Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/999eaf-1cf0-4f48-8791-d1e4a5376510/1/0pB9NxgzSPZHGLSwp4FwUaK9fJM.roa
File:                     0pB9NxgzSPZHGLSwp4FwUaK9fJM.roa (raw, json)
Hash identifier:          6Y/maM1irsBi0a5dABbmBVzfEeCT3zKCr4y+VxDWzpI=
Subject key identifier:   D2:90:7D:37:18:33:48:F6:47:18:B4:B0:A7:81:70:51:A2:BD:7C:93
Certificate issuer:       /CN=3a1eebbd18dfaa8055e13551ba0241655daaa352
Certificate serial:       019B7EA6D382D8612E237747A9259E813A5E
Authority key identifier: 3A:1E:EB:BD:18:DF:AA:80:55:E1:35:51:BA:02:41:65:5D:AA:A3:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oh7rvRjfqoBV4TVRugJBZV2qo1I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/76/999eaf-1cf0-4f48-8791-d1e4a5376510/1/0pB9NxgzSPZHGLSwp4FwUaK9fJM.roa
Signing time:             Fri 02 Jan 2026 12:20:20 +0000
ROA not before:           Fri 02 Jan 2026 12:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49431
IP address blocks:        91.212.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/76/999eaf-1cf0-4f48-8791-d1e4a5376510/1/Oh7rvRjfqoBV4TVRugJBZV2qo1I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/76/999eaf-1cf0-4f48-8791-d1e4a5376510/1/Oh7rvRjfqoBV4TVRugJBZV2qo1I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oh7rvRjfqoBV4TVRugJBZV2qo1I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a6:d3:82:d8:61:2e:23:77:47:a9:25:9e:81:3a:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a1eebbd18dfaa8055e13551ba0241655daaa352
        Validity
            Not Before: Jan  2 12:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2907d37183348f64718b4b0a7817051a2bd7c93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1d:b3:93:97:af:27:db:ec:de:4e:ed:a5:70:
                    cc:b6:a9:fc:41:18:c7:c5:9a:c8:e5:7a:00:f7:83:
                    21:c2:bb:3f:0c:ab:a4:d5:06:68:ab:cc:ad:d0:e8:
                    d2:b8:4b:fc:19:84:f3:4c:34:4a:8d:2f:a4:4d:e5:
                    1e:dc:d6:51:00:03:52:68:08:f9:0a:19:eb:b9:42:
                    16:ba:cf:29:7c:b0:2b:ec:8d:b3:12:6c:db:43:f6:
                    c0:fb:47:b0:bf:d9:b5:13:fe:2f:be:88:62:9e:a5:
                    8e:bc:c0:9e:12:1c:2d:76:b4:c3:51:ad:26:e6:ae:
                    17:32:19:fa:58:6a:3d:76:24:3b:40:0f:2b:6c:b1:
                    d2:58:bc:d6:e6:e1:fd:f0:98:60:d9:32:3f:19:f1:
                    da:c8:68:e6:39:55:26:7f:34:5e:2f:40:11:09:79:
                    f6:bb:c7:c4:84:e9:28:31:14:a5:28:aa:d0:0a:66:
                    f9:d1:b4:b8:e2:83:2d:0f:ef:8d:2d:04:e5:4b:69:
                    4f:d1:2a:a0:30:42:a1:1f:a9:bb:14:2a:82:cc:fb:
                    05:0b:22:2e:76:a6:44:5a:56:3c:37:5e:d5:70:95:
                    80:c8:f5:d6:a9:25:4a:e6:1d:48:91:76:f0:84:27:
                    83:a9:b7:38:42:9d:44:19:56:00:a5:94:b4:df:97:
                    f1:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:90:7D:37:18:33:48:F6:47:18:B4:B0:A7:81:70:51:A2:BD:7C:93
            X509v3 Authority Key Identifier:
                keyid:3A:1E:EB:BD:18:DF:AA:80:55:E1:35:51:BA:02:41:65:5D:AA:A3:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oh7rvRjfqoBV4TVRugJBZV2qo1I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/999eaf-1cf0-4f48-8791-d1e4a5376510/1/0pB9NxgzSPZHGLSwp4FwUaK9fJM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/76/999eaf-1cf0-4f48-8791-d1e4a5376510/1/Oh7rvRjfqoBV4TVRugJBZV2qo1I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:bf:ac:f1:14:53:0e:6d:5c:d9:e6:09:cc:63:d3:a5:02:38:
         dd:c4:15:a2:36:13:58:69:88:a5:40:37:31:ce:41:60:06:0c:
         fe:9d:21:7e:31:74:b6:45:be:01:85:21:8f:c0:77:9a:51:10:
         3c:b2:ae:cd:d9:6c:e0:1c:64:17:3d:88:73:0f:0c:b5:c7:54:
         2c:d7:7e:60:e5:9b:06:c7:20:6d:fc:1e:96:6e:4c:30:7c:aa:
         42:81:c7:7a:ca:c1:dc:89:8b:04:90:de:24:aa:dc:38:ff:46:
         be:41:05:80:33:d3:cd:dd:3f:87:3a:36:c6:4a:f2:6b:15:1e:
         ce:f4:63:c6:bd:d4:9d:25:49:e4:7f:1a:df:75:fd:c9:c7:12:
         af:76:fd:20:7c:9d:e5:76:c4:87:29:bd:73:d8:bf:2c:99:1d:
         59:ef:e4:11:5b:de:c7:b6:16:be:b2:8a:b7:dc:47:01:3c:3f:
         67:24:52:1a:2a:fd:26:02:fb:9a:c7:95:e6:44:89:43:e5:32:
         44:c4:1f:4a:33:48:9d:b4:48:6e:57:b4:5b:be:f8:e9:64:62:
         6e:b2:3c:2d:5b:81:d8:c9:2a:bb:b6:0c:6a:42:9c:8e:f1:ac:
         14:32:cc:bc:d0:85:7c:9f:98:bb:42:55:81:66:3b:e3:bc:f8:
         a3:34:63:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ptOC2GEuI3dHqSWegTpeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhMWVlYmJkMThkZmFhODA1NWUxMzU1MWJhMDI0MTY1NWRh
YWEzNTIwHhcNMjYwMTAyMTIyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjkwN2QzNzE4MzM0OGY2NDcxOGI0YjBhNzgxNzA1MWEyYmQ3YzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwB2zk5evJ9vs3k7tpXDMtqn8QRjH
xZrI5XoA94Mhwrs/DKuk1QZoq8yt0OjSuEv8GYTzTDRKjS+kTeUe3NZRAANSaAj5
ChnruUIWus8pfLAr7I2zEmzbQ/bA+0ewv9m1E/4vvohinqWOvMCeEhwtdrTDUa0m
5q4XMhn6WGo9diQ7QA8rbLHSWLzW5uH98Jhg2TI/GfHayGjmOVUmfzReL0ARCXn2
u8fEhOkoMRSlKKrQCmb50bS44oMtD++NLQTlS2lP0SqgMEKhH6m7FCqCzPsFCyIu
dqZEWlY8N17VcJWAyPXWqSVK5h1IkXbwhCeDqbc4Qp1EGVYApZS035fxswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNKQfTcYM0j2Rxi0sKeBcFGivXyTMB8GA1UdIwQY
MBaAFDoe670Y36qAVeE1UboCQWVdqqNSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2g3cnZSamZxb0JWNFRWUnVnSkJaVjJxbzFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni85OTllYWYtMWNmMC00ZjQ4LTg3OTEt
ZDFlNGE1Mzc2NTEwLzEvMHBCOU54Z3pTUFpIR0xTd3A0RndVYUs5ZkpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni85OTllYWYtMWNmMC00ZjQ4LTg3OTEtZDFlNGE1Mzc2NTEw
LzEvT2g3cnZSamZxb0JWNFRWUnVnSkJaVjJxbzFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9T5MA0G
CSqGSIb3DQEBCwUAA4IBAQBrv6zxFFMObVzZ5gnMY9OlAjjdxBWiNhNYaYilQDcx
zkFgBgz+nSF+MXS2Rb4BhSGPwHeaURA8sq7N2WzgHGQXPYhzDwy1x1Qs135g5ZsG
xyBt/B6WbkwwfKpCgcd6ysHciYsEkN4kqtw4/0a+QQWAM9PN3T+HOjbGSvJrFR7O
9GPGvdSdJUnkfxrfdf3JxxKvdv0gfJ3ldsSHKb1z2L8smR1Z7+QRW97Htha+soq3
3EcBPD9nJFIaKv0mAvuax5XmRIlD5TJExB9KM0idtEhuV7RbvvjpZGJusjwtW4HY
ySq7tgxqQpyO8awUMsy80IV8n5i7QlWBZjvjvPijNGOF
-----END CERTIFICATE-----