Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/pekudB-GS791jIcMvSVfSHd23wg.roa
File:                     pekudB-GS791jIcMvSVfSHd23wg.roa (raw, json)
Hash identifier:          DbQM/eRQQh33A2kfI+XDof5rUvSmYiexenR9YthzVQM=
Subject key identifier:   A5:E9:2E:74:1F:86:4B:BF:75:8C:87:0C:BD:25:5F:48:77:76:DF:08
Certificate issuer:       /CN=641975583b250362c8150f63adb30a0f6a0c6fc3
Certificate serial:       019E071413B2190CA3740CD72B9F22ADDAB8
Authority key identifier: 64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/pekudB-GS791jIcMvSVfSHd23wg.roa
Signing time:             Fri 08 May 2026 10:13:36 +0000
ROA not before:           Fri 08 May 2026 10:13:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        91.190.184.0/24 maxlen: 24
                          194.152.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:07:14:13:b2:19:0c:a3:74:0c:d7:2b:9f:22:ad:da:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=641975583b250362c8150f63adb30a0f6a0c6fc3
        Validity
            Not Before: May  8 10:13:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5e92e741f864bbf758c870cbd255f487776df08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:fb:8a:f9:80:76:7c:0b:c7:ee:79:9b:1b:a2:
                    5b:f9:13:b2:06:c0:d7:f5:12:09:f5:74:ad:73:ba:
                    77:e1:85:7c:37:8b:6b:b1:d6:ae:54:aa:71:ed:cf:
                    d6:32:07:b5:02:7c:21:40:dd:7c:ef:aa:49:87:a4:
                    f5:c0:dc:53:06:31:d0:1f:ec:54:9f:57:ca:1b:2a:
                    a6:af:07:93:88:dd:24:51:1f:6a:4e:42:ed:dd:3f:
                    2b:bd:3a:93:f3:57:3a:b1:ce:c9:71:3d:78:24:d7:
                    94:7c:0d:5f:2f:63:48:de:4e:bc:ad:5c:76:f1:91:
                    91:0a:1a:5c:78:5e:0d:96:68:aa:64:1d:19:c6:d6:
                    6f:bc:d6:d7:a2:85:8f:09:22:99:63:d0:14:4d:57:
                    36:ad:c5:b0:e8:75:90:2f:3c:6c:4c:31:cf:e2:3b:
                    64:99:9f:3c:22:42:e6:00:a9:75:15:ed:37:27:cc:
                    8b:26:91:b6:21:b2:9f:53:4d:24:80:78:4d:a1:26:
                    34:97:ac:7c:df:54:87:82:bf:e0:fb:b3:5a:1e:b9:
                    33:31:c8:6b:06:3e:74:1e:58:9d:41:48:bd:20:3f:
                    c8:0a:17:24:ec:fa:67:be:de:d6:c3:2c:a3:b7:36:
                    11:12:94:c0:0f:e1:fe:50:1c:6e:3f:11:a8:d6:73:
                    d3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:E9:2E:74:1F:86:4B:BF:75:8C:87:0C:BD:25:5F:48:77:76:DF:08
            X509v3 Authority Key Identifier:
                keyid:64:19:75:58:3B:25:03:62:C8:15:0F:63:AD:B3:0A:0F:6A:0C:6F:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/pekudB-GS791jIcMvSVfSHd23wg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/98a5ed-905e-4bfa-9154-f1c33aa2fd50/1/ZBl1WDslA2LIFQ9jrbMKD2oMb8M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.190.184.0/24
