Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/vlBm4myZdQP1ohfAJP8Wn0CKhfM.roa
File:                     vlBm4myZdQP1ohfAJP8Wn0CKhfM.roa (raw, json)
Hash identifier:          A7mI2HH8XjzLQexitcPz+d6p5dC+aDvH0ocwPRoRwa0=
Subject key identifier:   BE:50:66:E2:6C:99:75:03:F5:A2:17:C0:24:FF:16:9F:40:8A:85:F3
Certificate issuer:       /CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
Certificate serial:       019CFA40B21903845021042A08B15C2A0BC9
Authority key identifier: 91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/vlBm4myZdQP1ohfAJP8Wn0CKhfM.roa
Signing time:             Tue 17 Mar 2026 05:24:29 +0000
ROA not before:           Tue 17 Mar 2026 05:24:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41775
IP address blocks:        195.191.226.0/23 maxlen: 23
                          195.191.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fa:40:b2:19:03:84:50:21:04:2a:08:b1:5c:2a:0b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d01c47f00e64f35cc752d03b34a71b71406b3f
        Validity
            Not Before: Mar 17 05:24:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be5066e26c997503f5a217c024ff169f408a85f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:9c:3a:46:2d:2c:6a:18:03:b6:9a:fc:ba:f1:
                    ac:2c:e9:7e:5c:b5:b8:d3:65:e4:c4:f6:e1:24:5c:
                    53:83:53:e1:e7:a7:ec:50:ca:af:05:bc:05:11:c7:
                    75:04:a9:aa:42:11:15:4a:70:0c:e7:26:bc:8d:5a:
                    40:16:c5:58:71:03:e8:bb:d4:04:54:f2:85:e0:64:
                    9a:6f:a5:35:1f:2e:93:4e:0f:a7:b6:79:08:bc:26:
                    d8:55:0d:65:04:38:25:48:60:85:4a:60:72:99:f6:
                    78:72:8c:47:0e:51:54:b1:60:02:9f:5f:e7:15:d6:
                    8b:b4:1d:47:79:cf:15:f6:92:e9:db:25:18:ef:e6:
                    d6:b9:6a:b3:1b:6e:ef:cd:1e:5a:f5:06:e4:08:c1:
                    b5:22:c2:54:43:30:50:4f:2d:a8:93:ea:04:1e:65:
                    3e:22:0c:9c:62:2c:8e:64:b8:c4:70:3b:b6:db:e0:
                    f2:c3:b7:a0:ba:03:1f:64:81:92:e2:50:70:70:a2:
                    77:10:87:46:fa:cc:78:32:dd:1b:b2:ca:23:b1:7d:
                    71:c1:fa:be:ba:4c:93:07:5c:98:e8:e5:21:ab:73:
                    df:34:e8:3f:96:3d:a7:77:91:bc:be:86:eb:c3:62:
                    f6:39:52:7f:24:0c:47:4c:ad:17:c5:fc:e5:06:43:
                    77:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:50:66:E2:6C:99:75:03:F5:A2:17:C0:24:FF:16:9F:40:8A:85:F3
            X509v3 Authority Key Identifier:
