Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/ydS6eMGV2E_nCAzSb4zL1J2j01U.roa
File:                     ydS6eMGV2E_nCAzSb4zL1J2j01U.roa (raw, json)
Hash identifier:          xl5/X7Y7NgHagIWTgbLsF4i9BhVtT/CXbFeV5zrVX/g=
Subject key identifier:   C9:D4:BA:78:C1:95:D8:4F:E7:08:0C:D2:6F:8C:CB:D4:9D:A3:D3:55
Certificate issuer:       /CN=963a0fc47a7adf62845ad6dcd7fb761a6c19fedb
Certificate serial:       019B7B36CDEE8F264931D9819D841DFA1476
Authority key identifier: 96:3A:0F:C4:7A:7A:DF:62:84:5A:D6:DC:D7:FB:76:1A:6C:19:FE:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ljoPxHp632KEWtbc1_t2GmwZ_ts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/ydS6eMGV2E_nCAzSb4zL1J2j01U.roa
Signing time:             Thu 01 Jan 2026 20:19:07 +0000
ROA not before:           Thu 01 Jan 2026 20:19:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58213
IP address blocks:        91.216.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/ljoPxHp632KEWtbc1_t2GmwZ_ts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/ljoPxHp632KEWtbc1_t2GmwZ_ts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ljoPxHp632KEWtbc1_t2GmwZ_ts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:cd:ee:8f:26:49:31:d9:81:9d:84:1d:fa:14:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=963a0fc47a7adf62845ad6dcd7fb761a6c19fedb
        Validity
            Not Before: Jan  1 20:19:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9d4ba78c195d84fe7080cd26f8ccbd49da3d355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a0:07:e4:fc:a2:36:ff:d8:fb:af:ea:58:a0:
                    80:e3:f3:0e:1f:6d:77:42:81:30:6f:44:f5:52:70:
                    d2:4a:19:03:f9:a7:2e:8d:56:64:f6:15:2b:30:95:
                    ce:dc:17:a9:eb:84:45:0e:a5:01:63:cb:42:16:af:
                    2d:f9:6a:be:f8:e9:af:c6:6d:dc:97:35:87:5c:81:
                    cc:d3:6f:18:b7:8e:d7:9f:29:01:33:35:c0:1f:5d:
                    7a:62:96:1c:8f:b4:e5:0c:72:4e:09:71:bb:ac:63:
                    8c:82:96:74:24:66:8e:b1:31:db:ef:2e:58:62:ea:
                    56:f3:b5:c6:e5:c6:0e:9d:e9:d0:c2:8e:61:b0:06:
                    a6:7a:86:59:bd:c2:ea:e3:fc:b6:b3:75:18:9f:e2:
                    cf:d0:4c:44:41:78:39:38:15:36:7b:cd:4d:2b:76:
                    3b:8d:34:eb:7d:1a:c2:85:1d:c4:df:60:10:f9:72:
                    85:aa:ab:d6:8f:1b:b6:26:bb:b8:3d:de:03:3c:78:
                    2f:6a:6a:f0:43:70:8f:89:ea:90:34:8e:b4:13:71:
                    c9:7b:40:da:c0:e6:2d:6f:11:dd:81:98:c4:47:6e:
                    00:8f:2e:1e:99:b1:b7:66:93:70:3d:84:2b:c9:48:
                    9a:4f:0d:bd:26:19:7f:64:17:c3:15:cb:7d:be:24:
                    6f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:D4:BA:78:C1:95:D8:4F:E7:08:0C:D2:6F:8C:CB:D4:9D:A3:D3:55
            X509v3 Authority Key Identifier:
                keyid:96:3A:0F:C4:7A:7A:DF:62:84:5A:D6:DC:D7:FB:76:1A:6C:19:FE:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ljoPxHp632KEWtbc1_t2GmwZ_ts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/ydS6eMGV2E_nCAzSb4zL1J2j01U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/19c9e1-8543-4f50-acae-e4045d8cfe8f/1/ljoPxHp632KEWtbc1_t2GmwZ_ts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:41:fc:52:f6:6b:fc:c4:99:2e:41:37:52:60:5a:a7:bc:9e:
         6f:bf:a0:e0:4f:13:07:30:77:76:86:0a:3f:dd:2d:cd:3e:c3:
         5b:b8:8d:0f:ba:a9:59:4c:18:a7:70:02:3b:8e:d6:88:10:60:
         d4:32:4d:a1:cd:cf:54:ee:7d:85:77:ce:83:68:51:1d:4a:92:
         6e:a2:ef:e5:ae:74:6a:24:42:46:1b:3f:2d:69:56:1a:69:20:
         47:d8:f8:ab:d5:40:9c:b7:1b:21:23:16:69:7e:38:97:74:60:
         c2:18:70:1c:ec:90:de:31:5f:8f:bf:46:77:38:51:d8:df:28:
         e7:91:9a:8d:d7:ee:ea:ac:c4:01:c9:13:5b:6d:a5:e2:fd:92:
         83:dd:ce:3a:b6:3e:f8:b0:f9:e4:3e:64:e5:75:9f:09:48:c3:
         8c:9e:d0:35:25:34:5f:a7:be:46:5e:a4:a9:fa:7f:6d:a4:c2:
         53:65:5f:b3:7a:a9:9b:04:15:93:2f:5a:5c:40:ad:89:34:2e:
         27:0c:f1:f7:e0:87:a5:b0:3b:87:cf:19:40:b1:da:a0:29:04:
         4c:d3:61:28:7c:7e:c1:04:ae:19:d8:e2:47:82:34:0d:6e:01:
         ca:56:13:c6:84:39:92:33:da:ec:12:0d:07:3b:b6:17:25:df:
         c8:54:8e:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt7Ns3ujyZJMdmBnYQd+hR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2M2EwZmM0N2E3YWRmNjI4NDVhZDZkY2Q3ZmI3NjFhNmMx
OWZlZGIwHhcNMjYwMTAxMjAxOTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWQ0YmE3OGMxOTVkODRmZTcwODBjZDI2ZjhjY2JkNDlkYTNkMzU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKAH5PyiNv/Y+6/qWKCA4/MOH213
QoEwb0T1UnDSShkD+acujVZk9hUrMJXO3Bep64RFDqUBY8tCFq8t+Wq++Omvxm3c
lzWHXIHM028Yt47XnykBMzXAH116YpYcj7TlDHJOCXG7rGOMgpZ0JGaOsTHb7y5Y
YupW87XG5cYOnenQwo5hsAameoZZvcLq4/y2s3UYn+LP0ExEQXg5OBU2e81NK3Y7
jTTrfRrChR3E32AQ+XKFqqvWjxu2Jru4Pd4DPHgvamrwQ3CPieqQNI60E3HJe0Da
wOYtbxHdgZjER24Ajy4embG3ZpNwPYQryUiaTw29Jhl/ZBfDFct9viRvFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMnUunjBldhP5wgM0m+My9Sdo9NVMB8GA1UdIwQY
MBaAFJY6D8R6et9ihFrW3Nf7dhpsGf7bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGpvUHhIcDYzMktFV3RiYzFfdDJHbXdaX3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8xOWM5ZTEtODU0My00ZjUwLWFjYWUt
ZTQwNDVkOGNmZThmLzEveWRTNmVNR1YyRV9uQ0F6U2I0ekwxSjJqMDFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8xOWM5ZTEtODU0My00ZjUwLWFjYWUtZTQwNDVkOGNmZThm
LzEvbGpvUHhIcDYzMktFV3RiYzFfdDJHbXdaX3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9hKMA0G
CSqGSIb3DQEBCwUAA4IBAQC5QfxS9mv8xJkuQTdSYFqnvJ5vv6DgTxMHMHd2hgo/
3S3NPsNbuI0PuqlZTBincAI7jtaIEGDUMk2hzc9U7n2Fd86DaFEdSpJuou/lrnRq
JEJGGz8taVYaaSBH2Pir1UCctxshIxZpfjiXdGDCGHAc7JDeMV+Pv0Z3OFHY3yjn
kZqN1+7qrMQByRNbbaXi/ZKD3c46tj74sPnkPmTldZ8JSMOMntA1JTRfp75GXqSp
+n9tpMJTZV+zeqmbBBWTL1pcQK2JNC4nDPH34IelsDuHzxlAsdqgKQRM02EofH7B
BK4Z2OJHgjQNbgHKVhPGhDmSM9rsEg0HO7YXJd/IVI6u
-----END CERTIFICATE-----