Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/b10f05-4c5c-4747-b704-fd17ba88d8cb/1/_Wy5a31X0fWVI5kzqNmJQQC4UbU.roa
File:                     _Wy5a31X0fWVI5kzqNmJQQC4UbU.roa (raw, json)
Hash identifier:          9Bcaw7GkeT0B0JGjnO2Z6JkUkn/KrawL89AtsYKJKU0=
Subject key identifier:   FD:6C:B9:6B:7D:57:D1:F5:95:23:99:33:A8:D9:89:41:00:B8:51:B5
Certificate issuer:       /CN=8eb33d399dd0f5f9617ed4e470e6bdc9d10b7a20
Certificate serial:       019CFB156520D610CBC4865F0A2377536159
Authority key identifier: 8E:B3:3D:39:9D:D0:F5:F9:61:7E:D4:E4:70:E6:BD:C9:D1:0B:7A:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrM9OZ3Q9flhftTkcOa9ydELeiA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/b10f05-4c5c-4747-b704-fd17ba88d8cb/1/_Wy5a31X0fWVI5kzqNmJQQC4UbU.roa
Signing time:             Tue 17 Mar 2026 09:16:49 +0000
ROA not before:           Tue 17 Mar 2026 09:16:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16347
IP address blocks:        91.232.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/b10f05-4c5c-4747-b704-fd17ba88d8cb/1/jrM9OZ3Q9flhftTkcOa9ydELeiA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/b10f05-4c5c-4747-b704-fd17ba88d8cb/1/jrM9OZ3Q9flhftTkcOa9ydELeiA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrM9OZ3Q9flhftTkcOa9ydELeiA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:15:65:20:d6:10:cb:c4:86:5f:0a:23:77:53:61:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb33d399dd0f5f9617ed4e470e6bdc9d10b7a20
        Validity
            Not Before: Mar 17 09:16:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fd6cb96b7d57d1f595239933a8d9894100b851b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ef:b3:fb:b6:08:fa:ba:38:68:e0:50:53:0c:
                    c2:da:e4:e0:54:d4:4e:2d:e6:f2:fa:a3:5c:d3:a3:
                    13:1d:bb:b7:fe:65:e5:fe:6d:f2:4c:73:93:6f:25:
                    89:ac:03:8f:45:43:3a:9e:1a:c6:e5:92:30:ff:df:
                    e1:d7:a1:a1:f7:47:56:19:98:d9:bf:5f:e6:a6:4d:
                    31:0f:1d:4f:26:a8:00:f5:06:e3:3d:62:84:6e:52:
                    4a:d8:38:ec:8b:18:76:c8:51:e5:fb:fa:1a:4c:ca:
                    05:04:d9:42:9f:56:54:c0:6e:43:69:41:cd:f5:a8:
                    ca:fb:c8:e8:2d:f3:ec:58:04:98:70:68:38:5d:55:
                    62:2f:a1:4c:ed:7d:37:ac:82:8e:49:9d:ff:dc:1a:
                    54:53:93:e9:5b:50:44:87:1f:2f:ee:9c:70:aa:19:
                    06:6d:9b:c2:bf:a9:35:13:c0:9e:0b:20:80:28:7d:
                    2c:fb:a3:d8:9a:06:39:e3:79:45:33:ee:cd:2e:3a:
                    ce:c4:ab:53:f6:eb:2d:d3:55:9b:91:e1:fc:01:cf:
                    f9:6c:0d:47:3f:76:75:79:c6:51:3c:dc:58:87:3d:
                    90:62:59:d1:a9:02:9d:ca:59:36:de:e0:24:bd:2c:
                    a1:40:00:6a:77:bf:2a:79:82:94:e9:22:c6:f3:cc:
                    ea:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:6C:B9:6B:7D:57:D1:F5:95:23:99:33:A8:D9:89:41:00:B8:51:B5
            X509v3 Authority Key Identifier:
                keyid:8E:B3:3D:39:9D:D0:F5:F9:61:7E:D4:E4:70:E6:BD:C9:D1:0B:7A:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrM9OZ3Q9flhftTkcOa9ydELeiA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b10f05-4c5c-4747-b704-fd17ba88d8cb/1/_Wy5a31X0fWVI5kzqNmJQQC4UbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/b10f05-4c5c-4747-b704-fd17ba88d8cb/1/jrM9OZ3Q9flhftTkcOa9ydELeiA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:48:6c:97:f4:f8:65:ba:1f:93:86:41:c1:d3:0f:53:1c:ab:
         5c:99:35:88:1e:02:6c:5a:07:1d:f3:f8:39:89:46:e4:d6:3d:
         8b:ad:c9:99:03:9a:10:5e:dc:d6:c2:5e:b7:f9:2b:a1:65:43:
         52:ee:b9:6a:19:70:c6:da:3e:7a:51:93:bb:79:ba:23:5d:1e:
         81:eb:b5:ee:74:87:07:26:28:be:49:e2:30:9e:38:dd:ac:05:
         aa:b7:fd:5f:0a:75:b7:72:1d:9d:bb:7d:36:e3:b1:28:3c:f1:
         72:f6:68:cb:77:04:ec:98:31:80:c1:ac:69:31:de:c7:a3:c1:
         c0:87:da:d9:f7:97:34:6f:65:ff:81:ff:b9:89:eb:46:d9:f5:
         21:71:12:8a:70:c6:fa:01:a9:38:f5:26:72:18:3b:a5:d0:41:
         c9:88:e0:d3:b4:17:72:94:75:67:70:bc:37:d0:8c:8a:74:0c:
         91:b0:cb:90:97:93:d8:47:35:bd:5d:f1:ed:08:10:1a:80:29:
         c6:ff:d4:ee:c3:7d:93:8c:a4:1e:b4:5c:7d:e6:c5:34:84:19:
         d9:94:ff:01:cb:81:d3:31:bc:69:28:aa:49:b8:1d:de:63:5b:
         a5:cc:95:33:51:52:b8:0f:3d:45:75:ed:fe:9a:da:6b:85:4b:
         88:77:b6:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz7FWUg1hDLxIZfCiN3U2FZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjMzZDM5OWRkMGY1Zjk2MTdlZDRlNDcwZTZiZGM5ZDEw
YjdhMjAwHhcNMjYwMzE3MDkxNjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDZjYjk2YjdkNTdkMWY1OTUyMzk5MzNhOGQ5ODk0MTAwYjg1MWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu+z+7YI+ro4aOBQUwzC2uTgVNRO
Leby+qNc06MTHbu3/mXl/m3yTHOTbyWJrAOPRUM6nhrG5ZIw/9/h16Gh90dWGZjZ
v1/mpk0xDx1PJqgA9QbjPWKEblJK2Djsixh2yFHl+/oaTMoFBNlCn1ZUwG5DaUHN
9ajK+8joLfPsWASYcGg4XVViL6FM7X03rIKOSZ3/3BpUU5PpW1BEhx8v7pxwqhkG
bZvCv6k1E8CeCyCAKH0s+6PYmgY543lFM+7NLjrOxKtT9ust01WbkeH8Ac/5bA1H
P3Z1ecZRPNxYhz2QYlnRqQKdylk23uAkvSyhQABqd78qeYKU6SLG88zqIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP1suWt9V9H1lSOZM6jZiUEAuFG1MB8GA1UdIwQY
MBaAFI6zPTmd0PX5YX7U5HDmvcnRC3ogMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJNOU9aM1E5ZmxoZnRUa2NPYTl5ZEVMZWlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9iMTBmMDUtNGM1Yy00NzQ3LWI3MDQt
ZmQxN2JhODhkOGNiLzEvX1d5NWEzMVgwZldWSTVrenFObUpRUUM0VWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9iMTBmMDUtNGM1Yy00NzQ3LWI3MDQtZmQxN2JhODhkOGNi
LzEvanJNOU9aM1E5ZmxoZnRUa2NPYTl5ZEVMZWlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+jyMA0G
CSqGSIb3DQEBCwUAA4IBAQCPSGyX9Phluh+ThkHB0w9THKtcmTWIHgJsWgcd8/g5
iUbk1j2LrcmZA5oQXtzWwl63+SuhZUNS7rlqGXDG2j56UZO7ebojXR6B67XudIcH
Jii+SeIwnjjdrAWqt/1fCnW3ch2du30247EoPPFy9mjLdwTsmDGAwaxpMd7Ho8HA
h9rZ95c0b2X/gf+5ietG2fUhcRKKcMb6Aak49SZyGDul0EHJiODTtBdylHVncLw3
0IyKdAyRsMuQl5PYRzW9XfHtCBAagCnG/9Tuw32TjKQetFx95sU0hBnZlP8By4HT
MbxpKKpJuB3eY1ulzJUzUVK4Dz1Fde3+mtprhUuId7Zk
-----END CERTIFICATE-----