Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/efwlLLHqb-bdy8PqwUcM4smevIk.roa
File:                     efwlLLHqb-bdy8PqwUcM4smevIk.roa (raw, json)
Hash identifier:          dziFMotDF0gnY460BoEIQb6O67mGB4C/hN9W6acAk18=
Subject key identifier:   79:FC:25:2C:B1:EA:6F:E6:DD:CB:C3:EA:C1:47:0C:E2:C9:9E:BC:89
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       019E0115BF3C586DE7F3A367039F42FA6F78
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/efwlLLHqb-bdy8PqwUcM4smevIk.roa
Signing time:             Thu 07 May 2026 06:17:42 +0000
ROA not before:           Thu 07 May 2026 06:17:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13335
IP address blocks:        91.234.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:15:bf:3c:58:6d:e7:f3:a3:67:03:9f:42:fa:6f:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: May  7 06:17:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=79fc252cb1ea6fe6ddcbc3eac1470ce2c99ebc89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:34:f7:5e:7d:71:37:e7:fa:21:30:69:68:0a:
                    36:c0:f0:38:d7:75:e0:db:10:e9:3d:d3:3c:73:d6:
                    96:63:da:d6:67:12:34:46:26:79:a5:94:ca:a7:96:
                    2e:87:78:70:b9:5d:68:eb:13:42:23:b5:65:e2:3f:
                    a7:9b:4f:ed:b3:9d:99:e1:50:02:33:7d:e9:0a:2f:
                    16:1f:bb:7e:11:f4:c4:61:c3:fa:7d:db:4a:75:78:
                    b5:17:f4:4a:70:35:0e:c7:62:82:27:6e:d8:88:23:
                    21:c1:cc:7d:1b:ff:b8:85:4f:f8:ad:86:63:c7:77:
                    08:1f:94:61:5d:5b:e1:e3:4d:cb:86:11:cb:d1:8f:
                    b8:5a:52:6e:13:c5:ff:05:bd:7e:e6:57:f1:00:1b:
                    c1:ee:49:4b:47:c1:78:b4:ae:50:69:ad:2a:8c:51:
                    df:f0:d6:7f:e1:7c:5e:b1:0c:65:ac:22:f3:8b:6a:
                    b7:cc:85:a1:a1:a9:f5:5b:ff:13:99:ab:65:fd:02:
                    41:08:bd:c0:cf:32:f1:42:18:e5:20:fc:31:17:ec:
                    d0:a4:51:1a:11:b4:d8:e6:20:29:92:2a:12:39:dd:
                    9a:c7:a9:a7:cf:a1:9c:7d:ab:0a:5a:d5:d7:6f:26:
                    22:30:cb:0b:5a:59:b4:00:76:06:00:d5:e8:83:d5:
                    6d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:FC:25:2C:B1:EA:6F:E6:DD:CB:C3:EA:C1:47:0C:E2:C9:9E:BC:89
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/efwlLLHqb-bdy8PqwUcM4smevIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:6e:d8:18:36:c9:b7:69:2a:60:fc:e2:cc:cc:3d:55:4c:31:
         95:37:d4:1a:5a:95:13:34:20:8e:04:66:a5:79:00:da:6b:99:
         73:4e:38:12:0a:d0:37:34:1c:4e:7a:d2:7a:b9:4d:b6:56:3e:
         db:52:78:2a:95:03:fb:37:9e:21:03:12:01:c7:f5:bb:84:0a:
         97:4b:6c:f8:38:32:26:1a:ac:66:de:6d:1d:a2:15:68:1f:17:
         23:4b:85:57:b4:d6:cd:8f:8c:aa:2b:5d:b9:1b:0b:0e:01:7e:
         67:69:5e:19:6d:c6:fd:13:82:6a:ba:32:6a:26:19:d0:1f:a0:
         09:fc:f3:be:9a:11:f9:de:1f:8f:d3:2c:58:46:af:fb:a0:d7:
         b7:74:d8:1c:eb:f2:b3:b1:3b:8b:c2:d1:b2:a8:40:04:bd:02:
         eb:25:bb:e2:3e:f5:1b:8e:8c:62:c6:69:b5:4e:52:06:f1:63:
         06:96:e1:e8:32:b2:f4:f9:da:9a:dd:12:81:fc:27:de:38:23:
         88:2c:42:e9:b3:73:ab:f2:f1:d1:af:c2:d9:80:de:a6:7c:1a:
         b7:d1:f7:72:f8:40:92:b4:99:c8:cd:35:0e:b5:6d:11:25:de:
         49:e3:cb:bd:45:ec:48:4e:8e:f0:f8:e7:22:21:c2:42:ce:4c:
         89:a5:62:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4BFb88WG3n86NnA59C+m94MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjYwNTA3MDYxNzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWZjMjUyY2IxZWE2ZmU2ZGRjYmMzZWFjMTQ3MGNlMmM5OWViYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjT3Xn1xN+f6ITBpaAo2wPA413Xg
2xDpPdM8c9aWY9rWZxI0RiZ5pZTKp5Yuh3hwuV1o6xNCI7Vl4j+nm0/ts52Z4VAC
M33pCi8WH7t+EfTEYcP6fdtKdXi1F/RKcDUOx2KCJ27YiCMhwcx9G/+4hU/4rYZj
x3cIH5RhXVvh403LhhHL0Y+4WlJuE8X/Bb1+5lfxABvB7klLR8F4tK5Qaa0qjFHf
8NZ/4XxesQxlrCLzi2q3zIWhoan1W/8Tmatl/QJBCL3AzzLxQhjlIPwxF+zQpFEa
EbTY5iApkioSOd2ax6mnz6GcfasKWtXXbyYiMMsLWlm0AHYGANXog9VtsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHn8JSyx6m/m3cvD6sFHDOLJnryJMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvZWZ3bExMSHFiLWJkeThQcXdVY000c21ldklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+rKMA0G
CSqGSIb3DQEBCwUAA4IBAQC0btgYNsm3aSpg/OLMzD1VTDGVN9QaWpUTNCCOBGal
eQDaa5lzTjgSCtA3NBxOetJ6uU22Vj7bUngqlQP7N54hAxIBx/W7hAqXS2z4ODIm
Gqxm3m0dohVoHxcjS4VXtNbNj4yqK125GwsOAX5naV4Zbcb9E4JqujJqJhnQH6AJ
/PO+mhH53h+P0yxYRq/7oNe3dNgc6/KzsTuLwtGyqEAEvQLrJbviPvUbjoxixmm1
TlIG8WMGluHoMrL0+dqa3RKB/CfeOCOILELps3Or8vHRr8LZgN6mfBq30fdy+ECS
tJnIzTUOtW0RJd5J48u9RexITo7w+OciIcJCzkyJpWJ8
-----END CERTIFICATE-----