Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/371f11-6457-43e0-941f-e7661637eebd/1/bc_rDqdFLWG9EqOE3XpdCbzci7A.roa
File:                     bc_rDqdFLWG9EqOE3XpdCbzci7A.roa (raw, json)
Hash identifier:          QX2e7Tpj37ujdBJf37YYj5ilDYHQsrFIORHYzhmx2Mc=
Subject key identifier:   6D:CF:EB:0E:A7:45:2D:61:BD:12:A3:84:DD:7A:5D:09:BC:DC:8B:B0
Certificate issuer:       /CN=406ef18f58f5ad1804e9b6c5aef6e232ccb8a1e2
Certificate serial:       019D71A87A7FED0FC6890D284FB7FFE7EF7A
Authority key identifier: 40:6E:F1:8F:58:F5:AD:18:04:E9:B6:C5:AE:F6:E2:32:CC:B8:A1:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QG7xj1j1rRgE6bbFrvbiMsy4oeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/371f11-6457-43e0-941f-e7661637eebd/1/bc_rDqdFLWG9EqOE3XpdCbzci7A.roa
Signing time:             Thu 09 Apr 2026 09:52:40 +0000
ROA not before:           Thu 09 Apr 2026 09:52:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     42093
IP address blocks:        91.224.242.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/371f11-6457-43e0-941f-e7661637eebd/1/QG7xj1j1rRgE6bbFrvbiMsy4oeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/371f11-6457-43e0-941f-e7661637eebd/1/QG7xj1j1rRgE6bbFrvbiMsy4oeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QG7xj1j1rRgE6bbFrvbiMsy4oeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:71:a8:7a:7f:ed:0f:c6:89:0d:28:4f:b7:ff:e7:ef:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=406ef18f58f5ad1804e9b6c5aef6e232ccb8a1e2
        Validity
            Not Before: Apr  9 09:52:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6dcfeb0ea7452d61bd12a384dd7a5d09bcdc8bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2d:74:10:94:a1:bb:0e:40:1d:88:cf:0a:d6:
                    d3:6c:e6:f2:a6:ab:a7:97:04:01:1d:22:d7:58:19:
                    2a:e0:ab:3d:49:bb:c5:af:bf:b3:c5:64:cb:00:0d:
                    a5:d9:55:61:81:b8:29:15:55:59:99:6f:4b:7a:ab:
                    78:58:72:50:df:73:a6:2c:b2:52:58:e3:ac:fd:c2:
                    29:54:cb:75:3f:6a:43:45:7e:4a:8e:88:09:ca:d1:
                    4d:5a:e6:24:80:70:f0:2e:f6:d9:2c:00:f4:4b:6f:
                    03:06:0c:09:74:82:46:8d:6b:e0:2a:1a:cf:a5:d0:
                    61:c8:dc:ee:54:28:5b:a4:be:3f:0a:a5:f8:32:54:
                    b2:f0:68:24:ec:b2:71:74:53:f3:f6:b1:a8:1d:fa:
                    fa:9b:c2:1c:76:95:a0:68:9b:f8:b2:41:4d:49:1e:
                    ea:87:d7:d4:95:8d:d5:bf:67:86:d7:7f:ec:7b:bd:
                    d5:75:44:05:e4:8f:65:4d:92:cb:b1:47:fa:c7:39:
                    0f:2a:4c:cb:66:d4:9c:4f:31:d2:a8:78:53:c8:0e:
                    dd:7f:cc:b6:58:50:d6:11:35:4e:33:93:82:79:3e:
                    ec:2b:68:35:d8:67:cf:11:09:22:4d:b7:18:f4:a1:
                    1a:12:5d:30:12:f3:53:fd:ce:9f:1c:25:bd:0b:82:
                    3d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:CF:EB:0E:A7:45:2D:61:BD:12:A3:84:DD:7A:5D:09:BC:DC:8B:B0
            X509v3 Authority Key Identifier:
                keyid:40:6E:F1:8F:58:F5:AD:18:04:E9:B6:C5:AE:F6:E2:32:CC:B8:A1:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QG7xj1j1rRgE6bbFrvbiMsy4oeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/371f11-6457-43e0-941f-e7661637eebd/1/bc_rDqdFLWG9EqOE3XpdCbzci7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/371f11-6457-43e0-941f-e7661637eebd/1/QG7xj1j1rRgE6bbFrvbiMsy4oeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:78:5f:07:1c:b5:71:87:8e:e8:90:16:c5:3a:82:8d:4a:e4:
         ae:d6:16:92:41:28:ae:6b:cc:9d:07:8c:e1:c3:6d:3e:19:73:
         e8:76:75:06:ca:d2:3d:79:45:b3:e5:a9:22:19:8c:84:35:6f:
         ee:e4:77:16:d0:e5:de:83:af:c0:5e:b3:80:17:1e:a2:5f:4f:
         56:9f:47:a4:0c:d4:fb:e4:86:53:c4:17:b8:0d:8c:52:93:24:
         7e:aa:c5:f9:60:bd:05:b7:42:f5:d5:0a:c2:77:c3:6f:68:be:
         6b:52:94:c2:03:b8:b2:cf:c6:f3:a7:dc:87:42:6c:d0:60:38:
         86:6e:71:1f:9e:61:14:13:1e:b8:23:03:7c:19:1d:e2:66:c8:
         2f:c0:ce:b5:ba:9a:d0:79:5b:d7:71:95:0d:07:ad:2a:e5:df:
         a0:08:05:60:0a:ef:ab:7d:aa:26:4d:e2:06:e6:16:14:06:c6:
         03:77:c3:db:1d:ea:77:2f:c3:cc:3e:ad:f5:37:ca:db:f3:da:
         7a:ca:ae:75:67:28:ee:88:98:8c:b0:f8:7d:6d:92:4a:54:af:
         df:1b:93:dc:8e:74:c1:15:0f:63:c5:b0:01:63:ef:26:78:7e:
         9f:ed:26:e7:ab:69:98:ca:77:b7:00:f6:70:dc:29:0b:25:84:
         63:92:a6:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1xqHp/7Q/GiQ0oT7f/5+96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwNmVmMThmNThmNWFkMTgwNGU5YjZjNWFlZjZlMjMyY2Ni
OGExZTIwHhcNMjYwNDA5MDk1MjQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGNmZWIwZWE3NDUyZDYxYmQxMmEzODRkZDdhNWQwOWJjZGM4YmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3y10EJShuw5AHYjPCtbTbObypqun
lwQBHSLXWBkq4Ks9SbvFr7+zxWTLAA2l2VVhgbgpFVVZmW9Leqt4WHJQ33OmLLJS
WOOs/cIpVMt1P2pDRX5KjogJytFNWuYkgHDwLvbZLAD0S28DBgwJdIJGjWvgKhrP
pdBhyNzuVChbpL4/CqX4MlSy8Ggk7LJxdFPz9rGoHfr6m8IcdpWgaJv4skFNSR7q
h9fUlY3Vv2eG13/se73VdUQF5I9lTZLLsUf6xzkPKkzLZtScTzHSqHhTyA7df8y2
WFDWETVOM5OCeT7sK2g12GfPEQkiTbcY9KEaEl0wEvNT/c6fHCW9C4I9swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3P6w6nRS1hvRKjhN16XQm83IuwMB8GA1UdIwQY
MBaAFEBu8Y9Y9a0YBOm2xa724jLMuKHiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUUc3eGoxajFyUmdFNmJiRnJ2YmlNc3k0b2VJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8zNzFmMTEtNjQ1Ny00M2UwLTk0MWYt
ZTc2NjE2MzdlZWJkLzEvYmNfckRxZEZMV0c5RXFPRTNYcGRDYnpjaTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8zNzFmMTEtNjQ1Ny00M2UwLTk0MWYtZTc2NjE2MzdlZWJk
LzEvUUc3eGoxajFyUmdFNmJiRnJ2YmlNc3k0b2VJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+DyMA0G
CSqGSIb3DQEBCwUAA4IBAQAxeF8HHLVxh47okBbFOoKNSuSu1haSQSiua8ydB4zh
w20+GXPodnUGytI9eUWz5akiGYyENW/u5HcW0OXeg6/AXrOAFx6iX09Wn0ekDNT7
5IZTxBe4DYxSkyR+qsX5YL0Ft0L11QrCd8NvaL5rUpTCA7iyz8bzp9yHQmzQYDiG
bnEfnmEUEx64IwN8GR3iZsgvwM61uprQeVvXcZUNB60q5d+gCAVgCu+rfaomTeIG
5hYUBsYDd8PbHep3L8PMPq31N8rb89p6yq51ZyjuiJiMsPh9bZJKVK/fG5PcjnTB
FQ9jxbABY+8meH6f7Sbnq2mYyne3APZw3CkLJYRjkqZu
-----END CERTIFICATE-----