Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/RxPOdCnW7tymnjueSRcA6hs4elk.roa
File:                     RxPOdCnW7tymnjueSRcA6hs4elk.roa (raw, json)
Hash identifier:          FCPYguPsplTXs5/9P4PJ+u4lYOZKePLa/u9GPsujen4=
Subject key identifier:   47:13:CE:74:29:D6:EE:DC:A6:9E:3B:9E:49:17:00:EA:1B:38:7A:59
Certificate issuer:       /CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
Certificate serial:       019D2E35A70244C6A4839A4ABF15BC1CEAF6
Authority key identifier: 0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/RxPOdCnW7tymnjueSRcA6hs4elk.roa
Signing time:             Fri 27 Mar 2026 07:32:41 +0000
ROA not before:           Fri 27 Mar 2026 07:32:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60713
IP address blocks:        91.236.131.0/24 maxlen: 24
                          212.7.212.0/24 maxlen: 24
                          212.7.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2e:35:a7:02:44:c6:a4:83:9a:4a:bf:15:bc:1c:ea:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a81fe9059f6820bc18ad5802f2f1fca77d254b7
        Validity
            Not Before: Mar 27 07:32:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4713ce7429d6eedca69e3b9e491700ea1b387a59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:3c:db:6a:c1:47:f6:7f:91:ad:c8:65:fa:33:
                    55:2f:d0:26:56:38:e2:a2:a7:81:cd:b4:60:f4:94:
                    f6:3c:9d:4a:f0:ab:09:ef:77:5a:b0:3f:24:dd:85:
                    7f:11:54:b0:f0:b1:97:4f:f9:5d:fd:9f:98:41:3c:
                    4b:09:da:2b:6a:37:01:c7:e4:ae:f5:e2:05:12:fd:
                    7d:f5:33:d1:45:0f:9b:d2:96:db:7c:70:be:72:bd:
                    32:05:5c:ae:9e:8d:78:d6:e5:58:54:8d:7c:03:40:
                    db:cd:14:01:48:23:d1:d9:ff:4a:63:bb:72:56:2d:
                    6c:a0:86:52:89:0c:0e:8c:c5:98:94:5c:44:43:d7:
                    65:4a:00:cb:d2:1b:13:3a:fd:ae:b7:7a:f5:d0:dd:
                    23:01:e6:79:8c:5c:a1:6d:50:9a:b9:0b:36:24:55:
                    3d:28:49:8a:46:3c:cc:26:34:dc:39:0a:72:09:77:
                    e6:40:53:29:e7:5d:2b:c0:a8:ee:ec:86:77:b2:49:
                    43:b1:e1:71:d9:1e:4d:c6:c7:2a:c8:99:45:43:c1:
                    30:13:54:59:dd:9c:a1:d3:75:24:3a:6c:ee:06:d8:
                    81:b9:76:80:69:42:04:79:09:3a:2f:75:70:75:db:
                    97:43:68:c1:13:34:a1:a7:d4:bc:fd:7a:6e:d7:db:
                    f3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:13:CE:74:29:D6:EE:DC:A6:9E:3B:9E:49:17:00:EA:1B:38:7A:59
            X509v3 Authority Key Identifier:
                keyid:0A:81:FE:90:59:F6:82:0B:C1:8A:D5:80:2F:2F:1F:CA:77:D2:54:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoH-kFn2ggvBitWALy8fynfSVLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/RxPOdCnW7tymnjueSRcA6hs4elk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4984df-6db2-4e0a-91f8-bf05acc82bd1/1/CoH-kFn2ggvBitWALy8fynfSVLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.236.131.0/24
                  212.7.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:75:7d:d5:98:bc:e2:37:cf:80:68:07:e1:61:92:d9:36:90:
         5d:a3:2b:4c:8e:b0:ff:c1:fe:e6:e7:37:ee:e9:52:80:99:04:
         ef:fd:1f:f5:5d:b0:0f:f7:e5:5a:05:93:03:76:15:ca:ff:6f:
         d5:d8:a5:e6:60:fe:c2:c1:2b:54:21:7d:bb:69:53:35:97:2f:
         a2:87:be:5e:b2:d3:36:66:d8:10:0d:42:7b:4a:5f:ec:ba:b5:
         9f:4f:5f:3e:1e:fd:83:a9:fd:5c:01:76:b9:64:d3:dc:4f:67:
         d2:bf:e9:03:d5:cd:91:06:83:38:06:dc:64:f2:99:f8:a8:0a:
         0b:39:ee:cf:e2:7c:3e:fe:1c:1f:39:51:b8:3c:e4:73:b3:a6:
         ca:a7:74:fd:1d:55:63:82:8b:af:a8:b5:a8:21:24:d1:f0:cf:
         1e:b5:ce:33:29:14:1c:0f:33:17:90:c6:ec:79:aa:78:1c:d1:
         85:9c:a2:45:b4:29:31:cf:d1:14:23:56:ed:f1:7c:08:c4:5e:
         8f:af:ea:8c:2b:3b:cb:5e:aa:2b:19:6a:14:8b:ca:a9:fc:3b:
         43:7d:2e:80:c2:11:d5:d2:d5:f1:3b:2c:0e:84:35:ff:83:78:
         15:b5:8a:80:75:f4:2b:b2:05:15:82:cb:47:be:ec:11:71:55:
         c9:f2:42:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0uNacCRMakg5pKvxW8HOr2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODFmZTkwNTlmNjgyMGJjMThhZDU4MDJmMmYxZmNhNzdk
MjU0YjcwHhcNMjYwMzI3MDczMjQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzEzY2U3NDI5ZDZlZWRjYTY5ZTNiOWU0OTE3MDBlYTFiMzg3YTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujzbasFH9n+Rrchl+jNVL9AmVjji
oqeBzbRg9JT2PJ1K8KsJ73dasD8k3YV/EVSw8LGXT/ld/Z+YQTxLCdorajcBx+Su
9eIFEv199TPRRQ+b0pbbfHC+cr0yBVyuno141uVYVI18A0DbzRQBSCPR2f9KY7ty
Vi1soIZSiQwOjMWYlFxEQ9dlSgDL0hsTOv2ut3r10N0jAeZ5jFyhbVCauQs2JFU9
KEmKRjzMJjTcOQpyCXfmQFMp510rwKju7IZ3sklDseFx2R5NxscqyJlFQ8EwE1RZ
3Zyh03UkOmzuBtiBuXaAaUIEeQk6L3VwdduXQ2jBEzShp9S8/Xpu19vzewIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEcTznQp1u7cpp47nkkXAOobOHpZMB8GA1UdIwQY
MBaAFAqB/pBZ9oILwYrVgC8vH8p30lS3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgt
YmYwNWFjYzgyYmQxLzEvUnhQT2RDblc3dHltbmp1ZVNSY0E2aHM0ZWxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80OTg0ZGYtNmRiMi00ZTBhLTkxZjgtYmYwNWFjYzgyYmQx
LzEvQ29ILWtGbjJnZ3ZCaXRXQUx5OGZ5bmZTVkxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW+yDAwQB
1AfUMA0GCSqGSIb3DQEBCwUAA4IBAQAWdX3VmLziN8+AaAfhYZLZNpBdoytMjrD/
wf7m5zfu6VKAmQTv/R/1XbAP9+VaBZMDdhXK/2/V2KXmYP7CwStUIX27aVM1ly+i
h75estM2ZtgQDUJ7Sl/surWfT18+Hv2Dqf1cAXa5ZNPcT2fSv+kD1c2RBoM4Btxk
8pn4qAoLOe7P4nw+/hwfOVG4PORzs6bKp3T9HVVjgouvqLWoISTR8M8etc4zKRQc
DzMXkMbseap4HNGFnKJFtCkxz9EUI1bt8XwIxF6Pr+qMKzvLXqorGWoUi8qp/DtD
fS6AwhHV0tXxOywOhDX/g3gVtYqAdfQrsgUVgstHvuwRcVXJ8kK1
-----END CERTIFICATE-----