Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/3oGVu0O8WvuLGv8f2Jt9dxPSv2A.roa
File:                     3oGVu0O8WvuLGv8f2Jt9dxPSv2A.roa (raw, json)
Hash identifier:          4mJ9zwVzZQxqJbzR75wLCS8IQ+/ppt2TeN93BoHL9DY=
Subject key identifier:   DE:81:95:BB:43:BC:5A:FB:8B:1A:FF:1F:D8:9B:7D:77:13:D2:BF:60
Certificate issuer:       /CN=8afbc64d593fc073c693143566310295de0a8337
Certificate serial:       019B7C8084D603D6622CB9EBFB417F3072F8
Authority key identifier: 8A:FB:C6:4D:59:3F:C0:73:C6:93:14:35:66:31:02:95:DE:0A:83:37
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/3oGVu0O8WvuLGv8f2Jt9dxPSv2A.roa
Signing time:             Fri 02 Jan 2026 02:19:15 +0000
ROA not before:           Fri 02 Jan 2026 02:19:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202288
IP address blocks:        91.244.245.0/24 maxlen: 24
                          2001:678:728::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:80:84:d6:03:d6:62:2c:b9:eb:fb:41:7f:30:72:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8afbc64d593fc073c693143566310295de0a8337
        Validity
            Not Before: Jan  2 02:19:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de8195bb43bc5afb8b1aff1fd89b7d7713d2bf60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:5f:2c:1c:c2:86:4a:15:e0:71:aa:5d:27:83:
                    3e:c3:73:0b:40:ce:53:b5:ec:79:93:20:17:2e:7a:
                    cd:1e:6d:25:9a:d1:10:69:e2:36:2f:b7:e6:7a:33:
                    16:fb:6e:4d:6d:3a:d7:49:29:5c:90:e1:d3:a8:a1:
                    8e:b4:8d:3a:b5:40:29:58:36:a2:f5:dd:f2:05:24:
                    4e:37:95:92:10:ef:e6:14:5b:26:eb:f2:67:48:16:
                    c4:3e:f3:3e:d9:8f:da:0d:92:2d:96:b4:50:2a:df:
                    97:06:be:ab:ff:c0:26:b5:d5:d5:54:9e:2e:5b:4d:
                    39:db:66:ce:ef:4a:41:d0:09:00:dd:f3:7c:a0:15:
                    ac:5c:a9:0b:6a:69:de:c7:31:7e:66:f8:7c:36:c6:
                    46:d0:35:2c:08:da:3d:bc:c9:bb:02:d9:58:40:7a:
                    92:af:da:f2:23:af:3c:30:a9:ed:a2:ab:c1:9f:a7:
                    4b:f7:fb:44:02:f9:2a:16:85:40:22:52:16:9c:62:
                    dc:7d:df:c8:e5:39:cf:e4:38:f2:69:a6:7e:1e:21:
                    cd:38:a6:c9:65:01:c0:1a:e3:9f:1e:ed:93:c9:f2:
                    b4:b4:37:3a:0a:51:ec:6f:31:95:4d:80:f0:73:fb:
                    d6:2d:a3:e4:49:ef:b8:70:5d:4e:c6:63:97:7a:46:
                    9c:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:81:95:BB:43:BC:5A:FB:8B:1A:FF:1F:D8:9B:7D:77:13:D2:BF:60
            X509v3 Authority Key Identifier:
                keyid:8A:FB:C6:4D:59:3F:C0:73:C6:93:14:35:66:31:02:95:DE:0A:83:37

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/3oGVu0O8WvuLGv8f2Jt9dxPSv2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/46bece-502f-4f0d-b724-1097da9ddf27/1/ivvGTVk_wHPGkxQ1ZjECld4Kgzc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.244.245.0/24
