Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/xUFWVXWG8jvZRSVOePtSKH6GSXc.roa
File:                     xUFWVXWG8jvZRSVOePtSKH6GSXc.roa (raw, json)
Hash identifier:          SPlD00845Cci2SPbrzXpwUia+Xpnie29kSvO/GdHQ7U=
Subject key identifier:   C5:41:56:55:75:86:F2:3B:D9:45:25:4E:78:FB:52:28:7E:86:49:77
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       019D6C42A5DC6B3B1F8BFB1EB6F6A718D09B
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/xUFWVXWG8jvZRSVOePtSKH6GSXc.roa
Signing time:             Wed 08 Apr 2026 08:43:20 +0000
ROA not before:           Wed 08 Apr 2026 08:43:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42532
IP address blocks:        91.197.0.0/22 maxlen: 22
                          2a11:8100::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6c:42:a5:dc:6b:3b:1f:8b:fb:1e:b6:f6:a7:18:d0:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Apr  8 08:43:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c54156557586f23bd945254e78fb52287e864977
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:3f:3e:1c:81:10:93:ea:cd:b9:bc:45:4f:da:
                    2d:34:66:97:2e:d8:d7:20:75:89:f7:b2:b2:49:28:
                    3d:48:d0:c8:97:b8:76:27:3f:56:8e:bb:23:5a:a1:
                    ec:c2:6b:d3:78:d7:7b:69:d9:36:37:4b:ab:7b:f1:
                    55:e5:43:1c:60:c5:d4:6a:1c:a2:75:66:77:06:ca:
                    ce:48:c8:d2:a4:e9:20:c5:31:67:21:1e:c3:21:d7:
                    6f:f4:43:b5:1d:d6:b3:ea:8a:84:6a:63:06:b3:42:
                    b2:bf:a6:76:f2:b1:54:9d:c6:bf:91:16:6e:2a:1c:
                    9d:58:a5:c4:e1:7e:00:45:b8:32:67:b9:0b:8b:b2:
                    f0:43:72:28:01:16:d4:89:87:18:5c:1e:55:a3:3e:
                    f8:e2:2e:72:fd:a4:44:79:54:40:11:78:47:90:7f:
                    c2:87:8e:0a:13:cc:06:60:c8:a9:fc:07:f8:fb:f7:
                    61:ed:b2:39:06:63:c3:63:a8:1b:f7:3d:c3:4a:75:
                    05:ff:e0:26:03:10:5e:b0:61:81:ed:31:0b:19:e6:
                    e9:71:f0:54:03:37:e7:bd:dc:30:9d:ec:55:ff:23:
                    f3:7d:51:74:a6:e5:b3:b0:cb:c9:5a:9f:f5:0c:72:
                    63:d7:47:5f:51:31:bb:4f:27:93:8b:43:1c:07:64:
                    ba:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:41:56:55:75:86:F2:3B:D9:45:25:4E:78:FB:52:28:7E:86:49:77
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/xUFWVXWG8jvZRSVOePtSKH6GSXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.0.0/22
                IPv6:
                  2a11:8100::/32

    Signature Algorithm: sha256WithRSAEncryption
         08:d8:a4:a7:45:0f:1b:7a:a5:7b:ac:00:ea:72:d8:13:fa:ee:
         54:b3:41:32:18:a7:d1:82:ad:90:24:ac:28:da:6b:1e:37:eb:
         f3:96:aa:f0:fb:cf:c5:92:ff:90:94:4d:f9:58:da:51:91:01:
         1c:45:7e:43:56:ed:03:e2:d1:57:f5:37:22:7b:e9:70:a2:1c:
         aa:ad:14:15:ce:b3:3c:6e:c5:dd:ab:82:70:a6:ea:44:10:9f:
         7a:95:3d:2b:d7:20:93:1b:7a:7a:57:5a:b8:2c:a9:c4:1c:b5:
         69:7a:0c:9a:7f:da:af:40:3e:fe:f3:45:4e:d5:ff:db:c9:88:
         0b:bf:3d:bd:86:1a:89:fc:b3:c7:43:46:12:67:26:a8:bd:f1:
         3d:ae:89:e0:84:31:ea:16:5c:7d:c3:1b:e1:0c:13:76:ea:fe:
         7e:c7:ca:04:2f:16:71:ed:ef:14:bf:91:88:6a:40:7a:68:c4:
         f3:df:39:51:50:5b:55:61:ad:e9:1f:1b:8a:99:d7:df:8e:c1:
         f1:9d:fb:17:cf:ed:27:95:bf:7d:d1:49:86:d7:59:ce:1e:78:
         2c:1a:73:b3:18:c6:b3:49:88:c2:2c:3e:60:9a:81:82:79:7c:
         c2:f1:a5:0b:1c:1f:58:e4:26:4e:6c:83:cc:16:8b:7f:4f:cd:
         67:37:4c:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ1sQqXcazsfi/setvanGNCbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjYwNDA4MDg0MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTQxNTY1NTc1ODZmMjNiZDk0NTI1NGU3OGZiNTIyODdlODY0OTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5j8+HIEQk+rNubxFT9otNGaXLtjX
IHWJ97KySSg9SNDIl7h2Jz9WjrsjWqHswmvTeNd7adk2N0ure/FV5UMcYMXUahyi
dWZ3BsrOSMjSpOkgxTFnIR7DIddv9EO1Hdaz6oqEamMGs0Kyv6Z28rFUnca/kRZu
KhydWKXE4X4ARbgyZ7kLi7LwQ3IoARbUiYcYXB5Voz744i5y/aREeVRAEXhHkH/C
h44KE8wGYMip/Af4+/dh7bI5BmPDY6gb9z3DSnUF/+AmAxBesGGB7TELGebpcfBU
AzfnvdwwnexV/yPzfVF0puWzsMvJWp/1DHJj10dfUTG7TyeTi0McB2S6UwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMVBVlV1hvI72UUlTnj7Uih+hkl3MB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEveFVGV1ZYV0c4anZaUlNWT2VQdFNLSDZHU1hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCW8UAMA0E
AgACMAcDBQAqEYEAMA0GCSqGSIb3DQEBCwUAA4IBAQAI2KSnRQ8beqV7rADqctgT
+u5Us0EyGKfRgq2QJKwo2mseN+vzlqrw+8/Fkv+QlE35WNpRkQEcRX5DVu0D4tFX
9Tcie+lwohyqrRQVzrM8bsXdq4JwpupEEJ96lT0r1yCTG3p6V1q4LKnEHLVpegya
f9qvQD7+80VO1f/byYgLvz29hhqJ/LPHQ0YSZyaovfE9ronghDHqFlx9wxvhDBN2
6v5+x8oELxZx7e8Uv5GIakB6aMTz3zlRUFtVYa3pHxuKmdffjsHxnfsXz+0nlb99
0UmG11nOHngsGnOzGMazSYjCLD5gmoGCeXzC8aULHB9Y5CZObIPMFot/T81nN0zs
-----END CERTIFICATE-----