Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/9a39f4-f837-4c46-be6e-d93065bb2a6a/1/64rZ1l1fxnqrXjonOeV1eeEvkjc.roa
File:                     64rZ1l1fxnqrXjonOeV1eeEvkjc.roa (raw, json)
Hash identifier:          RKliE8vgwX94fwVvTWqD6n+wasJnNrBVuMdqT01fLuw=
Subject key identifier:   EB:8A:D9:D6:5D:5F:C6:7A:AB:5E:3A:27:39:E5:75:79:E1:2F:92:37
Certificate issuer:       /CN=4aff41dde8ce47d472d7be2c904845048c30a960
Certificate serial:       019D22ADF3AF15C2436F2AB6B9FB93CCC0D2
Authority key identifier: 4A:FF:41:DD:E8:CE:47:D4:72:D7:BE:2C:90:48:45:04:8C:30:A9:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sv9B3ejOR9Ry174skEhFBIwwqWA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/9a39f4-f837-4c46-be6e-d93065bb2a6a/1/64rZ1l1fxnqrXjonOeV1eeEvkjc.roa
Signing time:             Wed 25 Mar 2026 01:48:38 +0000
ROA not before:           Wed 25 Mar 2026 01:48:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12213
IP address blocks:        91.132.68.0/22 maxlen: 22
                          2a09:bf80::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/9a39f4-f837-4c46-be6e-d93065bb2a6a/1/Sv9B3ejOR9Ry174skEhFBIwwqWA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/9a39f4-f837-4c46-be6e-d93065bb2a6a/1/Sv9B3ejOR9Ry174skEhFBIwwqWA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sv9B3ejOR9Ry174skEhFBIwwqWA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:22:ad:f3:af:15:c2:43:6f:2a:b6:b9:fb:93:cc:c0:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4aff41dde8ce47d472d7be2c904845048c30a960
        Validity
            Not Before: Mar 25 01:48:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb8ad9d65d5fc67aab5e3a2739e57579e12f9237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8c:08:50:81:04:1d:9f:e7:34:b4:3b:48:d6:
                    c6:0e:5c:e9:7a:59:ea:34:58:0f:c5:a3:80:10:22:
                    b1:e9:10:07:1b:fc:3e:1a:2f:b1:68:cf:9b:7b:6b:
                    79:e4:93:e7:91:63:32:30:ab:15:5f:aa:7a:4c:43:
                    24:bf:bd:51:b2:de:08:d3:16:20:45:ff:1b:7a:4c:
                    7d:ef:f2:c8:53:15:97:23:dd:f9:df:b8:c5:43:28:
                    52:4f:df:cd:1e:39:d9:45:66:9d:a9:9e:46:74:db:
                    7c:cf:ab:6a:09:dc:93:21:e3:17:82:17:8e:55:32:
                    89:97:51:54:d8:82:fe:e4:82:3b:d8:0d:e6:b8:10:
                    44:0d:23:d9:59:c2:f7:ee:a0:f3:8f:19:db:e0:2e:
                    a3:cf:8b:62:cc:79:c3:eb:03:24:db:72:25:1b:cd:
                    f1:94:bb:e4:6c:21:25:e0:c1:6d:e2:3c:31:37:f9:
                    e7:5a:61:f1:37:ef:3b:57:57:05:c6:d6:7e:ca:2a:
                    58:8a:87:94:be:f2:e8:05:f1:62:e2:e3:a5:41:f1:
                    bc:fc:0f:b8:07:4a:99:84:01:aa:2e:d0:e0:c3:45:
                    7f:48:aa:cb:45:76:12:fb:7d:97:14:23:8e:71:43:
                    9a:d1:98:36:b6:8c:1e:68:c2:92:c5:20:b9:f1:5d:
                    d6:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8A:D9:D6:5D:5F:C6:7A:AB:5E:3A:27:39:E5:75:79:E1:2F:92:37
            X509v3 Authority Key Identifier:
                keyid:4A:FF:41:DD:E8:CE:47:D4:72:D7:BE:2C:90:48:45:04:8C:30:A9:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sv9B3ejOR9Ry174skEhFBIwwqWA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/9a39f4-f837-4c46-be6e-d93065bb2a6a/1/64rZ1l1fxnqrXjonOeV1eeEvkjc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/9a39f4-f837-4c46-be6e-d93065bb2a6a/1/Sv9B3ejOR9Ry174skEhFBIwwqWA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.68.0/22
                IPv6:
                  2a09:bf80::/40

    Signature Algorithm: sha256WithRSAEncryption
         30:b2:8a:ed:76:33:83:63:46:b6:cf:41:72:32:2c:c4:ba:a5:
         57:4a:35:4c:5e:ed:05:de:18:7c:d7:eb:50:26:82:60:b0:56:
         32:39:61:48:6f:98:31:8b:5d:51:aa:e8:8b:6b:ba:b8:ab:76:
         4f:66:92:d1:df:11:a0:1e:96:b9:33:1d:bf:31:f5:44:a5:79:
         4e:73:ff:45:8d:94:6b:76:17:4d:e2:fe:2d:17:e9:2f:1a:5d:
         0e:da:1c:bf:73:d1:55:30:9e:b0:85:fc:fb:cc:74:92:58:ea:
         70:d6:8c:20:54:23:11:77:b7:25:34:c4:08:31:c1:de:fa:84:
         4f:2a:e2:d4:55:ec:84:0f:fd:cd:d4:56:f6:a5:e5:53:48:c8:
         a7:a5:9b:90:a7:ae:8e:82:b5:6a:f5:a2:27:aa:35:2a:11:ff:
         de:42:24:8a:f6:d1:19:40:9f:38:68:a9:d8:e0:7e:f4:72:cd:
         2c:2e:77:fd:41:b3:5a:81:f0:7c:11:6d:55:9d:e1:a3:ba:8c:
         c4:51:15:02:bd:e6:52:99:86:58:97:42:0f:b4:11:c2:2b:86:
         76:b6:85:9b:2e:81:4b:1b:59:5c:d1:c1:c4:ed:76:77:b8:9d:
         d1:f1:00:bd:72:49:76:7b:3f:b6:e2:da:5a:0d:46:5b:54:71:
         6a:5d:fa:87
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZ0irfOvFcJDbyq2ufuTzMDSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhZmY0MWRkZThjZTQ3ZDQ3MmQ3YmUyYzkwNDg0NTA0OGMz
MGE5NjAwHhcNMjYwMzI1MDE0ODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjhhZDlkNjVkNWZjNjdhYWI1ZTNhMjczOWU1NzU3OWUxMmY5MjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsIwIUIEEHZ/nNLQ7SNbGDlzpelnq
NFgPxaOAECKx6RAHG/w+Gi+xaM+be2t55JPnkWMyMKsVX6p6TEMkv71Rst4I0xYg
Rf8bekx97/LIUxWXI93537jFQyhST9/NHjnZRWadqZ5GdNt8z6tqCdyTIeMXgheO
VTKJl1FU2IL+5II72A3muBBEDSPZWcL37qDzjxnb4C6jz4tizHnD6wMk23IlG83x
lLvkbCEl4MFt4jwxN/nnWmHxN+87V1cFxtZ+yipYioeUvvLoBfFi4uOlQfG8/A+4
B0qZhAGqLtDgw0V/SKrLRXYS+32XFCOOcUOa0Zg2toweaMKSxSC58V3W1QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFOuK2dZdX8Z6q146JznldXnhL5I3MB8GA1UdIwQY
MBaAFEr/Qd3ozkfUcte+LJBIRQSMMKlgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Y5QjNlak9SOVJ5MTc0c2tFaEZCSXd3cVdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC85YTM5ZjQtZjgzNy00YzQ2LWJlNmUt
ZDkzMDY1YmIyYTZhLzEvNjRyWjFsMWZ4bnFyWGpvbk9lVjFlZUV2a2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC85YTM5ZjQtZjgzNy00YzQ2LWJlNmUtZDkzMDY1YmIyYTZh
LzEvU3Y5QjNlak9SOVJ5MTc0c2tFaEZCSXd3cVdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCW4REMA4E
AgACMAgDBgAqCb+AADANBgkqhkiG9w0BAQsFAAOCAQEAMLKK7XYzg2NGts9BcjIs
xLqlV0o1TF7tBd4YfNfrUCaCYLBWMjlhSG+YMYtdUaroi2u6uKt2T2aS0d8RoB6W
uTMdvzH1RKV5TnP/RY2Ua3YXTeL+LRfpLxpdDtocv3PRVTCesIX8+8x0kljqcNaM
IFQjEXe3JTTECDHB3vqETyri1FXshA/9zdRW9qXlU0jIp6WbkKeujoK1avWiJ6o1
KhH/3kIkivbRGUCfOGip2OB+9HLNLC53/UGzWoHwfBFtVZ3ho7qMxFEVAr3mUpmG
WJdCD7QRwiuGdraFmy6BSxtZXNHBxO12d7id0fEAvXJJdns/tuLaWg1GW1Rxal36
hw==
-----END CERTIFICATE-----