Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/l12NJpIYI2RvZ6Sne8MdQgF3CAY.roa
File:                     l12NJpIYI2RvZ6Sne8MdQgF3CAY.roa (raw, json)
Hash identifier:          be9HgbYHtY8qJtefM856XAcCsr78PfK4drNIboDrauM=
Subject key identifier:   97:5D:8D:26:92:18:23:64:6F:67:A4:A7:7B:C3:1D:42:01:77:08:06
Certificate issuer:       /CN=1366c398f03210bf17103737f490b1b970ed424a
Certificate serial:       019DBA6444DA69D31B9DD71D9668FA84939D
Authority key identifier: 13:66:C3:98:F0:32:10:BF:17:10:37:37:F4:90:B1:B9:70:ED:42:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E2bDmPAyEL8XEDc39JCxuXDtQko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/l12NJpIYI2RvZ6Sne8MdQgF3CAY.roa
Signing time:             Thu 23 Apr 2026 12:50:26 +0000
ROA not before:           Thu 23 Apr 2026 12:50:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54552
IP address blocks:        91.132.80.0/22 maxlen: 22
                          185.234.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/E2bDmPAyEL8XEDc39JCxuXDtQko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/E2bDmPAyEL8XEDc39JCxuXDtQko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E2bDmPAyEL8XEDc39JCxuXDtQko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:64:44:da:69:d3:1b:9d:d7:1d:96:68:fa:84:93:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1366c398f03210bf17103737f490b1b970ed424a
        Validity
            Not Before: Apr 23 12:50:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=975d8d26921823646f67a4a77bc31d4201770806
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0e:9c:fd:16:be:9d:15:0e:c3:b9:95:9f:a8:
                    05:2b:81:d0:39:97:83:a9:a0:d6:b1:c2:32:62:01:
                    68:90:75:23:19:97:0e:18:86:87:a7:7f:bf:5e:ab:
                    09:fb:45:27:56:45:5f:85:7c:2d:e7:dc:3f:10:91:
                    ce:63:8a:1b:36:00:bb:87:66:a4:a9:03:7a:4e:1d:
                    0d:4a:76:8c:b7:d3:e8:dc:ef:ca:23:2d:80:93:c1:
                    3a:88:b0:62:4d:a3:a9:5f:12:9a:83:62:19:f8:f4:
                    59:32:56:0c:65:9d:cb:15:cb:26:dc:15:b7:53:27:
                    6f:dc:b9:6a:29:b4:b7:31:00:4c:7b:6a:5b:a9:52:
                    1d:b9:28:6c:61:72:0a:a6:e7:f5:b8:ce:74:53:a1:
                    e9:75:95:f6:12:c4:d5:0f:17:42:a7:f8:f5:7e:7a:
                    5c:4b:fe:f1:e1:10:ab:60:9b:36:b2:f1:03:fb:6e:
                    e5:9f:7d:be:0f:b0:be:1d:0c:6e:12:76:6a:3a:4f:
                    69:11:40:11:5e:a5:92:2b:82:5c:f4:4c:f0:9a:7e:
                    5a:02:aa:da:4c:43:16:4f:6d:18:f9:98:29:9e:3b:
                    ed:47:ee:f6:2b:0a:95:7a:8f:60:1e:fc:93:59:22:
                    29:e0:1a:61:b9:1e:b0:56:a2:ca:4a:e7:c6:e8:bd:
                    be:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:5D:8D:26:92:18:23:64:6F:67:A4:A7:7B:C3:1D:42:01:77:08:06
            X509v3 Authority Key Identifier:
                keyid:13:66:C3:98:F0:32:10:BF:17:10:37:37:F4:90:B1:B9:70:ED:42:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E2bDmPAyEL8XEDc39JCxuXDtQko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/l12NJpIYI2RvZ6Sne8MdQgF3CAY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/5442db-3c61-4a79-8b5e-7f0973e5e133/1/E2bDmPAyEL8XEDc39JCxuXDtQko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.132.80.0/22
                  185.234.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:d6:e7:de:19:8f:22:2a:9f:38:cd:95:23:3e:39:05:76:f1:
         d4:53:b9:6b:a4:89:34:01:eb:8a:28:6d:18:2e:1c:93:f1:83:
         34:96:0c:6f:4f:81:52:63:d1:f5:b8:a6:dd:96:39:df:0d:47:
         35:dd:3a:de:2b:96:cc:73:0c:61:21:fc:c3:90:3c:b8:05:10:
         ac:3c:0a:41:d1:d4:61:77:69:9f:1a:8b:0e:e1:b4:83:f4:4d:
         ea:c8:89:40:03:b2:b6:54:da:12:0c:ba:6b:be:37:2e:c5:d4:
         d1:96:6a:9a:6c:89:32:1c:b3:1e:74:df:17:68:9e:37:f7:7b:
         90:b8:e4:ac:07:ef:4f:3f:e9:ad:a5:3a:41:55:96:91:f8:60:
         39:ad:99:ce:0f:e2:c5:86:34:c5:41:fd:05:ba:88:05:43:47:
         29:39:ca:3d:da:88:69:f4:ba:83:98:59:21:15:31:75:f9:e9:
         61:1c:cb:62:a1:b3:0b:fc:3f:6f:86:ff:06:8c:38:11:af:46:
         d9:17:29:83:2c:af:19:73:c0:e3:e0:b3:1c:98:a7:4f:87:9f:
         52:bf:a4:3f:91:81:ff:5d:bf:47:90:22:38:7a:5a:f6:41:aa:
         b3:d8:2e:01:4f:05:49:39:07:a7:13:cc:13:c9:73:69:d2:87:
         3f:32:ad:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ26ZETaadMbndcdlmj6hJOdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNjZjMzk4ZjAzMjEwYmYxNzEwMzczN2Y0OTBiMWI5NzBl
ZDQyNGEwHhcNMjYwNDIzMTI1MDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzVkOGQyNjkyMTgyMzY0NmY2N2E0YTc3YmMzMWQ0MjAxNzcwODA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQ6c/Ra+nRUOw7mVn6gFK4HQOZeD
qaDWscIyYgFokHUjGZcOGIaHp3+/XqsJ+0UnVkVfhXwt59w/EJHOY4obNgC7h2ak
qQN6Th0NSnaMt9Po3O/KIy2Ak8E6iLBiTaOpXxKag2IZ+PRZMlYMZZ3LFcsm3BW3
Uydv3LlqKbS3MQBMe2pbqVIduShsYXIKpuf1uM50U6HpdZX2EsTVDxdCp/j1fnpc
S/7x4RCrYJs2svED+27ln32+D7C+HQxuEnZqOk9pEUARXqWSK4Jc9Ezwmn5aAqra
TEMWT20Y+ZgpnjvtR+72KwqVeo9gHvyTWSIp4BphuR6wVqLKSufG6L2+MwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJddjSaSGCNkb2ekp3vDHUIBdwgGMB8GA1UdIwQY
MBaAFBNmw5jwMhC/FxA3N/SQsblw7UJKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTJiRG1QQXlFTDhYRURjMzlKQ3h1WER0UWtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi81NDQyZGItM2M2MS00YTc5LThiNWUt
N2YwOTczZTVlMTMzLzEvbDEyTkpwSVlJMlJ2WjZTbmU4TWRRZ0YzQ0FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi81NDQyZGItM2M2MS00YTc5LThiNWUtN2YwOTczZTVlMTMz
LzEvRTJiRG1QQXlFTDhYRURjMzlKQ3h1WER0UWtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW4RQAwQA
uer9MA0GCSqGSIb3DQEBCwUAA4IBAQAP1ufeGY8iKp84zZUjPjkFdvHUU7lrpIk0
AeuKKG0YLhyT8YM0lgxvT4FSY9H1uKbdljnfDUc13TreK5bMcwxhIfzDkDy4BRCs
PApB0dRhd2mfGosO4bSD9E3qyIlAA7K2VNoSDLprvjcuxdTRlmqabIkyHLMedN8X
aJ4393uQuOSsB+9PP+mtpTpBVZaR+GA5rZnOD+LFhjTFQf0FuogFQ0cpOco92ohp
9LqDmFkhFTF1+elhHMtiobML/D9vhv8GjDgRr0bZFymDLK8Zc8Dj4LMcmKdPh59S
v6Q/kYH/Xb9HkCI4elr2Qaqz2C4BTwVJOQenE8wTyXNp0oc/Mq1K
-----END CERTIFICATE-----