Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/fe902a-023d-43b5-8b14-3f670a0714d9/1/jEu7pwg2-E1mqN2DpjSiLFBgzdU.roa
File:                     jEu7pwg2-E1mqN2DpjSiLFBgzdU.roa (raw, json)
Hash identifier:          TORAgDcuiUrJI3uCzvwnsqjEqpo7+K175vdEdYU+bdc=
Subject key identifier:   8C:4B:BB:A7:08:36:F8:4D:66:A8:DD:83:A6:34:A2:2C:50:60:CD:D5
Certificate issuer:       /CN=b4dfc03171ad3254380ae51443a3144551e34afa
Certificate serial:       019CDD14730C02CD7E693ABA935595FF3077
Authority key identifier: B4:DF:C0:31:71:AD:32:54:38:0A:E5:14:43:A3:14:45:51:E3:4A:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tN_AMXGtMlQ4CuUUQ6MURVHjSvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/fe902a-023d-43b5-8b14-3f670a0714d9/1/jEu7pwg2-E1mqN2DpjSiLFBgzdU.roa
Signing time:             Wed 11 Mar 2026 13:27:10 +0000
ROA not before:           Wed 11 Mar 2026 13:27:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58309
IP address blocks:        91.205.204.0/22 maxlen: 22
                          109.229.0.0/19 maxlen: 19
                          109.229.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/fe902a-023d-43b5-8b14-3f670a0714d9/1/tN_AMXGtMlQ4CuUUQ6MURVHjSvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/fe902a-023d-43b5-8b14-3f670a0714d9/1/tN_AMXGtMlQ4CuUUQ6MURVHjSvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tN_AMXGtMlQ4CuUUQ6MURVHjSvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dd:14:73:0c:02:cd:7e:69:3a:ba:93:55:95:ff:30:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4dfc03171ad3254380ae51443a3144551e34afa
        Validity
            Not Before: Mar 11 13:27:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c4bbba70836f84d66a8dd83a634a22c5060cdd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:d5:ad:40:40:a4:76:46:21:fd:5a:35:ee:0c:
                    a1:40:98:f0:ee:f3:23:7e:13:81:a0:9d:2d:19:aa:
                    69:30:c5:2c:c3:c5:38:e4:6c:66:e0:32:77:3e:b6:
                    5a:ee:04:4d:19:10:62:25:60:ee:83:66:1f:31:5b:
                    84:b6:0e:99:e5:21:c2:ff:fc:f4:1e:5f:2b:f0:ed:
                    e5:af:fd:76:ec:04:b8:de:d0:db:5e:61:fc:f1:0b:
                    4b:4d:bb:fc:84:a5:51:dc:5b:76:34:3f:75:5a:69:
                    af:d2:14:93:2c:5d:5b:7f:4d:f3:1a:17:fc:6b:03:
                    fb:40:d7:c1:d2:3e:21:26:0f:da:f9:16:de:43:40:
                    03:1e:b2:d2:40:5f:c7:c3:61:de:dd:d6:a4:1d:1b:
                    6b:59:ee:e7:ad:b3:58:59:ec:9c:23:1b:2f:55:56:
                    95:4f:1a:8a:08:df:96:3a:57:be:3b:67:a3:dc:cd:
                    7e:e4:b1:c0:3f:5f:51:36:fb:c2:4e:b7:6a:0f:68:
                    8b:6e:dc:de:51:63:97:7b:03:34:9a:1d:a7:81:e5:
                    cc:4f:5e:21:ce:41:33:3f:2d:25:b7:51:6b:9b:c1:
                    f3:c4:c9:5c:00:4a:8a:1f:17:64:27:9c:7e:80:fb:
                    51:df:0a:d9:d8:12:49:45:64:be:79:e3:d1:8f:b5:
                    46:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:4B:BB:A7:08:36:F8:4D:66:A8:DD:83:A6:34:A2:2C:50:60:CD:D5
            X509v3 Authority Key Identifier:
                keyid:B4:DF:C0:31:71:AD:32:54:38:0A:E5:14:43:A3:14:45:51:E3:4A:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tN_AMXGtMlQ4CuUUQ6MURVHjSvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/fe902a-023d-43b5-8b14-3f670a0714d9/1/jEu7pwg2-E1mqN2DpjSiLFBgzdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/fe902a-023d-43b5-8b14-3f670a0714d9/1/tN_AMXGtMlQ4CuUUQ6MURVHjSvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.205.204.0/22
                  109.229.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         4d:23:22:80:0d:bd:6b:e3:2f:7d:a5:e7:03:42:5a:aa:8a:da:
         9f:db:f5:bc:54:c9:83:b9:ab:e2:e7:f4:b8:99:dc:47:73:ac:
         04:cc:2e:58:13:db:16:f1:e8:ec:c6:48:95:4b:22:ae:2a:6e:
         45:6a:7e:dd:32:a5:9a:ed:fd:75:1a:f7:26:94:d8:db:1f:90:
         a7:de:f3:ed:f5:5b:f9:75:7d:5a:a7:da:53:53:91:6b:f4:62:
         47:ae:56:c3:e8:85:f8:43:a4:e2:41:c9:33:69:81:de:b0:c1:
         05:77:c1:7a:28:96:81:73:9c:85:65:55:4d:67:a5:d5:e3:f7:
         2c:c9:51:9c:16:97:f6:df:67:fe:68:63:93:b7:22:26:c0:78:
         fa:79:00:0b:a3:21:8d:7e:9e:41:32:5e:32:8f:29:29:c7:d6:
         2b:6b:11:48:ca:a2:05:47:f4:f4:7b:da:fb:02:fd:21:3a:a8:
         44:c4:da:9c:40:48:66:6d:46:10:b9:cb:27:e1:3c:f4:72:18:
         9b:89:af:d9:a3:f6:9a:46:c0:fb:06:e3:95:83:01:a8:7a:81:
         c0:d1:6c:f1:44:8c:4b:88:34:2c:09:43:d8:0d:d9:c8:60:5e:
         a6:55:f6:eb:9f:2d:5a:04:7b:fc:ea:ae:db:34:0c:77:cf:b6:
         5c:b0:93:22
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzdFHMMAs1+aTq6k1WV/zB3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZGZjMDMxNzFhZDMyNTQzODBhZTUxNDQzYTMxNDQ1NTFl
MzRhZmEwHhcNMjYwMzExMTMyNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzRiYmJhNzA4MzZmODRkNjZhOGRkODNhNjM0YTIyYzUwNjBjZGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dWtQECkdkYh/Vo17gyhQJjw7vMj
fhOBoJ0tGappMMUsw8U45Gxm4DJ3PrZa7gRNGRBiJWDug2YfMVuEtg6Z5SHC//z0
Hl8r8O3lr/127AS43tDbXmH88QtLTbv8hKVR3Ft2ND91Wmmv0hSTLF1bf03zGhf8
awP7QNfB0j4hJg/a+RbeQ0ADHrLSQF/Hw2He3dakHRtrWe7nrbNYWeycIxsvVVaV
TxqKCN+WOle+O2ej3M1+5LHAP19RNvvCTrdqD2iLbtzeUWOXewM0mh2ngeXMT14h
zkEzPy0lt1Frm8HzxMlcAEqKHxdkJ5x+gPtR3wrZ2BJJRWS+eePRj7VGxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIxLu6cINvhNZqjdg6Y0oixQYM3VMB8GA1UdIwQY
MBaAFLTfwDFxrTJUOArlFEOjFEVR40r6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdE5fQU1YR3RNbFE0Q3VVVVE2TVVSVkhqU3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mZTkwMmEtMDIzZC00M2I1LThiMTQt
M2Y2NzBhMDcxNGQ5LzEvakV1N3B3ZzItRTFtcU4yRHBqU2lMRkJnemRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mZTkwMmEtMDIzZC00M2I1LThiMTQtM2Y2NzBhMDcxNGQ5
LzEvdE5fQU1YR3RNbFE0Q3VVVVE2TVVSVkhqU3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW83MAwQF
beUAMA0GCSqGSIb3DQEBCwUAA4IBAQBNIyKADb1r4y99pecDQlqqitqf2/W8VMmD
uavi5/S4mdxHc6wEzC5YE9sW8ejsxkiVSyKuKm5Fan7dMqWa7f11GvcmlNjbH5Cn
3vPt9Vv5dX1ap9pTU5Fr9GJHrlbD6IX4Q6TiQckzaYHesMEFd8F6KJaBc5yFZVVN
Z6XV4/csyVGcFpf232f+aGOTtyImwHj6eQALoyGNfp5BMl4yjykpx9YraxFIyqIF
R/T0e9r7Av0hOqhExNqcQEhmbUYQucsn4Tz0chibia/Zo/aaRsD7BuOVgwGoeoHA
0WzxRIxLiDQsCUPYDdnIYF6mVfbrny1aBHv86q7bNAx3z7ZcsJMi
-----END CERTIFICATE-----