Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/octKgTiP9lDmeXEgs2Q1zE4qib8.roa
File:                     octKgTiP9lDmeXEgs2Q1zE4qib8.roa (raw, json)
Hash identifier:          /v6RSOFXxlbHWvAMobJnD3DEpi/GGgcUjFIOqnGBes8=
Subject key identifier:   A1:CB:4A:81:38:8F:F6:50:E6:79:71:20:B3:64:35:CC:4E:2A:89:BF
Certificate issuer:       /CN=4d49a64c8a87812495e8d4dac40580a06d1e1658
Certificate serial:       019CD74A36CA60306A7BEBD906CDD333A0D4
Authority key identifier: 4D:49:A6:4C:8A:87:81:24:95:E8:D4:DA:C4:05:80:A0:6D:1E:16:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TUmmTIqHgSSV6NTaxAWAoG0eFlg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/octKgTiP9lDmeXEgs2Q1zE4qib8.roa
Signing time:             Tue 10 Mar 2026 10:28:10 +0000
ROA not before:           Tue 10 Mar 2026 10:28:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201827
IP address blocks:        91.216.76.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/TUmmTIqHgSSV6NTaxAWAoG0eFlg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/TUmmTIqHgSSV6NTaxAWAoG0eFlg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TUmmTIqHgSSV6NTaxAWAoG0eFlg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:4a:36:ca:60:30:6a:7b:eb:d9:06:cd:d3:33:a0:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d49a64c8a87812495e8d4dac40580a06d1e1658
        Validity
            Not Before: Mar 10 10:28:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1cb4a81388ff650e6797120b36435cc4e2a89bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0d:6f:66:26:48:c3:4c:dd:6a:31:8a:7c:6c:
                    ca:9b:61:a6:19:4f:66:93:81:47:84:7e:63:5b:df:
                    86:e7:77:ce:25:63:56:79:a8:7c:b7:71:d1:d7:1e:
                    a6:39:81:c5:c6:af:49:bc:22:56:79:6b:d0:e5:11:
                    ae:9c:af:54:25:db:1d:f1:08:34:d5:81:5d:30:4a:
                    d5:f8:f3:fb:98:3c:ef:fd:2e:30:48:32:b6:e3:52:
                    e0:65:42:7a:fd:5c:ae:c6:3d:9c:5e:92:59:b2:c5:
                    6b:70:05:25:c2:3f:bc:5d:59:47:24:89:07:02:16:
                    8c:12:ac:35:0e:5a:0f:01:d6:77:a2:35:3a:93:9b:
                    fe:4b:eb:8f:2f:4c:d1:da:b1:30:69:1b:1f:db:59:
                    4d:86:de:47:24:22:0a:dc:5b:1d:b5:77:f7:96:3c:
                    41:07:38:4b:9b:ce:48:62:39:e1:e1:b6:48:d6:23:
                    68:be:73:35:9b:48:d1:ec:36:4f:2c:87:2b:eb:96:
                    84:9c:bb:b7:d1:53:5f:31:36:19:8d:d8:7f:a2:6e:
                    4d:78:9d:bf:06:1c:4f:a1:b5:93:0f:be:dd:91:3c:
                    a2:2b:ea:5d:41:e1:12:64:da:b2:3e:59:54:5a:4c:
                    ec:5e:b3:1e:df:17:c9:2a:84:12:07:2b:74:ac:db:
                    53:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:CB:4A:81:38:8F:F6:50:E6:79:71:20:B3:64:35:CC:4E:2A:89:BF
            X509v3 Authority Key Identifier:
                keyid:4D:49:A6:4C:8A:87:81:24:95:E8:D4:DA:C4:05:80:A0:6D:1E:16:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TUmmTIqHgSSV6NTaxAWAoG0eFlg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/octKgTiP9lDmeXEgs2Q1zE4qib8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/161d71-fd23-4615-b81a-5b5efbeadfd4/1/TUmmTIqHgSSV6NTaxAWAoG0eFlg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:fc:6d:bc:d3:19:96:6b:c4:10:0e:11:f3:87:14:c4:4b:1d:
         16:b6:2d:c8:ba:50:1e:46:d9:12:1c:e4:76:a0:75:a3:ea:fb:
         eb:b7:01:c2:cc:65:62:84:24:f2:17:b3:ba:cd:5c:31:dd:a4:
         dd:4d:21:cf:57:4a:6f:c2:aa:fc:46:0b:14:9f:4e:3c:45:a3:
         03:dc:8b:88:a7:44:c3:d4:a3:43:2c:2b:80:38:23:b6:52:49:
         34:50:e7:c6:b4:1b:08:ff:4b:2c:c6:1e:c1:23:90:a8:af:a1:
         60:49:79:f1:4f:93:14:1c:e7:33:77:3f:22:a4:83:c5:8f:fe:
         e0:ea:ff:80:dd:d9:fe:07:65:28:2b:67:b7:38:c6:72:17:06:
         21:c8:29:d7:66:6f:12:4e:01:0d:eb:40:fb:3d:35:2f:53:41:
         6f:9d:84:4c:d7:55:44:05:7f:19:2b:b2:f7:8f:f2:de:22:55:
         8e:e0:a5:ed:1b:b1:05:1c:b5:e2:9a:d3:17:d1:ed:f3:d8:b0:
         17:e2:0e:10:65:fc:37:ec:53:fc:7f:55:ea:3b:77:52:2c:be:
         77:f3:e0:b0:0f:77:9d:c5:fc:65:ab:8f:95:a8:86:39:a9:7a:
         ad:7e:57:82:01:6c:92:8a:7b:66:aa:a6:75:da:20:2f:3a:ce:
         e9:92:fe:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzXSjbKYDBqe+vZBs3TM6DUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNDlhNjRjOGE4NzgxMjQ5NWU4ZDRkYWM0MDU4MGEwNmQx
ZTE2NTgwHhcNMjYwMzEwMTAyODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWNiNGE4MTM4OGZmNjUwZTY3OTcxMjBiMzY0MzVjYzRlMmE4OWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAow1vZiZIw0zdajGKfGzKm2GmGU9m
k4FHhH5jW9+G53fOJWNWeah8t3HR1x6mOYHFxq9JvCJWeWvQ5RGunK9UJdsd8Qg0
1YFdMErV+PP7mDzv/S4wSDK241LgZUJ6/Vyuxj2cXpJZssVrcAUlwj+8XVlHJIkH
AhaMEqw1DloPAdZ3ojU6k5v+S+uPL0zR2rEwaRsf21lNht5HJCIK3FsdtXf3ljxB
BzhLm85IYjnh4bZI1iNovnM1m0jR7DZPLIcr65aEnLu30VNfMTYZjdh/om5NeJ2/
BhxPobWTD77dkTyiK+pdQeESZNqyPllUWkzsXrMe3xfJKoQSByt0rNtTLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHLSoE4j/ZQ5nlxILNkNcxOKom/MB8GA1UdIwQY
MBaAFE1JpkyKh4EklejU2sQFgKBtHhZYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFVtbVRJcUhnU1NWNk5UYXhBV0FvRzBlRmxnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8xNjFkNzEtZmQyMy00NjE1LWI4MWEt
NWI1ZWZiZWFkZmQ0LzEvb2N0S2dUaVA5bERtZVhFZ3MyUTF6RTRxaWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8xNjFkNzEtZmQyMy00NjE1LWI4MWEtNWI1ZWZiZWFkZmQ0
LzEvVFVtbVRJcUhnU1NWNk5UYXhBV0FvRzBlRmxnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hMMA0G
CSqGSIb3DQEBCwUAA4IBAQCs/G280xmWa8QQDhHzhxTESx0Wti3IulAeRtkSHOR2
oHWj6vvrtwHCzGVihCTyF7O6zVwx3aTdTSHPV0pvwqr8RgsUn048RaMD3IuIp0TD
1KNDLCuAOCO2Ukk0UOfGtBsI/0ssxh7BI5Cor6FgSXnxT5MUHOczdz8ipIPFj/7g
6v+A3dn+B2UoK2e3OMZyFwYhyCnXZm8STgEN60D7PTUvU0FvnYRM11VEBX8ZK7L3
j/LeIlWO4KXtG7EFHLXimtMX0e3z2LAX4g4QZfw37FP8f1XqO3dSLL538+CwD3ed
xfxlq4+VqIY5qXqtfleCAWySintmqqZ12iAvOs7pkv6C
-----END CERTIFICATE-----