Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/54af68-4074-45c9-95e9-57d5f401b564/1/d05NZs7Vp4A4bdkkXQCy0ZcAG_M.roa
File:                     d05NZs7Vp4A4bdkkXQCy0ZcAG_M.roa (raw, json)
Hash identifier:          pxpY0wF8UltIS3jIz+gxPx1Ot7KUGL05x2qdaWnLALU=
Subject key identifier:   77:4E:4D:66:CE:D5:A7:80:38:6D:D9:24:5D:00:B2:D1:97:00:1B:F3
Certificate issuer:       /CN=6b6cc790695b719b923c74d20fab7e63c18bc736
Certificate serial:       019B7BA3358494863D7F3810CC60067835BD
Authority key identifier: 6B:6C:C7:90:69:5B:71:9B:92:3C:74:D2:0F:AB:7E:63:C1:8B:C7:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a2zHkGlbcZuSPHTSD6t-Y8GLxzY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/54af68-4074-45c9-95e9-57d5f401b564/1/d05NZs7Vp4A4bdkkXQCy0ZcAG_M.roa
Signing time:             Thu 01 Jan 2026 22:17:32 +0000
ROA not before:           Thu 01 Jan 2026 22:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206825
IP address blocks:        91.198.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/54af68-4074-45c9-95e9-57d5f401b564/1/a2zHkGlbcZuSPHTSD6t-Y8GLxzY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/54af68-4074-45c9-95e9-57d5f401b564/1/a2zHkGlbcZuSPHTSD6t-Y8GLxzY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a2zHkGlbcZuSPHTSD6t-Y8GLxzY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:35:84:94:86:3d:7f:38:10:cc:60:06:78:35:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b6cc790695b719b923c74d20fab7e63c18bc736
        Validity
            Not Before: Jan  1 22:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=774e4d66ced5a780386dd9245d00b2d197001bf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c3:94:5c:93:bb:7e:77:e1:91:5b:ae:c9:a9:
                    2f:27:30:37:b7:8a:0f:de:15:2c:b6:cc:8d:b6:9f:
                    e5:76:28:de:ed:04:5d:b5:05:fc:95:98:95:58:67:
                    b6:e1:ed:38:41:8c:3c:f9:83:3e:64:47:95:44:4b:
                    60:fb:92:b8:28:ab:d8:c3:3f:d5:c4:6e:eb:4d:76:
                    b1:5a:21:6f:9e:48:b5:19:a3:58:88:3b:63:83:33:
                    e3:44:3e:a3:b3:13:3d:0b:d8:41:03:9f:bb:89:5f:
                    c2:0d:fb:bf:dd:3f:6b:fe:2e:53:dc:c6:fb:44:38:
                    ad:93:52:4a:11:bd:ec:fd:bc:ac:72:c6:8d:f8:2d:
                    f3:b5:97:8d:30:1a:87:ac:5e:e7:04:9b:17:77:dd:
                    a7:d2:be:54:71:bc:05:80:50:2e:07:e1:47:29:d7:
                    80:ba:d2:a6:ea:f7:0b:66:92:d9:7e:81:e4:e5:7e:
                    2f:ba:4c:1a:1a:42:66:87:5a:77:69:dc:50:ed:7a:
                    c1:34:86:74:91:6e:2e:9f:71:fe:10:33:ce:d9:44:
                    83:9c:4d:b5:69:5b:3a:2a:bd:6c:f1:a6:a7:74:4c:
                    14:90:59:d8:7b:51:7e:51:48:a1:99:95:37:59:f0:
                    be:dc:6f:19:90:13:de:80:8f:b2:38:c2:00:4a:d9:
                    23:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:4E:4D:66:CE:D5:A7:80:38:6D:D9:24:5D:00:B2:D1:97:00:1B:F3
            X509v3 Authority Key Identifier:
                keyid:6B:6C:C7:90:69:5B:71:9B:92:3C:74:D2:0F:AB:7E:63:C1:8B:C7:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2zHkGlbcZuSPHTSD6t-Y8GLxzY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/54af68-4074-45c9-95e9-57d5f401b564/1/d05NZs7Vp4A4bdkkXQCy0ZcAG_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/54af68-4074-45c9-95e9-57d5f401b564/1/a2zHkGlbcZuSPHTSD6t-Y8GLxzY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:eb:24:c8:4b:54:8a:a3:28:ad:f6:ce:2c:03:ed:40:44:73:
         d3:0b:32:41:49:08:bb:62:06:e9:a0:35:59:d1:c3:a8:71:ff:
         cd:6c:9b:e8:21:51:4b:2b:98:a2:3c:14:6d:d1:8d:aa:b8:cf:
         30:92:8d:5d:fe:21:b2:f6:db:c8:b0:97:48:6d:aa:e7:81:cc:
         b6:0b:db:af:60:bf:fc:e6:4e:56:46:44:10:2c:3c:8a:ae:e0:
         90:3c:a0:ae:5c:a1:b5:b5:cf:c7:bd:1b:ad:78:7f:ee:33:a3:
         65:59:0a:a8:f6:83:ce:7f:a2:5b:44:5c:4d:3e:96:24:29:45:
         54:d2:a0:87:95:ba:d4:b7:0b:61:81:6f:b5:2e:1e:c7:7e:4e:
         1f:21:c7:ee:14:4e:1a:17:94:51:f9:4c:2c:03:bb:95:ea:f8:
         c9:9c:95:1e:ce:ad:ac:3c:db:ad:e9:9b:ac:60:f1:7f:e5:29:
         b4:48:d1:c0:ee:d5:0a:8f:00:6d:32:31:ae:4c:d6:47:54:42:
         f6:24:8c:4f:86:84:59:82:1e:86:87:14:ea:bc:9b:ce:a1:a1:
         2d:bb:ef:60:7e:6b:27:4a:c9:d2:bd:4b:df:85:53:50:dc:7c:
         28:c5:62:a2:b1:3a:ea:9b:d0:ba:01:7d:e8:7b:17:39:7e:00:
         45:c8:54:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7ozWElIY9fzgQzGAGeDW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNmNjNzkwNjk1YjcxOWI5MjNjNzRkMjBmYWI3ZTYzYzE4
YmM3MzYwHhcNMjYwMTAxMjIxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzRlNGQ2NmNlZDVhNzgwMzg2ZGQ5MjQ1ZDAwYjJkMTk3MDAxYmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsOUXJO7fnfhkVuuyakvJzA3t4oP
3hUstsyNtp/ldije7QRdtQX8lZiVWGe24e04QYw8+YM+ZEeVREtg+5K4KKvYwz/V
xG7rTXaxWiFvnki1GaNYiDtjgzPjRD6jsxM9C9hBA5+7iV/CDfu/3T9r/i5T3Mb7
RDitk1JKEb3s/byscsaN+C3ztZeNMBqHrF7nBJsXd92n0r5UcbwFgFAuB+FHKdeA
utKm6vcLZpLZfoHk5X4vukwaGkJmh1p3adxQ7XrBNIZ0kW4un3H+EDPO2USDnE21
aVs6Kr1s8aandEwUkFnYe1F+UUihmZU3WfC+3G8ZkBPegI+yOMIAStkjUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHdOTWbO1aeAOG3ZJF0AstGXABvzMB8GA1UdIwQY
MBaAFGtsx5BpW3Gbkjx00g+rfmPBi8c2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTJ6SGtHbGJjWnVTUEhUU0Q2dC1ZOEdMeHpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi81NGFmNjgtNDA3NC00NWM5LTk1ZTkt
NTdkNWY0MDFiNTY0LzEvZDA1TlpzN1ZwNEE0YmRra1hRQ3kwWmNBR19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi81NGFmNjgtNDA3NC00NWM5LTk1ZTktNTdkNWY0MDFiNTY0
LzEvYTJ6SGtHbGJjWnVTUEhUU0Q2dC1ZOEdMeHpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8buMA0G
CSqGSIb3DQEBCwUAA4IBAQBo6yTIS1SKoyit9s4sA+1ARHPTCzJBSQi7YgbpoDVZ
0cOocf/NbJvoIVFLK5iiPBRt0Y2quM8wko1d/iGy9tvIsJdIbarngcy2C9uvYL/8
5k5WRkQQLDyKruCQPKCuXKG1tc/HvRuteH/uM6NlWQqo9oPOf6JbRFxNPpYkKUVU
0qCHlbrUtwthgW+1Lh7Hfk4fIcfuFE4aF5RR+UwsA7uV6vjJnJUezq2sPNut6Zus
YPF/5Sm0SNHA7tUKjwBtMjGuTNZHVEL2JIxPhoRZgh6GhxTqvJvOoaEtu+9gfmsn
SsnSvUvfhVNQ3HwoxWKisTrqm9C6AX3oexc5fgBFyFTk
-----END CERTIFICATE-----