Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/c61fa2-bb3e-4955-ab5f-5e3b6ea5a7ee/1/SDFl7Ghrn8OImQYaEQhfjIMPxV4.roa
File:                     SDFl7Ghrn8OImQYaEQhfjIMPxV4.roa (raw, json)
Hash identifier:          zEIszlh7/IsglvkUKq1YDgPEJ8YJJSEFUJH4U3GhCJo=
Subject key identifier:   48:31:65:EC:68:6B:9F:C3:88:99:06:1A:11:08:5F:8C:83:0F:C5:5E
Certificate issuer:       /CN=d33d6b559d36c41307692a7b0fb3ef77aa6017ce
Certificate serial:       019CDC4DACD5ED0DF2A7D6B41629D1D8EAFD
Authority key identifier: D3:3D:6B:55:9D:36:C4:13:07:69:2A:7B:0F:B3:EF:77:AA:60:17:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0z1rVZ02xBMHaSp7D7Pvd6pgF84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/c61fa2-bb3e-4955-ab5f-5e3b6ea5a7ee/1/SDFl7Ghrn8OImQYaEQhfjIMPxV4.roa
Signing time:             Wed 11 Mar 2026 09:50:03 +0000
ROA not before:           Wed 11 Mar 2026 09:50:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203970
IP address blocks:        91.223.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/c61fa2-bb3e-4955-ab5f-5e3b6ea5a7ee/1/0z1rVZ02xBMHaSp7D7Pvd6pgF84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/c61fa2-bb3e-4955-ab5f-5e3b6ea5a7ee/1/0z1rVZ02xBMHaSp7D7Pvd6pgF84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0z1rVZ02xBMHaSp7D7Pvd6pgF84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:4d:ac:d5:ed:0d:f2:a7:d6:b4:16:29:d1:d8:ea:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d33d6b559d36c41307692a7b0fb3ef77aa6017ce
        Validity
            Not Before: Mar 11 09:50:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=483165ec686b9fc38899061a11085f8c830fc55e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:97:a9:10:76:d5:ad:cf:1c:39:88:b4:43:da:
                    32:aa:7b:74:04:d1:55:95:22:95:28:aa:a5:12:73:
                    f3:5b:e7:45:b3:90:80:5c:94:73:a8:93:0f:7a:71:
                    26:bf:3c:c1:dc:f1:d2:93:91:7c:7b:d7:bf:e2:69:
                    6b:41:39:5a:a3:50:d4:99:6d:9e:1f:36:2e:67:22:
                    99:d8:50:81:c3:64:c8:94:a2:f5:b3:8e:b2:2e:df:
                    f5:4e:62:f8:ab:29:2a:12:e6:f4:33:91:85:da:1c:
                    ff:7f:2b:ef:c6:b1:db:6d:b5:d7:c0:b1:9d:30:95:
                    52:9e:de:37:ed:fd:93:34:84:d3:4e:0e:53:84:80:
                    7c:d3:af:8f:57:17:13:83:66:e0:a4:06:f7:93:45:
                    7a:bb:49:96:6e:d5:e7:ef:de:51:d4:8e:a6:0f:81:
                    ac:a9:f6:81:86:b1:71:08:6b:4c:d6:05:8b:ce:e7:
                    f6:72:98:a2:14:75:49:eb:c5:3c:b0:47:c2:a0:f5:
                    41:57:44:f3:1a:b5:6a:88:c5:83:c4:18:bf:db:41:
                    cd:21:6b:46:ac:a1:58:15:27:5c:f2:a8:27:d7:48:
                    48:f5:5b:5b:8d:d3:43:f7:76:cd:1f:fb:7a:a8:be:
                    e3:74:1d:61:30:e4:93:bb:8d:e0:43:00:35:a5:5b:
                    c3:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:31:65:EC:68:6B:9F:C3:88:99:06:1A:11:08:5F:8C:83:0F:C5:5E
            X509v3 Authority Key Identifier:
                keyid:D3:3D:6B:55:9D:36:C4:13:07:69:2A:7B:0F:B3:EF:77:AA:60:17:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0z1rVZ02xBMHaSp7D7Pvd6pgF84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/c61fa2-bb3e-4955-ab5f-5e3b6ea5a7ee/1/SDFl7Ghrn8OImQYaEQhfjIMPxV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/c61fa2-bb3e-4955-ab5f-5e3b6ea5a7ee/1/0z1rVZ02xBMHaSp7D7Pvd6pgF84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:32:61:4d:ca:5b:3a:b0:15:28:8b:20:ab:05:f3:5b:47:65:
         aa:20:9c:99:60:46:f1:68:64:fb:a7:3c:8a:bb:1c:0e:e3:6e:
         24:2a:7d:ca:2f:a5:1d:fd:00:e5:cd:1d:00:ef:db:57:a4:5a:
         e7:1a:f5:7c:a8:77:4d:31:ec:04:25:0f:dd:3a:a0:27:64:87:
         82:76:59:27:98:02:04:f8:b3:53:39:f1:2a:42:7f:55:f8:5e:
         2a:c6:92:a7:2a:98:87:a9:3c:a4:d6:7d:87:57:7f:84:a8:6e:
         60:0b:1e:c9:ef:18:d6:87:f9:de:3a:09:d7:0d:c1:59:2a:be:
         dc:9f:67:a3:d8:11:9a:cf:e6:bf:cc:4e:ae:c4:79:67:9c:22:
         0e:b3:9e:1b:ee:0f:a7:57:6b:97:2e:c2:82:3e:fb:7b:ef:6f:
         31:0a:4a:48:07:8d:18:26:bb:65:b8:76:e5:6a:42:b8:d2:64:
         07:37:b8:63:b1:56:5b:fd:0f:5d:0e:f9:3a:7e:c0:6a:34:6f:
         83:ef:7a:c6:e8:d2:4f:fc:38:c6:9e:19:33:46:ee:40:93:07:
         65:5e:52:6f:d2:e8:1a:41:67:ce:53:bf:9f:45:7d:3a:85:3e:
         44:a2:8d:ac:cc:eb:f4:e5:d5:00:77:97:33:54:cb:5b:6c:ba:
         74:ff:68:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzcTazV7Q3yp9a0FinR2Or9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzM2Q2YjU1OWQzNmM0MTMwNzY5MmE3YjBmYjNlZjc3YWE2
MDE3Y2UwHhcNMjYwMzExMDk1MDAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODMxNjVlYzY4NmI5ZmMzODg5OTA2MWExMTA4NWY4YzgzMGZjNTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpepEHbVrc8cOYi0Q9oyqnt0BNFV
lSKVKKqlEnPzW+dFs5CAXJRzqJMPenEmvzzB3PHSk5F8e9e/4mlrQTlao1DUmW2e
HzYuZyKZ2FCBw2TIlKL1s46yLt/1TmL4qykqEub0M5GF2hz/fyvvxrHbbbXXwLGd
MJVSnt437f2TNITTTg5ThIB806+PVxcTg2bgpAb3k0V6u0mWbtXn795R1I6mD4Gs
qfaBhrFxCGtM1gWLzuf2cpiiFHVJ68U8sEfCoPVBV0TzGrVqiMWDxBi/20HNIWtG
rKFYFSdc8qgn10hI9VtbjdND93bNH/t6qL7jdB1hMOSTu43gQwA1pVvDmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgxZexoa5/DiJkGGhEIX4yDD8VeMB8GA1UdIwQY
MBaAFNM9a1WdNsQTB2kqew+z73eqYBfOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHoxclZaMDJ4Qk1IYVNwN0Q3UHZkNnBnRjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9jNjFmYTItYmIzZS00OTU1LWFiNWYt
NWUzYjZlYTVhN2VlLzEvU0RGbDdHaHJuOE9JbVFZYUVRaGZqSU1QeFY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9jNjFmYTItYmIzZS00OTU1LWFiNWYtNWUzYjZlYTVhN2Vl
LzEvMHoxclZaMDJ4Qk1IYVNwN0Q3UHZkNnBnRjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW98aMA0G
CSqGSIb3DQEBCwUAA4IBAQArMmFNyls6sBUoiyCrBfNbR2WqIJyZYEbxaGT7pzyK
uxwO424kKn3KL6Ud/QDlzR0A79tXpFrnGvV8qHdNMewEJQ/dOqAnZIeCdlknmAIE
+LNTOfEqQn9V+F4qxpKnKpiHqTyk1n2HV3+EqG5gCx7J7xjWh/neOgnXDcFZKr7c
n2ej2BGaz+a/zE6uxHlnnCIOs54b7g+nV2uXLsKCPvt7728xCkpIB40YJrtluHbl
akK40mQHN7hjsVZb/Q9dDvk6fsBqNG+D73rG6NJP/DjGnhkzRu5AkwdlXlJv0uga
QWfOU7+fRX06hT5Eoo2szOv05dUAd5czVMtbbLp0/2h0
-----END CERTIFICATE-----