Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/gw4BPb4uAJDOzJ_Kafu7dXfPcw4.roa
File:                     gw4BPb4uAJDOzJ_Kafu7dXfPcw4.roa (raw, json)
Hash identifier:          MfusxviaX8fqxiMBAVkmOufZsFOf9Mn6gCko9leOsUY=
Subject key identifier:   83:0E:01:3D:BE:2E:00:90:CE:CC:9F:CA:69:FB:BB:75:77:CF:73:0E
Certificate issuer:       /CN=07f231365985828d5a9663ed1b440624b24fec13
Certificate serial:       019D66DE1D413C6A21EBDE91165C7EA44A2F
Authority key identifier: 07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/gw4BPb4uAJDOzJ_Kafu7dXfPcw4.roa
Signing time:             Tue 07 Apr 2026 07:35:25 +0000
ROA not before:           Tue 07 Apr 2026 07:35:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        91.199.42.0/24 maxlen: 24
                          91.199.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:66:de:1d:41:3c:6a:21:eb:de:91:16:5c:7e:a4:4a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f231365985828d5a9663ed1b440624b24fec13
        Validity
            Not Before: Apr  7 07:35:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=830e013dbe2e0090cecc9fca69fbbb7577cf730e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c7:d5:2f:e3:b6:69:d7:0a:68:5b:47:bf:11:
                    2b:79:84:52:ab:f4:27:19:d6:e6:5f:86:2f:da:15:
                    0f:c5:d0:a3:7d:29:7b:a2:aa:b4:36:e9:cf:6a:3b:
                    95:ac:e0:62:48:4c:cb:15:cd:0b:08:e4:e4:29:3f:
                    91:df:fa:49:ea:7a:e8:70:bc:77:ba:21:a3:42:a8:
                    46:d8:d9:50:1c:b3:f1:aa:e7:0a:22:27:3a:d9:00:
                    34:2e:0c:1c:03:df:29:c1:fe:d9:81:5b:ca:3e:6b:
                    aa:97:07:c2:35:73:0d:48:24:8d:00:47:98:38:e3:
                    75:ca:7f:68:5c:9d:f1:9e:72:68:1a:19:82:68:a9:
                    0b:00:63:92:15:00:6b:af:4f:99:24:1e:48:be:c9:
                    e9:66:8a:eb:cd:89:14:3d:cb:de:e4:0d:18:56:53:
                    af:92:5a:a8:f5:13:be:5a:9c:76:77:a2:36:b0:54:
                    4e:53:35:4a:54:ab:d9:f4:eb:73:88:41:74:96:3b:
                    f8:42:3c:da:df:11:d8:1b:07:c8:41:9d:5f:5d:25:
                    e4:b9:c9:96:2e:a9:e0:e3:c4:67:cf:6f:ea:c9:6e:
                    64:8d:65:95:de:8f:c4:26:f1:a1:5c:89:9a:95:95:
                    79:7f:04:d7:1e:37:59:b7:09:2a:eb:b8:76:33:98:
                    ad:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:0E:01:3D:BE:2E:00:90:CE:CC:9F:CA:69:FB:BB:75:77:CF:73:0E
            X509v3 Authority Key Identifier:
                keyid:07:F2:31:36:59:85:82:8D:5A:96:63:ED:1B:44:06:24:B2:4F:EC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_IxNlmFgo1almPtG0QGJLJP7BM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/gw4BPb4uAJDOzJ_Kafu7dXfPcw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/ef5fb3-3e56-4b77-aac7-085fa0a56052/1/B_IxNlmFgo1almPtG0QGJLJP7BM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.42.0/24
