Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/u4vgRPiGJN_uy7XS4Ei6ANq07Xk.roa
File:                     u4vgRPiGJN_uy7XS4Ei6ANq07Xk.roa (raw, json)
Hash identifier:          B983HqaReMNEcqs8+hdzrl8wmUkdYz1ezJd1jwO+3yE=
Subject key identifier:   BB:8B:E0:44:F8:86:24:DF:EE:CB:B5:D2:E0:48:BA:00:DA:B4:ED:79
Certificate issuer:       /CN=21cf53481d133bacf527868dba1b3763e3d6dda7
Certificate serial:       019B78A369311170543F3B545304E337BC66
Authority key identifier: 21:CF:53:48:1D:13:3B:AC:F5:27:86:8D:BA:1B:37:63:E3:D6:DD:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/u4vgRPiGJN_uy7XS4Ei6ANq07Xk.roa
Signing time:             Thu 01 Jan 2026 08:18:53 +0000
ROA not before:           Thu 01 Jan 2026 08:18:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197716
IP address blocks:        91.226.8.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a3:69:31:11:70:54:3f:3b:54:53:04:e3:37:bc:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21cf53481d133bacf527868dba1b3763e3d6dda7
        Validity
            Not Before: Jan  1 08:18:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb8be044f88624dfeecbb5d2e048ba00dab4ed79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:75:a9:d0:50:0b:2b:8b:dd:4e:58:bd:cf:4a:
                    8f:a6:dd:6d:e0:ad:29:1c:83:69:01:e5:83:fe:a3:
                    2f:4a:78:ea:67:68:32:b5:a6:08:c7:79:eb:b2:a4:
                    42:e0:0a:5b:e2:c9:ae:96:31:08:90:c5:5e:92:b6:
                    58:c3:07:f6:58:04:7e:71:71:95:90:ac:a9:f8:fc:
                    27:14:5e:8a:28:be:2f:b4:02:e9:b8:16:43:41:de:
                    6c:66:cc:8e:21:2d:dc:95:d4:49:1e:8d:8b:ef:ec:
                    15:b2:71:c5:4b:90:49:70:2a:0f:70:94:13:f2:ed:
                    4d:9a:48:ea:05:17:d4:a2:0a:53:7c:85:88:d0:40:
                    76:b1:ed:89:77:e5:66:02:29:42:0f:99:f0:36:bb:
                    e2:b2:69:3f:03:69:39:a5:86:3c:0d:27:74:74:61:
                    76:9d:29:90:7f:b8:50:26:75:04:a3:ef:10:22:ed:
                    39:4b:c1:f5:85:b0:a5:33:e5:36:d1:95:e2:2c:f3:
                    f9:ea:0d:74:aa:1b:62:98:42:41:39:24:e8:40:73:
                    c9:f4:51:2d:4c:56:27:bc:94:b5:b3:fa:3d:79:7c:
                    8f:e5:b1:f6:eb:d9:a7:1f:c1:05:43:6c:83:ee:23:
                    e9:33:9b:28:6d:dd:5d:8f:55:dd:f2:40:20:99:98:
                    d3:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:8B:E0:44:F8:86:24:DF:EE:CB:B5:D2:E0:48:BA:00:DA:B4:ED:79
            X509v3 Authority Key Identifier:
                keyid:21:CF:53:48:1D:13:3B:AC:F5:27:86:8D:BA:1B:37:63:E3:D6:DD:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/u4vgRPiGJN_uy7XS4Ei6ANq07Xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/725b88-c523-4313-9e30-02c1e19a71d5/1/Ic9TSB0TO6z1J4aNuhs3Y-PW3ac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.226.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         65:5c:ed:38:e2:89:b8:0b:19:0e:75:4a:a4:d0:aa:91:d7:20:
         88:6b:c3:4f:59:d5:a4:da:98:ba:5e:99:b2:be:3d:62:4e:9b:
         b8:03:d5:c5:3e:67:60:fc:02:0b:c7:c8:64:fa:e0:d1:fa:ae:
         3e:02:20:42:a1:4b:6c:e0:9b:21:ee:87:c3:2b:f1:19:d7:72:
         d1:c7:ff:92:18:dc:f3:3a:08:13:13:23:cd:91:48:2e:5b:26:
         a6:1d:d8:e6:4b:18:2c:1d:f5:77:a9:7b:70:1d:62:a8:5e:e1:
         37:58:8f:58:a7:55:d4:28:17:69:bd:22:fc:a6:d5:c7:a8:ca:
         e0:ee:88:6a:5d:0d:27:ac:1d:68:9f:a9:2b:a6:33:c9:85:7f:
         73:bb:b2:16:ba:05:13:9b:ad:f7:a6:49:02:f0:32:18:77:d7:
         19:85:a2:43:e4:d9:2c:0a:4d:84:e6:9e:6d:60:cd:a2:85:bf:
         7d:82:a8:73:5c:90:88:cd:d1:32:cc:1e:88:88:ef:42:08:da:
         06:f4:e8:89:ef:11:e6:ba:71:57:bf:62:95:8f:b1:0b:de:0e:
         26:d8:32:20:80:ea:b7:00:29:76:9e:f9:1e:72:b6:ba:9e:57:
         d4:c0:48:4b:ee:7f:90:bd:45:99:f9:9b:8a:16:e6:f4:2e:d5:
         2e:63:6f:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4o2kxEXBUPztUUwTjN7xmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxY2Y1MzQ4MWQxMzNiYWNmNTI3ODY4ZGJhMWIzNzYzZTNk
NmRkYTcwHhcNMjYwMTAxMDgxODUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjhiZTA0NGY4ODYyNGRmZWVjYmI1ZDJlMDQ4YmEwMGRhYjRlZDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1nWp0FALK4vdTli9z0qPpt1t4K0p
HINpAeWD/qMvSnjqZ2gytaYIx3nrsqRC4Apb4smuljEIkMVekrZYwwf2WAR+cXGV
kKyp+PwnFF6KKL4vtALpuBZDQd5sZsyOIS3cldRJHo2L7+wVsnHFS5BJcCoPcJQT
8u1NmkjqBRfUogpTfIWI0EB2se2Jd+VmAilCD5nwNrvismk/A2k5pYY8DSd0dGF2
nSmQf7hQJnUEo+8QIu05S8H1hbClM+U20ZXiLPP56g10qhtimEJBOSToQHPJ9FEt
TFYnvJS1s/o9eXyP5bH269mnH8EFQ2yD7iPpM5sobd1dj1Xd8kAgmZjTKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuL4ET4hiTf7su10uBIugDatO15MB8GA1UdIwQY
MBaAFCHPU0gdEzus9SeGjbobN2Pj1t2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWM5VFNCMFRPNnoxSjRhTnVoczNZLVBXM2FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS83MjViODgtYzUyMy00MzEzLTllMzAt
MDJjMWUxOWE3MWQ1LzEvdTR2Z1JQaUdKTl91eTdYUzRFaTZBTnEwN1hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS83MjViODgtYzUyMy00MzEzLTllMzAtMDJjMWUxOWE3MWQ1
LzEvSWM5VFNCMFRPNnoxSjRhTnVoczNZLVBXM2FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+IIMA0G
CSqGSIb3DQEBCwUAA4IBAQBlXO044om4CxkOdUqk0KqR1yCIa8NPWdWk2pi6Xpmy
vj1iTpu4A9XFPmdg/AILx8hk+uDR+q4+AiBCoUts4Jsh7ofDK/EZ13LRx/+SGNzz
OggTEyPNkUguWyamHdjmSxgsHfV3qXtwHWKoXuE3WI9Yp1XUKBdpvSL8ptXHqMrg
7ohqXQ0nrB1on6krpjPJhX9zu7IWugUTm633pkkC8DIYd9cZhaJD5NksCk2E5p5t
YM2ihb99gqhzXJCIzdEyzB6IiO9CCNoG9OiJ7xHmunFXv2KVj7EL3g4m2DIggOq3
ACl2nvkecra6nlfUwEhL7n+QvUWZ+ZuKFub0LtUuY2/w
-----END CERTIFICATE-----