Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/x55nB0-fotgrkV-3iW_nOuucEIE.roa
File:                     x55nB0-fotgrkV-3iW_nOuucEIE.roa (raw, json)
Hash identifier:          Cs4j2MGGwvzNstaIOZ9CLuyUqcMrrk2RrbYdYlbSinI=
Subject key identifier:   C7:9E:67:07:4F:9F:A2:D8:2B:91:5F:B7:89:6F:E7:3A:EB:9C:10:81
Certificate issuer:       /CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
Certificate serial:       019DAB49FF771369B88395CB93C597502EA1
Authority key identifier: DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/x55nB0-fotgrkV-3iW_nOuucEIE.roa
Signing time:             Mon 20 Apr 2026 14:27:26 +0000
ROA not before:           Mon 20 Apr 2026 14:27:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63911
IP address blocks:        45.9.48.0/22 maxlen: 24
                          45.67.132.0/22 maxlen: 24
                          91.239.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:49:ff:77:13:69:b8:83:95:cb:93:c5:97:50:2e:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df8f961c6efbb7f9ce74217b1d5dbb54e981c6f2
        Validity
            Not Before: Apr 20 14:27:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c79e67074f9fa2d82b915fb7896fe73aeb9c1081
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6c:cb:a9:7e:2f:c2:a5:4f:8d:84:8d:a8:30:
                    2d:bb:9e:05:71:56:e9:7c:c4:08:f8:40:dd:5c:87:
                    21:6c:ea:f7:b9:3f:d9:c4:c4:79:33:0c:73:94:78:
                    ee:70:23:ca:8e:19:5a:c5:7f:ab:91:f2:fb:cc:a3:
                    18:c6:0c:dc:9d:d9:bf:a4:a9:12:15:85:17:31:82:
                    2a:a3:2d:e2:88:ca:a0:5a:95:6c:42:7e:2e:07:c7:
                    87:d1:d3:0c:ae:93:f4:11:62:0a:89:80:07:99:7b:
                    c4:10:09:15:b0:3c:dc:c3:0e:d3:7d:2b:b3:1e:52:
                    02:95:96:29:48:08:e8:82:12:1f:c6:3b:49:9c:2e:
                    40:ba:fd:e6:ee:cc:24:a9:30:f0:f3:9c:68:da:81:
                    5c:cf:6f:96:62:67:33:cb:52:0e:a0:35:46:99:88:
                    82:24:88:0e:1c:fc:11:1c:e4:40:6b:4a:ba:74:11:
                    c5:a2:44:b7:f0:a0:80:89:80:c0:a9:99:d0:c5:69:
                    59:a9:8d:6c:d7:a7:70:2a:2e:2d:1b:2c:c2:45:e9:
                    31:64:0f:5c:34:7b:52:11:ee:0e:17:fc:3b:a8:be:
                    a0:a2:4e:43:a2:27:e8:d4:ac:ae:03:45:8b:b3:64:
                    8e:5d:35:cc:1a:05:ed:c4:a1:12:6c:25:ed:d1:fc:
                    f1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:9E:67:07:4F:9F:A2:D8:2B:91:5F:B7:89:6F:E7:3A:EB:9C:10:81
            X509v3 Authority Key Identifier:
                keyid:DF:8F:96:1C:6E:FB:B7:F9:CE:74:21:7B:1D:5D:BB:54:E9:81:C6:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/34-WHG77t_nOdCF7HV27VOmBxvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/x55nB0-fotgrkV-3iW_nOuucEIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/90e70f-85dc-44a9-bb23-27f2bc162a07/1/34-WHG77t_nOdCF7HV27VOmBxvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.48.0/22
