Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/USAO41jbUP97p--JRu_ZqtNe5EI.roa
File:                     USAO41jbUP97p--JRu_ZqtNe5EI.roa (raw, json)
Hash identifier:          LfdCpC2uNJXwWHbUHSlZAnK3PC0CH3cNb7AHvc9pYvs=
Subject key identifier:   51:20:0E:E3:58:DB:50:FF:7B:A7:EF:89:46:EF:D9:AA:D3:5E:E4:42
Certificate issuer:       /CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
Certificate serial:       019DBAD36C85865E473FFE2275DF47E0CBA6
Authority key identifier: 57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/USAO41jbUP97p--JRu_ZqtNe5EI.roa
Signing time:             Thu 23 Apr 2026 14:51:51 +0000
ROA not before:           Thu 23 Apr 2026 14:51:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     265849
IP address blocks:        91.200.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 02:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:d3:6c:85:86:5e:47:3f:fe:22:75:df:47:e0:cb:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=571cb51cba68eb7ef9867a75d17ab28018196aa1
        Validity
            Not Before: Apr 23 14:51:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=51200ee358db50ff7ba7ef8946efd9aad35ee442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:de:cb:df:10:59:f2:ea:44:ab:91:53:07:4e:
                    99:62:76:aa:03:9b:c2:3d:2b:ed:38:c5:a1:c7:30:
                    34:8e:5e:2f:3f:26:cf:01:ab:61:ea:df:03:ea:7c:
                    72:50:05:41:d5:e2:7e:04:4d:82:82:17:40:de:91:
                    b2:e8:5b:82:ff:8e:df:f8:4f:d4:2d:c6:70:09:d4:
                    8c:4a:64:4c:24:41:62:bc:9e:1a:8d:33:80:d3:64:
                    4e:b7:c0:c9:44:a8:87:b9:6a:92:2c:18:4e:58:76:
                    d7:dd:6c:18:09:69:ca:d4:da:b0:58:c9:4a:93:05:
                    67:d1:98:25:9e:64:53:07:30:35:b8:59:a5:d9:95:
                    74:1b:df:d0:45:bc:d0:03:80:56:14:c1:71:7f:86:
                    dd:9e:ff:5f:14:38:d1:9f:f8:81:bc:c6:94:d4:b2:
                    87:93:f7:61:ab:5e:6d:3e:ac:e8:dd:4d:7b:7d:e9:
                    67:1e:f4:93:c1:d9:35:7d:f0:79:ea:5b:84:69:07:
                    60:58:04:74:94:15:80:f9:20:75:85:62:0d:10:23:
                    66:2e:3a:5e:29:32:b4:8d:2c:d2:29:be:39:9b:d1:
                    a9:15:49:00:a5:bd:bc:7e:66:7c:8d:c9:71:29:6d:
                    9d:e2:eb:26:74:33:6d:b1:b7:4b:b2:37:bd:52:79:
                    a4:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:20:0E:E3:58:DB:50:FF:7B:A7:EF:89:46:EF:D9:AA:D3:5E:E4:42
            X509v3 Authority Key Identifier:
