Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/XEkA6mC0Q571ZIgX0qKfq0MO0eM.roa
File:                     XEkA6mC0Q571ZIgX0qKfq0MO0eM.roa (raw, json)
Hash identifier:          se6LK7vItt1jtS/3zN6GtnYYm7kf1ZfMycgkfPqOIwE=
Subject key identifier:   5C:49:00:EA:60:B4:43:9E:F5:64:88:17:D2:A2:9F:AB:43:0E:D1:E3
Certificate issuer:       /CN=f17f6957fc23b8d46b9d3dc8bc7db122859876f0
Certificate serial:       01993C93FCEDE523C5785903496840B0E218
Authority key identifier: F1:7F:69:57:FC:23:B8:D4:6B:9D:3D:C8:BC:7D:B1:22:85:98:76:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/XEkA6mC0Q571ZIgX0qKfq0MO0eM.roa
Signing time:             Fri 12 Sep 2025 06:19:15 +0000
ROA not before:           Fri 12 Sep 2025 06:19:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64445
IP address blocks:        91.199.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:3c:93:fc:ed:e5:23:c5:78:59:03:49:68:40:b0:e2:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f17f6957fc23b8d46b9d3dc8bc7db122859876f0
        Validity
            Not Before: Sep 12 06:19:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c4900ea60b4439ef5648817d2a29fab430ed1e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a2:c3:2b:d2:da:10:26:12:55:b7:2c:ac:e0:
                    8b:c8:21:61:93:cb:2a:4a:0b:65:77:6e:c5:5c:a1:
                    62:48:a3:87:94:e1:6c:70:83:3b:cd:91:a0:d0:c9:
                    9a:55:4b:f8:a2:b3:08:8c:f7:2b:5e:a3:7e:ee:25:
                    c4:a4:e9:33:36:ba:1b:e9:b0:f1:37:5c:fa:91:f0:
                    cf:11:1d:86:ed:76:a0:93:44:3f:68:dc:1f:83:db:
                    69:e3:72:29:b3:2e:63:7b:8d:56:49:04:d8:c0:f5:
                    d3:17:97:fd:26:53:21:29:97:35:2b:5d:ad:d1:39:
                    42:3a:8e:00:df:38:73:c6:9d:bb:1a:4e:9e:4e:83:
                    02:4c:d1:c7:09:8b:b7:ac:7b:ba:b8:59:50:71:86:
                    28:53:4a:07:d5:94:6d:88:11:1a:c6:4d:05:6b:4b:
                    24:d0:b9:5b:ac:66:49:49:82:67:51:b7:94:00:d2:
                    e4:49:8f:92:bb:28:d7:71:31:34:11:e4:8a:ec:28:
                    c3:9c:04:f3:ae:3b:8a:b5:d2:e8:4d:52:6f:13:73:
                    53:b7:70:9e:c9:f1:9d:67:78:9c:76:14:c3:6a:b2:
                    e5:cb:92:3b:c7:c3:53:57:4d:56:3b:f2:3c:04:dd:
                    8a:67:16:1f:90:bb:a7:4b:81:86:76:f0:e2:d6:70:
                    f5:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:49:00:EA:60:B4:43:9E:F5:64:88:17:D2:A2:9F:AB:43:0E:D1:E3
            X509v3 Authority Key Identifier:
                keyid:F1:7F:69:57:FC:23:B8:D4:6B:9D:3D:C8:BC:7D:B1:22:85:98:76:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8X9pV_wjuNRrnT3IvH2xIoWYdvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/XEkA6mC0Q571ZIgX0qKfq0MO0eM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/2026d3-9f33-463e-8410-726da4e9386b/1/8X9pV_wjuNRrnT3IvH2xIoWYdvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:29:7f:02:4f:55:f5:64:ea:41:b4:66:cb:1d:f5:e7:a6:0e:
         5d:05:28:c5:a4:ba:24:99:a6:17:14:a6:ca:9e:59:30:de:de:
         67:a0:be:8a:bd:4d:f6:fa:9c:d8:61:c4:20:00:bd:27:03:f6:
         b3:20:46:28:b9:d5:20:72:42:8b:28:ca:ba:60:43:f7:1c:6d:
         6b:51:09:a2:16:c2:7f:13:f1:f7:75:78:67:e2:90:58:4f:00:
         cc:ff:a2:cb:df:6c:ea:f0:13:0a:30:b0:74:8d:28:2c:19:f2:
         7a:ab:83:26:b9:a5:03:b4:d9:e0:fa:3f:c5:87:eb:25:a2:6c:
         74:87:cd:d4:f4:a2:23:5d:2b:9f:46:45:0e:bf:b2:c7:1d:7e:
         15:6a:df:65:93:0c:9c:7d:5a:f4:12:c0:96:86:27:a8:30:68:
         b9:c1:c1:ee:17:33:71:e8:4d:6d:e7:53:f9:fa:54:05:10:5e:
         b6:b4:80:9d:31:a5:66:33:72:b6:c5:e1:9e:de:0d:32:61:4a:
         56:96:fb:b8:9d:50:cc:3e:3e:96:52:d2:a5:a5:39:aa:1b:32:
         f2:1f:8c:b8:54:1b:2c:8d:9a:34:77:e8:42:1b:b6:19:46:52:
         a0:ad:4c:43:87:41:7e:6c:80:16:a0:19:98:8a:d2:ab:ef:9d:
         6a:6f:da:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk8k/zt5SPFeFkDSWhAsOIYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxN2Y2OTU3ZmMyM2I4ZDQ2YjlkM2RjOGJjN2RiMTIyODU5
ODc2ZjAwHhcNMjUwOTEyMDYxOTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzQ5MDBlYTYwYjQ0MzllZjU2NDg4MTdkMmEyOWZhYjQzMGVkMWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6LDK9LaECYSVbcsrOCLyCFhk8sq
Sgtld27FXKFiSKOHlOFscIM7zZGg0MmaVUv4orMIjPcrXqN+7iXEpOkzNrob6bDx
N1z6kfDPER2G7Xagk0Q/aNwfg9tp43Ipsy5je41WSQTYwPXTF5f9JlMhKZc1K12t
0TlCOo4A3zhzxp27Gk6eToMCTNHHCYu3rHu6uFlQcYYoU0oH1ZRtiBEaxk0Fa0sk
0LlbrGZJSYJnUbeUANLkSY+SuyjXcTE0EeSK7CjDnATzrjuKtdLoTVJvE3NTt3Ce
yfGdZ3icdhTDarLly5I7x8NTV01WO/I8BN2KZxYfkLunS4GGdvDi1nD1xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxJAOpgtEOe9WSIF9Kin6tDDtHjMB8GA1UdIwQY
MBaAFPF/aVf8I7jUa509yLx9sSKFmHbwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFg5cFZfd2p1TlJyblQzSXZIMnhJb1dZZHZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny8yMDI2ZDMtOWYzMy00NjNlLTg0MTAt
NzI2ZGE0ZTkzODZiLzEvWEVrQTZtQzBRNTcxWklnWDBxS2ZxME1PMGVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny8yMDI2ZDMtOWYzMy00NjNlLTg0MTAtNzI2ZGE0ZTkzODZi
LzEvOFg5cFZfd2p1TlJyblQzSXZIMnhJb1dZZHZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8fTMA0G
CSqGSIb3DQEBCwUAA4IBAQB4KX8CT1X1ZOpBtGbLHfXnpg5dBSjFpLokmaYXFKbK
nlkw3t5noL6KvU32+pzYYcQgAL0nA/azIEYoudUgckKLKMq6YEP3HG1rUQmiFsJ/
E/H3dXhn4pBYTwDM/6LL32zq8BMKMLB0jSgsGfJ6q4MmuaUDtNng+j/Fh+slomx0
h83U9KIjXSufRkUOv7LHHX4Vat9lkwycfVr0EsCWhieoMGi5wcHuFzNx6E1t51P5
+lQFEF62tICdMaVmM3K2xeGe3g0yYUpWlvu4nVDMPj6WUtKlpTmqGzLyH4y4VBss
jZo0d+hCG7YZRlKgrUxDh0F+bIAWoBmYitKr751qb9qo
-----END CERTIFICATE-----