                  45.67.132.0/22
                  91.239.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:98:3b:42:2a:8b:5a:48:74:50:67:52:18:a9:a3:53:94:4a:
         cf:bf:d2:ed:04:9b:2c:f6:33:78:04:81:07:d5:3e:01:d4:44:
         69:e5:e7:a2:6f:22:2a:e0:07:5d:a0:98:d2:b5:8c:2f:c7:24:
         54:7e:a1:b0:6a:8f:05:6c:7f:76:ef:28:ff:10:20:28:df:c5:
         0d:06:c4:e2:79:90:be:60:22:f3:1b:77:89:55:2e:17:11:f6:
         09:1e:85:05:b1:54:ca:3b:7e:5f:8e:06:7a:0c:fc:a4:30:f8:
         ba:fe:c2:72:64:d6:3f:2a:4d:51:c1:05:4e:94:4d:40:da:84:
         2d:0d:d6:8a:62:59:09:46:ef:b4:8b:c5:21:d2:af:ca:21:93:
         e4:22:80:6d:e2:c9:33:f2:dd:9d:34:98:38:39:62:ed:cb:ad:
         2a:37:a9:e4:c1:fe:c9:53:54:99:b9:b3:56:0f:b9:25:a1:f9:
         7c:54:81:12:e4:b0:b0:c1:84:e5:17:ca:8d:68:ca:35:b5:33:
         65:00:3f:74:f3:f2:e9:11:b9:ec:f7:f8:9e:0a:af:37:07:0d:
         1d:4b:34:32:73:95:2c:53:8c:df:b4:83:31:cd:3e:ff:7d:65:
         4f:0b:69:59:90:5f:56:f7:38:09:31:66:6b:88:69:23:1c:72:
         eb:ab:2b:87
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2rSf93E2m4g5XLk8WXUC6hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmOGY5NjFjNmVmYmI3ZjljZTc0MjE3YjFkNWRiYjU0ZTk4
MWM2ZjIwHhcNMjYwNDIwMTQyNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzllNjcwNzRmOWZhMmQ4MmI5MTVmYjc4OTZmZTczYWViOWMxMDgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2zLqX4vwqVPjYSNqDAtu54FcVbp
fMQI+EDdXIchbOr3uT/ZxMR5MwxzlHjucCPKjhlaxX+rkfL7zKMYxgzcndm/pKkS
FYUXMYIqoy3iiMqgWpVsQn4uB8eH0dMMrpP0EWIKiYAHmXvEEAkVsDzcww7TfSuz
HlIClZYpSAjoghIfxjtJnC5Auv3m7swkqTDw85xo2oFcz2+WYmczy1IOoDVGmYiC
JIgOHPwRHORAa0q6dBHFokS38KCAiYDAqZnQxWlZqY1s16dwKi4tGyzCRekxZA9c
NHtSEe4OF/w7qL6gok5Doifo1KyuA0WLs2SOXTXMGgXtxKESbCXt0fzxmwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMeeZwdPn6LYK5Fft4lv5zrrnBCBMB8GA1UdIwQY
MBaAFN+Plhxu+7f5znQhex1du1TpgcbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMt
MjdmMmJjMTYyYTA3LzEveDU1bkIwLWZvdGdya1YtM2lXX25PdXVjRUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi85MGU3MGYtODVkYy00NGE5LWJiMjMtMjdmMmJjMTYyYTA3
LzEvMzQtV0hHNzd0X25PZENGN0hWMjdWT21CeHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLQkwAwQC
LUOEAwQAW+86MA0GCSqGSIb3DQEBCwUAA4IBAQBbmDtCKotaSHRQZ1IYqaNTlErP
v9LtBJss9jN4BIEH1T4B1ERp5eeibyIq4AddoJjStYwvxyRUfqGwao8FbH927yj/
ECAo38UNBsTieZC+YCLzG3eJVS4XEfYJHoUFsVTKO35fjgZ6DPykMPi6/sJyZNY/
Kk1RwQVOlE1A2oQtDdaKYlkJRu+0i8Uh0q/KIZPkIoBt4skz8t2dNJg4OWLty60q
N6nkwf7JU1SZubNWD7klofl8VIES5LCwwYTlF8qNaMo1tTNlAD908/LpEbns9/ie
Cq83Bw0dSzQyc5UsU4zftIMxzT7/fWVPC2lZkF9W9zgJMWZriGkjHHLrqyuH
-----END CERTIFICATE-----