Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/aXGiuZ_75r5NspcOQ9SJgjFToQE.roa
File:                     aXGiuZ_75r5NspcOQ9SJgjFToQE.roa (raw, json)
Hash identifier:          +lk9kctOb7PG2dQUFKzMZZ7zZNlKmz3XOb3r08uWRj4=
Subject key identifier:   69:71:A2:B9:9F:FB:E6:BE:4D:B2:97:0E:43:D4:89:82:31:53:A1:01
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       019D97336393AB137CBAD730DAA96F08224B
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/aXGiuZ_75r5NspcOQ9SJgjFToQE.roa
Signing time:             Thu 16 Apr 2026 16:50:20 +0000
ROA not before:           Thu 16 Apr 2026 16:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     269800
IP address blocks:        91.197.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 21:23:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:97:33:63:93:ab:13:7c:ba:d7:30:da:a9:6f:08:22:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Apr 16 16:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6971a2b99ffbe6be4db2970e43d489823153a101
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:f6:13:8f:0b:bd:17:4c:87:9f:91:09:89:d7:
                    48:09:13:74:6a:33:32:61:e0:31:50:a9:bc:2d:da:
                    16:b4:61:2d:7a:53:61:8f:78:04:b3:60:81:e0:8a:
                    ef:d4:f9:d4:a4:90:31:b5:73:67:a4:10:78:cd:69:
                    b4:61:14:61:89:92:67:0d:75:5a:e8:48:da:64:68:
                    e5:ef:81:62:09:0c:34:2c:73:1c:40:32:f4:01:96:
                    46:0b:4b:ab:5e:86:00:16:5e:39:7a:39:78:e8:5d:
                    22:26:9d:0a:ef:9a:91:77:ff:68:86:8b:8e:33:de:
                    34:12:cf:cc:e1:30:97:31:47:7f:5d:97:20:ee:f2:
                    31:e8:ed:85:fc:ac:5d:1b:4e:c2:c2:c0:73:6b:7f:
                    8c:d4:89:20:3b:4c:95:c3:dd:e6:bc:58:f4:4f:86:
                    29:c2:d6:4d:c4:71:60:40:4b:5c:cb:63:b3:1e:ef:
                    eb:ec:26:7b:17:0c:38:77:ed:be:2d:ee:4d:bb:9c:
                    5a:04:67:59:4e:f6:7d:2b:68:d1:2f:91:f1:a6:9e:
                    96:e3:a2:29:57:97:53:6c:3a:73:4e:2b:e7:32:c1:
                    1c:01:77:fc:76:e2:cb:ab:3f:47:46:b6:ec:53:ac:
                    42:b3:77:ea:bd:42:a4:71:5b:01:4b:38:af:4a:ad:
                    dd:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:71:A2:B9:9F:FB:E6:BE:4D:B2:97:0E:43:D4:89:82:31:53:A1:01
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/aXGiuZ_75r5NspcOQ9SJgjFToQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.197.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:eb:02:28:dd:db:e6:26:75:59:e7:ff:c3:10:2d:61:4e:b5:
         d4:4f:47:23:b9:19:ee:a0:ac:b2:4f:cf:39:6c:06:99:48:8f:
         c8:69:18:e0:7d:a7:90:59:d0:4e:11:41:52:47:f8:2e:6e:9f:
         b6:03:db:f5:95:2b:fa:b4:81:b5:0f:20:5b:62:bb:15:82:a8:
         6e:6a:4f:48:9a:16:af:79:ec:ac:03:59:8e:38:30:ec:d7:fa:
         86:b1:b1:81:c9:9a:ba:01:fb:5d:b1:2a:bb:7f:af:3e:39:16:
         34:7c:18:00:90:b2:16:e1:61:94:dd:a9:13:bc:d4:42:45:84:
         59:31:61:0b:39:fa:db:eb:30:f7:ff:f4:31:31:18:4e:4b:15:
         8c:d2:0c:01:bc:f5:9e:47:7d:90:b6:22:cd:f3:e0:33:73:89:
         94:6f:ad:30:80:f4:26:eb:cd:33:fe:4f:25:69:e1:3d:16:ed:
         fb:1c:73:ca:e5:00:73:33:7e:74:a3:6e:65:50:3b:d2:22:5c:
         8a:d5:87:28:bd:27:1c:02:c5:42:3d:bc:5e:7c:7a:dd:1d:14:
         9c:40:58:86:11:9c:46:34:32:1d:e7:05:31:8c:8c:c6:48:48:
         ea:8b:a8:91:0a:89:b5:39:b6:a2:83:a4:c8:d6:7f:38:cd:86:
         13:73:62:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2XM2OTqxN8utcw2qlvCCJLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjYwNDE2MTY1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTcxYTJiOTlmZmJlNmJlNGRiMjk3MGU0M2Q0ODk4MjMxNTNhMTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvYTjwu9F0yHn5EJiddICRN0ajMy
YeAxUKm8LdoWtGEtelNhj3gEs2CB4Irv1PnUpJAxtXNnpBB4zWm0YRRhiZJnDXVa
6EjaZGjl74FiCQw0LHMcQDL0AZZGC0urXoYAFl45ejl46F0iJp0K75qRd/9ohouO
M940Es/M4TCXMUd/XZcg7vIx6O2F/KxdG07CwsBza3+M1IkgO0yVw93mvFj0T4Yp
wtZNxHFgQEtcy2OzHu/r7CZ7Fww4d+2+Le5Nu5xaBGdZTvZ9K2jRL5Hxpp6W46Ip
V5dTbDpzTivnMsEcAXf8duLLqz9HRrbsU6xCs3fqvUKkcVsBSzivSq3dLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlxormf++a+TbKXDkPUiYIxU6EBMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvYVhHaXVaXzc1cjVOc3BjT1E5U0pnakZUb1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8VHMA0G
CSqGSIb3DQEBCwUAA4IBAQAy6wIo3dvmJnVZ5//DEC1hTrXUT0cjuRnuoKyyT885
bAaZSI/IaRjgfaeQWdBOEUFSR/gubp+2A9v1lSv6tIG1DyBbYrsVgqhuak9Imhav
eeysA1mOODDs1/qGsbGByZq6AftdsSq7f68+ORY0fBgAkLIW4WGU3akTvNRCRYRZ
MWELOfrb6zD3//QxMRhOSxWM0gwBvPWeR32QtiLN8+Azc4mUb60wgPQm680z/k8l
aeE9Fu37HHPK5QBzM350o25lUDvSIlyK1YcovSccAsVCPbxefHrdHRScQFiGEZxG
NDId5wUxjIzGSEjqi6iRCom1Obaig6TI1n84zYYTc2KZ
-----END CERTIFICATE-----