Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/aZLmDNfDNQfMwJ6001JcSrReXVo.roa
File:                     aZLmDNfDNQfMwJ6001JcSrReXVo.roa (raw, json)
Hash identifier:          q9+55aFzyoEUFmJ9wbybuO0labtSZYAJl9v8e7OVPio=
Subject key identifier:   69:92:E6:0C:D7:C3:35:07:CC:C0:9E:B4:D3:52:5C:4A:B4:5E:5D:5A
Certificate issuer:       /CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
Certificate serial:       019B7A5B7F9B627BB4AA05BE3C5E0AF371EA
Authority key identifier: 42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/aZLmDNfDNQfMwJ6001JcSrReXVo.roa
Signing time:             Thu 01 Jan 2026 16:19:35 +0000
ROA not before:           Thu 01 Jan 2026 16:19:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203285
IP address blocks:        91.247.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 07:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5b:7f:9b:62:7b:b4:aa:05:be:3c:5e:0a:f3:71:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42cf4a128d09dfc4b8b035a12cd831f9f7b01469
        Validity
            Not Before: Jan  1 16:19:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6992e60cd7c33507ccc09eb4d3525c4ab45e5d5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:21:ad:b8:5a:3f:9b:3e:80:7e:de:1e:e4:09:
                    a7:0a:05:f6:1c:0e:d8:f3:ac:a5:05:60:f2:9a:e8:
                    8f:3a:bf:fb:e6:f4:8e:84:1e:74:64:2b:50:b2:60:
                    9a:74:1c:a8:dd:3d:b6:68:0f:a3:99:85:7d:c5:bb:
                    62:40:17:c8:08:81:a6:4b:ab:de:72:13:ca:b9:5e:
                    55:4a:2f:7a:a1:c8:38:38:bf:d8:44:07:31:3a:b7:
                    14:ed:6b:18:e7:0e:db:90:f7:cc:79:15:db:aa:e0:
                    0e:36:39:71:ed:e0:47:3e:5a:9b:4a:5a:9f:1f:3f:
                    77:89:3b:62:01:1d:a4:78:2a:a3:30:3f:b0:d5:f0:
                    b0:ae:b4:7f:ed:24:87:92:b4:0d:6b:c9:40:81:fc:
                    76:9b:87:db:52:4d:1e:3f:3c:d3:7a:cb:28:f4:13:
                    9a:d3:54:7b:4e:28:f4:e8:a4:42:29:1a:9e:cd:60:
                    9b:f4:25:7c:e6:86:e7:31:6b:fb:69:e9:2f:35:94:
                    22:95:6b:9c:91:48:07:fb:7e:f5:76:f0:d3:a3:6b:
                    85:98:80:c2:00:67:17:04:43:98:b1:1c:06:3f:6b:
                    ed:ac:72:01:60:c0:9e:d8:c1:de:3d:4b:49:fc:f9:
                    d6:62:00:d7:a6:4e:80:6f:39:6f:6b:81:d6:74:05:
                    cf:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:92:E6:0C:D7:C3:35:07:CC:C0:9E:B4:D3:52:5C:4A:B4:5E:5D:5A
            X509v3 Authority Key Identifier:
                keyid:42:CF:4A:12:8D:09:DF:C4:B8:B0:35:A1:2C:D8:31:F9:F7:B0:14:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qs9KEo0J38S4sDWhLNgx-fewFGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/aZLmDNfDNQfMwJ6001JcSrReXVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/5da729-ba26-4fda-9011-0b04375f9b36/1/Qs9KEo0J38S4sDWhLNgx-fewFGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:d2:f6:ff:c4:ac:61:7c:7b:d4:0f:1f:e8:bb:5d:5b:da:ff:
         dd:37:48:9b:58:a6:2b:d9:c2:de:0e:6a:35:11:a1:22:dc:0b:
         35:22:52:6d:4f:00:de:3d:54:f7:4f:62:7c:ea:70:b9:5a:9d:
         87:fe:08:23:8b:df:78:7f:49:dc:13:e6:18:f8:77:5b:b7:b4:
         75:41:ab:67:33:e4:bb:8e:c3:ac:74:82:cd:09:f5:79:4e:31:
         28:fd:2b:5a:6e:28:7d:2a:5b:dc:58:8f:84:0d:24:9e:55:bc:
         8a:c7:c4:42:85:f1:8b:26:e6:c2:ef:2c:cf:bd:7d:27:cc:85:
         a4:97:f6:95:f4:7b:55:f7:7b:48:c8:ac:42:ff:c9:7f:e6:22:
         98:9d:04:5e:4d:98:75:dd:5a:87:f5:ef:17:1d:7b:b9:da:f8:
         af:35:c3:77:0a:10:a4:4b:5c:f4:b2:41:50:07:4c:cc:ce:28:
         9d:2d:e8:92:45:17:8b:cf:c7:8d:a4:d5:1e:03:24:3d:b0:76:
         69:a6:41:18:34:5c:8b:52:aa:cc:1e:43:1d:92:38:b3:cf:01:
         a4:2e:72:bf:c4:92:d6:00:d8:77:44:4e:cf:22:6c:8d:08:61:
         88:5a:d0:62:ca:eb:a1:39:7d:e8:5a:68:66:24:b0:64:61:1f:
         9c:43:38:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt6W3+bYnu0qgW+PF4K83HqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyY2Y0YTEyOGQwOWRmYzRiOGIwMzVhMTJjZDgzMWY5Zjdi
MDE0NjkwHhcNMjYwMTAxMTYxOTM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTkyZTYwY2Q3YzMzNTA3Y2NjMDllYjRkMzUyNWM0YWI0NWU1ZDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9CGtuFo/mz6Aft4e5AmnCgX2HA7Y
86ylBWDymuiPOr/75vSOhB50ZCtQsmCadByo3T22aA+jmYV9xbtiQBfICIGmS6ve
chPKuV5VSi96ocg4OL/YRAcxOrcU7WsY5w7bkPfMeRXbquAONjlx7eBHPlqbSlqf
Hz93iTtiAR2keCqjMD+w1fCwrrR/7SSHkrQNa8lAgfx2m4fbUk0ePzzTesso9BOa
01R7Tij06KRCKRqezWCb9CV85obnMWv7aekvNZQilWuckUgH+371dvDTo2uFmIDC
AGcXBEOYsRwGP2vtrHIBYMCe2MHePUtJ/PnWYgDXpk6Abzlva4HWdAXPlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGmS5gzXwzUHzMCetNNSXEq0Xl1aMB8GA1UdIwQY
MBaAFELPShKNCd/EuLA1oSzYMfn3sBRpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEt
MGIwNDM3NWY5YjM2LzEvYVpMbUROZkROUWZNd0o2MDAxSmNTclJlWFZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC81ZGE3MjktYmEyNi00ZmRhLTkwMTEtMGIwNDM3NWY5YjM2
LzEvUXM5S0VvMEozOFM0c0RXaExOZ3gtZmV3RkdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/eoMA0G
CSqGSIb3DQEBCwUAA4IBAQA/0vb/xKxhfHvUDx/ou11b2v/dN0ibWKYr2cLeDmo1
EaEi3As1IlJtTwDePVT3T2J86nC5Wp2H/ggji994f0ncE+YY+Hdbt7R1QatnM+S7
jsOsdILNCfV5TjEo/Stabih9KlvcWI+EDSSeVbyKx8RChfGLJubC7yzPvX0nzIWk
l/aV9HtV93tIyKxC/8l/5iKYnQReTZh13VqH9e8XHXu52vivNcN3ChCkS1z0skFQ
B0zMziidLeiSRReLz8eNpNUeAyQ9sHZppkEYNFyLUqrMHkMdkjizzwGkLnK/xJLW
ANh3RE7PImyNCGGIWtBiyuuhOX3oWmhmJLBkYR+cQzit
-----END CERTIFICATE-----