Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/kZL9IaKbIXWtSeLhiixRuouVuZw.roa
File:                     kZL9IaKbIXWtSeLhiixRuouVuZw.roa (raw, json)
Hash identifier:          +8djmGYeV8gJTDYzSfSw3gkTCCP8XO1MSarDOtJj7zY=
Subject key identifier:   91:92:FD:21:A2:9B:21:75:AD:49:E2:E1:8A:2C:51:BA:8B:95:B9:9C
Certificate issuer:       /CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
Certificate serial:       019E072DB65FD3222EDCE469B99320E957A5
Authority key identifier: DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/kZL9IaKbIXWtSeLhiixRuouVuZw.roa
Signing time:             Fri 08 May 2026 10:41:36 +0000
ROA not before:           Fri 08 May 2026 10:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        91.212.125.0/24 maxlen: 24
                          2a12:6900:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:07:2d:b6:5f:d3:22:2e:dc:e4:69:b9:93:20:e9:57:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dede91a0fb1f4dd17900d06db6e88336f78b5c05
        Validity
            Not Before: May  8 10:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9192fd21a29b2175ad49e2e18a2c51ba8b95b99c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:df:56:e1:38:70:82:86:36:1c:78:cc:68:d9:
                    4a:20:71:e0:3a:22:87:80:c2:c9:2a:18:d0:59:4d:
                    72:fc:13:4b:12:29:02:89:f1:b3:87:5a:a6:f3:2e:
                    d0:f2:ff:37:ed:2c:ba:5d:b7:b0:38:42:d7:c1:cd:
                    f2:4d:de:5f:22:0c:f1:5f:3b:7a:23:d7:df:8f:53:
                    fb:c7:82:ad:54:73:04:80:82:52:12:80:90:43:fe:
                    24:28:59:2c:62:63:3e:18:92:61:d2:03:d0:fc:0c:
                    bb:12:17:ee:aa:51:78:6a:47:4f:d5:2d:c7:c8:37:
                    a9:ae:c5:45:49:a9:cf:90:f0:2a:46:e6:81:87:e4:
                    2c:60:56:79:d6:74:aa:e0:3c:de:3d:e9:4a:30:6b:
                    01:8f:dc:d3:8f:b2:99:30:24:67:c3:57:41:12:8d:
                    bb:36:b8:9e:2b:9c:38:61:af:45:dd:be:0a:93:77:
                    49:cf:48:e1:b9:4c:e9:73:2f:6c:75:28:d8:9e:8c:
                    b7:fd:dd:fe:0f:19:8c:58:58:18:73:e2:b7:db:b9:
                    95:00:66:0b:ce:5f:5b:d0:98:29:bd:bb:73:9c:ae:
                    0c:7b:60:d2:71:f4:59:c9:b6:56:1f:e2:58:c8:fa:
                    fa:e6:65:af:b3:d2:30:51:87:6d:7d:b3:15:6f:0e:
                    1e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:92:FD:21:A2:9B:21:75:AD:49:E2:E1:8A:2C:51:BA:8B:95:B9:9C
            X509v3 Authority Key Identifier:
                keyid:DE:DE:91:A0:FB:1F:4D:D1:79:00:D0:6D:B6:E8:83:36:F7:8B:5C:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3t6RoPsfTdF5ANBttuiDNveLXAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/kZL9IaKbIXWtSeLhiixRuouVuZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/2321d6-bd6c-4b2a-af83-21a700c7119f/1/3t6RoPsfTdF5ANBttuiDNveLXAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.125.0/24
