Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/X_0hIN0va-0jvdAJVMfFLxivNSA.roa
File:                     X_0hIN0va-0jvdAJVMfFLxivNSA.roa (raw, json)
Hash identifier:          k1fbZWSxifyuA7Cy1hbrkSYFKAfUuvJ6q3xYjvLFtgg=
Subject key identifier:   5F:FD:21:20:DD:2F:6B:ED:23:BD:D0:09:54:C7:C5:2F:18:AF:35:20
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019D7C61D9856038CF62C962C48D6BB9CC26
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/X_0hIN0va-0jvdAJVMfFLxivNSA.roa
Signing time:             Sat 11 Apr 2026 11:51:20 +0000
ROA not before:           Sat 11 Apr 2026 11:51:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204339
IP address blocks:        91.186.208.0/22 maxlen: 24
                          91.186.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:7c:61:d9:85:60:38:cf:62:c9:62:c4:8d:6b:b9:cc:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Apr 11 11:51:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ffd2120dd2f6bed23bdd00954c7c52f18af3520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:85:8c:09:85:6a:e3:ec:6f:15:54:5c:9c:8a:
                    0f:61:c0:a6:99:15:98:3c:18:09:19:d2:f6:84:97:
                    4d:0b:aa:d3:60:09:c5:ba:12:93:48:b6:ba:f9:41:
                    93:c8:97:bb:d6:62:e1:6a:cc:34:ac:45:ad:a7:46:
                    32:1c:71:dc:f4:2b:59:1c:b6:91:b7:80:e3:19:80:
                    d4:c7:99:cf:32:b1:55:91:dd:dd:ad:72:2b:f2:d1:
                    c7:f5:d2:52:19:87:2e:cf:db:88:4f:d1:6e:3f:4e:
                    2d:98:ec:b7:1c:8c:08:ce:4c:79:cc:5c:d6:c9:8f:
                    2f:33:31:66:df:25:6e:be:77:57:b5:12:a2:d5:57:
                    fc:97:4d:fc:20:e3:37:cc:a8:33:3a:e7:8e:70:c9:
                    77:52:4f:16:4c:14:08:7d:64:46:16:ee:2b:52:61:
                    9a:d4:c6:31:9d:cc:1d:b2:13:3e:d3:27:59:46:f7:
                    84:ef:82:99:4f:33:ef:8e:59:9d:43:08:7b:b3:55:
                    43:78:68:a4:4d:6c:dc:03:02:c6:9f:25:34:bc:de:
                    0e:8b:b2:2e:b3:51:e3:18:e4:2a:9e:b9:f6:06:18:
                    42:ce:ff:a6:88:6c:a4:dc:1f:c0:fe:b6:c5:8d:45:
                    7c:d4:57:d6:51:49:64:ca:b4:cd:ec:16:50:89:8f:
                    0f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:FD:21:20:DD:2F:6B:ED:23:BD:D0:09:54:C7:C5:2F:18:AF:35:20
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/X_0hIN0va-0jvdAJVMfFLxivNSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.208.0/22
                  91.186.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:ec:85:ca:87:05:f8:18:29:20:0b:4b:e1:16:ba:c9:3e:80:
         1d:a8:b6:c9:e6:25:f2:70:08:aa:aa:1e:4f:62:8e:08:ce:5e:
         ef:b6:10:d9:db:a7:63:58:02:8e:a2:e3:81:8c:65:74:9f:51:
         06:8a:72:99:05:6b:3d:1f:e2:2f:55:a1:a4:d9:67:15:97:c2:
         2a:29:39:a9:fc:dd:dd:eb:86:43:49:78:95:fc:f8:de:1e:fe:
         ff:58:a2:f3:5b:71:20:b5:9f:f8:84:6b:42:9d:4d:a1:82:92:
         32:df:67:e4:5d:84:e1:dc:98:f1:ac:d4:98:85:a5:01:ca:8b:
         e9:9f:99:14:85:cd:4d:a8:ca:8f:a6:56:61:ad:a3:25:21:cc:
         66:87:61:9a:53:16:fc:58:a3:82:be:63:0b:af:96:b9:19:1e:
         2c:d4:53:1d:9c:98:99:52:5d:8a:ae:6e:f5:ce:30:51:39:84:
         a0:9f:60:b9:35:e1:2c:fa:9f:30:46:74:62:bc:f5:b0:4e:78:
         ad:b3:47:36:3d:c6:e8:c6:7c:f8:a2:f4:f3:84:ab:81:0d:c1:
         bc:fc:3b:75:36:11:a7:43:70:6c:b0:31:d1:f7:db:8f:31:70:
         1f:ee:b4:6b:20:59:64:fb:0f:f1:5b:3c:b4:b0:3f:f4:9a:49:
         17:d3:30:99
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ18YdmFYDjPYslixI1rucwmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNDExMTE1MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmZkMjEyMGRkMmY2YmVkMjNiZGQwMDk1NGM3YzUyZjE4YWYzNTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0oWMCYVq4+xvFVRcnIoPYcCmmRWY
PBgJGdL2hJdNC6rTYAnFuhKTSLa6+UGTyJe71mLhasw0rEWtp0YyHHHc9CtZHLaR
t4DjGYDUx5nPMrFVkd3drXIr8tHH9dJSGYcuz9uIT9FuP04tmOy3HIwIzkx5zFzW
yY8vMzFm3yVuvndXtRKi1Vf8l038IOM3zKgzOueOcMl3Uk8WTBQIfWRGFu4rUmGa
1MYxncwdshM+0ydZRveE74KZTzPvjlmdQwh7s1VDeGikTWzcAwLGnyU0vN4Oi7Iu
s1HjGOQqnrn2BhhCzv+miGyk3B/A/rbFjUV81FfWUUlkyrTN7BZQiY8PAwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF/9ISDdL2vtI73QCVTHxS8YrzUgMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvWF8waElOMHZhLTBqdmRBSlZNZkZMeGl2TlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW7rQAwQC
W7rcMA0GCSqGSIb3DQEBCwUAA4IBAQBF7IXKhwX4GCkgC0vhFrrJPoAdqLbJ5iXy
cAiqqh5PYo4Izl7vthDZ26djWAKOouOBjGV0n1EGinKZBWs9H+IvVaGk2WcVl8Iq
KTmp/N3d64ZDSXiV/PjeHv7/WKLzW3EgtZ/4hGtCnU2hgpIy32fkXYTh3JjxrNSY
haUByovpn5kUhc1NqMqPplZhraMlIcxmh2GaUxb8WKOCvmMLr5a5GR4s1FMdnJiZ
Ul2Krm71zjBROYSgn2C5NeEs+p8wRnRivPWwTnits0c2Pcboxnz4ovTzhKuBDcG8
/Dt1NhGnQ3BssDHR99uPMXAf7rRrIFlk+w/xWzy0sD/0mkkX0zCZ
-----END CERTIFICATE-----