Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/qMmguo9Z2V-BC5t7evoX7K1Fbss.roa
File:                     qMmguo9Z2V-BC5t7evoX7K1Fbss.roa (raw, json)
Hash identifier:          V408yrY8gn/eWE6bGQXHDcnC3POLPttI1BvbFvBLTFM=
Subject key identifier:   A8:C9:A0:BA:8F:59:D9:5F:81:0B:9B:7B:7A:FA:17:EC:AD:45:6E:CB
Certificate issuer:       /CN=5e3a62f1347c1742e5b6e3740244d398b53a513c
Certificate serial:       019D0AE4A521F108C3266A05B2AF2B991494
Authority key identifier: 5E:3A:62:F1:34:7C:17:42:E5:B6:E3:74:02:44:D3:98:B5:3A:51:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xjpi8TR8F0LltuN0AkTTmLU6UTw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/qMmguo9Z2V-BC5t7evoX7K1Fbss.roa
Signing time:             Fri 20 Mar 2026 10:57:29 +0000
ROA not before:           Fri 20 Mar 2026 10:57:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13009
IP address blocks:        91.232.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/Xjpi8TR8F0LltuN0AkTTmLU6UTw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/Xjpi8TR8F0LltuN0AkTTmLU6UTw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xjpi8TR8F0LltuN0AkTTmLU6UTw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 10:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:e4:a5:21:f1:08:c3:26:6a:05:b2:af:2b:99:14:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e3a62f1347c1742e5b6e3740244d398b53a513c
        Validity
            Not Before: Mar 20 10:57:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8c9a0ba8f59d95f810b9b7b7afa17ecad456ecb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:fb:89:a3:e8:d8:c3:8b:4e:b1:06:3b:b4:44:
                    5d:b8:0d:c8:0e:8a:c7:2b:a0:e3:4b:c8:fe:c0:19:
                    10:ec:92:bf:df:0e:3b:0d:e9:b7:b1:17:2e:a2:e5:
                    b5:42:f2:76:40:28:60:4b:ff:46:9c:23:97:d9:67:
                    cd:a9:59:31:b3:ca:07:fe:48:ac:ef:73:ed:8e:10:
                    fd:bb:6e:96:f6:e0:90:d4:64:90:8f:e7:a6:fd:30:
                    67:59:c5:65:41:6c:81:f5:96:ea:ec:0c:1c:4f:cc:
                    d8:b1:14:4e:aa:98:21:1b:e2:9d:29:2f:3e:54:38:
                    a1:81:d4:43:03:d2:f6:70:d4:45:a6:d9:02:31:8c:
                    8b:92:e7:1f:be:fb:80:77:c8:45:e9:e0:9d:ce:3a:
                    cc:d2:35:1e:e3:14:b0:43:b3:a9:58:f1:89:67:c4:
                    c5:46:c9:56:00:3c:9e:19:82:b3:8a:1c:77:35:30:
                    fd:f4:69:84:2c:3c:8c:f8:71:b8:77:25:34:6b:01:
                    44:e3:89:82:39:4d:8b:65:79:e8:d5:ea:3f:01:5a:
                    6c:d0:ed:40:99:26:32:b1:46:75:f0:02:82:f3:26:
                    e8:ad:bd:05:1f:b3:8b:9a:95:32:62:7c:2c:92:94:
                    e8:e4:b1:05:d8:f9:b4:ec:9b:e5:34:91:a9:2f:43:
                    9b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:C9:A0:BA:8F:59:D9:5F:81:0B:9B:7B:7A:FA:17:EC:AD:45:6E:CB
            X509v3 Authority Key Identifier:
