Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/4c9e86-1ad7-4a8f-a55b-92cf01fa7e6c/1/OQLXEqiI0-t-jDFZ7Aw_RfcOogA.roa
File:                     OQLXEqiI0-t-jDFZ7Aw_RfcOogA.roa (raw, json)
Hash identifier:          M/HaQZELEO7odM10mCvVSjhkNjEOwFy6fTyGxP3z8UM=
Subject key identifier:   39:02:D7:12:A8:88:D3:EB:7E:8C:31:59:EC:0C:3F:45:F7:0E:A2:00
Certificate issuer:       /CN=fa9832f07a1c65d7e353f48e086fcf25086888ff
Certificate serial:       019B7DCA014A68B1C3045018DC12CF81EB8E
Authority key identifier: FA:98:32:F0:7A:1C:65:D7:E3:53:F4:8E:08:6F:CF:25:08:68:88:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-pgy8HocZdfjU_SOCG_PJQhoiP8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/4c9e86-1ad7-4a8f-a55b-92cf01fa7e6c/1/OQLXEqiI0-t-jDFZ7Aw_RfcOogA.roa
Signing time:             Fri 02 Jan 2026 08:19:09 +0000
ROA not before:           Fri 02 Jan 2026 08:19:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48377
IP address blocks:        91.209.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/4c9e86-1ad7-4a8f-a55b-92cf01fa7e6c/1/1-pgy8HocZdfjU_SOCG_PJQhoiP8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/4c9e86-1ad7-4a8f-a55b-92cf01fa7e6c/1/1-pgy8HocZdfjU_SOCG_PJQhoiP8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-pgy8HocZdfjU_SOCG_PJQhoiP8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 02:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:01:4a:68:b1:c3:04:50:18:dc:12:cf:81:eb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa9832f07a1c65d7e353f48e086fcf25086888ff
        Validity
            Not Before: Jan  2 08:19:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3902d712a888d3eb7e8c3159ec0c3f45f70ea200
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:9d:42:49:0f:00:03:de:c9:19:86:81:c2:a9:
                    fd:03:2d:79:26:66:16:05:87:ef:26:bd:45:84:10:
                    1d:db:48:c8:12:8f:82:cf:16:3b:97:80:42:47:27:
                    bf:df:b3:88:95:1c:3f:ef:4e:3f:33:d4:f2:51:4a:
                    3c:59:e3:9e:a9:4f:6c:85:66:72:d3:4d:07:1c:0f:
                    69:29:21:67:cf:33:c8:c3:ed:7a:7a:e3:65:3a:16:
                    f2:14:f4:9f:5b:31:c7:d2:aa:26:6b:44:f4:31:14:
                    08:89:73:83:82:ea:1d:d3:46:d4:45:52:12:61:77:
                    1e:eb:55:55:04:0b:22:16:ec:53:32:69:44:91:0b:
                    2a:e0:92:26:61:d2:7f:5c:e3:2b:9d:53:99:80:58:
                    71:7a:d2:37:d1:b9:7c:f3:0f:da:13:57:2c:e4:c3:
                    c3:67:7d:02:34:6e:4e:dc:26:7d:8e:b0:c9:46:f8:
                    94:0d:64:fa:f4:c7:57:19:c0:51:7d:d9:81:9e:ee:
                    7c:fb:36:c3:67:f7:fd:e1:9b:ab:07:d0:1f:6d:95:
                    ab:70:43:01:f0:90:14:c4:51:59:15:37:ff:65:a3:
                    aa:d1:4f:0b:75:27:61:84:1b:f8:11:7d:02:97:f0:
                    8f:e3:d9:dc:b6:e2:42:a7:3e:49:34:d7:f0:02:84:
                    b0:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:02:D7:12:A8:88:D3:EB:7E:8C:31:59:EC:0C:3F:45:F7:0E:A2:00
            X509v3 Authority Key Identifier:
                keyid:FA:98:32:F0:7A:1C:65:D7:E3:53:F4:8E:08:6F:CF:25:08:68:88:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-pgy8HocZdfjU_SOCG_PJQhoiP8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/4c9e86-1ad7-4a8f-a55b-92cf01fa7e6c/1/OQLXEqiI0-t-jDFZ7Aw_RfcOogA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/4c9e86-1ad7-4a8f-a55b-92cf01fa7e6c/1/1-pgy8HocZdfjU_SOCG_PJQhoiP8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:c9:40:8a:64:48:6c:97:79:22:88:b2:41:d2:7b:35:89:3d:
         1c:ef:2a:67:03:a8:59:48:b1:35:5b:e6:38:b6:97:96:2e:dc:
         1f:c2:4d:d5:12:68:d2:8f:8a:64:a7:f9:46:a8:f1:7f:50:7f:
         09:c5:fe:1d:0f:84:d1:55:04:27:45:bb:b4:64:32:19:a4:c0:
         85:aa:27:d0:1e:45:e5:06:21:ec:f9:fc:a2:4c:13:0f:63:44:
         fd:03:80:62:5e:8a:66:ff:e2:b0:5b:1d:c8:04:7a:31:fb:88:
         a4:42:98:cc:11:13:85:9a:62:e4:ff:ee:0f:27:d5:2f:6e:c4:
         1c:c4:74:3c:e6:2a:a6:33:50:38:a7:81:87:f1:1f:51:a6:77:
         5f:28:92:a3:a8:43:66:40:b4:38:66:47:bf:61:59:e4:71:42:
         d1:d5:d7:26:e3:30:6f:3e:c4:b5:32:63:32:e5:79:37:df:ca:
         f9:31:90:7d:c3:34:83:c6:92:a5:fe:68:4c:8d:a0:8f:0c:c7:
         db:85:01:dd:63:16:79:19:1a:9b:59:b5:06:3d:76:4d:aa:74:
         43:72:2e:e8:0d:0c:c6:9d:73:0d:16:c8:c0:1d:60:12:2f:cc:
         da:a9:d6:a8:1e:fb:c5:30:5a:36:49:bf:35:ab:d9:72:e4:f6:
         f4:93:3e:df
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt9ygFKaLHDBFAY3BLPgeuOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhOTgzMmYwN2ExYzY1ZDdlMzUzZjQ4ZTA4NmZjZjI1MDg2
ODg4ZmYwHhcNMjYwMTAyMDgxOTA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTAyZDcxMmE4ODhkM2ViN2U4YzMxNTllYzBjM2Y0NWY3MGVhMjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9J1CSQ8AA97JGYaBwqn9Ay15JmYW
BYfvJr1FhBAd20jIEo+CzxY7l4BCRye/37OIlRw/704/M9TyUUo8WeOeqU9shWZy
000HHA9pKSFnzzPIw+16euNlOhbyFPSfWzHH0qoma0T0MRQIiXODguod00bURVIS
YXce61VVBAsiFuxTMmlEkQsq4JImYdJ/XOMrnVOZgFhxetI30bl88w/aE1cs5MPD
Z30CNG5O3CZ9jrDJRviUDWT69MdXGcBRfdmBnu58+zbDZ/f94ZurB9AfbZWrcEMB
8JAUxFFZFTf/ZaOq0U8LdSdhhBv4EX0Cl/CP49nctuJCpz5JNNfwAoSwDwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDkC1xKoiNPrfowxWewMP0X3DqIAMB8GA1UdIwQY
MBaAFPqYMvB6HGXX41P0jghvzyUIaIj/MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1wZ3k4SG9jWmRmalVfU09DR19QSlFob2lQOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDEvNGM5ZTg2LTFhZDctNGE4Zi1hNTVi
LTkyY2YwMWZhN2U2Yy8xL09RTFhFcWlJMC10LWpERlo3QXdfUmZjT29nQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDEvNGM5ZTg2LTFhZDctNGE4Zi1hNTViLTkyY2YwMWZhN2U2
Yy8xLzEtcGd5OEhvY1pkZmpVX1NPQ0dfUEpRaG9pUDguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb0X4w
DQYJKoZIhvcNAQELBQADggEBAEjJQIpkSGyXeSKIskHSezWJPRzvKmcDqFlIsTVb
5ji2l5Yu3B/CTdUSaNKPimSn+Uao8X9QfwnF/h0PhNFVBCdFu7RkMhmkwIWqJ9Ae
ReUGIez5/KJMEw9jRP0DgGJeimb/4rBbHcgEejH7iKRCmMwRE4WaYuT/7g8n1S9u
xBzEdDzmKqYzUDingYfxH1Gmd18okqOoQ2ZAtDhmR79hWeRxQtHV1ybjMG8+xLUy
YzLleTffyvkxkH3DNIPGkqX+aEyNoI8Mx9uFAd1jFnkZGptZtQY9dk2qdENyLugN
DMadcw0WyMAdYBIvzNqp1qge+8UwWjZJvzWr2XLk9vSTPt8=
-----END CERTIFICATE-----