Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/SRXdpHT57ULX4WKXkvYrazem0ic.roa
File:                     SRXdpHT57ULX4WKXkvYrazem0ic.roa (raw, json)
Hash identifier:          ee1vZ+vWObcfNj4Y7l+2NN7pUFsGmvTOn9r3vlBcOP4=
Subject key identifier:   49:15:DD:A4:74:F9:ED:42:D7:E1:62:97:92:F6:2B:6B:37:A6:D2:27
Certificate issuer:       /CN=08c7b65ba6659e27570773c508558754eb490dde
Certificate serial:       019B7DCB624CE35C03F44DA5CEE24286308D
Authority key identifier: 08:C7:B6:5B:A6:65:9E:27:57:07:73:C5:08:55:87:54:EB:49:0D:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CMe2W6ZlnidXB3PFCFWHVOtJDd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/SRXdpHT57ULX4WKXkvYrazem0ic.roa
Signing time:             Fri 02 Jan 2026 08:20:39 +0000
ROA not before:           Fri 02 Jan 2026 08:20:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3289
IP address blocks:        91.226.2.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/CMe2W6ZlnidXB3PFCFWHVOtJDd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/CMe2W6ZlnidXB3PFCFWHVOtJDd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CMe2W6ZlnidXB3PFCFWHVOtJDd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:62:4c:e3:5c:03:f4:4d:a5:ce:e2:42:86:30:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08c7b65ba6659e27570773c508558754eb490dde
        Validity
            Not Before: Jan  2 08:20:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4915dda474f9ed42d7e1629792f62b6b37a6d227
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:be:3b:f6:1c:53:93:64:3d:a7:8c:25:32:19:
                    16:ef:c3:de:e4:da:04:7f:3d:fe:11:d2:75:cc:b6:
                    80:d2:5a:7b:6a:b9:15:eb:dc:56:2f:28:b9:22:ad:
                    e9:cd:9f:b0:97:33:c4:eb:df:74:5c:ba:35:6f:2d:
                    52:23:ef:21:99:01:69:98:1a:ff:50:ee:44:5d:82:
                    bb:49:2c:14:63:5a:23:a8:34:ee:c1:47:af:0e:09:
                    fc:5a:65:b2:69:67:d2:a1:b7:ea:75:2d:8f:fc:24:
                    43:e2:8f:70:de:e3:43:ca:fd:c5:bc:4f:db:4e:88:
                    13:2a:dd:0d:b6:a5:b1:15:bb:66:be:05:39:29:bd:
                    23:fc:f1:b3:6f:cd:93:a8:dc:03:65:34:ed:d3:3d:
                    92:43:f7:8b:95:b9:ee:6b:d8:a1:72:51:c6:e8:71:
                    fa:ae:95:9f:23:e7:f1:63:d5:63:fd:2c:6e:76:b0:
                    e0:ba:c4:72:2a:d8:f9:3a:90:fd:92:7f:89:57:70:
                    92:52:5f:0b:45:41:32:40:52:51:5e:ec:27:97:c8:
                    27:73:67:92:34:1a:85:cf:12:5c:90:37:af:db:47:
                    27:6f:27:bb:a6:a8:78:67:03:27:7e:cd:34:bb:4c:
                    e5:07:91:76:c4:f7:a7:d9:ba:12:e7:6e:7b:19:75:
                    2c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:15:DD:A4:74:F9:ED:42:D7:E1:62:97:92:F6:2B:6B:37:A6:D2:27
            X509v3 Authority Key Identifier:
                keyid:08:C7:B6:5B:A6:65:9E:27:57:07:73:C5:08:55:87:54:EB:49:0D:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CMe2W6ZlnidXB3PFCFWHVOtJDd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/SRXdpHT57ULX4WKXkvYrazem0ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/166b33-f79d-4308-ad07-5b7b9570099e/1/CMe2W6ZlnidXB3PFCFWHVOtJDd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:dc:6f:73:88:db:a4:5f:55:c4:00:64:c1:0d:c2:b9:ba:3c:
         55:1c:94:d7:dc:95:dd:20:cc:19:4c:53:b4:33:43:33:48:b0:
         b5:ca:2a:eb:b5:01:2b:c1:bf:19:b4:45:dc:ce:c5:0d:ae:31:
         9c:16:d1:bb:9f:ab:1f:39:4a:de:2d:85:fd:38:dd:1e:63:f4:
         cc:ad:7f:08:0d:4f:d6:31:81:59:f6:0e:f1:32:f9:5b:c0:b5:
         c9:89:4b:bd:71:86:69:2d:0e:01:90:ff:20:70:fc:81:db:a6:
         46:05:49:e7:82:3b:09:01:7d:ee:6b:47:cd:5d:da:fe:0a:3b:
         cc:2c:3f:13:f6:77:bd:8b:15:11:57:ce:b8:0c:fd:86:99:13:
         2a:ae:c7:2a:de:ed:8c:6d:f8:e6:26:e3:07:7f:fc:7b:b3:7b:
         c6:ee:d3:13:ab:52:ee:6e:49:37:cc:f0:08:22:6f:86:a9:92:
         20:87:19:8c:16:b6:5a:7d:dd:70:bb:c3:4c:9f:11:ef:1c:3c:
         a3:d7:8a:5e:f7:bb:23:09:b8:43:ed:09:54:67:99:a2:03:ef:
         c3:15:cc:6e:5a:bf:59:88:6a:b5:46:3a:5f:da:b4:e2:1c:1a:
         4c:60:ed:de:cf:bc:33:f2:b1:12:85:67:41:e0:40:40:8b:ba:
         b9:56:7c:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9y2JM41wD9E2lzuJChjCNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YzdiNjViYTY2NTllMjc1NzA3NzNjNTA4NTU4NzU0ZWI0
OTBkZGUwHhcNMjYwMTAyMDgyMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTE1ZGRhNDc0ZjllZDQyZDdlMTYyOTc5MmY2MmI2YjM3YTZkMjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA77479hxTk2Q9p4wlMhkW78Pe5NoE
fz3+EdJ1zLaA0lp7arkV69xWLyi5Iq3pzZ+wlzPE6990XLo1by1SI+8hmQFpmBr/
UO5EXYK7SSwUY1ojqDTuwUevDgn8WmWyaWfSobfqdS2P/CRD4o9w3uNDyv3FvE/b
TogTKt0NtqWxFbtmvgU5Kb0j/PGzb82TqNwDZTTt0z2SQ/eLlbnua9ihclHG6HH6
rpWfI+fxY9Vj/SxudrDgusRyKtj5OpD9kn+JV3CSUl8LRUEyQFJRXuwnl8gnc2eS
NBqFzxJckDev20cnbye7pqh4ZwMnfs00u0zlB5F2xPen2boS5257GXUsPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEkV3aR0+e1C1+Fil5L2K2s3ptInMB8GA1UdIwQY
MBaAFAjHtlumZZ4nVwdzxQhVh1TrSQ3eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ01lMlc2WmxuaWRYQjNQRkNGV0hWT3RKRGQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC8xNjZiMzMtZjc5ZC00MzA4LWFkMDct
NWI3Yjk1NzAwOTllLzEvU1JYZHBIVDU3VUxYNFdLWGt2WXJhemVtMGljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC8xNjZiMzMtZjc5ZC00MzA4LWFkMDctNWI3Yjk1NzAwOTll
LzEvQ01lMlc2WmxuaWRYQjNQRkNGV0hWT3RKRGQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+ICMA0G
CSqGSIb3DQEBCwUAA4IBAQAz3G9ziNukX1XEAGTBDcK5ujxVHJTX3JXdIMwZTFO0
M0MzSLC1yirrtQErwb8ZtEXczsUNrjGcFtG7n6sfOUreLYX9ON0eY/TMrX8IDU/W
MYFZ9g7xMvlbwLXJiUu9cYZpLQ4BkP8gcPyB26ZGBUnngjsJAX3ua0fNXdr+CjvM
LD8T9ne9ixURV864DP2GmRMqrscq3u2MbfjmJuMHf/x7s3vG7tMTq1Lubkk3zPAI
Im+GqZIghxmMFrZafd1wu8NMnxHvHDyj14pe97sjCbhD7QlUZ5miA+/DFcxuWr9Z
iGq1Rjpf2rTiHBpMYO3ez7wz8rEShWdB4EBAi7q5VnyF
-----END CERTIFICATE-----