                IPv6:
                  2001:678:728::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:3b:a0:69:16:66:51:0b:f3:54:05:4e:53:f7:6d:b0:bd:62:
         ff:06:80:09:f0:e6:62:31:be:98:3a:ea:27:3c:78:9f:79:ad:
         29:ea:d4:66:4e:3d:5b:31:aa:fc:16:a4:ba:f7:a7:62:1e:8d:
         35:4c:37:95:5b:af:66:97:d0:b2:31:f5:73:b6:34:c9:67:30:
         b1:cf:56:03:7b:da:57:fb:55:54:bc:90:52:38:cb:3b:df:40:
         7a:80:cb:df:13:67:7b:79:d6:b9:68:87:a6:36:26:03:32:72:
         79:b5:6c:02:1f:df:c8:1b:8e:4c:76:60:5d:c6:d9:1d:90:a7:
         01:47:de:a2:87:5c:0a:e7:8e:2d:f9:05:d0:39:6f:0d:63:f3:
         f1:af:fa:c1:6b:19:87:d4:da:ab:1c:3d:34:ae:89:37:fc:ca:
         84:8c:17:85:9a:b1:29:a4:34:0a:0f:be:ba:c0:2f:13:d0:19:
         83:be:4c:bc:f6:94:5c:f5:76:6d:f4:8c:56:d6:21:8e:4a:a5:
         35:c7:6b:fa:ea:62:3d:7f:cb:a7:8e:d1:b9:fc:64:d8:8c:66:
         71:f5:69:90:50:9f:95:b0:ea:9e:a3:85:2e:e1:ba:8b:b6:9e:
         8a:c9:fc:5a:9e:d2:5c:dd:3f:d6:70:f4:cb:20:b0:c8:ca:ea:
         22:06:5f:57
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt8gITWA9ZiLLnr+0F/MHL4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhZmJjNjRkNTkzZmMwNzNjNjkzMTQzNTY2MzEwMjk1ZGUw
YTgzMzcwHhcNMjYwMTAyMDIxOTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTgxOTViYjQzYmM1YWZiOGIxYWZmMWZkODliN2Q3NzEzZDJiZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzF8sHMKGShXgcapdJ4M+w3MLQM5T
tex5kyAXLnrNHm0lmtEQaeI2L7fmejMW+25NbTrXSSlckOHTqKGOtI06tUApWDai
9d3yBSRON5WSEO/mFFsm6/JnSBbEPvM+2Y/aDZItlrRQKt+XBr6r/8AmtdXVVJ4u
W00522bO70pB0AkA3fN8oBWsXKkLamnexzF+Zvh8NsZG0DUsCNo9vMm7AtlYQHqS
r9ryI688MKntoqvBn6dL9/tEAvkqFoVAIlIWnGLcfd/I5TnP5DjyaaZ+HiHNOKbJ
ZQHAGuOfHu2TyfK0tDc6ClHsbzGVTYDwc/vWLaPkSe+4cF1OxmOXekacKQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFN6BlbtDvFr7ixr/H9ibfXcT0r9gMB8GA1UdIwQY
MBaAFIr7xk1ZP8BzxpMUNWYxApXeCoM3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXZ2R1RWa193SFBHa3hRMVpqRUNsZDRLZ3pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC80NmJlY2UtNTAyZi00ZjBkLWI3MjQt
MTA5N2RhOWRkZjI3LzEvM29HVnUwTzhXdnVMR3Y4ZjJKdDlkeFBTdjJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC80NmJlY2UtNTAyZi00ZjBkLWI3MjQtMTA5N2RhOWRkZjI3
LzEvaXZ2R1RWa193SFBHa3hRMVpqRUNsZDRLZ3pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/T1MA8E
AgACMAkDBwAgAQZ4BygwDQYJKoZIhvcNAQELBQADggEBAJI7oGkWZlEL81QFTlP3
bbC9Yv8GgAnw5mIxvpg66ic8eJ95rSnq1GZOPVsxqvwWpLr3p2IejTVMN5Vbr2aX
0LIx9XO2NMlnMLHPVgN72lf7VVS8kFI4yzvfQHqAy98TZ3t51rloh6Y2JgMycnm1
bAIf38gbjkx2YF3G2R2QpwFH3qKHXArnji35BdA5bw1j8/Gv+sFrGYfU2qscPTSu
iTf8yoSMF4WasSmkNAoPvrrALxPQGYO+TLz2lFz1dm30jFbWIY5KpTXHa/rqYj1/
y6eO0bn8ZNiMZnH1aZBQn5Ww6p6jhS7huou2norJ/Fqe0lzdP9Zw9MsgsMjK6iIG
X1c=
-----END CERTIFICATE-----