Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/46eec1-86e3-479b-93cf-1035dcc9d489/1/ePRndmdPQkAmQ25IxhGXY-VBItY.roa
File:                     ePRndmdPQkAmQ25IxhGXY-VBItY.roa (raw, json)
Hash identifier:          z8m/69HlbuBNdd6nUe5ZAEp9Wjk/etrtEAsqzncs40c=
Subject key identifier:   78:F4:67:76:67:4F:42:40:26:43:6E:48:C6:11:97:63:E5:41:22:D6
Certificate issuer:       /CN=f51977aa2277725ed10eb5674d5da1d6622f41b7
Certificate serial:       019B76EB48760A023DC5CCE7742A358F29CD
Authority key identifier: F5:19:77:AA:22:77:72:5E:D1:0E:B5:67:4D:5D:A1:D6:62:2F:41:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9Rl3qiJ3cl7RDrVnTV2h1mIvQbc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/46eec1-86e3-479b-93cf-1035dcc9d489/1/ePRndmdPQkAmQ25IxhGXY-VBItY.roa
Signing time:             Thu 01 Jan 2026 00:18:09 +0000
ROA not before:           Thu 01 Jan 2026 00:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48543
IP address blocks:        91.199.21.0/24 maxlen: 24
                          91.222.232.0/22 maxlen: 22
                          94.126.72.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/46eec1-86e3-479b-93cf-1035dcc9d489/1/9Rl3qiJ3cl7RDrVnTV2h1mIvQbc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/46eec1-86e3-479b-93cf-1035dcc9d489/1/9Rl3qiJ3cl7RDrVnTV2h1mIvQbc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9Rl3qiJ3cl7RDrVnTV2h1mIvQbc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:48:76:0a:02:3d:c5:cc:e7:74:2a:35:8f:29:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f51977aa2277725ed10eb5674d5da1d6622f41b7
        Validity
            Not Before: Jan  1 00:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=78f46776674f424026436e48c6119763e54122d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:db:df:a0:8f:17:10:93:3d:bc:30:e9:64:ca:
                    1c:ef:43:a1:a9:a0:06:00:c4:72:f2:ed:90:df:4e:
                    a5:80:04:31:5d:35:cd:88:68:aa:01:04:29:ea:93:
                    3a:ec:34:62:30:55:e4:d0:ef:33:fc:d2:f8:2f:58:
                    57:f1:c7:e3:57:73:0b:12:75:e7:f0:69:b2:51:83:
                    df:6e:04:6e:81:14:21:52:45:5a:d8:f6:10:53:41:
                    53:c9:05:ac:95:b2:4f:09:99:ed:ee:5f:7b:2f:be:
                    6a:72:48:06:c9:7d:40:02:93:30:46:20:3f:a1:ad:
                    44:fe:cb:3d:9c:47:98:90:4b:96:c2:b3:17:3c:49:
                    ca:19:7d:51:32:99:b7:36:93:da:07:87:24:1a:06:
                    21:7e:5c:7f:ee:b1:77:56:b0:a7:a0:01:cd:b0:35:
                    08:e1:39:e0:27:35:b6:3b:20:16:a1:b8:ca:90:d6:
                    ba:3c:a4:60:af:68:fd:86:a9:ad:ff:da:a0:a2:fe:
                    a7:4f:cb:6b:01:37:69:93:da:b7:5f:93:82:03:27:
                    82:96:48:19:c8:4e:9d:64:80:5d:b9:72:32:0f:3d:
                    32:56:dc:69:0e:8f:2c:37:50:f8:53:14:9f:51:77:
                    7c:6d:41:f3:e0:50:df:48:18:83:ee:f4:85:59:38:
                    7e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:F4:67:76:67:4F:42:40:26:43:6E:48:C6:11:97:63:E5:41:22:D6
            X509v3 Authority Key Identifier:
                keyid:F5:19:77:AA:22:77:72:5E:D1:0E:B5:67:4D:5D:A1:D6:62:2F:41:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9Rl3qiJ3cl7RDrVnTV2h1mIvQbc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/46eec1-86e3-479b-93cf-1035dcc9d489/1/ePRndmdPQkAmQ25IxhGXY-VBItY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/46eec1-86e3-479b-93cf-1035dcc9d489/1/9Rl3qiJ3cl7RDrVnTV2h1mIvQbc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.21.0/24
                  91.222.232.0/22
                  94.126.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         37:27:b9:f4:86:f4:fa:52:7f:03:70:12:1f:37:ab:5d:50:90:
         d4:2b:5f:8d:b8:fc:66:b2:46:48:5c:e3:93:b7:ed:63:77:0a:
         f7:a3:e7:28:ce:9c:8f:d6:27:58:51:e9:99:a8:18:c8:3d:d1:
         60:90:8c:14:49:7e:79:46:a9:b0:b1:30:8d:39:ca:56:bf:ed:
         2d:5c:bd:7c:e1:19:6f:5c:26:ec:d1:b2:0a:08:11:89:b9:19:
         e3:7d:af:02:16:b2:99:22:e2:cc:3a:5c:93:41:8f:ee:e3:e3:
         96:16:30:bb:ac:76:b9:59:d8:05:5e:5d:f8:54:32:4f:07:d9:
         b0:50:dc:9a:34:1a:33:71:7c:6d:c1:16:14:a4:39:cd:2c:9c:
         09:59:81:4a:05:8d:1b:56:0d:d4:1b:ef:78:94:1a:cd:f7:98:
         fd:42:92:ef:83:2d:13:24:4d:16:11:8f:0f:0a:16:62:3d:d2:
         0c:e7:1b:c6:a1:86:4b:af:56:8b:af:58:86:f7:1f:0f:f5:43:
         f9:db:ca:81:9c:05:a7:d7:94:4e:ab:93:c0:60:3a:ac:3f:36:
         49:af:61:7f:89:8d:67:7d:e9:fe:63:32:21:da:e4:2f:0b:23:
         6c:6a:c0:b6:d8:07:06:48:38:53:ae:25:fb:0b:de:56:ae:23:
         63:24:93:d4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt260h2CgI9xczndCo1jynNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MTk3N2FhMjI3NzcyNWVkMTBlYjU2NzRkNWRhMWQ2NjIy
ZjQxYjcwHhcNMjYwMTAxMDAxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGY0Njc3NjY3NGY0MjQwMjY0MzZlNDhjNjExOTc2M2U1NDEyMmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5NvfoI8XEJM9vDDpZMoc70OhqaAG
AMRy8u2Q306lgAQxXTXNiGiqAQQp6pM67DRiMFXk0O8z/NL4L1hX8cfjV3MLEnXn
8GmyUYPfbgRugRQhUkVa2PYQU0FTyQWslbJPCZnt7l97L75qckgGyX1AApMwRiA/
oa1E/ss9nEeYkEuWwrMXPEnKGX1RMpm3NpPaB4ckGgYhflx/7rF3VrCnoAHNsDUI
4TngJzW2OyAWobjKkNa6PKRgr2j9hqmt/9qgov6nT8trATdpk9q3X5OCAyeClkgZ
yE6dZIBduXIyDz0yVtxpDo8sN1D4UxSfUXd8bUHz4FDfSBiD7vSFWTh+0QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHj0Z3ZnT0JAJkNuSMYRl2PlQSLWMB8GA1UdIwQY
MBaAFPUZd6oid3Je0Q61Z01dodZiL0G3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVJsM3FpSjNjbDdSRHJWblRWMmgxbUl2UWJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi80NmVlYzEtODZlMy00NzliLTkzY2Yt
MTAzNWRjYzlkNDg5LzEvZVBSbmRtZFBRa0FtUTI1SXhoR1hZLVZCSXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi80NmVlYzEtODZlMy00NzliLTkzY2YtMTAzNWRjYzlkNDg5
LzEvOVJsM3FpSjNjbDdSRHJWblRWMmgxbUl2UWJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW8cVAwQC
W97oAwQDXn5IMA0GCSqGSIb3DQEBCwUAA4IBAQA3J7n0hvT6Un8DcBIfN6tdUJDU
K1+NuPxmskZIXOOTt+1jdwr3o+cozpyP1idYUemZqBjIPdFgkIwUSX55RqmwsTCN
OcpWv+0tXL184RlvXCbs0bIKCBGJuRnjfa8CFrKZIuLMOlyTQY/u4+OWFjC7rHa5
WdgFXl34VDJPB9mwUNyaNBozcXxtwRYUpDnNLJwJWYFKBY0bVg3UG+94lBrN95j9
QpLvgy0TJE0WEY8PChZiPdIM5xvGoYZLr1aLr1iG9x8P9UP528qBnAWn15ROq5PA
YDqsPzZJr2F/iY1nfen+YzIh2uQvCyNsasC22AcGSDhTriX7C95WriNjJJPU
-----END CERTIFICATE-----