Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/aJisK7pqCdtTfEmDDfJOfc34CFc.roa
File:                     aJisK7pqCdtTfEmDDfJOfc34CFc.roa (raw, json)
Hash identifier:          NRicrSpJ6OMiUh6BLkEt8pKq0ye2koYh6PXMEqKe58s=
Subject key identifier:   68:98:AC:2B:BA:6A:09:DB:53:7C:49:83:0D:F2:4E:7D:CD:F8:08:57
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019DABFC877D9CC58DDE14C3C6ADC7B91558
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/aJisK7pqCdtTfEmDDfJOfc34CFc.roa
Signing time:             Mon 20 Apr 2026 17:42:26 +0000
ROA not before:           Mon 20 Apr 2026 17:42:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214833
IP address blocks:        91.220.80.0/24 maxlen: 24
                          185.189.255.0/24 maxlen: 24
                          194.147.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:fc:87:7d:9c:c5:8d:de:14:c3:c6:ad:c7:b9:15:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Apr 20 17:42:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6898ac2bba6a09db537c49830df24e7dcdf80857
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:12:f5:cd:22:a6:b7:05:f1:95:2e:9b:39:49:
                    29:2b:ca:87:3c:94:10:55:bb:87:60:75:ea:2c:20:
                    9d:02:00:d1:5b:62:58:9a:28:5a:a5:2b:d9:c5:af:
                    ce:a7:e3:61:68:33:e0:c8:f9:20:39:a3:d3:5a:bc:
                    dc:61:37:93:1d:4a:00:71:4c:ae:13:01:c1:2b:23:
                    9b:da:d3:d9:f8:4d:bf:72:b9:11:c8:d9:c4:d5:f7:
                    28:08:5c:26:87:f8:d0:76:ce:d4:d4:e6:23:88:48:
                    ee:df:88:28:dc:4e:41:dc:fd:73:10:dd:c8:3e:cd:
                    82:10:aa:21:e8:b6:4c:82:a4:ae:0f:a2:41:38:58:
                    ad:80:73:80:a8:6c:59:4c:12:ea:b2:6f:c3:0d:05:
                    49:a6:d8:02:a3:03:4c:61:96:22:fb:71:75:6b:68:
                    20:06:05:80:92:9e:73:51:5e:86:87:96:44:96:fc:
                    32:17:51:c6:98:6c:ae:5b:ac:84:87:a2:93:fe:c6:
                    8e:08:aa:32:c2:e6:ac:37:5d:ae:a1:a9:80:60:38:
                    3b:47:71:23:44:8c:40:17:53:c9:5d:0c:11:16:ae:
                    5d:40:e9:4e:00:2d:4a:a1:85:60:38:87:21:d5:84:
                    09:34:1e:d7:bd:d5:ee:37:ee:2f:30:a1:0c:73:95:
                    60:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:98:AC:2B:BA:6A:09:DB:53:7C:49:83:0D:F2:4E:7D:CD:F8:08:57
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/aJisK7pqCdtTfEmDDfJOfc34CFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.80.0/24
                  185.189.255.0/24
                  194.147.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:e8:d6:88:d9:2b:a9:d6:c6:57:f1:84:78:24:67:77:79:d9:
         75:f3:73:48:bb:30:88:41:46:11:c2:ba:8f:73:96:be:ea:f4:
         6e:a1:39:c2:22:81:dd:c8:c2:e4:a4:f3:ce:f8:8c:18:b4:7d:
         10:43:6f:fc:59:7a:0e:8e:5c:46:bb:e1:77:f0:a8:51:e7:d0:
         16:5c:f7:d3:06:4d:06:f2:54:15:f1:ba:2f:c3:59:d4:7f:d2:
         01:cf:52:a1:d3:97:1c:f7:af:cf:f9:6e:c9:e3:28:12:bf:95:
         06:3f:92:86:65:4f:1f:b5:a7:1d:c0:a0:3e:d4:19:78:c2:98:
         ef:60:c4:a1:05:4b:81:4e:1f:f1:3f:ab:bf:c8:df:51:bc:8e:
         e6:ea:3d:01:79:e0:c8:1e:03:f6:aa:a3:e6:38:a9:d7:dd:52:
         79:7e:91:30:bd:dd:22:ec:08:58:80:88:cb:b8:20:8f:80:8c:
         01:df:1f:a9:63:c2:4c:d7:62:59:5e:3d:74:d5:92:7d:f2:3b:
         83:77:7f:1d:91:75:eb:91:9d:00:57:cc:7d:89:26:7d:c9:5f:
         07:f1:31:57:af:4c:bf:2f:1b:5b:4e:3c:86:18:ea:b4:4b:c1:
         8c:24:9f:13:73:ff:ad:11:a4:54:9c:6e:7b:21:e2:ad:54:76:
         19:19:b0:5a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2r/Id9nMWN3hTDxq3HuRVYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwNDIwMTc0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODk4YWMyYmJhNmEwOWRiNTM3YzQ5ODMwZGYyNGU3ZGNkZjgwODU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxL1zSKmtwXxlS6bOUkpK8qHPJQQ
VbuHYHXqLCCdAgDRW2JYmihapSvZxa/Op+NhaDPgyPkgOaPTWrzcYTeTHUoAcUyu
EwHBKyOb2tPZ+E2/crkRyNnE1fcoCFwmh/jQds7U1OYjiEju34go3E5B3P1zEN3I
Ps2CEKoh6LZMgqSuD6JBOFitgHOAqGxZTBLqsm/DDQVJptgCowNMYZYi+3F1a2gg
BgWAkp5zUV6Gh5ZElvwyF1HGmGyuW6yEh6KT/saOCKoywuasN12uoamAYDg7R3Ej
RIxAF1PJXQwRFq5dQOlOAC1KoYVgOIch1YQJNB7XvdXuN+4vMKEMc5VgdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGiYrCu6agnbU3xJgw3yTn3N+AhXMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvYUppc0s3cHFDZHRUZkVtRERmSk9mYzM0Q0ZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9xQAwQA
ub3/AwQAwpNaMA0GCSqGSIb3DQEBCwUAA4IBAQAu6NaI2Sup1sZX8YR4JGd3edl1
83NIuzCIQUYRwrqPc5a+6vRuoTnCIoHdyMLkpPPO+IwYtH0QQ2/8WXoOjlxGu+F3
8KhR59AWXPfTBk0G8lQV8bovw1nUf9IBz1Kh05cc96/P+W7J4ygSv5UGP5KGZU8f
tacdwKA+1Bl4wpjvYMShBUuBTh/xP6u/yN9RvI7m6j0BeeDIHgP2qqPmOKnX3VJ5
fpEwvd0i7AhYgIjLuCCPgIwB3x+pY8JM12JZXj101ZJ98juDd38dkXXrkZ0AV8x9
iSZ9yV8H8TFXr0y/LxtbTjyGGOq0S8GMJJ8Tc/+tEaRUnG57IeKtVHYZGbBa
-----END CERTIFICATE-----