Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/jB4bYdWFXZMhIAjQMhMfN8vZ55w.roa
File:                     jB4bYdWFXZMhIAjQMhMfN8vZ55w.roa (raw, json)
Hash identifier:          EkZSSIno7HUUjqBtEwf8U/N90NHBkP5MsOxUQJnJNBo=
Subject key identifier:   8C:1E:1B:61:D5:85:5D:93:21:20:08:D0:32:13:1F:37:CB:D9:E7:9C
Certificate issuer:       /CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
Certificate serial:       019C84C3BFD848F1136F0336D0100DDCB7A0
Authority key identifier: 8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/jB4bYdWFXZMhIAjQMhMfN8vZ55w.roa
Signing time:             Sun 22 Feb 2026 09:52:27 +0000
ROA not before:           Sun 22 Feb 2026 09:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51431
IP address blocks:        91.234.52.0/24 maxlen: 24
                          91.246.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:84:c3:bf:d8:48:f1:13:6f:03:36:d0:10:0d:dc:b7:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b47aa09f2c610f6f44b4e75c1cd9dcd3884e55d
        Validity
            Not Before: Feb 22 09:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8c1e1b61d5855d93212008d032131f37cbd9e79c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d5:51:27:21:18:de:53:87:e2:f8:2a:35:75:
                    3d:e3:ee:aa:46:17:0d:8c:e0:5f:af:34:08:02:84:
                    04:1e:7e:f4:d8:d3:c8:be:56:60:c6:00:da:23:69:
                    48:5b:d2:63:ce:34:af:4e:77:dc:41:8a:e5:d7:d1:
                    c5:ed:0e:68:fd:ce:c9:b6:94:ab:8a:a6:32:e2:01:
                    f3:a6:fc:60:00:ee:7f:12:38:2d:06:5e:61:72:f5:
                    26:c5:fd:3f:cf:84:8d:33:0a:bb:68:44:1e:9e:b3:
                    ae:87:1d:16:67:a7:8d:78:63:b9:54:47:f8:b4:0f:
                    94:46:af:9e:b3:09:4f:26:ee:75:05:0a:af:21:30:
                    95:01:98:5a:93:95:e8:fc:41:9a:58:30:75:6e:1a:
                    e3:ee:7f:6e:5a:ed:ec:96:32:3b:71:fb:3c:a6:fe:
                    4b:9d:8f:b4:7e:a6:46:d0:bb:0f:2f:83:59:4a:7f:
                    6b:cd:3d:ab:ae:d6:9f:29:51:74:5e:89:43:b6:32:
                    46:94:a2:2a:5a:a2:2f:d9:ce:35:12:34:5b:ae:c4:
                    bd:72:7e:a6:95:6f:c5:35:91:7a:e2:72:f0:3a:25:
                    87:bf:5d:0c:66:37:f4:35:25:76:e4:fd:64:48:4d:
                    d1:51:9a:b5:c9:74:4a:40:f5:06:ea:d6:a0:51:55:
                    00:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:1E:1B:61:D5:85:5D:93:21:20:08:D0:32:13:1F:37:CB:D9:E7:9C
            X509v3 Authority Key Identifier:
                keyid:8B:47:AA:09:F2:C6:10:F6:F4:4B:4E:75:C1:CD:9D:CD:38:84:E5:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i0eqCfLGEPb0S051wc2dzTiE5V0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/jB4bYdWFXZMhIAjQMhMfN8vZ55w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/f560e1-7840-4951-ab78-5001539d7185/1/i0eqCfLGEPb0S051wc2dzTiE5V0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.52.0/24
