Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/666786-561c-4bd0-a7b0-8f7fd3dc15fe/1/5YCiR0QrcWWKsMsGSeLa9ApB1lg.roa
File:                     5YCiR0QrcWWKsMsGSeLa9ApB1lg.roa (raw, json)
Hash identifier:          8CnagmsDT7sVAnt0oL1gz0I3s/rO0bbV7JQNEmjxT0I=
Subject key identifier:   E5:80:A2:47:44:2B:71:65:8A:B0:CB:06:49:E2:DA:F4:0A:41:D6:58
Certificate issuer:       /CN=31aadcca96f44a457392d8907c6b964be0fcf921
Certificate serial:       019B7E3831107FD34C04ABA807F7AD075B24
Authority key identifier: 31:AA:DC:CA:96:F4:4A:45:73:92:D8:90:7C:6B:96:4B:E0:FC:F9:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Marcypb0SkVzktiQfGuWS-D8-SE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/666786-561c-4bd0-a7b0-8f7fd3dc15fe/1/5YCiR0QrcWWKsMsGSeLa9ApB1lg.roa
Signing time:             Fri 02 Jan 2026 10:19:30 +0000
ROA not before:           Fri 02 Jan 2026 10:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47412
IP address blocks:        91.206.44.0/24 maxlen: 24
                          91.206.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/666786-561c-4bd0-a7b0-8f7fd3dc15fe/1/Marcypb0SkVzktiQfGuWS-D8-SE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/666786-561c-4bd0-a7b0-8f7fd3dc15fe/1/Marcypb0SkVzktiQfGuWS-D8-SE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Marcypb0SkVzktiQfGuWS-D8-SE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:31:10:7f:d3:4c:04:ab:a8:07:f7:ad:07:5b:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31aadcca96f44a457392d8907c6b964be0fcf921
        Validity
            Not Before: Jan  2 10:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e580a247442b71658ab0cb0649e2daf40a41d658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:f5:15:fb:3a:7a:a9:d2:7e:f7:77:9c:ef:fe:
                    14:8f:35:80:e3:fe:63:95:57:de:f7:ea:b6:07:2f:
                    d0:df:c6:74:3d:71:1b:e2:1b:32:e8:20:03:85:86:
                    f0:a6:bf:9b:02:58:af:30:e2:7f:db:2b:9e:6f:e1:
                    8c:25:74:56:f4:20:5a:27:e6:ed:78:33:05:11:c9:
                    20:f4:94:7b:78:f3:d6:56:e2:4c:b0:b3:05:02:96:
                    1f:fd:b9:7d:37:a6:a2:27:4a:1d:13:33:33:96:e6:
                    89:99:5f:6a:68:b9:37:4d:66:94:99:0d:c8:14:3e:
                    af:ac:82:73:4b:ca:3c:2a:10:46:9a:9c:cc:46:85:
                    5d:89:76:07:53:5e:ba:35:6c:58:89:cb:6a:dc:b9:
                    3e:65:66:a2:d9:f3:f0:1f:35:ff:e2:83:0d:e6:32:
                    e1:44:e4:0f:25:b2:94:b6:a3:d8:61:76:80:56:c2:
                    6c:74:d6:87:34:58:1c:02:42:e9:0c:e7:8f:92:24:
                    8b:d6:81:f1:c4:67:23:0b:47:ff:c3:44:ec:0f:8d:
                    73:15:31:c4:05:c5:77:3d:af:c6:dc:fa:0c:29:42:
                    7f:64:d6:02:80:7e:b4:99:72:80:0a:1c:cb:08:6e:
                    53:4f:f1:2d:30:48:5e:f8:d9:f9:b6:72:f3:54:d6:
                    3a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:80:A2:47:44:2B:71:65:8A:B0:CB:06:49:E2:DA:F4:0A:41:D6:58
            X509v3 Authority Key Identifier:
                keyid:31:AA:DC:CA:96:F4:4A:45:73:92:D8:90:7C:6B:96:4B:E0:FC:F9:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Marcypb0SkVzktiQfGuWS-D8-SE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/666786-561c-4bd0-a7b0-8f7fd3dc15fe/1/5YCiR0QrcWWKsMsGSeLa9ApB1lg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/666786-561c-4bd0-a7b0-8f7fd3dc15fe/1/Marcypb0SkVzktiQfGuWS-D8-SE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:3a:d8:07:4e:19:c6:31:c4:1b:66:7f:ba:44:7e:f2:d4:51:
         eb:7c:97:1d:4a:92:95:9d:35:5a:2f:c2:c1:92:95:c7:f8:e9:
         b5:f5:82:d2:8f:ae:08:5f:26:09:b3:c3:ea:fe:4d:eb:a3:29:
         4a:6c:91:92:22:9b:9e:e3:cb:65:74:ca:f0:42:10:45:8b:94:
         66:8f:5a:b9:3e:0b:c8:91:1f:69:d3:ae:b4:1d:f8:a7:b2:b8:
         62:cc:1a:55:35:53:9b:74:2b:4a:ea:1b:e3:f4:b2:6f:78:ab:
         72:10:46:82:3b:cb:02:52:9e:8a:16:54:d4:ce:2a:cc:6b:21:
         09:67:29:9b:33:d9:e2:55:31:36:8f:a7:7a:44:46:48:cd:d1:
         94:d2:fe:97:10:a1:ef:40:38:cf:32:16:6c:93:c6:87:bc:19:
         f1:f9:9d:75:d8:89:5c:29:e9:c6:5a:51:2a:ee:ec:6a:73:c2:
         df:d1:81:29:18:b7:09:ab:8b:ee:50:fd:45:45:30:95:3b:55:
         bc:83:c4:36:e3:d3:70:94:1c:a1:31:3d:52:07:46:3c:32:15:
         17:5d:bb:82:b0:b6:1a:57:7c:96:cf:e4:48:b2:ad:a4:99:98:
         65:4c:2a:4d:33:36:ca:6c:16:0f:4c:68:75:7b:e3:d7:7c:57:
         78:b0:26:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+ODEQf9NMBKuoB/etB1skMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYWFkY2NhOTZmNDRhNDU3MzkyZDg5MDdjNmI5NjRiZTBm
Y2Y5MjEwHhcNMjYwMTAyMTAxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTgwYTI0NzQ0MmI3MTY1OGFiMGNiMDY0OWUyZGFmNDBhNDFkNjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/UV+zp6qdJ+93ec7/4UjzWA4/5j
lVfe9+q2By/Q38Z0PXEb4hsy6CADhYbwpr+bAlivMOJ/2yueb+GMJXRW9CBaJ+bt
eDMFEckg9JR7ePPWVuJMsLMFApYf/bl9N6aiJ0odEzMzluaJmV9qaLk3TWaUmQ3I
FD6vrIJzS8o8KhBGmpzMRoVdiXYHU166NWxYictq3Lk+ZWai2fPwHzX/4oMN5jLh
ROQPJbKUtqPYYXaAVsJsdNaHNFgcAkLpDOePkiSL1oHxxGcjC0f/w0TsD41zFTHE
BcV3Pa/G3PoMKUJ/ZNYCgH60mXKAChzLCG5TT/EtMEhe+Nn5tnLzVNY6LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOWAokdEK3FlirDLBkni2vQKQdZYMB8GA1UdIwQY
MBaAFDGq3MqW9EpFc5LYkHxrlkvg/PkhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWFyY3lwYjBTa1Z6a3RpUWZHdVdTLUQ4LVNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni82NjY3ODYtNTYxYy00YmQwLWE3YjAt
OGY3ZmQzZGMxNWZlLzEvNVlDaVIwUXJjV1dLc01zR1NlTGE5QXBCMWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni82NjY3ODYtNTYxYy00YmQwLWE3YjAtOGY3ZmQzZGMxNWZl
LzEvTWFyY3lwYjBTa1Z6a3RpUWZHdVdTLUQ4LVNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW84sMA0G
CSqGSIb3DQEBCwUAA4IBAQB8OtgHThnGMcQbZn+6RH7y1FHrfJcdSpKVnTVaL8LB
kpXH+Om19YLSj64IXyYJs8Pq/k3roylKbJGSIpue48tldMrwQhBFi5Rmj1q5PgvI
kR9p0660HfinsrhizBpVNVObdCtK6hvj9LJveKtyEEaCO8sCUp6KFlTUzirMayEJ
ZymbM9niVTE2j6d6REZIzdGU0v6XEKHvQDjPMhZsk8aHvBnx+Z112IlcKenGWlEq
7uxqc8Lf0YEpGLcJq4vuUP1FRTCVO1W8g8Q249NwlByhMT1SB0Y8MhUXXbuCsLYa
V3yWz+RIsq2kmZhlTCpNMzbKbBYPTGh1e+PXfFd4sCYd
-----END CERTIFICATE-----