                keyid:91:D0:1C:47:F0:0E:64:F3:5C:C7:52:D0:3B:34:A7:1B:71:40:6B:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdAcR_AOZPNcx1LQOzSnG3FAaz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/vlBm4myZdQP1ohfAJP8Wn0CKhfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/b0fc0c-c537-40b4-9b5b-56b006ef0d3b/1/kdAcR_AOZPNcx1LQOzSnG3FAaz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a2:bb:f3:8a:f0:11:7f:2e:94:9c:26:70:a4:3f:ec:81:23:85:
         15:07:48:11:62:c0:88:ab:b9:d8:0e:af:50:36:aa:da:67:b7:
         b7:f5:53:e7:bd:1e:c4:fb:64:d8:8c:c3:53:a1:05:83:68:97:
         97:75:9a:94:c3:aa:62:f5:1d:7a:ca:bc:02:29:73:c8:01:80:
         e7:93:97:83:30:f3:92:64:22:7b:a7:17:2d:0d:4b:c6:15:cb:
         07:d6:1a:4b:44:b6:a0:ad:50:74:3e:9c:0f:ff:72:0c:81:a4:
         c6:d7:c0:a1:df:bc:91:77:e9:f2:c3:e1:7d:96:d4:b0:43:8e:
         d7:3d:de:91:1d:aa:81:a7:96:1d:d3:99:32:5b:80:54:42:f5:
         dd:34:8f:04:d2:9f:d3:b1:f4:e7:8c:ee:96:93:b6:5d:22:f9:
         0b:03:0f:b4:2f:b9:5d:11:ba:84:f3:18:ce:e4:8e:26:c1:3e:
         10:64:84:98:1e:f8:1a:33:76:2b:d2:1f:c8:e8:8f:61:10:23:
         d8:01:fe:2c:c7:b7:0b:04:9d:02:5b:55:85:f6:ce:c1:40:a2:
         0f:34:dc:a6:02:f0:ca:b8:a0:a0:0c:e3:ac:53:ef:19:33:42:
         bd:8d:07:57:1a:2f:be:1e:20:f1:c9:22:31:d8:9c:ad:67:cf:
         c6:17:d0:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz6QLIZA4RQIQQqCLFcKgvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDAxYzQ3ZjAwZTY0ZjM1Y2M3NTJkMDNiMzRhNzFiNzE0
MDZiM2YwHhcNMjYwMzE3MDUyNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTUwNjZlMjZjOTk3NTAzZjVhMjE3YzAyNGZmMTY5ZjQwOGE4NWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZw6Ri0sahgDtpr8uvGsLOl+XLW4
02XkxPbhJFxTg1Ph56fsUMqvBbwFEcd1BKmqQhEVSnAM5ya8jVpAFsVYcQPou9QE
VPKF4GSab6U1Hy6TTg+ntnkIvCbYVQ1lBDglSGCFSmBymfZ4coxHDlFUsWACn1/n
FdaLtB1Hec8V9pLp2yUY7+bWuWqzG27vzR5a9QbkCMG1IsJUQzBQTy2ok+oEHmU+
IgycYiyOZLjEcDu22+Dyw7egugMfZIGS4lBwcKJ3EIdG+sx4Mt0bssojsX1xwfq+
ukyTB1yY6OUhq3PfNOg/lj2nd5G8vobrw2L2OVJ/JAxHTK0XxfzlBkN3iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5QZuJsmXUD9aIXwCT/Fp9AioXzMB8GA1UdIwQY
MBaAFJHQHEfwDmTzXMdS0Ds0pxtxQGs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWIt
NTZiMDA2ZWYwZDNiLzEvdmxCbTRteVpkUVAxb2hmQUpQOFduMENLaGZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9iMGZjMGMtYzUzNy00MGI0LTliNWItNTZiMDA2ZWYwZDNi
LzEva2RBY1JfQU9aUE5jeDFMUU96U25HM0ZBYXo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw7/iMA0G
CSqGSIb3DQEBCwUAA4IBAQCiu/OK8BF/LpScJnCkP+yBI4UVB0gRYsCIq7nYDq9Q
NqraZ7e39VPnvR7E+2TYjMNToQWDaJeXdZqUw6pi9R16yrwCKXPIAYDnk5eDMPOS
ZCJ7pxctDUvGFcsH1hpLRLagrVB0PpwP/3IMgaTG18Ch37yRd+nyw+F9ltSwQ47X
Pd6RHaqBp5Yd05kyW4BUQvXdNI8E0p/TsfTnjO6Wk7ZdIvkLAw+0L7ldEbqE8xjO
5I4mwT4QZISYHvgaM3Yr0h/I6I9hECPYAf4sx7cLBJ0CW1WF9s7BQKIPNNymAvDK
uKCgDOOsU+8ZM0K9jQdXGi++HiDxySIx2JytZ8/GF9Bl
-----END CERTIFICATE-----