Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/8e16cf-cd3b-4177-a045-1c28e1cd5745/1/4dZ5wQsi7U41QTXI2qdC87h3QYA.roa
File:                     4dZ5wQsi7U41QTXI2qdC87h3QYA.roa (raw, json)
Hash identifier:          cdp2Vgo8w6oqF8dBRRawmvhbyMNU+pB+K20SC6qh0P4=
Subject key identifier:   E1:D6:79:C1:0B:22:ED:4E:35:41:35:C8:DA:A7:42:F3:B8:77:41:80
Certificate issuer:       /CN=e981cd1fc6c32e4b3b7c9c538b04dd30a811c3cb
Certificate serial:       019D19AE59A5BBF39DECE2D09F9ABBD76B31
Authority key identifier: E9:81:CD:1F:C6:C3:2E:4B:3B:7C:9C:53:8B:04:DD:30:A8:11:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6YHNH8bDLks7fJxTiwTdMKgRw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/8e16cf-cd3b-4177-a045-1c28e1cd5745/1/4dZ5wQsi7U41QTXI2qdC87h3QYA.roa
Signing time:             Mon 23 Mar 2026 07:52:29 +0000
ROA not before:           Mon 23 Mar 2026 07:52:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34984
IP address blocks:        91.220.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/8e16cf-cd3b-4177-a045-1c28e1cd5745/1/6YHNH8bDLks7fJxTiwTdMKgRw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/8e16cf-cd3b-4177-a045-1c28e1cd5745/1/6YHNH8bDLks7fJxTiwTdMKgRw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6YHNH8bDLks7fJxTiwTdMKgRw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:19:ae:59:a5:bb:f3:9d:ec:e2:d0:9f:9a:bb:d7:6b:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e981cd1fc6c32e4b3b7c9c538b04dd30a811c3cb
        Validity
            Not Before: Mar 23 07:52:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e1d679c10b22ed4e354135c8daa742f3b8774180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:1a:ba:09:97:a4:1e:97:b1:d9:dc:3c:9b:91:
                    83:2d:a5:4e:80:bc:2b:4e:de:24:62:d3:33:11:29:
                    72:ac:2b:7a:b0:40:7c:fb:1f:1d:5a:31:b0:36:52:
                    a7:83:02:11:5b:66:e7:0d:11:d5:8f:d2:cd:32:83:
                    75:81:44:e6:3a:d9:00:4c:d9:3b:09:3f:7e:f3:4d:
                    ee:8a:cb:32:99:93:18:ec:ab:af:f0:03:e9:cf:b8:
                    f8:2e:38:d5:53:a5:db:41:72:8f:ec:70:31:9b:aa:
                    8d:e2:8e:e7:79:72:09:5a:32:77:fd:85:41:08:a7:
                    6a:24:c9:10:bf:97:be:61:d3:84:7e:9d:4c:85:a8:
                    73:85:51:d0:6a:40:48:de:b8:65:b8:13:86:a1:cf:
                    b6:31:d2:d7:ba:13:18:60:d5:d1:ff:70:b9:35:a9:
                    4f:2f:fe:af:80:d0:d1:66:2c:73:70:9d:31:e2:a9:
                    00:5a:89:ef:f4:c5:8a:54:0a:6c:b5:d4:8c:73:fc:
                    93:7d:86:1d:18:5d:e2:e8:80:3d:97:46:1f:69:25:
                    83:75:d2:80:23:7f:cf:c2:bf:a8:de:97:04:fa:61:
                    52:e7:3f:f5:ac:c5:20:76:32:18:bb:e1:ec:7e:81:
                    f8:50:9f:28:9d:ea:72:ec:7c:2f:8c:6c:7f:05:04:
                    5b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:D6:79:C1:0B:22:ED:4E:35:41:35:C8:DA:A7:42:F3:B8:77:41:80
            X509v3 Authority Key Identifier:
                keyid:E9:81:CD:1F:C6:C3:2E:4B:3B:7C:9C:53:8B:04:DD:30:A8:11:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6YHNH8bDLks7fJxTiwTdMKgRw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/8e16cf-cd3b-4177-a045-1c28e1cd5745/1/4dZ5wQsi7U41QTXI2qdC87h3QYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/8e16cf-cd3b-4177-a045-1c28e1cd5745/1/6YHNH8bDLks7fJxTiwTdMKgRw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.220.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:53:1d:6e:32:a6:96:ff:df:8e:e8:6c:70:b1:ec:93:34:04:
         90:43:ce:d9:24:f3:4d:94:54:1a:9b:c7:5e:fe:54:dc:ff:c9:
         86:76:5b:fc:01:ed:36:db:b0:13:9d:ad:f8:3d:c7:18:ff:9c:
         f1:5a:ed:a3:a3:ce:f5:29:05:d0:ae:2c:29:9f:6b:22:25:83:
         f4:25:3b:27:c2:b6:1e:12:79:36:96:4f:dd:1b:7d:e6:c4:75:
         47:93:1c:6d:31:3d:49:79:71:25:09:01:f7:c6:9e:bc:e2:56:
         82:3d:2b:90:63:7c:7b:ed:af:43:3d:bb:46:b1:ec:fa:90:c8:
         5c:4d:c8:36:d6:fd:e7:28:71:91:19:b3:22:fa:01:ff:e2:36:
         2f:8e:83:0b:4d:60:17:71:2d:91:95:d0:35:bc:18:68:f4:78:
         6f:7c:0a:54:c5:37:c9:72:a1:5b:93:74:9e:2b:bf:9e:10:24:
         2e:20:34:94:a7:af:da:c8:76:0e:b9:c9:c9:2c:8d:fe:be:88:
         61:c3:e1:2d:6b:cc:b4:06:10:63:00:6b:19:88:4a:51:00:46:
         c5:b4:a7:bf:6c:a8:8d:00:5c:04:4d:67:bb:e7:4f:c1:c6:26:
         3f:77:01:f4:3c:fe:ae:6d:83:2a:71:0b:50:48:64:21:6c:84:
         03:e7:98:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0Zrlmlu/Od7OLQn5q712sxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ODFjZDFmYzZjMzJlNGIzYjdjOWM1MzhiMDRkZDMwYTgx
MWMzY2IwHhcNMjYwMzIzMDc1MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWQ2NzljMTBiMjJlZDRlMzU0MTM1YzhkYWE3NDJmM2I4Nzc0MTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4hq6CZekHpex2dw8m5GDLaVOgLwr
Tt4kYtMzESlyrCt6sEB8+x8dWjGwNlKngwIRW2bnDRHVj9LNMoN1gUTmOtkATNk7
CT9+803uissymZMY7Kuv8APpz7j4LjjVU6XbQXKP7HAxm6qN4o7neXIJWjJ3/YVB
CKdqJMkQv5e+YdOEfp1MhahzhVHQakBI3rhluBOGoc+2MdLXuhMYYNXR/3C5NalP
L/6vgNDRZixzcJ0x4qkAWonv9MWKVApstdSMc/yTfYYdGF3i6IA9l0YfaSWDddKA
I3/Pwr+o3pcE+mFS5z/1rMUgdjIYu+HsfoH4UJ8onepy7HwvjGx/BQRb8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOHWecELIu1ONUE1yNqnQvO4d0GAMB8GA1UdIwQY
MBaAFOmBzR/Gwy5LO3ycU4sE3TCoEcPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNllITkg4YkRMa3M3Zkp4VGl3VGRNS2dSdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni84ZTE2Y2YtY2QzYi00MTc3LWEwNDUt
MWMyOGUxY2Q1NzQ1LzEvNGRaNXdRc2k3VTQxUVRYSTJxZEM4N2gzUVlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni84ZTE2Y2YtY2QzYi00MTc3LWEwNDUtMWMyOGUxY2Q1NzQ1
LzEvNllITkg4YkRMa3M3Zkp4VGl3VGRNS2dSdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9xBMA0G
CSqGSIb3DQEBCwUAA4IBAQBGUx1uMqaW/9+O6GxwseyTNASQQ87ZJPNNlFQam8de
/lTc/8mGdlv8Ae0227ATna34PccY/5zxWu2jo871KQXQriwpn2siJYP0JTsnwrYe
Enk2lk/dG33mxHVHkxxtMT1JeXElCQH3xp684laCPSuQY3x77a9DPbtGsez6kMhc
Tcg21v3nKHGRGbMi+gH/4jYvjoMLTWAXcS2RldA1vBho9HhvfApUxTfJcqFbk3Se
K7+eECQuIDSUp6/ayHYOucnJLI3+vohhw+Eta8y0BhBjAGsZiEpRAEbFtKe/bKiN
AFwETWe750/BxiY/dwH0PP6ubYMqcQtQSGQhbIQD55jl
-----END CERTIFICATE-----