Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/cfd609-98c7-44a7-b480-0f0fc35347ff/1/IAxvCVI3UPW5Zbx0MrtTutGSG6g.roa
File:                     IAxvCVI3UPW5Zbx0MrtTutGSG6g.roa (raw, json)
Hash identifier:          R+3F/4+eKMn101ut2yIlvIZIHHLS0pZUHBZ5ScNEy3g=
Subject key identifier:   20:0C:6F:09:52:37:50:F5:B9:65:BC:74:32:BB:53:BA:D1:92:1B:A8
Certificate issuer:       /CN=55d383b68a3eafb30c27ba0c4c69f0a2b950dcc5
Certificate serial:       019B77C6CCAE54242861E7FC1AA444622C02
Authority key identifier: 55:D3:83:B6:8A:3E:AF:B3:0C:27:BA:0C:4C:69:F0:A2:B9:50:DC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VdODtoo-r7MMJ7oMTGnworlQ3MU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/cfd609-98c7-44a7-b480-0f0fc35347ff/1/IAxvCVI3UPW5Zbx0MrtTutGSG6g.roa
Signing time:             Thu 01 Jan 2026 04:17:55 +0000
ROA not before:           Thu 01 Jan 2026 04:17:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48255
IP address blocks:        91.209.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/cfd609-98c7-44a7-b480-0f0fc35347ff/1/VdODtoo-r7MMJ7oMTGnworlQ3MU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/cfd609-98c7-44a7-b480-0f0fc35347ff/1/VdODtoo-r7MMJ7oMTGnworlQ3MU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VdODtoo-r7MMJ7oMTGnworlQ3MU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:cc:ae:54:24:28:61:e7:fc:1a:a4:44:62:2c:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55d383b68a3eafb30c27ba0c4c69f0a2b950dcc5
        Validity
            Not Before: Jan  1 04:17:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=200c6f09523750f5b965bc7432bb53bad1921ba8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:a9:ee:82:df:b9:b1:e2:70:3a:05:70:a1:f1:
                    9b:eb:0a:88:e0:be:5b:f9:a5:a9:79:a2:c4:76:da:
                    05:da:61:e0:98:e3:1d:3d:0e:e1:ce:f5:46:3f:1e:
                    d9:f8:75:c2:fa:00:3b:14:d5:70:70:a9:e1:cd:a3:
                    e3:f5:c5:32:7b:c8:f1:e7:06:f0:18:3a:51:43:a5:
                    7f:53:43:11:db:17:16:c7:b3:da:7a:2d:c5:79:be:
                    9d:a3:c1:e3:ae:8f:e0:3d:62:4f:c7:a4:df:cd:cf:
                    9b:42:5a:8f:0b:af:af:17:15:f6:87:96:bb:d8:67:
                    30:ea:1b:8c:5d:f9:b1:28:bd:75:32:00:d1:a1:a5:
                    6d:8d:1d:8f:16:67:52:cd:35:30:22:a6:10:91:59:
                    8a:4d:eb:5d:a9:96:47:e2:2d:1a:68:29:96:c9:38:
                    ce:28:0c:0a:19:22:57:ea:3b:f7:46:6e:b2:00:0a:
                    7d:ae:15:1f:75:3c:c1:ab:6a:a5:ed:82:4c:10:73:
                    c1:54:31:3b:53:83:c2:06:ce:4f:7f:17:0a:5d:dc:
                    02:42:6d:f6:1e:bd:87:4e:72:e8:5d:c6:29:9a:9b:
                    e0:34:a9:74:9f:c0:73:57:dd:c5:84:17:c4:87:0e:
                    6b:78:23:ed:af:0e:9e:66:0c:5f:29:7f:3a:3f:88:
                    b4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:0C:6F:09:52:37:50:F5:B9:65:BC:74:32:BB:53:BA:D1:92:1B:A8
            X509v3 Authority Key Identifier:
                keyid:55:D3:83:B6:8A:3E:AF:B3:0C:27:BA:0C:4C:69:F0:A2:B9:50:DC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VdODtoo-r7MMJ7oMTGnworlQ3MU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/cfd609-98c7-44a7-b480-0f0fc35347ff/1/IAxvCVI3UPW5Zbx0MrtTutGSG6g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/cfd609-98c7-44a7-b480-0f0fc35347ff/1/VdODtoo-r7MMJ7oMTGnworlQ3MU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:59:fd:7d:ca:bd:97:b9:33:fe:16:ff:dc:fb:3f:99:df:b0:
         88:64:25:90:a8:a3:f4:c0:c3:4d:03:10:ef:5d:1f:4f:27:61:
         4e:ca:46:30:2c:50:ae:96:09:24:d5:b6:7b:51:14:dc:07:97:
         95:6c:02:9c:df:99:ff:9b:cd:ab:d2:25:aa:fa:b6:6e:21:6f:
         b4:df:0a:df:fc:2e:ab:c4:30:f5:c7:57:86:00:0a:ab:69:23:
         3a:ee:38:65:7c:17:17:c1:12:7b:e0:1f:2c:54:d5:9f:df:8e:
         fb:2c:b7:02:d2:0f:97:ab:4b:6b:36:0f:77:53:7f:7e:c3:45:
         60:90:51:ed:53:4f:68:f3:13:7b:2d:04:87:f8:30:1c:f0:cb:
         76:a5:aa:e7:79:d8:58:6d:9e:6b:35:86:7f:8f:01:d4:2f:c3:
         ef:ef:64:ac:86:b6:7e:ef:46:fa:65:9f:bf:30:b5:bd:7f:9d:
         6c:65:b8:8f:7f:cc:36:a5:ac:8e:1e:5a:98:82:2a:fb:54:f4:
         ad:37:60:d1:19:7b:06:78:0e:04:4b:6d:51:08:ea:ed:8a:6c:
         76:94:e0:cc:be:83:db:6c:ad:52:2d:89:69:5e:e3:e8:5c:17:
         bf:af:59:41:05:e5:42:f6:48:e7:b9:6a:8c:66:6e:fd:88:1e:
         46:1d:7b:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt3xsyuVCQoYef8GqREYiwCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZDM4M2I2OGEzZWFmYjMwYzI3YmEwYzRjNjlmMGEyYjk1
MGRjYzUwHhcNMjYwMTAxMDQxNzU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDBjNmYwOTUyMzc1MGY1Yjk2NWJjNzQzMmJiNTNiYWQxOTIxYmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76nugt+5seJwOgVwofGb6wqI4L5b
+aWpeaLEdtoF2mHgmOMdPQ7hzvVGPx7Z+HXC+gA7FNVwcKnhzaPj9cUye8jx5wbw
GDpRQ6V/U0MR2xcWx7Paei3Feb6do8Hjro/gPWJPx6Tfzc+bQlqPC6+vFxX2h5a7
2Gcw6huMXfmxKL11MgDRoaVtjR2PFmdSzTUwIqYQkVmKTetdqZZH4i0aaCmWyTjO
KAwKGSJX6jv3Rm6yAAp9rhUfdTzBq2ql7YJMEHPBVDE7U4PCBs5PfxcKXdwCQm32
Hr2HTnLoXcYpmpvgNKl0n8BzV93FhBfEhw5reCPtrw6eZgxfKX86P4i01wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAMbwlSN1D1uWW8dDK7U7rRkhuoMB8GA1UdIwQY
MBaAFFXTg7aKPq+zDCe6DExp8KK5UNzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmRPRHRvby1yN01NSjdvTVRHbndvcmxRM01VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi9jZmQ2MDktOThjNy00NGE3LWI0ODAt
MGYwZmMzNTM0N2ZmLzEvSUF4dkNWSTNVUFc1WmJ4ME1ydFR1dEdTRzZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi9jZmQ2MDktOThjNy00NGE3LWI0ODAtMGYwZmMzNTM0N2Zm
LzEvVmRPRHRvby1yN01NSjdvTVRHbndvcmxRM01VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9FKMA0G
CSqGSIb3DQEBCwUAA4IBAQBJWf19yr2XuTP+Fv/c+z+Z37CIZCWQqKP0wMNNAxDv
XR9PJ2FOykYwLFCulgkk1bZ7URTcB5eVbAKc35n/m82r0iWq+rZuIW+03wrf/C6r
xDD1x1eGAAqraSM67jhlfBcXwRJ74B8sVNWf3477LLcC0g+Xq0trNg93U39+w0Vg
kFHtU09o8xN7LQSH+DAc8Mt2parnedhYbZ5rNYZ/jwHUL8Pv72SshrZ+70b6ZZ+/
MLW9f51sZbiPf8w2payOHlqYgir7VPStN2DRGXsGeA4ES21RCOrtimx2lODMvoPb
bK1SLYlpXuPoXBe/r1lBBeVC9kjnuWqMZm79iB5GHXuW
-----END CERTIFICATE-----