Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/ryuLKef_IroC7PFQdKy3-YDqSJA.roa
File:                     ryuLKef_IroC7PFQdKy3-YDqSJA.roa (raw, json)
Hash identifier:          RsW64+NIzEg1i7l38AMRGxCtDbntws+JXmRcjIu9krk=
Subject key identifier:   AF:2B:8B:29:E7:FF:22:BA:02:EC:F1:50:74:AC:B7:F9:80:EA:48:90
Certificate issuer:       /CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
Certificate serial:       019D4EBC231D4EF38D9993CE8FF0C782D5FA
Authority key identifier: 5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/ryuLKef_IroC7PFQdKy3-YDqSJA.roa
Signing time:             Thu 02 Apr 2026 15:07:25 +0000
ROA not before:           Thu 02 Apr 2026 15:07:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210079
IP address blocks:        91.234.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4e:bc:23:1d:4e:f3:8d:99:93:ce:8f:f0:c7:82:d5:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e0ff8aaf7453114147028d54ae1c693a8a147bc
        Validity
            Not Before: Apr  2 15:07:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af2b8b29e7ff22ba02ecf15074acb7f980ea4890
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c3:ce:74:3f:44:0c:82:9f:ef:82:b0:2f:bd:
                    27:55:8c:59:56:e5:d1:73:72:36:91:1b:a0:1f:a4:
                    d9:d3:7b:3b:4d:04:bd:0d:96:17:9c:be:1e:f3:a9:
                    54:6a:e8:26:ad:28:5d:19:f7:23:0a:c0:e0:1a:77:
                    a6:10:c5:9e:f7:3e:c4:c1:1f:a3:c0:a0:e3:dc:2e:
                    5c:77:bb:4b:39:dc:36:b8:a7:a5:7e:f1:5f:b6:25:
                    20:79:39:45:97:b3:3a:c7:37:b8:45:c8:83:f0:66:
                    95:79:45:a5:02:61:cc:1d:45:76:d2:a0:ec:57:d5:
                    d7:ed:07:a8:4e:7e:dd:75:e8:84:90:d2:d7:70:21:
                    99:49:9a:61:91:8d:13:c8:1d:ff:1d:ec:81:0d:22:
                    66:cd:55:83:b4:3c:fc:f5:d9:35:28:d2:9d:89:13:
                    ea:26:c6:34:94:41:1c:d3:0e:34:4d:1f:75:90:4b:
                    4e:d5:4c:b0:e1:eb:ae:d8:36:0c:af:50:a5:00:21:
                    d3:5c:d1:3d:fc:08:56:04:3b:95:9e:8e:43:36:24:
                    04:cc:29:fd:78:53:85:af:b0:3f:e2:83:ea:5f:32:
                    bf:e6:f8:e1:2d:4e:25:05:42:cc:24:7b:94:13:1e:
                    a3:2f:a2:17:e5:7a:8b:a3:83:dd:30:bd:9a:91:bf:
                    4c:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:2B:8B:29:E7:FF:22:BA:02:EC:F1:50:74:AC:B7:F9:80:EA:48:90
            X509v3 Authority Key Identifier:
                keyid:5E:0F:F8:AA:F7:45:31:14:14:70:28:D5:4A:E1:C6:93:A8:A1:47:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/ryuLKef_IroC7PFQdKy3-YDqSJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/dd6e1d-abc9-473b-a91a-d8721375644a/1/Xg_4qvdFMRQUcCjVSuHGk6ihR7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:14:7a:2e:d9:e5:2e:df:51:3f:f9:e4:00:10:03:d9:60:df:
         db:7d:81:cf:9e:95:1e:8d:e4:6c:20:d3:ea:f2:9c:b2:3c:df:
         8f:e0:d4:6e:62:f6:1c:d9:8a:bf:5e:06:d0:af:9a:6e:34:89:
         1a:a5:e9:9e:dc:c8:cf:e6:b9:97:83:03:24:81:f8:cd:4c:21:
         14:07:1f:d9:78:77:a2:bb:17:a1:b0:70:d8:41:bc:7b:ec:fa:
         f5:1b:4a:bd:f8:41:f2:7d:eb:f3:0f:75:6d:50:ad:18:31:87:
         8b:c9:fa:69:95:79:7b:f9:d3:0a:e6:1a:fa:9d:57:7a:f7:79:
         c0:dd:35:c9:ba:cc:a1:71:16:dd:23:8b:d1:e4:73:0f:78:44:
         b0:27:99:1f:10:0f:63:35:66:6b:d7:fb:bd:66:ac:7d:6b:bb:
         f5:60:0c:da:e6:19:dd:b8:f8:b6:58:48:aa:ca:31:79:c0:48:
         76:f7:04:56:65:de:aa:bd:e7:66:88:e3:a8:a4:90:4b:3e:c9:
         7b:51:a6:82:35:ce:84:72:51:ed:94:03:3e:38:19:97:88:1f:
         b6:04:b3:a4:ed:85:a2:3c:3c:3d:6e:42:0d:38:17:f5:5b:2a:
         00:af:f2:35:36:dc:bc:8d:ba:ac:12:46:ae:21:5c:c8:90:9c:
         c7:cf:35:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1OvCMdTvONmZPOj/DHgtX6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMGZmOGFhZjc0NTMxMTQxNDcwMjhkNTRhZTFjNjkzYThh
MTQ3YmMwHhcNMjYwNDAyMTUwNzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjJiOGIyOWU3ZmYyMmJhMDJlY2YxNTA3NGFjYjdmOTgwZWE0ODkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcPOdD9EDIKf74KwL70nVYxZVuXR
c3I2kRugH6TZ03s7TQS9DZYXnL4e86lUaugmrShdGfcjCsDgGnemEMWe9z7EwR+j
wKDj3C5cd7tLOdw2uKelfvFftiUgeTlFl7M6xze4RciD8GaVeUWlAmHMHUV20qDs
V9XX7QeoTn7ddeiEkNLXcCGZSZphkY0TyB3/HeyBDSJmzVWDtDz89dk1KNKdiRPq
JsY0lEEc0w40TR91kEtO1Uyw4euu2DYMr1ClACHTXNE9/AhWBDuVno5DNiQEzCn9
eFOFr7A/4oPqXzK/5vjhLU4lBULMJHuUEx6jL6IX5XqLo4PdML2akb9MEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK8riynn/yK6AuzxUHSst/mA6kiQMB8GA1UdIwQY
MBaAFF4P+Kr3RTEUFHAo1UrhxpOooUe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEt
ZDg3MjEzNzU2NDRhLzEvcnl1TEtlZl9Jcm9DN1BGUWRLeTMtWURxU0pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9kZDZlMWQtYWJjOS00NzNiLWE5MWEtZDg3MjEzNzU2NDRh
LzEvWGdfNHF2ZEZNUlFVY0NqVlN1SEdrNmloUjd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+pjMA0G
CSqGSIb3DQEBCwUAA4IBAQA0FHou2eUu31E/+eQAEAPZYN/bfYHPnpUejeRsINPq
8pyyPN+P4NRuYvYc2Yq/XgbQr5puNIkapeme3MjP5rmXgwMkgfjNTCEUBx/ZeHei
uxehsHDYQbx77Pr1G0q9+EHyfevzD3VtUK0YMYeLyfpplXl7+dMK5hr6nVd693nA
3TXJusyhcRbdI4vR5HMPeESwJ5kfEA9jNWZr1/u9Zqx9a7v1YAza5hnduPi2WEiq
yjF5wEh29wRWZd6qvedmiOOopJBLPsl7UaaCNc6EclHtlAM+OBmXiB+2BLOk7YWi
PDw9bkINOBf1WyoAr/I1Nty8jbqsEkauIVzIkJzHzzU+
-----END CERTIFICATE-----