Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/f0b6ad-8597-48b2-81a5-1d55cbd3f22c/1/o0b3FLGT6_KTAMziRPFBDuoxIFs.roa
File:                     o0b3FLGT6_KTAMziRPFBDuoxIFs.roa (raw, json)
Hash identifier:          HuGKkmAJlpIF3je5dBAlXM+W0Ozh9HwD67fbKdy/D8c=
Subject key identifier:   A3:46:F7:14:B1:93:EB:F2:93:00:CC:E2:44:F1:41:0E:EA:31:20:5B
Certificate issuer:       /CN=d5a0cc9e6a5d5b97dbea96664dd94ac3e4227cf4
Certificate serial:       019C8EB44B0BD8D8CDA84DDCA5647080C27A
Authority key identifier: D5:A0:CC:9E:6A:5D:5B:97:DB:EA:96:66:4D:D9:4A:C3:E4:22:7C:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1aDMnmpdW5fb6pZmTdlKw-QifPQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/f0b6ad-8597-48b2-81a5-1d55cbd3f22c/1/o0b3FLGT6_KTAMziRPFBDuoxIFs.roa
Signing time:             Tue 24 Feb 2026 08:11:46 +0000
ROA not before:           Tue 24 Feb 2026 08:11:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213933
IP address blocks:        91.195.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/f0b6ad-8597-48b2-81a5-1d55cbd3f22c/1/1aDMnmpdW5fb6pZmTdlKw-QifPQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/f0b6ad-8597-48b2-81a5-1d55cbd3f22c/1/1aDMnmpdW5fb6pZmTdlKw-QifPQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1aDMnmpdW5fb6pZmTdlKw-QifPQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8e:b4:4b:0b:d8:d8:cd:a8:4d:dc:a5:64:70:80:c2:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5a0cc9e6a5d5b97dbea96664dd94ac3e4227cf4
        Validity
            Not Before: Feb 24 08:11:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a346f714b193ebf29300cce244f1410eea31205b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2b:06:5c:c3:ea:4d:da:7a:07:ca:d1:f4:84:
                    82:81:fd:30:db:83:15:18:97:82:8c:f1:86:2f:37:
                    83:04:6f:b4:8d:96:ba:d0:cd:f5:fd:cf:36:6b:e6:
                    69:20:7e:c3:bd:4d:26:b3:b4:35:d5:8f:9d:7b:4a:
                    46:a7:1f:19:f3:ee:20:32:c9:8a:23:7f:e3:33:f9:
                    f1:8d:b8:2b:44:e0:7b:7d:8a:ae:df:40:94:49:6b:
                    76:45:a3:d9:4b:13:28:ba:79:b1:25:73:14:d8:51:
                    2a:3a:fc:24:51:c1:db:05:30:a5:e2:1a:cd:7e:2d:
                    cf:5c:90:a2:06:cc:e0:12:fe:79:95:32:22:22:53:
                    a3:38:91:fa:88:ee:a2:a5:18:6e:b3:7b:9a:72:31:
                    e5:d9:57:8e:04:f4:01:cd:62:aa:36:9f:7a:f3:56:
                    f4:6a:c9:61:43:6a:8a:11:26:31:00:25:ff:d9:76:
                    fe:d5:c0:cf:bf:e1:78:59:5e:27:d6:44:2b:54:32:
                    3c:a9:3f:df:63:74:91:98:be:09:1b:a4:79:67:1f:
                    33:10:f2:92:c6:f9:3d:83:e1:b1:c0:e8:3a:01:73:
                    35:20:3a:69:4a:0e:50:97:76:ec:2e:38:24:dc:d1:
                    69:0c:5a:86:a7:0c:3f:c9:53:ce:bb:93:67:5b:b3:
                    ab:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:46:F7:14:B1:93:EB:F2:93:00:CC:E2:44:F1:41:0E:EA:31:20:5B
            X509v3 Authority Key Identifier:
                keyid:D5:A0:CC:9E:6A:5D:5B:97:DB:EA:96:66:4D:D9:4A:C3:E4:22:7C:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1aDMnmpdW5fb6pZmTdlKw-QifPQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/f0b6ad-8597-48b2-81a5-1d55cbd3f22c/1/o0b3FLGT6_KTAMziRPFBDuoxIFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/f0b6ad-8597-48b2-81a5-1d55cbd3f22c/1/1aDMnmpdW5fb6pZmTdlKw-QifPQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:f8:a4:b8:91:58:a6:2a:ec:80:4f:cd:6f:f1:79:e0:3c:f0:
         c2:3b:a4:81:f9:94:37:38:57:7b:c8:57:b1:14:a0:a6:5c:72:
         2e:07:67:7a:70:87:3d:93:f8:e2:0c:31:56:78:c8:32:83:9a:
         c0:b8:29:73:fe:26:ab:a8:56:51:22:1c:1e:7e:06:2c:fb:0e:
         13:2c:95:5b:84:81:a2:42:5f:6c:17:0f:a2:fa:34:7e:77:46:
         35:73:7c:55:1b:a2:cd:4a:ca:ee:a8:f4:aa:50:b3:0d:c4:32:
         b9:ec:29:76:dc:e9:66:d7:79:05:1c:46:51:88:e9:03:41:b8:
         29:de:4e:ec:5c:fc:d2:e1:0a:6c:cb:76:54:10:aa:02:39:f5:
         36:26:98:34:78:58:59:4a:9c:18:ee:e6:6b:3f:4d:b0:56:c6:
         8c:fe:b6:a2:43:e4:a5:ec:d2:70:04:98:8f:8f:7f:8b:94:34:
         91:c7:4a:a7:d8:35:e7:42:ca:a3:b6:ff:6a:3c:58:44:c3:a7:
         83:47:9a:12:bd:17:4a:4b:ed:38:3f:56:97:d8:2c:c7:30:63:
         e9:fa:6c:42:b2:be:5e:70:90:f4:80:b0:5b:fa:d4:d4:37:01:
         3e:37:b5:03:2c:eb:e7:85:bb:94:71:c4:b7:26:53:e8:4c:1c:
         59:73:73:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyOtEsL2NjNqE3cpWRwgMJ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1YTBjYzllNmE1ZDViOTdkYmVhOTY2NjRkZDk0YWMzZTQy
MjdjZjQwHhcNMjYwMjI0MDgxMTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzQ2ZjcxNGIxOTNlYmYyOTMwMGNjZTI0NGYxNDEwZWVhMzEyMDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ysGXMPqTdp6B8rR9ISCgf0w24MV
GJeCjPGGLzeDBG+0jZa60M31/c82a+ZpIH7DvU0ms7Q11Y+de0pGpx8Z8+4gMsmK
I3/jM/nxjbgrROB7fYqu30CUSWt2RaPZSxMounmxJXMU2FEqOvwkUcHbBTCl4hrN
fi3PXJCiBszgEv55lTIiIlOjOJH6iO6ipRhus3uacjHl2VeOBPQBzWKqNp9681b0
aslhQ2qKESYxACX/2Xb+1cDPv+F4WV4n1kQrVDI8qT/fY3SRmL4JG6R5Zx8zEPKS
xvk9g+GxwOg6AXM1IDppSg5Ql3bsLjgk3NFpDFqGpww/yVPOu5NnW7Or8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKNG9xSxk+vykwDM4kTxQQ7qMSBbMB8GA1UdIwQY
MBaAFNWgzJ5qXVuX2+qWZk3ZSsPkInz0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWFETW5tcGRXNWZiNnBabVRkbEt3LVFpZlBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9mMGI2YWQtODU5Ny00OGIyLTgxYTUt
MWQ1NWNiZDNmMjJjLzEvbzBiM0ZMR1Q2X0tUQU16aVJQRkJEdW94SUZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9mMGI2YWQtODU5Ny00OGIyLTgxYTUtMWQ1NWNiZDNmMjJj
LzEvMWFETW5tcGRXNWZiNnBabVRkbEt3LVFpZlBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8MUMA0G
CSqGSIb3DQEBCwUAA4IBAQAG+KS4kVimKuyAT81v8XngPPDCO6SB+ZQ3OFd7yFex
FKCmXHIuB2d6cIc9k/jiDDFWeMgyg5rAuClz/iarqFZRIhwefgYs+w4TLJVbhIGi
Ql9sFw+i+jR+d0Y1c3xVG6LNSsruqPSqULMNxDK57Cl23Olm13kFHEZRiOkDQbgp
3k7sXPzS4Qpsy3ZUEKoCOfU2Jpg0eFhZSpwY7uZrP02wVsaM/raiQ+Sl7NJwBJiP
j3+LlDSRx0qn2DXnQsqjtv9qPFhEw6eDR5oSvRdKS+04P1aX2CzHMGPp+mxCsr5e
cJD0gLBb+tTUNwE+N7UDLOvnhbuUccS3JlPoTBxZc3PY
-----END CERTIFICATE-----