                  91.199.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:21:1e:9e:ef:90:fb:a8:15:86:56:52:14:72:75:ac:09:81:
         95:3e:b2:00:5e:f3:58:14:8e:d5:7d:ea:a2:07:a8:71:54:ad:
         bb:44:f2:15:fa:c7:ea:4a:23:5b:22:a3:06:78:32:d5:b9:9f:
         0b:79:34:86:e0:1e:38:bb:8e:4f:5c:de:dd:1e:a4:f8:a7:df:
         26:7a:19:22:c1:09:0c:e1:3a:72:81:37:ac:18:07:e4:84:7d:
         bf:e7:50:48:24:a6:e9:bc:81:e9:56:35:95:9a:ce:e1:33:da:
         5f:79:e0:82:0b:f4:eb:0b:5d:2a:81:ab:cd:df:05:e6:5c:14:
         d3:de:b4:98:d8:6a:e6:56:5f:35:34:75:77:f0:85:1a:74:7b:
         10:b8:48:7c:71:50:46:dc:77:07:c3:4e:30:5e:db:d0:b3:a6:
         9d:a0:36:eb:aa:32:d3:26:9d:bd:0e:78:a7:ea:0a:70:e0:4a:
         58:71:7c:8b:07:53:73:34:c6:9b:9f:a1:4f:10:67:08:57:f6:
         c5:3c:e2:78:17:08:88:fa:e6:0f:bf:57:36:f3:6f:1a:4e:52:
         06:49:a0:29:62:5a:ad:ab:6b:e3:7b:fe:d7:e4:c7:dd:2e:08:
         69:89:87:90:99:36:dd:2f:e6:14:b4:1b:49:42:bc:8e:bb:04:
         b9:20:54:49
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1m3h1BPGoh696RFlx+pEovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjIzMTM2NTk4NTgyOGQ1YTk2NjNlZDFiNDQwNjI0YjI0
ZmVjMTMwHhcNMjYwNDA3MDczNTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzBlMDEzZGJlMmUwMDkwY2VjYzlmY2E2OWZiYmI3NTc3Y2Y3MzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8fVL+O2adcKaFtHvxEreYRSq/Qn
GdbmX4Yv2hUPxdCjfSl7oqq0NunPajuVrOBiSEzLFc0LCOTkKT+R3/pJ6nrocLx3
uiGjQqhG2NlQHLPxqucKIic62QA0LgwcA98pwf7ZgVvKPmuqlwfCNXMNSCSNAEeY
OON1yn9oXJ3xnnJoGhmCaKkLAGOSFQBrr0+ZJB5IvsnpZorrzYkUPcve5A0YVlOv
klqo9RO+Wpx2d6I2sFROUzVKVKvZ9OtziEF0ljv4Qjza3xHYGwfIQZ1fXSXkucmW
Lqng48Rnz2/qyW5kjWWV3o/EJvGhXImalZV5fwTXHjdZtwkq67h2M5itmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIMOAT2+LgCQzsyfymn7u3V3z3MOMB8GA1UdIwQY
MBaAFAfyMTZZhYKNWpZj7RtEBiSyT+wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzct
MDg1ZmEwYTU2MDUyLzEvZ3c0QlBiNHVBSkRPekpfS2FmdTdkWGZQY3c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS9lZjVmYjMtM2U1Ni00Yjc3LWFhYzctMDg1ZmEwYTU2MDUy
LzEvQl9JeE5sbUZnbzFhbG1QdEcwUUdKTEpQN0JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW8cqAwQA
W8cvMA0GCSqGSIb3DQEBCwUAA4IBAQCtIR6e75D7qBWGVlIUcnWsCYGVPrIAXvNY
FI7VfeqiB6hxVK27RPIV+sfqSiNbIqMGeDLVuZ8LeTSG4B44u45PXN7dHqT4p98m
ehkiwQkM4TpygTesGAfkhH2/51BIJKbpvIHpVjWVms7hM9pfeeCCC/TrC10qgavN
3wXmXBTT3rSY2GrmVl81NHV38IUadHsQuEh8cVBG3HcHw04wXtvQs6adoDbrqjLT
Jp29Dnin6gpw4EpYcXyLB1NzNMabn6FPEGcIV/bFPOJ4FwiI+uYPv1c2828aTlIG
SaApYlqtq2vje/7X5MfdLghpiYeQmTbdL+YUtBtJQryOuwS5IFRJ
-----END CERTIFICATE-----