                  91.246.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:d7:31:01:b3:2a:89:7e:f2:89:47:66:6b:24:a6:2a:8c:44:
         f5:95:73:bc:9d:af:86:da:48:dd:0c:fd:ec:f2:98:e4:e5:d3:
         b9:b1:8a:bd:eb:4d:3f:f5:64:ca:7d:9d:a8:b9:84:c5:62:b3:
         cb:f1:10:df:2e:38:d7:1b:89:03:aa:f6:de:67:8d:53:35:4b:
         cd:63:3a:2d:0c:bd:e2:df:f0:fa:3e:e7:b7:a5:3e:95:fa:85:
         10:70:65:6f:8c:a5:8f:0e:cc:13:86:7a:de:5c:e1:c0:36:c5:
         71:57:fa:84:89:29:e9:96:38:e2:8e:70:d0:64:1a:be:62:4f:
         b8:20:59:39:2f:88:1d:4f:f1:cb:54:b3:38:3f:47:2f:af:4c:
         11:ab:14:9a:c1:a3:89:8b:88:48:d0:4d:3c:ba:3d:56:eb:37:
         ed:5c:09:54:80:cb:e7:c0:20:67:36:10:ef:1e:47:6f:2c:48:
         7c:9d:14:c2:17:32:29:eb:8c:1a:6a:1f:7a:33:01:c6:4a:ca:
         86:bc:75:a8:1a:f1:fa:da:00:25:f4:b7:74:09:39:08:38:06:
         fe:78:4e:a7:53:8a:70:0d:0c:f2:ba:6e:fd:79:cb:cb:56:74:
         07:cb:71:07:2f:dd:35:f9:59:ea:ed:63:2f:59:77:d9:09:66:
         92:8f:f1:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZyEw7/YSPETbwM20BAN3LegMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiNDdhYTA5ZjJjNjEwZjZmNDRiNGU3NWMxY2Q5ZGNkMzg4
NGU1NWQwHhcNMjYwMjIyMDk1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzFlMWI2MWQ1ODU1ZDkzMjEyMDA4ZDAzMjEzMWYzN2NiZDllNzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtVRJyEY3lOH4vgqNXU94+6qRhcN
jOBfrzQIAoQEHn702NPIvlZgxgDaI2lIW9JjzjSvTnfcQYrl19HF7Q5o/c7JtpSr
iqYy4gHzpvxgAO5/EjgtBl5hcvUmxf0/z4SNMwq7aEQenrOuhx0WZ6eNeGO5VEf4
tA+URq+eswlPJu51BQqvITCVAZhak5Xo/EGaWDB1bhrj7n9uWu3sljI7cfs8pv5L
nY+0fqZG0LsPL4NZSn9rzT2rrtafKVF0XolDtjJGlKIqWqIv2c41EjRbrsS9cn6m
lW/FNZF64nLwOiWHv10MZjf0NSV25P1kSE3RUZq1yXRKQPUG6tagUVUA8wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIweG2HVhV2TISAI0DITHzfL2eecMB8GA1UdIwQY
MBaAFItHqgnyxhD29EtOdcHNnc04hOVdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgt
NTAwMTUzOWQ3MTg1LzEvakI0YllkV0ZYWk1oSUFqUU1oTWZOOHZaNTV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9mNTYwZTEtNzg0MC00OTUxLWFiNzgtNTAwMTUzOWQ3MTg1
LzEvaTBlcUNmTEdFUGIwUzA1MXdjMmR6VGlFNVYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+o0AwQA
W/YfMA0GCSqGSIb3DQEBCwUAA4IBAQAi1zEBsyqJfvKJR2ZrJKYqjET1lXO8na+G
2kjdDP3s8pjk5dO5sYq9600/9WTKfZ2ouYTFYrPL8RDfLjjXG4kDqvbeZ41TNUvN
YzotDL3i3/D6Pue3pT6V+oUQcGVvjKWPDswThnreXOHANsVxV/qEiSnpljjijnDQ
ZBq+Yk+4IFk5L4gdT/HLVLM4P0cvr0wRqxSawaOJi4hI0E08uj1W6zftXAlUgMvn
wCBnNhDvHkdvLEh8nRTCFzIp64waah96MwHGSsqGvHWoGvH62gAl9Ld0CTkIOAb+
eE6nU4pwDQzyum79ecvLVnQHy3EHL901+Vnq7WMvWXfZCWaSj/Gd
-----END CERTIFICATE-----