Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/j4nUYOaKHoPffJAz1cqPosqerIk.roa
File:                     j4nUYOaKHoPffJAz1cqPosqerIk.roa (raw, json)
Hash identifier:          qzx6KYLIX2I4Q509IMnF1YKlqNXT2ELmgiXx8moWdwc=
Subject key identifier:   8F:89:D4:60:E6:8A:1E:83:DF:7C:90:33:D5:CA:8F:A2:CA:9E:AC:89
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019C2F364BED6481F247B4062EFFA3BB0E4E
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/j4nUYOaKHoPffJAz1cqPosqerIk.roa
Signing time:             Thu 05 Feb 2026 19:10:13 +0000
ROA not before:           Thu 05 Feb 2026 19:10:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201907
IP address blocks:        91.186.220.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2f:36:4b:ed:64:81:f2:47:b4:06:2e:ff:a3:bb:0e:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Feb  5 19:10:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8f89d460e68a1e83df7c9033d5ca8fa2ca9eac89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:38:c7:f2:c8:cc:63:25:81:df:47:36:42:55:
                    a1:64:7d:c4:c3:70:88:73:16:0a:59:1a:a8:ad:cb:
                    47:c4:92:55:1f:72:24:66:a1:29:82:1b:9f:ca:06:
                    26:e1:e1:a8:31:f9:20:56:90:84:8a:d8:d5:11:e6:
                    58:f8:ab:44:6f:63:9c:01:68:5c:fc:51:a5:8c:62:
                    3d:c0:13:23:b6:f5:98:07:35:bb:d1:58:ea:43:8f:
                    b4:3d:36:62:fc:6e:1e:4e:82:ba:1b:e8:89:1d:80:
                    fc:b8:41:04:d2:d7:0c:bc:6c:26:1d:86:c9:c0:8a:
                    cd:4e:e4:a9:a9:61:dc:99:cf:ec:23:1d:1d:c8:7f:
                    d4:e4:b4:f6:31:f2:d0:d3:01:92:ac:d1:d0:4b:5b:
                    ee:cb:9c:f5:42:ed:95:0a:26:62:73:ac:99:07:eb:
                    73:fb:7c:96:97:95:27:6d:f5:88:f8:88:60:ca:ba:
                    42:55:4d:97:10:3a:2d:af:dc:5a:a5:5f:5f:30:24:
                    28:63:4a:ea:c2:ae:89:b0:9b:ee:85:07:94:62:f6:
                    1c:62:23:eb:c3:ec:da:a4:e8:8d:73:d0:89:46:a5:
                    b4:3c:18:35:8a:5e:ea:85:c5:5a:e4:d3:3c:1b:4f:
                    cc:0e:df:09:9f:0d:3b:01:a2:ab:0b:c9:c5:07:d5:
                    a3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:89:D4:60:E6:8A:1E:83:DF:7C:90:33:D5:CA:8F:A2:CA:9E:AC:89
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/j4nUYOaKHoPffJAz1cqPosqerIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:03:59:4b:da:42:6b:58:3e:2f:ea:5f:c4:81:8e:4b:c7:c4:
         b2:63:8e:c3:03:4d:f9:d3:dc:e4:82:cb:25:8e:eb:2d:06:a6:
         46:cc:f9:0a:4a:8d:fb:a4:22:f0:3e:d2:0d:53:c2:74:ee:06:
         8f:7c:33:b0:97:d5:ec:46:a8:fe:0c:73:10:d6:d0:bc:4d:27:
         79:10:bc:8c:f8:3a:79:82:87:6a:2c:12:f8:a9:3c:ba:f6:41:
         7a:51:ff:b1:df:74:15:c9:26:51:4b:c3:36:75:d3:6d:ac:0a:
         98:a7:26:ed:76:84:da:04:61:7f:04:69:b4:34:6c:d2:e3:2b:
         32:5b:47:6b:7b:96:b0:6e:0a:0d:51:f5:d1:19:6a:5a:8d:a3:
         1a:0a:2a:47:0c:c8:0f:5c:28:69:aa:0d:66:47:54:fb:85:3b:
         ec:31:9b:1b:f9:fb:6d:f3:63:84:00:7d:95:80:fc:c5:37:24:
         3f:a5:3f:7f:7c:bc:b6:05:9b:dc:c3:f6:b4:95:e0:b9:7a:a5:
         d0:04:cb:54:18:a7:33:c9:46:ac:d7:31:33:00:e5:01:34:30:
         d9:01:dd:1b:ad:d9:7a:8f:49:33:01:87:12:be:55:db:06:cb:
         55:56:50:b3:a7:46:e5:9e:79:0b:fe:72:84:ef:3c:be:2d:bb:
         3f:87:2f:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwvNkvtZIHyR7QGLv+juw5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwMjA1MTkxMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Zjg5ZDQ2MGU2OGExZTgzZGY3YzkwMzNkNWNhOGZhMmNhOWVhYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjjH8sjMYyWB30c2QlWhZH3Ew3CI
cxYKWRqorctHxJJVH3IkZqEpghufygYm4eGoMfkgVpCEitjVEeZY+KtEb2OcAWhc
/FGljGI9wBMjtvWYBzW70VjqQ4+0PTZi/G4eToK6G+iJHYD8uEEE0tcMvGwmHYbJ
wIrNTuSpqWHcmc/sIx0dyH/U5LT2MfLQ0wGSrNHQS1vuy5z1Qu2VCiZic6yZB+tz
+3yWl5UnbfWI+IhgyrpCVU2XEDotr9xapV9fMCQoY0rqwq6JsJvuhQeUYvYcYiPr
w+zapOiNc9CJRqW0PBg1il7qhcVa5NM8G0/MDt8Jnw07AaKrC8nFB9WjtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+J1GDmih6D33yQM9XKj6LKnqyJMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvajRuVVlPYUtIb1BmZkpBejFjcVBvc3FlcklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW7rcMA0G
CSqGSIb3DQEBCwUAA4IBAQANA1lL2kJrWD4v6l/EgY5Lx8SyY47DA03509zkgssl
justBqZGzPkKSo37pCLwPtINU8J07gaPfDOwl9XsRqj+DHMQ1tC8TSd5ELyM+Dp5
godqLBL4qTy69kF6Uf+x33QVySZRS8M2ddNtrAqYpybtdoTaBGF/BGm0NGzS4ysy
W0dre5awbgoNUfXRGWpajaMaCipHDMgPXChpqg1mR1T7hTvsMZsb+ftt82OEAH2V
gPzFNyQ/pT9/fLy2BZvcw/a0leC5eqXQBMtUGKczyUas1zEzAOUBNDDZAd0brdl6
j0kzAYcSvlXbBstVVlCzp0blnnkL/nKE7zy+Lbs/hy/z
-----END CERTIFICATE-----