                keyid:5E:3A:62:F1:34:7C:17:42:E5:B6:E3:74:02:44:D3:98:B5:3A:51:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xjpi8TR8F0LltuN0AkTTmLU6UTw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/qMmguo9Z2V-BC5t7evoX7K1Fbss.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/425cc1-5014-4979-84eb-025540aff15d/1/Xjpi8TR8F0LltuN0AkTTmLU6UTw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:40:be:ff:eb:4c:08:ad:69:35:57:ff:65:6b:1c:dc:c8:b9:
         5b:6c:eb:5a:ff:0f:35:91:bf:5a:ba:c8:85:6b:f4:a3:3e:e7:
         18:89:1d:6b:6e:75:81:f1:87:46:c2:31:9c:1e:4d:51:39:8b:
         8b:e3:ab:ff:21:eb:ca:ab:38:fe:14:61:e7:21:e9:07:91:91:
         2a:76:c6:22:e3:1d:f3:a4:11:e5:8b:ee:14:27:67:6f:07:bc:
         8e:93:0d:a5:48:6e:67:df:34:8d:2a:c6:9f:7b:23:a7:b3:67:
         a0:03:37:68:e4:a6:72:8d:c2:7f:c0:54:bb:f6:d8:b2:88:ed:
         db:68:66:90:17:1b:b4:ad:f7:b1:35:e4:17:39:5b:27:d1:af:
         bd:28:a1:bf:e3:20:fe:fb:62:25:5b:b7:28:f9:f9:40:bb:bb:
         c9:d1:07:c6:18:cb:79:82:e5:18:1f:f8:43:ac:d4:5a:73:49:
         06:b0:42:2d:a5:b5:56:db:af:18:fa:c7:4d:4d:a9:9e:c3:de:
         4e:0d:f8:6c:5e:33:bf:01:a8:7d:15:8f:ae:4d:2b:d9:a3:58:
         a7:f1:fe:c1:d7:d3:eb:4c:b5:d9:40:85:64:5c:74:40:bd:88:
         17:28:79:f1:0e:ec:b3:ba:33:5d:74:a7:3b:53:a9:d8:d2:4e:
         d8:41:a5:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0K5KUh8QjDJmoFsq8rmRSUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlM2E2MmYxMzQ3YzE3NDJlNWI2ZTM3NDAyNDRkMzk4YjUz
YTUxM2MwHhcNMjYwMzIwMTA1NzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGM5YTBiYThmNTlkOTVmODEwYjliN2I3YWZhMTdlY2FkNDU2ZWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7PuJo+jYw4tOsQY7tERduA3IDorH
K6DjS8j+wBkQ7JK/3w47Dem3sRcuouW1QvJ2QChgS/9GnCOX2WfNqVkxs8oH/kis
73PtjhD9u26W9uCQ1GSQj+em/TBnWcVlQWyB9Zbq7AwcT8zYsRROqpghG+KdKS8+
VDihgdRDA9L2cNRFptkCMYyLkucfvvuAd8hF6eCdzjrM0jUe4xSwQ7OpWPGJZ8TF
RslWADyeGYKzihx3NTD99GmELDyM+HG4dyU0awFE44mCOU2LZXno1eo/AVps0O1A
mSYysUZ18AKC8yborb0FH7OLmpUyYnwskpTo5LEF2Pm07JvlNJGpL0ObzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKjJoLqPWdlfgQube3r6F+ytRW7LMB8GA1UdIwQY
MBaAFF46YvE0fBdC5bbjdAJE05i1OlE8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGpwaThUUjhGMExsdHVOMEFrVFRtTFU2VVR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MjVjYzEtNTAxNC00OTc5LTg0ZWIt
MDI1NTQwYWZmMTVkLzEvcU1tZ3VvOVoyVi1CQzV0N2V2b1g3SzFGYnNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80MjVjYzEtNTAxNC00OTc5LTg0ZWItMDI1NTQwYWZmMTVk
LzEvWGpwaThUUjhGMExsdHVOMEFrVFRtTFU2VVR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hoMA0G
CSqGSIb3DQEBCwUAA4IBAQClQL7/60wIrWk1V/9laxzcyLlbbOta/w81kb9ausiF
a/SjPucYiR1rbnWB8YdGwjGcHk1ROYuL46v/IevKqzj+FGHnIekHkZEqdsYi4x3z
pBHli+4UJ2dvB7yOkw2lSG5n3zSNKsafeyOns2egAzdo5KZyjcJ/wFS79tiyiO3b
aGaQFxu0rfexNeQXOVsn0a+9KKG/4yD++2IlW7co+flAu7vJ0QfGGMt5guUYH/hD
rNRac0kGsEItpbVW268Y+sdNTamew95ODfhsXjO/Aah9FY+uTSvZo1in8f7B19Pr
TLXZQIVkXHRAvYgXKHnxDuyzujNddKc7U6nY0k7YQaVh
-----END CERTIFICATE-----