Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/Ah16mLLdh0qTIWTu4DElnGt6Rf0.roa
File:                     Ah16mLLdh0qTIWTu4DElnGt6Rf0.roa (raw, json)
Hash identifier:          +2AS4JmYTZXXzzonBU9RhWYzUC8DPPlap0ns3j4LJZ8=
Subject key identifier:   02:1D:7A:98:B2:DD:87:4A:93:21:64:EE:E0:31:25:9C:6B:7A:45:FD
Certificate issuer:       /CN=0759f6ac173f75ed9e585ec7d872a5865cef2835
Certificate serial:       019C278BAA2EE6A2F21ED7826FBE53F01FDB
Authority key identifier: 07:59:F6:AC:17:3F:75:ED:9E:58:5E:C7:D8:72:A5:86:5C:EF:28:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B1n2rBc_de2eWF7H2HKlhlzvKDU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/Ah16mLLdh0qTIWTu4DElnGt6Rf0.roa
Signing time:             Wed 04 Feb 2026 07:26:30 +0000
ROA not before:           Wed 04 Feb 2026 07:26:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198692
IP address blocks:        91.238.154.0/23 maxlen: 23
                          91.238.155.0/24 maxlen: 24
                          2001:67c:281c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/B1n2rBc_de2eWF7H2HKlhlzvKDU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/B1n2rBc_de2eWF7H2HKlhlzvKDU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B1n2rBc_de2eWF7H2HKlhlzvKDU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:27:8b:aa:2e:e6:a2:f2:1e:d7:82:6f:be:53:f0:1f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0759f6ac173f75ed9e585ec7d872a5865cef2835
        Validity
            Not Before: Feb  4 07:26:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=021d7a98b2dd874a932164eee031259c6b7a45fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:c0:77:c1:bf:6d:1d:69:c3:c8:43:e3:43:c9:
                    eb:51:bb:d0:52:df:43:0c:f8:15:a4:89:05:f7:d1:
                    55:c4:d6:41:44:e8:10:47:7c:ac:b8:d5:2b:cb:c8:
                    c4:aa:ba:5f:af:1e:59:de:0e:80:6f:01:88:b2:0a:
                    a6:9d:c9:e5:f9:4b:36:55:27:2b:a6:38:1d:3c:4d:
                    8b:47:f1:3d:29:10:1c:b9:93:4c:55:4d:d1:42:a2:
                    96:e6:a2:b6:c1:8a:6e:7a:4a:64:8a:52:bb:12:0c:
                    98:37:28:22:35:0a:8a:00:08:7b:43:bc:27:a3:6a:
                    59:95:5d:bf:e1:e2:6c:62:01:e3:c9:5d:00:4c:41:
                    bc:7a:9c:ff:3c:bc:72:b8:c6:f7:64:60:9b:bd:ca:
                    f2:ef:78:85:f4:b8:37:78:04:16:30:92:c9:4e:fa:
                    f3:5d:f8:c8:ee:45:1f:1c:5c:bf:ab:ab:c7:a7:eb:
                    b1:47:30:8d:fe:f1:e0:cd:3a:a4:b5:b6:9f:ef:7f:
                    c8:d1:77:fa:6b:72:39:1e:85:06:a5:96:4f:b9:ca:
                    0a:6c:84:7e:55:08:77:60:2c:34:d4:9d:a7:33:40:
                    59:34:bc:7b:3b:a2:74:5f:8c:d7:cb:58:bb:a0:ca:
                    bf:e8:7a:eb:0c:df:66:d6:c1:69:fd:01:36:a9:de:
                    14:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:1D:7A:98:B2:DD:87:4A:93:21:64:EE:E0:31:25:9C:6B:7A:45:FD
            X509v3 Authority Key Identifier:
                keyid:07:59:F6:AC:17:3F:75:ED:9E:58:5E:C7:D8:72:A5:86:5C:EF:28:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B1n2rBc_de2eWF7H2HKlhlzvKDU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/Ah16mLLdh0qTIWTu4DElnGt6Rf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/d2cd1c-04b5-44d0-81d5-7be3bda05927/1/B1n2rBc_de2eWF7H2HKlhlzvKDU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.238.154.0/23
                IPv6:
                  2001:67c:281c::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:fa:20:09:71:e4:81:91:92:f8:d6:84:8a:18:38:7a:44:47:
         bd:b5:f1:e3:73:ff:43:e9:e3:f0:0c:64:af:c9:51:cd:3e:5b:
         41:14:e0:d6:07:70:aa:25:e4:13:27:c8:73:d3:aa:c8:ca:14:
         6a:9c:2d:72:ab:79:b4:a8:92:00:d1:42:69:ca:5d:32:83:ac:
         9f:a3:27:d9:e4:c9:26:e7:23:d2:57:c2:88:71:bd:b0:9f:3f:
         0a:4e:b7:c3:64:34:87:0e:18:19:f4:a1:cb:ff:29:fe:f1:5c:
         0f:97:93:58:94:1b:17:74:4c:5f:c4:cf:dd:1f:df:06:df:65:
         45:7c:01:82:9a:d3:f8:8c:9b:2c:51:cb:f1:01:89:fe:25:6e:
         e2:cf:66:f1:82:d8:f4:c6:2a:bd:82:a3:0e:7c:67:90:4f:39:
         92:a9:7a:5a:30:5a:05:fa:db:e5:a6:bb:25:90:d7:b1:8c:c1:
         f7:b4:b7:99:07:56:a3:54:15:9c:22:c4:ac:f0:83:ee:51:b2:
         5d:90:88:e9:80:58:2a:0d:b2:1f:08:64:7e:97:a7:5a:a8:df:
         eb:2f:81:a7:47:7a:b0:a1:32:cc:72:fe:40:33:01:43:bb:58:
         ab:59:10:9a:78:5d:57:97:0d:f5:39:3e:4b:cd:96:b8:96:ef:
         1f:ac:ac:d9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZwni6ou5qLyHteCb75T8B/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3NTlmNmFjMTczZjc1ZWQ5ZTU4NWVjN2Q4NzJhNTg2NWNl
ZjI4MzUwHhcNMjYwMjA0MDcyNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjFkN2E5OGIyZGQ4NzRhOTMyMTY0ZWVlMDMxMjU5YzZiN2E0NWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1cB3wb9tHWnDyEPjQ8nrUbvQUt9D
DPgVpIkF99FVxNZBROgQR3ysuNUry8jEqrpfrx5Z3g6AbwGIsgqmncnl+Us2VScr
pjgdPE2LR/E9KRAcuZNMVU3RQqKW5qK2wYpuekpkilK7EgyYNygiNQqKAAh7Q7wn
o2pZlV2/4eJsYgHjyV0ATEG8epz/PLxyuMb3ZGCbvcry73iF9Lg3eAQWMJLJTvrz
XfjI7kUfHFy/q6vHp+uxRzCN/vHgzTqktbaf73/I0Xf6a3I5HoUGpZZPucoKbIR+
VQh3YCw01J2nM0BZNLx7O6J0X4zXy1i7oMq/6HrrDN9m1sFp/QE2qd4U+wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFAIdepiy3YdKkyFk7uAxJZxrekX9MB8GA1UdIwQY
MBaAFAdZ9qwXP3Xtnlhex9hypYZc7yg1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjFuMnJCY19kZTJlV0Y3SDJIS2xobHp2S0RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9kMmNkMWMtMDRiNS00NGQwLTgxZDUt
N2JlM2JkYTA1OTI3LzEvQWgxNm1MTGRoMHFUSVdUdTRERWxuR3Q2UmYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9kMmNkMWMtMDRiNS00NGQwLTgxZDUtN2JlM2JkYTA1OTI3
LzEvQjFuMnJCY19kZTJlV0Y3SDJIS2xobHp2S0RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW+6aMA8E
AgACMAkDBwAgAQZ8KBwwDQYJKoZIhvcNAQELBQADggEBADn6IAlx5IGRkvjWhIoY
OHpER7218eNz/0Pp4/AMZK/JUc0+W0EU4NYHcKol5BMnyHPTqsjKFGqcLXKrebSo
kgDRQmnKXTKDrJ+jJ9nkySbnI9JXwohxvbCfPwpOt8NkNIcOGBn0ocv/Kf7xXA+X
k1iUGxd0TF/Ez90f3wbfZUV8AYKa0/iMmyxRy/EBif4lbuLPZvGC2PTGKr2Cow58
Z5BPOZKpelowWgX62+WmuyWQ17GMwfe0t5kHVqNUFZwixKzwg+5Rsl2QiOmAWCoN
sh8IZH6Xp1qo3+svgadHerChMsxy/kAzAUO7WKtZEJp4XVeXDfU5PkvNlriW7x+s
rNk=
-----END CERTIFICATE-----