Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/c4f2e2-0188-4a43-8503-d2601cc12377/1/VrOdFAUKX1ouwmCsQ9_XlNyNq1s.roa
File:                     VrOdFAUKX1ouwmCsQ9_XlNyNq1s.roa (raw, json)
Hash identifier:          n2RF1UdtGKXTdxJvkP7iUrdA4Ve98kwr+cqIiG+JbSg=
Subject key identifier:   56:B3:9D:14:05:0A:5F:5A:2E:C2:60:AC:43:DF:D7:94:DC:8D:AB:5B
Certificate issuer:       /CN=4db952ed1cd7a3803cf4dbfd340ea74963268ba0
Certificate serial:       019B7BA3BC25489D8099F9393BEE791BA3FF
Authority key identifier: 4D:B9:52:ED:1C:D7:A3:80:3C:F4:DB:FD:34:0E:A7:49:63:26:8B:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TblS7RzXo4A89Nv9NA6nSWMmi6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/c4f2e2-0188-4a43-8503-d2601cc12377/1/VrOdFAUKX1ouwmCsQ9_XlNyNq1s.roa
Signing time:             Thu 01 Jan 2026 22:18:06 +0000
ROA not before:           Thu 01 Jan 2026 22:18:06 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50578
IP address blocks:        91.238.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/c4f2e2-0188-4a43-8503-d2601cc12377/1/TblS7RzXo4A89Nv9NA6nSWMmi6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/c4f2e2-0188-4a43-8503-d2601cc12377/1/TblS7RzXo4A89Nv9NA6nSWMmi6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TblS7RzXo4A89Nv9NA6nSWMmi6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a3:bc:25:48:9d:80:99:f9:39:3b:ee:79:1b:a3:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4db952ed1cd7a3803cf4dbfd340ea74963268ba0
        Validity
            Not Before: Jan  1 22:18:06 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56b39d14050a5f5a2ec260ac43dfd794dc8dab5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:65:e6:a8:3b:30:08:a9:f5:af:b6:ee:86:da:
                    d6:07:3c:de:fd:20:cc:6b:86:9c:33:2b:6c:13:30:
                    5d:66:66:21:15:5d:32:01:83:1a:83:40:2b:36:68:
                    22:e7:2d:3f:16:e4:17:66:23:f1:62:31:1d:69:39:
                    6a:53:ad:24:2b:bd:19:41:a5:fa:7c:75:22:d0:2e:
                    ef:fc:d2:ca:46:6c:77:45:f2:1f:2e:f1:f1:af:e9:
                    ab:08:1d:91:a2:56:23:38:d9:f1:ab:c4:66:b3:cd:
                    8d:77:97:8b:11:8b:8c:72:75:ca:d6:79:ae:f6:ad:
                    dd:bb:09:a8:ce:d7:52:00:c9:47:71:98:de:3c:26:
                    81:c5:4e:a7:5e:c7:e6:93:f7:ca:1b:61:09:07:bc:
                    03:09:4b:70:48:98:ad:98:69:c4:21:95:4b:f5:92:
                    ed:35:1e:56:0c:87:ce:ad:2e:4b:fa:96:52:89:8c:
                    43:fa:16:9b:2e:dd:c0:13:61:7f:f2:16:56:0c:75:
                    df:36:16:b9:3f:a7:17:1d:a5:00:94:5a:09:34:25:
                    33:78:63:9a:c9:a9:ad:eb:8d:5b:6c:da:4a:ba:e5:
                    c0:5e:f7:a1:0b:0f:be:df:6b:0a:8e:67:9a:ce:a3:
                    a8:b7:63:a8:b2:1b:cb:03:df:73:7f:78:6f:41:a2:
                    c6:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:B3:9D:14:05:0A:5F:5A:2E:C2:60:AC:43:DF:D7:94:DC:8D:AB:5B
            X509v3 Authority Key Identifier:
