Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/qD19c679_U-R1KpLZPoSZYrOB_g.roa
File:                     qD19c679_U-R1KpLZPoSZYrOB_g.roa (raw, json)
Hash identifier:          AVlLbbAWUJViqnpZBmcM//1MK7djciRelqBjvUqR7wA=
Subject key identifier:   A8:3D:7D:73:AE:FD:FD:4F:91:D4:AA:4B:64:FA:12:65:8A:CE:07:F8
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019E9427656F97069C50A3DE3ABC5C3660B7
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/qD19c679_U-R1KpLZPoSZYrOB_g.roa
Signing time:             Thu 04 Jun 2026 19:41:10 +0000
ROA not before:           Thu 04 Jun 2026 19:41:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        91.186.210.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:94:27:65:6f:97:06:9c:50:a3:de:3a:bc:5c:36:60:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Jun  4 19:41:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a83d7d73aefdfd4f91d4aa4b64fa12658ace07f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:fc:4b:35:c7:14:62:16:21:77:10:c5:63:17:
                    fb:03:56:20:c9:82:3a:2e:40:de:a6:b0:48:9c:d8:
                    22:0c:98:98:19:e4:05:55:41:d1:b7:4d:48:61:ac:
                    61:a8:84:6a:df:d2:f9:35:ef:d9:7c:a8:fe:b8:c2:
                    bc:c0:10:43:72:83:e2:1d:9f:bb:13:96:e7:12:8c:
                    f8:74:80:cb:20:82:8a:1d:3e:7a:db:57:e6:3c:12:
                    c2:a9:40:e6:a9:d7:6d:04:19:3f:13:4f:e1:25:c7:
                    fa:ed:a5:2d:cf:31:13:13:28:a5:e4:c1:6e:bb:49:
                    df:6c:b2:39:55:4b:db:58:b4:13:0f:3c:5e:52:68:
                    d8:d7:1b:0a:ae:bd:72:4b:15:a0:f5:e8:c7:f1:8f:
                    c4:21:1a:2a:62:39:39:59:6a:0a:4d:bd:a7:15:36:
                    26:72:c8:51:af:8f:f6:44:6d:ff:d5:03:cb:34:65:
                    a3:a3:fc:4b:07:b8:ce:64:ba:ae:97:b8:34:4d:e5:
                    0a:a9:5c:da:85:2d:c5:f1:b8:dd:0f:6d:e4:6b:cc:
                    7e:77:15:90:a2:8c:28:65:78:34:20:1d:8a:6a:07:
                    57:6b:d5:51:38:79:a9:7b:65:cc:f1:a0:e2:ce:f9:
                    b6:de:79:b5:26:9c:5a:6b:0a:1b:21:44:fb:7d:79:
                    ce:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:3D:7D:73:AE:FD:FD:4F:91:D4:AA:4B:64:FA:12:65:8A:CE:07:F8
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/qD19c679_U-R1KpLZPoSZYrOB_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         78:2a:0e:37:20:17:94:2e:68:5e:51:dc:10:be:65:70:c1:ad:
         a6:60:22:12:cb:65:76:5e:62:b1:c0:48:ae:c6:89:e2:87:61:
         57:81:4e:96:c2:f8:db:76:dc:4e:f9:3c:f6:44:b7:8b:0e:16:
         a4:3c:84:35:3b:22:6b:18:6e:ae:88:60:59:6b:45:6c:bf:de:
         e7:3a:ce:f8:a8:bf:22:2e:3a:25:93:16:ae:8c:e5:d4:c3:bb:
         7a:cc:bd:ef:97:01:84:ab:98:7d:71:52:e1:f1:fc:c7:88:43:
         88:95:4d:bd:c7:51:83:13:3e:c8:a0:63:19:e0:15:5e:32:5a:
         e0:8c:b4:60:1c:75:51:7f:c8:c9:a9:c3:ba:73:10:85:d2:4f:
         2e:a5:2a:ab:5b:ee:a8:c1:9e:02:80:aa:a8:e1:79:e1:3d:5c:
         a6:0d:ff:e1:39:fa:bf:84:47:37:c9:81:de:20:8d:65:f8:18:
         e0:c4:98:84:c7:69:bf:1d:03:fe:c4:57:11:8f:c5:e6:f6:42:
         39:af:3d:86:65:48:af:d8:8c:f8:c4:af:c0:02:d8:6b:01:c0:
         9f:1c:1a:60:80:f2:f4:7a:f8:6d:77:cc:af:51:e5:73:26:e1:
         ac:08:12:00:98:04:7b:6d:52:fb:0d:de:86:d4:0a:ff:bc:c0:
         0a:19:cd:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6UJ2VvlwacUKPeOrxcNmC3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwNjA0MTk0MTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODNkN2Q3M2FlZmRmZDRmOTFkNGFhNGI2NGZhMTI2NThhY2UwN2Y4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtfxLNccUYhYhdxDFYxf7A1YgyYI6
LkDeprBInNgiDJiYGeQFVUHRt01IYaxhqIRq39L5Ne/ZfKj+uMK8wBBDcoPiHZ+7
E5bnEoz4dIDLIIKKHT5621fmPBLCqUDmqddtBBk/E0/hJcf67aUtzzETEyil5MFu
u0nfbLI5VUvbWLQTDzxeUmjY1xsKrr1ySxWg9ejH8Y/EIRoqYjk5WWoKTb2nFTYm
cshRr4/2RG3/1QPLNGWjo/xLB7jOZLqul7g0TeUKqVzahS3F8bjdD23ka8x+dxWQ
oowoZXg0IB2KagdXa9VROHmpe2XM8aDizvm23nm1JpxaawobIUT7fXnORwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKg9fXOu/f1PkdSqS2T6EmWKzgf4MB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvcUQxOWM2NzlfVS1SMUtwTFpQb1NaWXJPQl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW7rSMA0G
CSqGSIb3DQEBCwUAA4IBAQB4Kg43IBeULmheUdwQvmVwwa2mYCISy2V2XmKxwEiu
xonih2FXgU6WwvjbdtxO+Tz2RLeLDhakPIQ1OyJrGG6uiGBZa0Vsv97nOs74qL8i
LjolkxaujOXUw7t6zL3vlwGEq5h9cVLh8fzHiEOIlU29x1GDEz7IoGMZ4BVeMlrg
jLRgHHVRf8jJqcO6cxCF0k8upSqrW+6owZ4CgKqo4XnhPVymDf/hOfq/hEc3yYHe
II1l+BjgxJiEx2m/HQP+xFcRj8Xm9kI5rz2GZUiv2Iz4xK/AAthrAcCfHBpggPL0
evhtd8yvUeVzJuGsCBIAmAR7bVL7Dd6G1Ar/vMAKGc1F
-----END CERTIFICATE-----