:5c:
         39:ca:14:45:51:6b:e5:10:1e:80:65:c0:d0:9f:ee:31:5f:b5:
         d0:fc:ab:d6:80:01:fb:ba:7d:7f:6d:c0:07:1f:f8:07:e7:34:
         47:47:8d:86:5c:61:f7:5b:10:6e:a6:88:4f:65:24:ce:2b:e3:
         43:92:12:7d:59:9a:b6:d8:37:14:00:24:ce:6c:52:95:2b:8b:
         a8:6a:04:04:62:77:06:94:f4:18:68:23:93:1a:bc:e1:18:7a:
         f1:0e:c8:d8:71:be:df:32:ee:c9:49:4c:59:8a:8f:d3:f0:f5:
         86:01:4c:b9:34:c6:7f:f7:c7:bf:00:2e:56:df:db:cd:ff:69:
         2b:22:34:a3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0fMj17Jv1F3XRfealNmEg2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjYwMzI0MDkzNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTUzNjQ1ZDU5MTgwMmM1MjQwYzc5YTJkNjIzOTFkYmE1NWMzZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKDqULu/0tzzov8q3pf7CWZPQ+O4
5Lbhn4CFhY2luk3Dg/JEdEHPS463x62rJq5PwoDbrAc4OLtXo22UVHXNt9TTmKHm
LZRxZxxv2Wyu01tI+YZL4l/fhvdV7Q+UbGNYVVik7VCS9ASSiy3nBIu6//tbT0hC
xXLeEZmKvWKBCDmih9wzQL7xZGzVswGpERC31DECnPp+zRG4wa2QtcaXTxY1ugmu
O8bLKST7GTd4dYhXcww+naOGfiV7trPp1zBeIYxMxBoDQKmyfLQIcDHRSa5RmtfE
OSP2KM1bixkWw2QlEVMYDA7+3D0GA6tocJyKRJt1O82rarcZI2pzMzPmPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMlTZF1ZGALFJAx5otYjkdulXD8AMB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEveVZOa1hWa1lBc1VrREhtaTFpT1IyNlZjUHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+QMAwQA
W+QOMA0GCSqGSIb3DQEBCwUAA4IBAQCxZgbIcl/ne4F4b75OQoqliWqX3MmqWh/w
OUvOgDsqzvpZgjydF8vHCjXpBCxbEZh/na+Sp6eXjs17OQwQOM8vBylEmhj4hDgx
QxYmnQxQvwVN4Iishjhio6VRpaQBYTTpgrNrEaRnhSeM0O9H6oAOzw3ZUJ7PiT6Z
RuMUzFw5yhRFUWvlEB6AZcDQn+4xX7XQ/KvWgAH7un1/bcAHH/gH5zRHR42GXGH3
WxBupohPZSTOK+NDkhJ9WZq22DcUACTObFKVK4uoagQEYncGlPQYaCOTGrzhGHrx
DsjYcb7fMu7JSUxZio/T8PWGAUy5NMZ/98e/AC5W39vN/2krIjSj
-----END CERTIFICATE-----