                  194.152.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:4d:71:df:4e:1c:3b:37:3b:d9:e9:97:01:78:41:06:da:ef:
         b5:24:42:ea:6b:2f:5d:78:29:3c:1f:d1:8b:8e:bb:d7:58:dd:
         11:b4:0e:1c:ae:2f:ca:3c:6f:5c:3c:3a:8f:17:ad:5e:e4:9e:
         68:e2:9b:49:9b:94:51:2f:04:81:45:85:6f:71:b8:f8:28:5b:
         70:c7:30:46:75:c9:81:b0:21:72:56:da:5e:1c:2e:e6:4d:e1:
         31:fb:37:bf:d0:41:32:73:50:7b:9d:fa:24:2e:8e:30:05:c6:
         c5:b8:eb:f0:ec:8f:6e:5f:27:31:9e:a7:d5:de:ad:0b:65:f1:
         37:6d:58:f3:6d:19:4f:88:56:f3:dd:7f:cf:74:00:4c:ab:a9:
         d0:59:93:8f:b1:a8:1d:fa:35:c8:bc:4f:2c:fb:3f:ed:e8:8e:
         3a:a2:66:a1:62:ab:03:f2:b9:c1:40:b2:f8:9e:5d:f5:e1:43:
         71:ac:03:f1:04:85:42:f6:56:72:0a:ef:24:69:06:43:c7:67:
         bb:e2:0d:15:3c:2c:f3:7c:eb:52:9f:00:c8:c8:7b:3c:69:90:
         95:64:a5:36:f7:59:f9:85:e1:96:7a:5c:47:15:60:60:06:59:
         4e:9d:d5:9a:11:6c:27:c3:93:46:6a:04:12:e2:3f:0a:0d:3d:
         c3:24:01:84
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ4HFBOyGQyjdAzXK58irdq4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0MTk3NTU4M2IyNTAzNjJjODE1MGY2M2FkYjMwYTBmNmEw
YzZmYzMwHhcNMjYwNTA4MTAxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWU5MmU3NDFmODY0YmJmNzU4Yzg3MGNiZDI1NWY0ODc3NzZkZjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/uK+YB2fAvH7nmbG6Jb+ROyBsDX
9RIJ9XStc7p34YV8N4trsdauVKpx7c/WMge1AnwhQN1876pJh6T1wNxTBjHQH+xU
n1fKGyqmrweTiN0kUR9qTkLt3T8rvTqT81c6sc7JcT14JNeUfA1fL2NI3k68rVx2
8ZGRChpceF4NlmiqZB0ZxtZvvNbXooWPCSKZY9AUTVc2rcWw6HWQLzxsTDHP4jtk
mZ88IkLmAKl1Fe03J8yLJpG2IbKfU00kgHhNoSY0l6x831SHgr/g+7NaHrkzMchr
Bj50HlidQUi9ID/IChck7Ppnvt7WwyyjtzYREpTAD+H+UBxuPxGo1nPT6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKXpLnQfhku/dYyHDL0lX0h3dt8IMB8GA1UdIwQY
MBaAFGQZdVg7JQNiyBUPY62zCg9qDG/DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQt
ZjFjMzNhYTJmZDUwLzEvcGVrdWRCLUdTNzkxakljTXZTVmZTSGQyM3dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85OGE1ZWQtOTA1ZS00YmZhLTkxNTQtZjFjMzNhYTJmZDUw
LzEvWkJsMVdEc2xBMkxJRlE5anJiTUtEMm9NYjhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW764AwQA
wpiFMA0GCSqGSIb3DQEBCwUAA4IBAQAnTXHfThw7NzvZ6ZcBeEEG2u+1JELqay9d
eCk8H9GLjrvXWN0RtA4cri/KPG9cPDqPF61e5J5o4ptJm5RRLwSBRYVvcbj4KFtw
xzBGdcmBsCFyVtpeHC7mTeEx+ze/0EEyc1B7nfokLo4wBcbFuOvw7I9uXycxnqfV
3q0LZfE3bVjzbRlPiFbz3X/PdABMq6nQWZOPsagd+jXIvE8s+z/t6I46omahYqsD
8rnBQLL4nl314UNxrAPxBIVC9lZyCu8kaQZDx2e74g0VPCzzfOtSnwDIyHs8aZCV
ZKU291n5heGWelxHFWBgBllOndWaEWwnw5NGagQS4j8KDT3DJAGE
-----END CERTIFICATE-----