Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/iqBJGig6fadoDvyHpunz_aU10oQ.roa
File:                     iqBJGig6fadoDvyHpunz_aU10oQ.roa (raw, json)
Hash identifier:          B0qszBOBUJaYvgyWGg+qlsGqQ2JWd5KdUsJe+iiFMY4=
Subject key identifier:   8A:A0:49:1A:28:3A:7D:A7:68:0E:FC:87:A6:E9:F3:FD:A5:35:D2:84
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       019CFA96C277E574A6D948DB95BD674D8DDF
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/iqBJGig6fadoDvyHpunz_aU10oQ.roa
Signing time:             Tue 17 Mar 2026 06:58:29 +0000
ROA not before:           Tue 17 Mar 2026 06:58:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        91.108.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fa:96:c2:77:e5:74:a6:d9:48:db:95:bd:67:4d:8d:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Mar 17 06:58:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8aa0491a283a7da7680efc87a6e9f3fda535d284
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0e:02:1c:19:ef:11:f1:d1:a4:86:c0:98:3c:
                    47:0c:4b:f7:02:4f:ff:3e:3f:32:e7:60:71:85:f3:
                    12:50:13:7a:57:d4:13:f6:61:e3:8b:b5:b6:02:7f:
                    60:fd:87:bb:72:a7:33:57:23:97:0a:bf:7a:1b:ab:
                    1f:18:75:1d:13:b1:f3:de:a9:55:82:50:8f:ed:c5:
                    84:9c:af:dc:e7:b5:f1:86:0a:d3:51:fa:46:76:4a:
                    f3:64:a6:25:e4:d0:27:72:c8:44:fb:be:38:2e:71:
                    05:d4:80:01:79:bf:10:63:95:97:79:a6:20:e4:69:
                    27:86:a4:c7:c4:fb:ad:7d:a5:1b:3d:a6:70:13:70:
                    fe:bb:e4:ee:92:7e:c3:87:46:62:eb:f4:ae:5c:cc:
                    34:77:08:cf:25:9c:48:0c:dd:cf:9c:63:52:af:68:
                    07:d3:44:56:b3:94:a0:8b:9f:35:19:f3:9c:bd:b2:
                    ea:85:06:ab:12:68:76:f4:c2:76:1f:c0:a4:d8:48:
                    02:50:a4:f7:96:81:e0:9d:a0:79:7c:08:a5:a3:f6:
                    b8:7a:1b:20:62:f3:d6:3d:b8:33:81:07:85:9d:e3:
                    0b:43:83:98:52:d6:9a:51:44:38:5f:88:a5:ad:59:
                    aa:27:56:92:ca:78:e3:3d:07:1e:70:e1:40:74:7a:
                    c0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:A0:49:1A:28:3A:7D:A7:68:0E:FC:87:A6:E9:F3:FD:A5:35:D2:84
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/iqBJGig6fadoDvyHpunz_aU10oQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:1f:d6:52:70:43:3f:3a:39:bd:c3:1c:66:2b:3f:03:35:19:
         e7:0f:eb:02:b4:22:64:9c:a5:c5:e0:16:47:04:f5:3f:13:c3:
         0c:40:e7:62:c4:cf:35:ca:50:ea:cb:77:1e:93:d7:7b:b1:19:
         c7:e1:28:0f:82:29:6d:e7:ea:c3:69:18:b0:8e:df:69:30:ab:
         41:66:77:fb:8b:64:30:4e:fc:e0:22:28:9b:97:8b:da:83:e2:
         28:d8:45:22:4b:c1:40:4c:83:98:37:f1:3c:8f:db:85:68:5c:
         d8:a4:81:c4:a0:37:5b:da:7b:47:88:82:97:4b:80:1a:55:b4:
         d5:51:d8:fc:db:ca:cd:58:74:a7:13:f9:80:a5:08:a1:89:81:
         9a:dc:32:ff:c2:57:b7:22:a6:52:e5:93:cd:92:14:5c:29:d0:
         97:56:43:6a:ea:62:c5:f9:14:f2:2d:59:2c:b2:2a:d5:2d:8a:
         91:dc:20:dc:89:71:f2:e6:a4:4a:11:74:90:5c:94:83:c9:6b:
         97:08:3f:57:13:65:57:66:92:30:7d:8d:15:f0:b1:04:5d:f9:
         de:d0:1d:f4:3b:d7:1d:ec:78:57:32:4a:13:88:bb:cc:85:7d:
         9f:e6:49:8f:8b:9f:35:07:b5:6d:37:24:f9:36:93:4c:18:77:
         6c:ec:4b:11
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz6lsJ35XSm2Ujblb1nTY3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjYwMzE3MDY1ODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWEwNDkxYTI4M2E3ZGE3NjgwZWZjODdhNmU5ZjNmZGE1MzVkMjg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxA4CHBnvEfHRpIbAmDxHDEv3Ak//
Pj8y52BxhfMSUBN6V9QT9mHji7W2An9g/Ye7cqczVyOXCr96G6sfGHUdE7Hz3qlV
glCP7cWEnK/c57XxhgrTUfpGdkrzZKYl5NAncshE+744LnEF1IABeb8QY5WXeaYg
5GknhqTHxPutfaUbPaZwE3D+u+Tukn7Dh0Zi6/SuXMw0dwjPJZxIDN3PnGNSr2gH
00RWs5Sgi581GfOcvbLqhQarEmh29MJ2H8Ck2EgCUKT3loHgnaB5fAilo/a4ehsg
YvPWPbgzgQeFneMLQ4OYUtaaUUQ4X4ilrVmqJ1aSynjjPQcecOFAdHrAOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIqgSRooOn2naA78h6bp8/2lNdKEMB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvaXFCSkdpZzZmYWRvRHZ5SHB1bnpfYVUxMG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2xRMA0G
CSqGSIb3DQEBCwUAA4IBAQAmH9ZScEM/Ojm9wxxmKz8DNRnnD+sCtCJknKXF4BZH
BPU/E8MMQOdixM81ylDqy3cek9d7sRnH4SgPgilt5+rDaRiwjt9pMKtBZnf7i2Qw
TvzgIiibl4vag+Io2EUiS8FATIOYN/E8j9uFaFzYpIHEoDdb2ntHiIKXS4AaVbTV
Udj828rNWHSnE/mApQihiYGa3DL/wle3IqZS5ZPNkhRcKdCXVkNq6mLF+RTyLVks
sirVLYqR3CDciXHy5qRKEXSQXJSDyWuXCD9XE2VXZpIwfY0V8LEEXfne0B30O9cd
7HhXMkoTiLvMhX2f5kmPi581B7VtNyT5NpNMGHds7EsR
-----END CERTIFICATE-----