Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/02aNuL727YimobKqbRL2RjkCGsc.roa
File:                     02aNuL727YimobKqbRL2RjkCGsc.roa (raw, json)
Hash identifier:          oYsmI39E8S+vq9s+1QolNYuR35O5QRqsFtuYCX7LY/8=
Subject key identifier:   D3:66:8D:B8:BE:F6:ED:88:A6:A1:B2:AA:6D:12:F6:46:39:02:1A:C7
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019DCECE1C3F323900B4D855077A9F0A2273
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/02aNuL727YimobKqbRL2RjkCGsc.roa
Signing time:             Mon 27 Apr 2026 11:58:27 +0000
ROA not before:           Mon 27 Apr 2026 11:58:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199760
IP address blocks:        91.239.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:ce:1c:3f:32:39:00:b4:d8:55:07:7a:9f:0a:22:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Apr 27 11:58:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3668db8bef6ed88a6a1b2aa6d12f64639021ac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:06:3c:31:63:35:a5:09:bd:60:4b:39:08:8e:
                    67:64:8b:cb:6e:86:9b:86:d5:11:d1:eb:2b:ba:99:
                    33:33:46:69:ba:90:4f:ac:6b:e9:3f:08:08:43:0d:
                    97:d1:03:5e:69:f6:3a:12:75:67:bf:31:a9:e9:07:
                    21:66:25:a6:4f:e0:ee:a8:98:e6:4a:90:80:3d:58:
                    b8:49:a1:f0:32:de:57:bf:08:05:6e:57:74:83:f5:
                    e9:29:cc:c7:ef:18:e2:4a:bf:cc:0e:4b:90:df:a9:
                    b6:34:39:fe:15:5a:8f:4f:fc:db:0a:81:95:c8:fb:
                    04:55:6c:7a:3d:09:e7:f9:e3:25:19:97:82:27:5f:
                    9e:68:7b:85:ac:45:75:32:90:0c:b0:2d:d8:6b:03:
                    42:15:c1:b4:73:eb:5c:55:5e:81:e0:a8:e7:f0:06:
                    d1:f3:51:0a:30:93:d1:1a:ed:77:b6:9a:be:a9:fe:
                    f1:9f:09:0b:b9:9e:a9:03:e6:e5:c1:2f:e7:5c:c1:
                    a1:f9:f9:42:ab:1c:90:a5:78:44:fa:50:5f:f8:16:
                    2d:fa:c9:31:c7:63:df:cd:a9:3c:46:5f:75:a9:06:
                    ab:b3:09:a2:89:e6:cc:49:42:ff:2a:d8:86:e4:61:
                    a3:68:41:87:7c:99:fb:85:01:0e:fd:f9:b4:ad:a6:
                    96:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:66:8D:B8:BE:F6:ED:88:A6:A1:B2:AA:6D:12:F6:46:39:02:1A:C7
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/02aNuL727YimobKqbRL2RjkCGsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:ad:f9:f5:fb:f9:51:e9:21:fe:0f:52:37:55:a8:ac:5a:fd:
         f7:37:ab:02:1e:0a:50:6b:48:42:c2:c7:dd:35:2a:28:6a:36:
         cf:02:c7:7b:17:2c:56:f5:04:73:2f:7f:68:7b:83:06:89:3c:
         2b:ef:45:6e:90:61:e7:32:2c:e8:53:66:b6:5f:5e:d9:77:c1:
         a4:46:47:b0:9c:bd:6f:43:c0:a5:1f:1e:0b:fa:83:c9:1b:aa:
         e3:9b:27:bc:20:2c:5b:9f:3d:ce:02:59:4f:0a:e7:48:c0:ec:
         0a:67:b1:1a:ec:b0:1c:fe:20:3a:b2:9f:64:a6:0b:ee:95:ff:
         29:46:a4:45:44:20:10:50:5e:5a:36:59:c9:59:49:86:21:01:
         28:b6:b3:39:9d:45:af:cb:e0:17:24:97:4a:1c:e2:2b:9a:09:
         44:b3:25:78:0c:d1:0c:d8:d2:d9:10:68:33:02:1b:72:e3:d6:
         f5:35:2a:44:d8:e3:19:9c:f3:38:30:14:80:71:79:45:df:be:
         93:9f:a5:d6:23:dd:8a:f2:f1:59:25:3f:ad:0e:9f:68:c4:8c:
         89:1e:9b:f9:d3:13:9e:2d:fe:5d:a1:45:2e:86:98:6f:46:96:
         da:7d:4b:9f:ef:09:79:ba:a2:f3:07:6d:ae:89:be:94:ec:68:
         47:e8:93:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Ozhw/MjkAtNhVB3qfCiJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwNDI3MTE1ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY2OGRiOGJlZjZlZDg4YTZhMWIyYWE2ZDEyZjY0NjM5MDIxYWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQY8MWM1pQm9YEs5CI5nZIvLboab
htUR0esrupkzM0ZpupBPrGvpPwgIQw2X0QNeafY6EnVnvzGp6QchZiWmT+DuqJjm
SpCAPVi4SaHwMt5XvwgFbld0g/XpKczH7xjiSr/MDkuQ36m2NDn+FVqPT/zbCoGV
yPsEVWx6PQnn+eMlGZeCJ1+eaHuFrEV1MpAMsC3YawNCFcG0c+tcVV6B4Kjn8AbR
81EKMJPRGu13tpq+qf7xnwkLuZ6pA+blwS/nXMGh+flCqxyQpXhE+lBf+BYt+skx
x2Pfzak8Rl91qQarswmiiebMSUL/KtiG5GGjaEGHfJn7hQEO/fm0raaWvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNNmjbi+9u2IpqGyqm0S9kY5AhrHMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvMDJhTnVMNzI3WWltb2JLcWJSTDJSamtDR3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/ZMA0G
CSqGSIb3DQEBCwUAA4IBAQATrfn1+/lR6SH+D1I3VaisWv33N6sCHgpQa0hCwsfd
NSooajbPAsd7FyxW9QRzL39oe4MGiTwr70VukGHnMizoU2a2X17Zd8GkRkewnL1v
Q8ClHx4L+oPJG6rjmye8ICxbnz3OAllPCudIwOwKZ7Ea7LAc/iA6sp9kpgvulf8p
RqRFRCAQUF5aNlnJWUmGIQEotrM5nUWvy+AXJJdKHOIrmglEsyV4DNEM2NLZEGgz
Ahty49b1NSpE2OMZnPM4MBSAcXlF376Tn6XWI92K8vFZJT+tDp9oxIyJHpv50xOe
Lf5doUUuhphvRpbafUuf7wl5uqLzB22uib6U7GhH6JNT
-----END CERTIFICATE-----