Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/hRHKFg_8XNSpz14bqguIKVw9u_g.roa
File:                     hRHKFg_8XNSpz14bqguIKVw9u_g.roa (raw, json)
Hash identifier:          IvcC+EHpFNhaRen15J+kANi4Vrf+W52puDOFvkl+2OY=
Subject key identifier:   85:11:CA:16:0F:FC:5C:D4:A9:CF:5E:1B:AA:0B:88:29:5C:3D:BB:F8
Certificate issuer:       /CN=2410e4d1182515c47df36a1001b7f681e2dcf414
Certificate serial:       019B78A213D439AEB57B174C46561408FBBB
Authority key identifier: 24:10:E4:D1:18:25:15:C4:7D:F3:6A:10:01:B7:F6:81:E2:DC:F4:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JBDk0RglFcR982oQAbf2geLc9BQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/hRHKFg_8XNSpz14bqguIKVw9u_g.roa
Signing time:             Thu 01 Jan 2026 08:17:26 +0000
ROA not before:           Thu 01 Jan 2026 08:17:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49591
IP address blocks:        91.213.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/JBDk0RglFcR982oQAbf2geLc9BQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/JBDk0RglFcR982oQAbf2geLc9BQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JBDk0RglFcR982oQAbf2geLc9BQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:13:d4:39:ae:b5:7b:17:4c:46:56:14:08:fb:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2410e4d1182515c47df36a1001b7f681e2dcf414
        Validity
            Not Before: Jan  1 08:17:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8511ca160ffc5cd4a9cf5e1baa0b88295c3dbbf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:21:dd:b9:59:2b:f3:7a:9b:96:8c:e9:e9:fa:
                    65:8b:10:8c:60:6e:cf:2f:27:25:3b:3a:a5:c4:2c:
                    a2:73:11:d0:a1:aa:a9:f4:07:8f:86:ec:05:9e:e2:
                    4d:f4:d8:3a:1e:98:66:93:62:0a:98:f5:72:e3:e3:
                    fb:1c:fe:68:0b:28:4d:d3:b6:93:39:26:43:6d:f9:
                    a5:cc:1d:85:59:56:3f:ed:75:db:e4:00:fd:7d:91:
                    95:95:1e:10:5a:ed:24:e0:2f:08:5a:6c:d2:a2:0b:
                    5b:03:54:41:b7:ca:56:35:b1:9c:63:16:44:5d:77:
                    16:02:46:ec:a7:ba:35:f6:a2:d6:9e:2f:83:93:ce:
                    19:6b:c5:ef:d9:46:3d:34:43:aa:d4:34:bf:fc:f5:
                    fd:e8:1d:73:16:dd:65:bb:52:52:9b:4d:e5:a7:2c:
                    ed:bf:40:8a:a7:b3:3e:d7:de:d9:4f:5e:8d:b8:aa:
                    af:95:cd:4c:c9:33:ed:cb:bc:92:13:6c:85:6f:70:
                    0f:a4:14:19:be:37:e7:cc:d2:15:3e:9f:47:9d:b2:
                    e2:b8:c4:c1:1c:65:95:fb:8e:58:99:b8:08:8c:17:
                    37:36:95:26:57:44:e3:2e:53:67:1b:f1:3a:10:5b:
                    e2:61:05:bd:98:aa:bb:f0:fb:5f:8c:73:46:bb:cd:
                    ab:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:11:CA:16:0F:FC:5C:D4:A9:CF:5E:1B:AA:0B:88:29:5C:3D:BB:F8
            X509v3 Authority Key Identifier:
                keyid:24:10:E4:D1:18:25:15:C4:7D:F3:6A:10:01:B7:F6:81:E2:DC:F4:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JBDk0RglFcR982oQAbf2geLc9BQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/hRHKFg_8XNSpz14bqguIKVw9u_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/96a6a8-fb81-4a0f-ab83-a299b022d84e/1/JBDk0RglFcR982oQAbf2geLc9BQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:1e:0e:ac:22:da:2d:9d:24:ee:03:4f:37:ef:f8:f0:16:be:
         a0:24:0b:e2:08:04:45:8c:d4:ec:7f:ae:a6:fe:ee:5e:06:bd:
         20:14:f0:3b:1e:9e:f9:52:f5:af:1a:48:5b:76:e6:f2:80:88:
         55:9d:d7:2c:94:29:69:b1:a2:bb:7e:1a:07:95:a5:f1:ba:ad:
         20:89:f4:f7:dc:17:50:89:25:1d:2a:6c:c3:2e:99:cb:b2:00:
         d1:8e:a0:91:6c:f4:4b:fc:d1:65:9b:13:e8:6a:cb:c8:da:da:
         36:46:5c:6d:98:57:60:36:ee:da:d1:ca:de:86:ee:ab:f3:71:
         e1:33:40:b1:99:9a:ca:f3:00:25:12:0c:5d:3c:a2:1a:79:dd:
         7e:b5:2b:52:de:06:c8:2c:6b:c4:06:93:0f:bc:e1:89:e4:1f:
         81:51:14:38:6c:56:a2:98:c4:5a:c6:3c:09:95:33:91:45:99:
         1d:b7:9b:2a:79:83:88:a0:90:04:3d:3e:d5:68:94:90:2d:e9:
         a5:48:fb:85:d7:38:fc:bb:c8:23:b4:0e:17:9f:30:f4:17:79:
         17:c8:12:9f:3f:64:25:4d:09:be:60:35:d1:3e:8b:db:cb:3d:
         c5:c5:14:ef:70:f2:c1:00:eb:56:ee:2b:a7:dc:41:ce:fa:70:
         e9:4b:75:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt4ohPUOa61exdMRlYUCPu7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MTBlNGQxMTgyNTE1YzQ3ZGYzNmExMDAxYjdmNjgxZTJk
Y2Y0MTQwHhcNMjYwMTAxMDgxNzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTExY2ExNjBmZmM1Y2Q0YTljZjVlMWJhYTBiODgyOTVjM2RiYmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiHduVkr83qblozp6fplixCMYG7P
LyclOzqlxCyicxHQoaqp9AePhuwFnuJN9Ng6Hphmk2IKmPVy4+P7HP5oCyhN07aT
OSZDbfmlzB2FWVY/7XXb5AD9fZGVlR4QWu0k4C8IWmzSogtbA1RBt8pWNbGcYxZE
XXcWAkbsp7o19qLWni+Dk84Za8Xv2UY9NEOq1DS//PX96B1zFt1lu1JSm03lpyzt
v0CKp7M+197ZT16NuKqvlc1MyTPty7ySE2yFb3APpBQZvjfnzNIVPp9HnbLiuMTB
HGWV+45YmbgIjBc3NpUmV0TjLlNnG/E6EFviYQW9mKq78PtfjHNGu82r4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIURyhYP/FzUqc9eG6oLiClcPbv4MB8GA1UdIwQY
MBaAFCQQ5NEYJRXEffNqEAG39oHi3PQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkJEazBSZ2xGY1I5ODJvUUFiZjJnZUxjOUJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy85NmE2YTgtZmI4MS00YTBmLWFiODMt
YTI5OWIwMjJkODRlLzEvaFJIS0ZnXzhYTlNwejE0YnFndUlLVnc5dV9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy85NmE2YTgtZmI4MS00YTBmLWFiODMtYTI5OWIwMjJkODRl
LzEvSkJEazBSZ2xGY1I5ODJvUUFiZjJnZUxjOUJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9U3MA0G
CSqGSIb3DQEBCwUAA4IBAQCoHg6sItotnSTuA0837/jwFr6gJAviCARFjNTsf66m
/u5eBr0gFPA7Hp75UvWvGkhbdubygIhVndcslClpsaK7fhoHlaXxuq0gifT33BdQ
iSUdKmzDLpnLsgDRjqCRbPRL/NFlmxPoasvI2to2RlxtmFdgNu7a0crehu6r83Hh
M0CxmZrK8wAlEgxdPKIaed1+tStS3gbILGvEBpMPvOGJ5B+BURQ4bFaimMRaxjwJ
lTORRZkdt5sqeYOIoJAEPT7VaJSQLemlSPuF1zj8u8gjtA4XnzD0F3kXyBKfP2Ql
TQm+YDXRPovbyz3FxRTvcPLBAOtW7iun3EHO+nDpS3Va
-----END CERTIFICATE-----