                IPv6:
                  2a12:6900:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:4e:80:b7:58:d3:7c:eb:f8:38:40:fc:b8:75:85:0f:9c:34:
         50:25:66:a0:1d:a2:5f:b1:b3:96:8d:13:e0:60:01:7a:e1:3d:
         5b:3c:a3:ef:82:00:e7:6c:35:b6:73:90:a2:57:e5:8e:79:5a:
         a5:35:0e:2a:7b:d4:5e:ad:36:3f:17:19:c2:93:a6:01:5c:7c:
         7c:f5:a7:30:17:2c:bb:76:c4:28:c2:7d:1a:8a:e8:0c:0e:65:
         e5:50:19:cb:67:f8:c4:93:b1:75:85:7e:d3:27:12:9d:cd:9c:
         e4:59:a7:c6:e5:c2:42:cf:64:3d:d1:b2:38:cb:74:c5:b6:71:
         71:26:56:7b:ba:28:a6:a8:94:94:76:60:15:62:34:55:53:73:
         32:23:ef:94:f4:2a:ae:10:73:71:62:56:b1:bd:9b:18:f6:64:
         b8:9f:84:10:b8:83:42:c7:a4:4a:b0:52:e8:30:f9:7a:7d:53:
         53:ef:e1:47:ce:87:55:58:64:ec:83:50:88:38:7f:db:b1:9e:
         d8:06:ca:e5:72:77:3e:a1:03:18:cb:75:7d:3b:97:51:01:72:
         60:7c:38:f8:15:94:f1:c7:db:f2:59:d7:96:51:5a:32:02:b2:
         d7:98:3a:94:40:5d:52:33:4a:66:98:dc:a3:b3:c6:9b:dc:1c:
         54:fb:37:3b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ4HLbZf0yIu3ORpuZMg6VelMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZGU5MWEwZmIxZjRkZDE3OTAwZDA2ZGI2ZTg4MzM2Zjc4
YjVjMDUwHhcNMjYwNTA4MTA0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTkyZmQyMWEyOWIyMTc1YWQ0OWUyZTE4YTJjNTFiYThiOTViOTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmN9W4ThwgoY2HHjMaNlKIHHgOiKH
gMLJKhjQWU1y/BNLEikCifGzh1qm8y7Q8v837Sy6XbewOELXwc3yTd5fIgzxXzt6
I9ffj1P7x4KtVHMEgIJSEoCQQ/4kKFksYmM+GJJh0gPQ/Ay7EhfuqlF4akdP1S3H
yDeprsVFSanPkPAqRuaBh+QsYFZ51nSq4DzePelKMGsBj9zTj7KZMCRnw1dBEo27
NrieK5w4Ya9F3b4Kk3dJz0jhuUzpcy9sdSjYnoy3/d3+DxmMWFgYc+K327mVAGYL
zl9b0JgpvbtznK4Me2DScfRZybZWH+JYyPr65mWvs9IwUYdtfbMVbw4eDwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJGS/SGimyF1rUni4YosUbqLlbmcMB8GA1UdIwQY
MBaAFN7ekaD7H03ReQDQbbbogzb3i1wFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMt
MjFhNzAwYzcxMTlmLzEva1pMOUlhS2JJWFd0U2VMaGlpeFJ1b3VWdVp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS8yMzIxZDYtYmQ2Yy00YjJhLWFmODMtMjFhNzAwYzcxMTlm
LzEvM3Q2Um9Qc2ZUZEY1QU5CdHR1aUROdmVMWEFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9R9MA8E
AgACMAkDBwAqEmkAAQAwDQYJKoZIhvcNAQELBQADggEBAD5OgLdY03zr+DhA/Lh1
hQ+cNFAlZqAdol+xs5aNE+BgAXrhPVs8o++CAOdsNbZzkKJX5Y55WqU1Dip71F6t
Nj8XGcKTpgFcfHz1pzAXLLt2xCjCfRqK6AwOZeVQGctn+MSTsXWFftMnEp3NnORZ
p8blwkLPZD3RsjjLdMW2cXEmVnu6KKaolJR2YBViNFVTczIj75T0Kq4Qc3FiVrG9
mxj2ZLifhBC4g0LHpEqwUugw+Xp9U1Pv4UfOh1VYZOyDUIg4f9uxntgGyuVydz6h
AxjLdX07l1EBcmB8OPgVlPHH2/JZ15ZRWjICsteYOpRAXVIzSmaY3KOzxpvcHFT7
Nzs=
-----END CERTIFICATE-----