Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/sdhGA-D8N0DheaeqCdaBETgkfIk.roa
File:                     sdhGA-D8N0DheaeqCdaBETgkfIk.roa (raw, json)
Hash identifier:          4XflHV7qg++MD8lYex2YKEHuIVOaLfMa2L7b2xLJq54=
Subject key identifier:   B1:D8:46:03:E0:FC:37:40:E1:79:A7:AA:09:D6:81:11:38:24:7C:89
Certificate issuer:       /CN=2776d64ea8fd028b6888e374557bb91f05ee0ec6
Certificate serial:       019B76EAF4842F29C3070FF7088E1C48612A
Authority key identifier: 27:76:D6:4E:A8:FD:02:8B:68:88:E3:74:55:7B:B9:1F:05:EE:0E:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J3bWTqj9AotoiON0VXu5HwXuDsY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/sdhGA-D8N0DheaeqCdaBETgkfIk.roa
Signing time:             Thu 01 Jan 2026 00:17:47 +0000
ROA not before:           Thu 01 Jan 2026 00:17:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48719
IP address blocks:        91.211.208.0/22 maxlen: 22
                          91.211.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/J3bWTqj9AotoiON0VXu5HwXuDsY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/J3bWTqj9AotoiON0VXu5HwXuDsY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J3bWTqj9AotoiON0VXu5HwXuDsY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:f4:84:2f:29:c3:07:0f:f7:08:8e:1c:48:61:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2776d64ea8fd028b6888e374557bb91f05ee0ec6
        Validity
            Not Before: Jan  1 00:17:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1d84603e0fc3740e179a7aa09d6811138247c89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a5:c9:9e:6c:ff:34:a5:07:80:4a:61:58:c9:
                    7a:28:78:87:61:74:9d:85:7e:a9:c1:28:63:1d:f2:
                    49:9c:c1:90:0f:a0:de:62:81:38:73:17:b0:3d:30:
                    5e:3e:d7:08:17:24:8d:62:86:4d:87:34:d1:78:4c:
                    86:9d:e1:91:80:ad:7d:4e:78:fe:c0:23:f2:ee:3e:
                    e7:c1:70:4e:97:d8:2c:33:80:7b:54:3c:fc:cd:dc:
                    6c:1d:bb:7d:c9:7f:61:af:ba:92:cb:13:bb:3d:6b:
                    ed:99:94:82:46:cb:c6:54:4d:95:20:0a:1e:15:41:
                    94:5c:65:aa:8b:5b:56:31:7a:12:da:98:04:af:85:
                    cb:2b:94:87:56:0e:eb:3a:c8:ba:3e:36:3d:03:8e:
                    a9:3e:9c:f2:44:d3:e1:b2:84:70:b9:59:9b:54:dd:
                    7e:68:6b:e3:c7:a7:23:c6:66:37:5e:fb:ca:05:a6:
                    59:a2:65:d3:a3:1c:2a:59:f6:9f:af:ed:6e:11:20:
                    70:21:11:36:53:02:b8:16:3a:74:7e:e9:aa:3a:b0:
                    0c:18:29:d4:3f:74:f1:f7:9f:a6:ac:3e:25:28:ee:
                    bc:ef:15:08:03:f8:46:7b:5e:73:9a:f2:3b:f0:c8:
                    79:23:50:35:68:dc:e7:79:02:3c:c9:8a:28:54:87:
                    90:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:D8:46:03:E0:FC:37:40:E1:79:A7:AA:09:D6:81:11:38:24:7C:89
            X509v3 Authority Key Identifier:
                keyid:27:76:D6:4E:A8:FD:02:8B:68:88:E3:74:55:7B:B9:1F:05:EE:0E:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J3bWTqj9AotoiON0VXu5HwXuDsY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/sdhGA-D8N0DheaeqCdaBETgkfIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/J3bWTqj9AotoiON0VXu5HwXuDsY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:49:b4:62:24:88:60:f7:de:5e:e0:d2:eb:45:58:72:15:d5:
         14:12:40:a4:95:66:2b:18:6f:40:40:9c:66:3e:1c:e3:ab:ff:
         cc:00:6e:ab:d6:f3:69:22:1c:a1:84:b3:15:c4:3d:35:2d:cc:
         ec:de:e2:4c:4d:fe:2f:5a:20:ee:02:17:b1:99:1c:95:40:34:
         f4:4e:e6:3c:97:8c:7f:22:e5:b1:25:64:5e:75:dd:6a:6f:27:
         d0:33:1f:fe:d2:5a:36:c3:97:25:db:8d:ef:3b:c5:91:a5:71:
         0f:52:e4:3e:82:3c:e5:22:e6:b1:d6:65:5a:ff:12:62:77:f9:
         82:f5:d7:4f:23:35:d1:f8:99:5b:0c:6d:a6:09:0b:c9:90:2e:
         38:5c:32:27:f6:25:25:2b:4d:2d:1e:3b:01:ec:ce:98:54:ba:
         63:54:dc:c6:45:d2:3b:21:d0:4f:cd:34:e6:b1:cf:cb:98:04:
         9f:ac:ea:c8:b8:46:60:72:1a:9e:c3:7e:5c:a6:6a:68:76:15:
         c5:18:c4:5f:e3:56:77:cc:9a:36:98:59:2e:a4:6b:67:f3:c8:
         99:1c:47:8e:fc:fc:73:31:29:54:99:a4:ff:d1:6f:79:7d:54:
         71:46:04:4a:db:cd:b4:8b:a4:66:2e:9b:20:e4:06:2b:af:db:
         71:31:c9:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt26vSELynDBw/3CI4cSGEqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NzZkNjRlYThmZDAyOGI2ODg4ZTM3NDU1N2JiOTFmMDVl
ZTBlYzYwHhcNMjYwMTAxMDAxNzQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWQ4NDYwM2UwZmMzNzQwZTE3OWE3YWEwOWQ2ODExMTM4MjQ3Yzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6XJnmz/NKUHgEphWMl6KHiHYXSd
hX6pwShjHfJJnMGQD6DeYoE4cxewPTBePtcIFySNYoZNhzTReEyGneGRgK19Tnj+
wCPy7j7nwXBOl9gsM4B7VDz8zdxsHbt9yX9hr7qSyxO7PWvtmZSCRsvGVE2VIAoe
FUGUXGWqi1tWMXoS2pgEr4XLK5SHVg7rOsi6PjY9A46pPpzyRNPhsoRwuVmbVN1+
aGvjx6cjxmY3XvvKBaZZomXToxwqWfafr+1uESBwIRE2UwK4Fjp0fumqOrAMGCnU
P3Tx95+mrD4lKO687xUIA/hGe15zmvI78Mh5I1A1aNzneQI8yYooVIeQ+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLHYRgPg/DdA4XmnqgnWgRE4JHyJMB8GA1UdIwQY
MBaAFCd21k6o/QKLaIjjdFV7uR8F7g7GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjNiV1RxajlBb3RvaU9OMFZYdTVId1h1RHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zZWQ5N2QtZTg2Ny00MjVmLTg3NDMt
MGRhZWQzYWE2MjQ5LzEvc2RoR0EtRDhOMERoZWFlcUNkYUJFVGdrZklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zZWQ5N2QtZTg2Ny00MjVmLTg3NDMtMGRhZWQzYWE2MjQ5
LzEvSjNiV1RxajlBb3RvaU9OMFZYdTVId1h1RHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9PQMA0G
CSqGSIb3DQEBCwUAA4IBAQAlSbRiJIhg995e4NLrRVhyFdUUEkCklWYrGG9AQJxm
Phzjq//MAG6r1vNpIhyhhLMVxD01Lczs3uJMTf4vWiDuAhexmRyVQDT0TuY8l4x/
IuWxJWRedd1qbyfQMx/+0lo2w5cl243vO8WRpXEPUuQ+gjzlIuax1mVa/xJid/mC
9ddPIzXR+JlbDG2mCQvJkC44XDIn9iUlK00tHjsB7M6YVLpjVNzGRdI7IdBPzTTm
sc/LmASfrOrIuEZgchqew35cpmpodhXFGMRf41Z3zJo2mFkupGtn88iZHEeO/Pxz
MSlUmaT/0W95fVRxRgRK2820i6RmLpsg5AYrr9txMcn9
-----END CERTIFICATE-----