                keyid:57:1C:B5:1C:BA:68:EB:7E:F9:86:7A:75:D1:7A:B2:80:18:19:6A:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxy1HLpo6375hnp10XqygBgZaqE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/USAO41jbUP97p--JRu_ZqtNe5EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/b8d2a8-53a9-42c0-b7c9-dd862774a092/1/Vxy1HLpo6375hnp10XqygBgZaqE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.200.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:9c:e4:5d:07:ed:d3:59:d8:00:43:e1:54:84:e9:d2:e2:12:
         6e:ec:01:6c:98:89:4e:74:14:b1:ac:49:af:21:9e:c1:86:33:
         ae:6a:9b:2e:0a:55:f6:d9:1e:60:23:3a:4c:e8:30:31:c0:03:
         6e:87:41:6c:e0:d2:40:f5:88:f5:2e:87:3c:49:80:23:f1:fe:
         91:6a:e8:db:2a:e8:9c:fe:2a:41:67:92:21:ec:c5:ea:3c:2a:
         74:63:71:29:c1:1d:8b:94:0b:27:89:5f:be:ed:2a:dc:37:32:
         13:8b:8f:fa:19:8c:b8:e8:67:0a:f0:43:05:c0:12:61:bf:cf:
         04:4c:9c:42:c8:97:89:a6:6a:ce:f5:e7:d7:ff:9e:07:a1:e7:
         d3:b9:5a:e8:f3:2a:4e:60:12:19:a2:26:e3:1d:0e:2f:53:b3:
         c7:56:d9:cc:ae:44:33:78:58:4d:03:24:d6:31:53:ef:2e:d9:
         6d:be:f4:61:18:77:df:71:3f:1a:76:08:99:02:88:4b:7f:cc:
         41:54:62:3f:82:54:9e:4c:5a:81:0e:2e:8d:36:6c:d8:1e:6b:
         34:81:b2:f7:47:39:60:16:38:ab:f1:6f:a6:95:40:9f:e9:9b:
         65:4e:a4:be:69:cc:89:e1:63:68:fa:8b:1c:1f:67:4c:5a:bd:
         90:37:2e:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2602yFhl5HP/4idd9H4MumMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MWNiNTFjYmE2OGViN2VmOTg2N2E3NWQxN2FiMjgwMTgx
OTZhYTEwHhcNMjYwNDIzMTQ1MTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MTIwMGVlMzU4ZGI1MGZmN2JhN2VmODk0NmVmZDlhYWQzNWVlNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqt7L3xBZ8upEq5FTB06ZYnaqA5vC
PSvtOMWhxzA0jl4vPybPAath6t8D6nxyUAVB1eJ+BE2CghdA3pGy6FuC/47f+E/U
LcZwCdSMSmRMJEFivJ4ajTOA02ROt8DJRKiHuWqSLBhOWHbX3WwYCWnK1NqwWMlK
kwVn0ZglnmRTBzA1uFml2ZV0G9/QRbzQA4BWFMFxf4bdnv9fFDjRn/iBvMaU1LKH
k/dhq15tPqzo3U17felnHvSTwdk1ffB56luEaQdgWAR0lBWA+SB1hWINECNmLjpe
KTK0jSzSKb45m9GpFUkApb28fmZ8jclxKW2d4usmdDNtsbdLsje9Unmk0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFEgDuNY21D/e6fviUbv2arTXuRCMB8GA1UdIwQY
MBaAFFcctRy6aOt++YZ6ddF6soAYGWqhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3Yzkt
ZGQ4NjI3NzRhMDkyLzEvVVNBTzQxamJVUDk3cC0tSlJ1X1pxdE5lNUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9iOGQyYTgtNTNhOS00MmMwLWI3YzktZGQ4NjI3NzRhMDky
LzEvVnh5MUhMcG82Mzc1aG5wMTBYcXlnQmdaYXFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8iKMA0G
CSqGSIb3DQEBCwUAA4IBAQBQnORdB+3TWdgAQ+FUhOnS4hJu7AFsmIlOdBSxrEmv
IZ7BhjOuapsuClX22R5gIzpM6DAxwANuh0Fs4NJA9Yj1Loc8SYAj8f6RaujbKuic
/ipBZ5Ih7MXqPCp0Y3EpwR2LlAsniV++7SrcNzITi4/6GYy46GcK8EMFwBJhv88E
TJxCyJeJpmrO9efX/54HoefTuVro8ypOYBIZoibjHQ4vU7PHVtnMrkQzeFhNAyTW
MVPvLtltvvRhGHffcT8adgiZAohLf8xBVGI/glSeTFqBDi6NNmzYHms0gbL3Rzlg
Fjir8W+mlUCf6ZtlTqS+acyJ4WNo+oscH2dMWr2QNy4q
-----END CERTIFICATE-----