                keyid:4D:B9:52:ED:1C:D7:A3:80:3C:F4:DB:FD:34:0E:A7:49:63:26:8B:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TblS7RzXo4A89Nv9NA6nSWMmi6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c4f2e2-0188-4a43-8503-d2601cc12377/1/VrOdFAUKX1ouwmCsQ9_XlNyNq1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/c4f2e2-0188-4a43-8503-d2601cc12377/1/TblS7RzXo4A89Nv9NA6nSWMmi6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:cf:28:b3:c9:ba:48:7e:39:cf:8d:a7:e1:4f:a5:ac:3e:75:
         26:47:f7:f8:a4:e1:33:02:36:46:96:e3:59:2d:0e:e5:93:00:
         be:01:d6:b3:3e:24:ee:ab:58:6e:41:9d:2d:ce:cf:44:ca:f0:
         80:a1:7c:56:b9:e4:e0:f2:8f:54:a9:ae:8e:a9:7a:41:b1:65:
         ff:c5:a2:21:a0:82:e8:a9:fe:d0:30:b8:c0:38:1a:c7:3d:99:
         76:b5:28:0b:9d:3d:9e:e9:b9:39:fd:a2:ba:52:a9:d8:3a:43:
         ce:4a:63:b1:03:3f:cb:1c:54:f9:9c:e2:4a:2f:81:f5:c1:02:
         38:03:3d:15:99:70:3a:71:f3:cb:5c:51:e7:aa:1c:b9:74:38:
         ef:a3:ce:54:c7:f4:a8:ee:c2:53:a3:4c:27:e6:05:f6:44:90:
         a2:3a:21:fe:39:0a:a7:ea:c2:b4:2d:33:b8:95:f1:58:93:7c:
         71:cc:33:e6:7c:d7:c6:84:3e:24:ac:a0:69:35:5e:9f:be:bb:
         12:fe:e0:06:fb:48:a2:7f:5d:8f:4f:c5:e4:5d:4e:d4:b0:dc:
         18:95:64:dd:f5:7b:9e:97:12:06:94:fe:08:7e:f8:0c:22:53:
         74:48:b2:e0:d0:82:e2:74:b2:2f:8b:ab:64:21:91:02:fc:25:
         6f:65:dd:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7o7wlSJ2Amfk5O+55G6P/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYjk1MmVkMWNkN2EzODAzY2Y0ZGJmZDM0MGVhNzQ5NjMy
NjhiYTAwHhcNMjYwMTAxMjIxODA2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmIzOWQxNDA1MGE1ZjVhMmVjMjYwYWM0M2RmZDc5NGRjOGRhYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjGXmqDswCKn1r7buhtrWBzze/SDM
a4acMytsEzBdZmYhFV0yAYMag0ArNmgi5y0/FuQXZiPxYjEdaTlqU60kK70ZQaX6
fHUi0C7v/NLKRmx3RfIfLvHxr+mrCB2RolYjONnxq8Rms82Nd5eLEYuMcnXK1nmu
9q3duwmoztdSAMlHcZjePCaBxU6nXsfmk/fKG2EJB7wDCUtwSJitmGnEIZVL9ZLt
NR5WDIfOrS5L+pZSiYxD+habLt3AE2F/8hZWDHXfNha5P6cXHaUAlFoJNCUzeGOa
yamt641bbNpKuuXAXvehCw++32sKjmeazqOot2OoshvLA99zf3hvQaLGdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFaznRQFCl9aLsJgrEPf15TcjatbMB8GA1UdIwQY
MBaAFE25Uu0c16OAPPTb/TQOp0ljJougMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGJsUzdSelhvNEE4OU52OU5BNm5TV01taTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9jNGYyZTItMDE4OC00YTQzLTg1MDMt
ZDI2MDFjYzEyMzc3LzEvVnJPZEZBVUtYMW91d21Dc1E5X1hsTnlOcTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9jNGYyZTItMDE4OC00YTQzLTg1MDMtZDI2MDFjYzEyMzc3
LzEvVGJsUzdSelhvNEE4OU52OU5BNm5TV01taTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+4yMA0G
CSqGSIb3DQEBCwUAA4IBAQBWzyizybpIfjnPjafhT6WsPnUmR/f4pOEzAjZGluNZ
LQ7lkwC+AdazPiTuq1huQZ0tzs9EyvCAoXxWueTg8o9Uqa6OqXpBsWX/xaIhoILo
qf7QMLjAOBrHPZl2tSgLnT2e6bk5/aK6UqnYOkPOSmOxAz/LHFT5nOJKL4H1wQI4
Az0VmXA6cfPLXFHnqhy5dDjvo85Ux/So7sJTo0wn5gX2RJCiOiH+OQqn6sK0LTO4
lfFYk3xxzDPmfNfGhD4krKBpNV6fvrsS/uAG+0iif12PT8XkXU7UsNwYlWTd9Xue
lxIGlP4IfvgMIlN0SLLg0ILidLIvi6tkIZEC/CVvZd2n
-----END CERTIFICATE-----