Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/Dr5c5V_19lrm7SKQrtn72nGmcP0.roa
File:                     Dr5c5V_19lrm7SKQrtn72nGmcP0.roa (raw, json)
Hash identifier:          QTDoZeUgsp3dtDCnB5gHGFH9dGQnjXZJhNe4d0fyUzI=
Subject key identifier:   0E:BE:5C:E5:5F:F5:F6:5A:E6:ED:22:90:AE:D9:FB:DA:71:A6:70:FD
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019D62CD29F9F6AD9EE3BCFD6F692B0BDB7C
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/Dr5c5V_19lrm7SKQrtn72nGmcP0.roa
Signing time:             Mon 06 Apr 2026 12:38:25 +0000
ROA not before:           Mon 06 Apr 2026 12:38:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        91.229.104.0/24 maxlen: 24
                          91.229.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 18:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:62:cd:29:f9:f6:ad:9e:e3:bc:fd:6f:69:2b:0b:db:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Apr  6 12:38:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ebe5ce55ff5f65ae6ed2290aed9fbda71a670fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:1c:7d:45:4f:47:b7:ef:97:b3:57:af:b5:8c:
                    b1:33:9e:1c:10:6f:75:00:69:0a:53:e9:55:db:f7:
                    bd:ac:7d:56:85:af:b0:2c:e4:90:fc:9f:b3:9d:e7:
                    2b:5a:59:e9:c2:6f:f9:5a:23:fc:48:c8:42:fa:14:
                    52:87:f3:a9:55:24:ad:01:da:2b:4d:9c:85:e6:cc:
                    3b:95:90:5a:29:89:9a:07:bc:16:1a:a2:cc:16:af:
                    82:cd:23:9b:ec:76:d5:40:2a:c7:c5:c1:f7:1e:a5:
                    b4:82:f1:aa:cd:00:d1:fe:56:69:90:66:c9:db:f9:
                    0c:a9:ed:16:a2:6f:4a:81:73:7d:dc:92:16:ef:29:
                    67:67:cd:55:9c:e6:32:06:3c:95:4e:8d:86:65:0f:
                    61:62:54:8d:79:ac:f2:42:7e:04:d9:26:52:cd:ee:
                    36:48:d9:ed:bf:a8:a7:75:5d:d0:4d:d7:e9:f5:08:
                    12:f9:0d:15:86:4f:56:8b:ce:ad:bb:2b:3e:87:93:
                    77:02:bd:e9:9e:7f:e6:69:3e:e0:76:d6:43:2d:72:
                    ce:20:e4:1f:ce:25:c3:00:b0:f6:46:ee:e7:f3:b3:
                    65:78:b5:1b:87:23:8e:78:93:f0:ae:ac:95:1f:45:
                    43:89:56:c6:cd:8d:32:d1:f9:7a:da:c8:c2:cd:b7:
                    54:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:BE:5C:E5:5F:F5:F6:5A:E6:ED:22:90:AE:D9:FB:DA:71:A6:70:FD
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/Dr5c5V_19lrm7SKQrtn72nGmcP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.229.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:46:0e:65:33:c1:a2:b5:3b:41:56:ed:7b:06:96:ba:21:10:
         fe:f3:0d:c6:83:1c:cc:21:2b:35:e9:ff:f6:46:9e:c4:52:23:
         90:01:e3:dc:85:6c:ff:55:88:9e:05:ac:7c:71:ea:84:77:35:
         65:88:32:05:a5:7c:49:6f:f0:78:ae:99:ce:e1:99:be:c4:f7:
         3a:12:4a:93:a7:fe:81:60:49:2f:b4:50:1f:1f:de:59:40:10:
         33:69:af:8b:8b:12:0f:31:21:07:67:61:33:c6:a0:ee:8e:c9:
         84:a3:e3:12:95:4b:2d:26:fc:31:a8:72:19:21:84:21:90:36:
         f4:d7:3e:3c:ae:62:4e:50:93:2b:f8:4c:ae:98:a8:d1:f3:3b:
         0f:d4:aa:16:05:fd:c2:21:c5:9e:7a:7f:8d:b2:78:9b:3a:74:
         e3:a3:3e:14:9d:81:a2:64:f7:f7:23:aa:3f:6f:ef:51:d9:79:
         93:6b:cf:af:f7:b3:5e:4e:d2:ad:a2:3d:90:ea:a1:92:7e:02:
         14:6f:a3:24:88:1f:83:7f:28:99:ff:47:bb:97:5e:dd:dd:3c:
         4d:fa:5a:eb:9f:51:c3:27:87:be:a5:97:25:25:f7:05:64:04:
         10:87:d8:91:ce:fe:69:22:ae:bd:4e:ed:69:52:e7:39:e2:34:
         00:1d:47:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1izSn59q2e47z9b2krC9t8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwNDA2MTIzODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWJlNWNlNTVmZjVmNjVhZTZlZDIyOTBhZWQ5ZmJkYTcxYTY3MGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBx9RU9Ht++Xs1evtYyxM54cEG91
AGkKU+lV2/e9rH1Wha+wLOSQ/J+znecrWlnpwm/5WiP8SMhC+hRSh/OpVSStAdor
TZyF5sw7lZBaKYmaB7wWGqLMFq+CzSOb7HbVQCrHxcH3HqW0gvGqzQDR/lZpkGbJ
2/kMqe0Wom9KgXN93JIW7ylnZ81VnOYyBjyVTo2GZQ9hYlSNeazyQn4E2SZSze42
SNntv6indV3QTdfp9QgS+Q0Vhk9Wi86tuys+h5N3Ar3pnn/maT7gdtZDLXLOIOQf
ziXDALD2Ru7n87NleLUbhyOOeJPwrqyVH0VDiVbGzY0y0fl62sjCzbdUYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA6+XOVf9fZa5u0ikK7Z+9pxpnD9MB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvRHI1YzVWXzE5bHJtN1NLUXJ0bjcybkdtY1AwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+VoMA0G
CSqGSIb3DQEBCwUAA4IBAQCDRg5lM8GitTtBVu17Bpa6IRD+8w3GgxzMISs16f/2
Rp7EUiOQAePchWz/VYieBax8ceqEdzVliDIFpXxJb/B4rpnO4Zm+xPc6EkqTp/6B
YEkvtFAfH95ZQBAzaa+LixIPMSEHZ2EzxqDujsmEo+MSlUstJvwxqHIZIYQhkDb0
1z48rmJOUJMr+EyumKjR8zsP1KoWBf3CIcWeen+NsnibOnTjoz4UnYGiZPf3I6o/
b+9R2XmTa8+v97NeTtKtoj2Q6qGSfgIUb6MkiB+DfyiZ/0e7l17d3TxN+lrrn1HD
J4e+pZclJfcFZAQQh9iRzv5pIq69Tu1pUuc54jQAHUcM
-----END CERTIFICATE-----