Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/oRIsfmte-X2jgFEWjQtLvblexNM.roa
File:                     oRIsfmte-X2jgFEWjQtLvblexNM.roa (raw, json)
Hash identifier:          MABvxM4XCQeB057f0MMoN4gprPL+JKjwKeyBUI1E5LE=
Subject key identifier:   A1:12:2C:7E:6B:5E:F9:7D:A3:80:51:16:8D:0B:4B:BD:B9:5E:C4:D3
Certificate issuer:       /CN=f9d7469be0d9c4ba889d3e2026ad8adc42c3cf53
Certificate serial:       019B7E38373C56255573743BA5F4052E2049
Authority key identifier: F9:D7:46:9B:E0:D9:C4:BA:88:9D:3E:20:26:AD:8A:DC:42:C3:CF:53
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-ddGm-DZxLqInT4gJq2K3ELDz1M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/oRIsfmte-X2jgFEWjQtLvblexNM.roa
Signing time:             Fri 02 Jan 2026 10:19:31 +0000
ROA not before:           Fri 02 Jan 2026 10:19:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49049
IP address blocks:        91.212.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/1-ddGm-DZxLqInT4gJq2K3ELDz1M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/1-ddGm-DZxLqInT4gJq2K3ELDz1M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-ddGm-DZxLqInT4gJq2K3ELDz1M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:37:3c:56:25:55:73:74:3b:a5:f4:05:2e:20:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f9d7469be0d9c4ba889d3e2026ad8adc42c3cf53
        Validity
            Not Before: Jan  2 10:19:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1122c7e6b5ef97da38051168d0b4bbdb95ec4d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d9:3f:6f:1c:a0:f6:50:32:de:24:63:b8:cd:
                    e7:91:cc:80:17:ff:41:f3:c0:c0:a4:1c:8b:1f:5a:
                    2b:21:02:61:90:fc:3c:68:38:2e:ed:25:d0:e2:d4:
                    f7:31:40:4a:d0:83:ac:bc:4c:6f:b5:54:f1:2b:d9:
                    95:0b:87:2b:43:01:a1:16:74:c3:45:02:c5:eb:0f:
                    6a:76:07:27:c4:e2:7f:4e:9c:43:f0:15:ed:16:bc:
                    11:84:c4:ba:b7:bc:3f:25:63:6f:e6:70:ce:fa:8d:
                    2f:59:c6:c2:81:43:43:42:80:19:ba:a4:ed:7f:c2:
                    08:81:99:be:86:c7:87:65:b9:94:76:2d:cf:cc:23:
                    2b:02:b9:db:b4:1e:e9:d7:e5:08:e0:10:c7:10:16:
                    63:fd:fd:70:95:1b:e9:95:41:f2:02:c0:c0:74:fa:
                    e7:66:7e:9a:1d:8d:69:fc:5d:b0:be:00:65:9f:44:
                    1f:3d:e8:e8:d1:9e:14:7c:bd:9c:0e:15:85:fe:5f:
                    54:04:2b:b3:a9:34:b1:3b:ce:dd:b4:b0:7e:32:5a:
                    2e:51:74:1b:85:ba:56:04:f9:5f:9f:ab:e7:c4:16:
                    5c:83:65:6c:cd:27:40:a0:2b:b4:d4:aa:ba:bd:dc:
                    4c:c9:e8:a6:ce:9f:3d:d6:e9:54:a8:bc:31:bf:1b:
                    ff:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:12:2C:7E:6B:5E:F9:7D:A3:80:51:16:8D:0B:4B:BD:B9:5E:C4:D3
            X509v3 Authority Key Identifier:
                keyid:F9:D7:46:9B:E0:D9:C4:BA:88:9D:3E:20:26:AD:8A:DC:42:C3:CF:53

