Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/fIkPV_l_k4SzslIO_m2xCkrW7yo.roa
File:                     fIkPV_l_k4SzslIO_m2xCkrW7yo.roa (raw, json)
Hash identifier:          4eiXEQq4L1lVAPQNjACQvwiKKs16RCaoEElInvItTzY=
Subject key identifier:   7C:89:0F:57:F9:7F:93:84:B3:B2:52:0E:FE:6D:B1:0A:4A:D6:EF:2A
Certificate issuer:       /CN=1366c398f03210bf17103737f490b1b970ed424a
Certificate serial:       019DBAA0B19225D2D8D0EF18EDE2A3ACCDDE
Authority key identifier: 13:66:C3:98:F0:32:10:BF:17:10:37:37:F4:90:B1:B9:70:ED:42:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E2bDmPAyEL8XEDc39JCxuXDtQko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/fIkPV_l_k4SzslIO_m2xCkrW7yo.roa
Signing time:             Thu 23 Apr 2026 13:56:26 +0000
ROA not before:           Thu 23 Apr 2026 13:56:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31799
IP address blocks:        91.132.80.0/22 maxlen: 22
                          185.234.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/E2bDmPAyEL8XEDc39JCxuXDtQko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/E2bDmPAyEL8XEDc39JCxuXDtQko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E2bDmPAyEL8XEDc39JCxuXDtQko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:a0:b1:92:25:d2:d8:d0:ef:18:ed:e2:a3:ac:cd:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1366c398f03210bf17103737f490b1b970ed424a
        Validity
            Not Before: Apr 23 13:56:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c890f57f97f9384b3b2520efe6db10a4ad6ef2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:18:dc:24:1d:b2:b1:d8:80:d5:38:19:da:4c:
                    a2:a2:f2:74:0e:90:54:1a:8b:6c:21:31:85:aa:7a:
                    80:57:f2:26:4e:87:1c:45:80:88:32:56:2a:fa:52:
                    7a:a9:89:a5:ae:e1:64:38:63:a8:29:22:4d:ce:46:
                    a8:1d:5c:09:bf:35:5e:26:e6:fc:3b:f5:8c:da:0d:
                    7f:c3:cb:3b:41:36:d0:ef:f6:a4:e6:45:3f:4f:75:
                    a6:c5:ad:40:2a:91:22:7b:48:12:17:a7:89:96:ba:
                    4f:f8:13:30:5c:3f:db:10:aa:98:d0:f4:db:74:a6:
                    b1:a6:3e:06:4c:18:54:dd:46:13:21:07:43:11:b5:
                    c5:65:70:5c:e0:7d:ae:2f:ce:33:93:dc:ed:c4:3c:
                    67:85:c9:25:df:d4:b3:57:45:a2:46:4b:90:ef:be:
                    d7:bd:66:9c:54:e7:b0:10:77:43:35:3f:2b:3b:48:
                    71:89:7a:c3:52:84:2c:c5:97:4e:7b:19:d3:85:99:
                    6d:a7:11:4c:98:8c:12:c9:eb:c5:5a:84:63:f9:d5:
                    f3:4b:34:b9:c7:c6:89:9a:1c:8f:64:59:c6:53:b7:
                    83:9d:4a:66:0f:4d:3b:fa:9f:e1:ed:66:ef:27:ca:
                    16:f7:7f:11:1e:6a:c0:cc:68:af:a4:47:0d:d9:d3:
                    b9:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:89:0F:57:F9:7F:93:84:B3:B2:52:0E:FE:6D:B1:0A:4A:D6:EF:2A
            X509v3 Authority Key Identifier:
                keyid:13:66:C3:98:F0:32:10:BF:17:10:37:37:F4:90:B1:B9:70:ED:42:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E2bDmPAyEL8XEDc39JCxuXDtQko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/fIkPV_l_k4SzslIO_m2xCkrW7yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/E2bDmPAyEL8XEDc39JCxuXDtQko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.80.0/22
                  185.234.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:39:71:c7:7a:6e:d4:0c:0c:8c:e5:c7:1c:c0:90:2f:8f:80:
         23:b0:2e:bc:87:bb:91:f6:7c:60:2e:21:f1:c1:b1:96:c5:ea:
         43:8c:64:00:70:a2:99:3c:c1:e2:9b:9e:1e:b5:2a:63:08:ce:
         6a:ce:8b:f4:cd:72:a8:df:a3:12:1f:6e:35:f5:2e:40:d3:33:
         5f:d7:df:a2:38:92:3e:cc:1a:01:7d:5e:bb:b5:6d:e7:55:29:
         9c:33:f2:ab:fb:c6:73:92:d5:6f:b4:2e:c7:f9:c1:a9:d6:dc:
         26:31:7f:4e:e6:99:ad:f6:85:7c:ae:83:79:60:2e:33:3c:39:
         79:27:e1:e7:55:02:4a:56:17:0e:6e:eb:ed:9a:52:21:2e:2b:
         d7:2b:93:3d:66:26:7c:4e:59:31:f2:9c:96:32:87:69:61:1a:
         31:a4:e0:fb:b1:5f:5f:e6:dc:db:48:c2:e3:b0:13:6a:cc:b2:
         df:9c:95:ea:e1:33:05:f8:2e:e4:b3:45:8a:87:a1:4e:39:16:
         02:90:d1:a0:19:82:eb:26:1f:03:85:88:2a:48:fd:96:51:c0:
         a6:60:13:a8:6d:d0:8c:46:89:1d:22:31:4d:2c:45:fb:9b:c9:
         a3:df:8c:3b:76:4e:bb:9f:da:63:09:79:67:c9:c4:af:6a:67:
         b6:45:a4:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ26oLGSJdLY0O8Y7eKjrM3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNjZjMzk4ZjAzMjEwYmYxNzEwMzczN2Y0OTBiMWI5NzBl
ZDQyNGEwHhcNMjYwNDIzMTM1NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzg5MGY1N2Y5N2Y5Mzg0YjNiMjUyMGVmZTZkYjEwYTRhZDZlZjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9BjcJB2ysdiA1TgZ2kyiovJ0DpBU
GotsITGFqnqAV/ImToccRYCIMlYq+lJ6qYmlruFkOGOoKSJNzkaoHVwJvzVeJub8
O/WM2g1/w8s7QTbQ7/ak5kU/T3Wmxa1AKpEie0gSF6eJlrpP+BMwXD/bEKqY0PTb
dKaxpj4GTBhU3UYTIQdDEbXFZXBc4H2uL84zk9ztxDxnhckl39SzV0WiRkuQ777X
vWacVOewEHdDNT8rO0hxiXrDUoQsxZdOexnThZltpxFMmIwSyevFWoRj+dXzSzS5
x8aJmhyPZFnGU7eDnUpmD007+p/h7WbvJ8oW938RHmrAzGivpEcN2dO5zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHyJD1f5f5OEs7JSDv5tsQpK1u8qMB8GA1UdIwQY
MBaAFBNmw5jwMhC/FxA3N/SQsblw7UJKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTJiRG1QQXlFTDhYRURjMzlKQ3h1WER0UWtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi81NDQyZGItM2M2MS00YTc5LThiNWUt
N2YwOTczZTVlMTMzLzEvZklrUFZfbF9rNFN6c2xJT19tMnhDa3JXN3lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi81NDQyZGItM2M2MS00YTc5LThiNWUtN2YwOTczZTVlMTMz
LzEvRTJiRG1QQXlFTDhYRURjMzlKQ3h1WER0UWtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW4RQAwQA
uer9MA0GCSqGSIb3DQEBCwUAA4IBAQB4OXHHem7UDAyM5cccwJAvj4AjsC68h7uR
9nxgLiHxwbGWxepDjGQAcKKZPMHim54etSpjCM5qzov0zXKo36MSH2419S5A0zNf
19+iOJI+zBoBfV67tW3nVSmcM/Kr+8ZzktVvtC7H+cGp1twmMX9O5pmt9oV8roN5
YC4zPDl5J+HnVQJKVhcObuvtmlIhLivXK5M9ZiZ8Tlkx8pyWModpYRoxpOD7sV9f
5tzbSMLjsBNqzLLfnJXq4TMF+C7ks0WKh6FOORYCkNGgGYLrJh8DhYgqSP2WUcCm
YBOobdCMRokdIjFNLEX7m8mj34w7dk67n9pjCXlnycSvame2RaRT
-----END CERTIFICATE-----