Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/IMvi_cxz_R-ayNNId6HH2kVVpAQ.roa
File:                     IMvi_cxz_R-ayNNId6HH2kVVpAQ.roa (raw, json)
Hash identifier:          6IK4Qty1bIRA82kzLZxrqtFW3xfyNSEpnkEntDA5sT8=
Subject key identifier:   20:CB:E2:FD:CC:73:FD:1F:9A:C8:D3:48:77:A1:C7:DA:45:55:A4:04
Certificate issuer:       /CN=6a8edda2f21c885fbe67286218b8318d6ad23896
Certificate serial:       019D2399409B0B001D344E1F569C107F0592
Authority key identifier: 6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/IMvi_cxz_R-ayNNId6HH2kVVpAQ.roa
Signing time:             Wed 25 Mar 2026 06:05:39 +0000
ROA not before:           Wed 25 Mar 2026 06:05:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198193
IP address blocks:        91.216.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:23:99:40:9b:0b:00:1d:34:4e:1f:56:9c:10:7f:05:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a8edda2f21c885fbe67286218b8318d6ad23896
        Validity
            Not Before: Mar 25 06:05:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20cbe2fdcc73fd1f9ac8d34877a1c7da4555a404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3a:d8:24:62:1f:6b:85:f2:66:86:60:42:ab:
                    05:b8:49:5f:ed:0a:4b:7c:1f:7e:e2:c7:bf:cd:23:
                    30:81:1d:33:25:0c:30:e7:74:d3:94:be:e0:a0:8e:
                    0e:28:31:3c:59:4f:b5:92:34:0d:0a:df:b0:4c:50:
                    a1:6d:15:18:ce:21:ed:5c:fb:bd:8a:c7:4f:47:da:
                    e1:6c:88:5e:8a:6b:53:76:40:38:0b:9f:9b:df:f9:
                    de:76:6f:ae:5b:85:af:88:fe:ad:5c:83:62:64:9a:
                    59:0a:c7:87:09:15:79:50:64:14:2f:be:20:9f:29:
                    3b:ee:5e:75:da:13:60:fc:21:37:21:a1:bb:c7:bf:
                    59:7d:71:42:4f:20:e8:bf:a5:34:3f:c5:02:7f:cf:
                    4f:94:21:30:1a:43:29:fe:5b:26:50:58:a4:56:64:
                    38:eb:89:f3:8c:3c:8f:38:08:c8:3c:ae:5e:8c:51:
                    81:36:97:be:17:98:18:39:dc:19:9b:40:62:7b:ef:
                    01:45:40:dd:83:b3:a1:43:ae:4f:2a:1a:b7:8a:e9:
                    c4:9a:ff:02:ab:73:43:8c:0f:50:e6:da:19:6a:aa:
                    e4:af:b0:a3:ec:0f:55:3e:f3:39:db:24:cf:ab:f0:
                    c2:93:b2:4d:79:e1:e8:56:e5:93:ad:2b:45:d8:1c:
                    e6:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:CB:E2:FD:CC:73:FD:1F:9A:C8:D3:48:77:A1:C7:DA:45:55:A4:04
            X509v3 Authority Key Identifier:
                keyid:6A:8E:DD:A2:F2:1C:88:5F:BE:67:28:62:18:B8:31:8D:6A:D2:38:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ao7dovIciF--ZyhiGLgxjWrSOJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/IMvi_cxz_R-ayNNId6HH2kVVpAQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/6db797-a3d3-4241-903a-0c66840198d0/1/ao7dovIciF--ZyhiGLgxjWrSOJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:80:7b:22:4c:ac:e1:b2:72:0f:2c:6d:64:05:cc:69:16:db:
         a3:54:ca:44:13:76:bc:e4:d1:34:93:fa:1f:1e:c6:0b:34:83:
         cd:62:c7:19:6f:d7:f5:53:c8:22:f6:19:93:28:95:cb:73:95:
         a5:2e:8c:9d:bb:a0:14:35:b4:91:7a:37:1b:f6:bd:c3:86:8a:
         01:9c:24:43:f7:f9:5c:80:68:77:97:3e:63:6c:e3:4a:44:c8:
         a6:c0:67:81:8f:98:85:68:53:b8:29:1d:1f:32:61:7a:65:0d:
         b0:e0:2f:d7:8e:15:88:ab:ea:61:5e:5e:c9:0c:f8:6b:4b:58:
         78:8e:b8:8d:ab:09:5d:75:68:1d:40:a6:c1:93:57:3f:41:b3:
         ff:de:4a:3a:9a:48:41:1a:72:d5:fa:a3:40:b8:0c:66:18:06:
         82:19:30:ff:a3:4e:62:a6:83:09:1f:77:02:ff:69:24:18:48:
         1b:fa:46:14:c1:a0:00:c0:2b:ce:7a:33:de:40:9f:56:93:0f:
         62:fb:68:87:f9:28:94:cb:f3:e2:b6:15:57:13:6e:d3:97:76:
         7f:3e:6c:06:7e:1b:3c:2f:08:a3:96:ea:b4:c8:ca:35:a4:66:
         c7:da:00:dd:f5:08:ca:cf:9a:3d:9c:7b:49:83:b8:a5:e4:9e:
         92:02:50:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0jmUCbCwAdNE4fVpwQfwWSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhOGVkZGEyZjIxYzg4NWZiZTY3Mjg2MjE4YjgzMThkNmFk
MjM4OTYwHhcNMjYwMzI1MDYwNTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGNiZTJmZGNjNzNmZDFmOWFjOGQzNDg3N2ExYzdkYTQ1NTVhNDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvDrYJGIfa4XyZoZgQqsFuElf7QpL
fB9+4se/zSMwgR0zJQww53TTlL7goI4OKDE8WU+1kjQNCt+wTFChbRUYziHtXPu9
isdPR9rhbIheimtTdkA4C5+b3/nedm+uW4WviP6tXINiZJpZCseHCRV5UGQUL74g
nyk77l512hNg/CE3IaG7x79ZfXFCTyDov6U0P8UCf89PlCEwGkMp/lsmUFikVmQ4
64nzjDyPOAjIPK5ejFGBNpe+F5gYOdwZm0Bie+8BRUDdg7OhQ65PKhq3iunEmv8C
q3NDjA9Q5toZaqrkr7Cj7A9VPvM52yTPq/DCk7JNeeHoVuWTrStF2BzmIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCDL4v3Mc/0fmsjTSHehx9pFVaQEMB8GA1UdIwQY
MBaAFGqO3aLyHIhfvmcoYhi4MY1q0jiWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2Et
MGM2Njg0MDE5OGQwLzEvSU12aV9jeHpfUi1heU5OSWQ2SEgya1ZWcEFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS82ZGI3OTctYTNkMy00MjQxLTkwM2EtMGM2Njg0MDE5OGQw
LzEvYW83ZG92SWNpRi0tWnloaUdMZ3hqV3JTT0pZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hJMA0G
CSqGSIb3DQEBCwUAA4IBAQBAgHsiTKzhsnIPLG1kBcxpFtujVMpEE3a85NE0k/of
HsYLNIPNYscZb9f1U8gi9hmTKJXLc5WlLoydu6AUNbSRejcb9r3DhooBnCRD9/lc
gGh3lz5jbONKRMimwGeBj5iFaFO4KR0fMmF6ZQ2w4C/XjhWIq+phXl7JDPhrS1h4
jriNqwlddWgdQKbBk1c/QbP/3ko6mkhBGnLV+qNAuAxmGAaCGTD/o05ipoMJH3cC
/2kkGEgb+kYUwaAAwCvOejPeQJ9Wkw9i+2iH+SiUy/PithVXE27Tl3Z/PmwGfhs8
Lwijluq0yMo1pGbH2gDd9QjKz5o9nHtJg7il5J6SAlBy
-----END CERTIFICATE-----