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-ddGm-DZxLqInT4gJq2K3ELDz1M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/oRIsfmte-X2jgFEWjQtLvblexNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/995e4f-cd42-4dc9-ae24-0ec12cfce421/1/1-ddGm-DZxLqInT4gJq2K3ELDz1M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:db:c4:39:84:71:ef:c1:60:db:55:e6:3f:1f:6b:67:24:62:
         6a:f5:1b:86:ea:ab:da:31:d3:89:b7:4f:00:c5:1f:58:8f:77:
         03:2b:12:1d:d3:0d:78:5b:35:92:4c:94:dd:01:f6:b5:18:e8:
         82:63:81:e1:73:a3:09:cb:09:ed:a9:b5:ab:f8:ab:45:5f:ea:
         51:61:34:62:cc:58:e8:19:41:a8:91:98:4e:d1:66:9f:7e:7d:
         b2:11:fc:bf:33:d6:ff:55:b5:77:3d:9e:1f:83:eb:d0:0b:dd:
         91:bd:01:e2:75:d4:5d:38:c0:c8:7a:e3:7e:97:bd:60:71:2a:
         ae:82:9d:ea:1e:e3:4f:41:31:e3:85:36:6a:bf:30:b5:ae:4d:
         07:b9:fd:2e:46:33:fb:9d:7d:76:7c:dd:c5:28:f7:c4:d9:98:
         4b:46:7c:8f:60:15:66:cd:70:c9:c2:39:92:e9:07:6a:7e:cf:
         7a:a3:99:6e:f0:45:e7:7b:2d:e4:d9:4b:5e:7f:8c:5e:04:d7:
         a8:8a:60:16:df:60:a4:78:83:50:ea:c2:42:ab:2c:32:ed:40:
         7f:a5:f4:c2:db:0e:90:98:63:3f:34:27:65:e7:cc:5b:46:fa:
         d4:82:bd:f8:f4:c0:6d:1d:36:82:8b:3a:91:e0:64:cc:12:b7:
         b1:94:68:01
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt+ODc8ViVVc3Q7pfQFLiBJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5ZDc0NjliZTBkOWM0YmE4ODlkM2UyMDI2YWQ4YWRjNDJj
M2NmNTMwHhcNMjYwMTAyMTAxOTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTEyMmM3ZTZiNWVmOTdkYTM4MDUxMTY4ZDBiNGJiZGI5NWVjNGQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktk/bxyg9lAy3iRjuM3nkcyAF/9B
88DApByLH1orIQJhkPw8aDgu7SXQ4tT3MUBK0IOsvExvtVTxK9mVC4crQwGhFnTD
RQLF6w9qdgcnxOJ/TpxD8BXtFrwRhMS6t7w/JWNv5nDO+o0vWcbCgUNDQoAZuqTt
f8IIgZm+hseHZbmUdi3PzCMrArnbtB7p1+UI4BDHEBZj/f1wlRvplUHyAsDAdPrn
Zn6aHY1p/F2wvgBln0QfPejo0Z4UfL2cDhWF/l9UBCuzqTSxO87dtLB+MlouUXQb
hbpWBPlfn6vnxBZcg2VszSdAoCu01Kq6vdxMyeimzp891ulUqLwxvxv/swIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKESLH5rXvl9o4BRFo0LS725XsTTMB8GA1UdIwQY
MBaAFPnXRpvg2cS6iJ0+ICatitxCw89TMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1kZEdtLURaeExxSW5UNGdKcTJLM0VMRHoxTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODUvOTk1ZTRmLWNkNDItNGRjOS1hZTI0
LTBlYzEyY2ZjZTQyMS8xL29SSXNmbXRlLVgyamdGRVdqUXRMdmJsZXhOTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODUvOTk1ZTRmLWNkNDItNGRjOS1hZTI0LTBlYzEyY2ZjZTQy
MS8xLzEtZGRHbS1EWnhMcUluVDRnSnEySzNFTER6MU0uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABb1Gkw
DQYJKoZIhvcNAQELBQADggEBAJrbxDmEce/BYNtV5j8fa2ckYmr1G4bqq9ox04m3
TwDFH1iPdwMrEh3TDXhbNZJMlN0B9rUY6IJjgeFzownLCe2ptav4q0Vf6lFhNGLM
WOgZQaiRmE7RZp9+fbIR/L8z1v9VtXc9nh+D69AL3ZG9AeJ11F04wMh6436XvWBx
Kq6Cneoe409BMeOFNmq/MLWuTQe5/S5GM/udfXZ83cUo98TZmEtGfI9gFWbNcMnC
OZLpB2p+z3qjmW7wRed7LeTZS15/jF4E16iKYBbfYKR4g1DqwkKrLDLtQH+l9MLb
DpCYYz80J2XnzFtG+tSCvfj0wG0dNoKLOpHgZMwSt7GUaAE=
-----END CERTIFICATE-----