Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/r3_yXxH6xUci6wXmFqZLXgr1F4o.roa
File:                     r3_yXxH6xUci6wXmFqZLXgr1F4o.roa (raw, json)
Hash identifier:          4yDIfwGb7Rv5eabQ05zkTV2EF0bWKjYcnvDCnsfYuk8=
Subject key identifier:   AF:7F:F2:5F:11:FA:C5:47:22:EB:05:E6:16:A6:4B:5E:0A:F5:17:8A
Certificate issuer:       /CN=0babd682c1a8fc5037adbf68143ae77fd00f38ab
Certificate serial:       019D60565D0002B5FD748CEADF9894FE80B4
Authority key identifier: 0B:AB:D6:82:C1:A8:FC:50:37:AD:BF:68:14:3A:E7:7F:D0:0F:38:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C6vWgsGo_FA3rb9oFDrnf9APOKs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/r3_yXxH6xUci6wXmFqZLXgr1F4o.roa
Signing time:             Mon 06 Apr 2026 01:09:25 +0000
ROA not before:           Mon 06 Apr 2026 01:09:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60592
IP address blocks:        91.224.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/C6vWgsGo_FA3rb9oFDrnf9APOKs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/C6vWgsGo_FA3rb9oFDrnf9APOKs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C6vWgsGo_FA3rb9oFDrnf9APOKs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:60:56:5d:00:02:b5:fd:74:8c:ea:df:98:94:fe:80:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0babd682c1a8fc5037adbf68143ae77fd00f38ab
        Validity
            Not Before: Apr  6 01:09:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af7ff25f11fac54722eb05e616a64b5e0af5178a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f2:0e:5b:72:d8:ae:05:9e:52:f3:dc:96:12:
                    67:2e:a0:bd:fd:2b:08:ca:c1:9b:e3:9b:59:57:0b:
                    13:64:7f:76:ab:48:c1:92:ab:73:6a:fc:e3:49:47:
                    9c:73:56:d2:27:76:e6:2c:6d:76:c6:bc:2a:e2:13:
                    62:74:ff:27:87:9f:57:d3:22:41:8b:1d:d1:31:b3:
                    cc:3b:3b:d5:21:b2:09:ad:db:06:76:e7:75:ef:14:
                    0e:01:84:49:29:24:b1:e5:7b:84:9c:d7:ae:26:12:
                    9d:e9:ef:e6:f8:6d:65:70:8d:78:9e:8c:75:1b:58:
                    92:16:9c:53:e9:b2:e3:68:7e:d9:ea:90:0c:15:4b:
                    1a:78:8a:e9:4b:99:f9:cd:11:25:55:36:d8:98:bf:
                    c0:5c:1f:4c:de:06:a7:81:31:ad:d1:1b:78:5a:37:
                    73:51:d5:9f:c4:89:ee:bc:2f:70:78:27:18:48:53:
                    d3:2a:94:e6:53:cd:47:dc:6f:13:ef:5f:12:d1:02:
                    be:fb:77:ac:e8:1d:e6:e9:76:c4:da:9a:96:6e:29:
                    fc:2b:f5:79:bf:cc:1f:89:0e:b6:92:af:a8:38:d1:
                    cd:b5:be:85:9a:00:e6:a9:fa:6c:84:7c:54:f7:63:
                    2c:c5:cc:65:72:47:3e:8d:99:0c:4f:a2:2d:62:28:
                    c6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:7F:F2:5F:11:FA:C5:47:22:EB:05:E6:16:A6:4B:5E:0A:F5:17:8A
            X509v3 Authority Key Identifier:
                keyid:0B:AB:D6:82:C1:A8:FC:50:37:AD:BF:68:14:3A:E7:7F:D0:0F:38:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C6vWgsGo_FA3rb9oFDrnf9APOKs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/r3_yXxH6xUci6wXmFqZLXgr1F4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/bc401a-6938-4fdc-9c6e-fac3d5543a2c/1/C6vWgsGo_FA3rb9oFDrnf9APOKs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.224.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:20:8d:3f:40:8e:3c:87:fb:e9:ee:2f:a2:1b:f4:6c:f3:0a:
         15:4f:41:6a:78:6c:e5:fd:be:76:18:62:0f:e3:a6:cf:b9:07:
         e0:74:6e:98:62:71:18:42:b2:d6:a7:c4:99:12:11:44:5b:cb:
         97:0d:e2:6c:37:72:10:12:bc:ad:b3:6b:47:67:5d:d9:c3:e3:
         d1:36:aa:80:e9:7b:3d:24:ce:52:18:bb:53:60:38:2a:d7:2a:
         c9:e8:a0:45:48:70:5b:e2:19:dc:58:05:82:09:cf:2c:a9:b0:
         1d:11:0c:30:6e:54:63:3c:77:00:dc:bf:1a:ee:07:d1:df:e6:
         4b:c9:25:0a:2c:ca:30:7e:66:e9:16:12:44:49:56:f6:cb:dd:
         e8:d6:62:7c:88:61:64:39:ba:09:29:91:82:ee:4a:33:36:e6:
         7f:80:06:b9:02:c8:8a:94:dc:fa:0f:1d:02:ca:e6:3a:60:97:
         02:e8:88:e5:4e:73:ec:5c:2c:be:eb:76:ac:c9:9a:9f:9c:13:
         87:cc:f6:28:2e:56:f6:fe:2c:4a:95:02:c2:c8:80:da:6d:18:
         0e:e8:91:ce:40:97:c6:36:e6:7e:16:7a:e4:08:17:be:f9:87:
         5b:d7:b6:89:ce:25:29:ac:db:06:69:9f:df:07:df:63:4d:05:
         9d:27:3b:07
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1gVl0AArX9dIzq35iU/oC0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiYWJkNjgyYzFhOGZjNTAzN2FkYmY2ODE0M2FlNzdmZDAw
ZjM4YWIwHhcNMjYwNDA2MDEwOTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjdmZjI1ZjExZmFjNTQ3MjJlYjA1ZTYxNmE2NGI1ZTBhZjUxNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvIOW3LYrgWeUvPclhJnLqC9/SsI
ysGb45tZVwsTZH92q0jBkqtzavzjSUecc1bSJ3bmLG12xrwq4hNidP8nh59X0yJB
ix3RMbPMOzvVIbIJrdsGdud17xQOAYRJKSSx5XuEnNeuJhKd6e/m+G1lcI14nox1
G1iSFpxT6bLjaH7Z6pAMFUsaeIrpS5n5zRElVTbYmL/AXB9M3gangTGt0Rt4Wjdz
UdWfxInuvC9weCcYSFPTKpTmU81H3G8T718S0QK++3es6B3m6XbE2pqWbin8K/V5
v8wfiQ62kq+oONHNtb6FmgDmqfpshHxU92Msxcxlckc+jZkMT6ItYijG4wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9/8l8R+sVHIusF5hamS14K9ReKMB8GA1UdIwQY
MBaAFAur1oLBqPxQN62/aBQ653/QDzirMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzZ2V2dzR29fRkEzcmI5b0ZEcm5mOUFQT0tzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9iYzQwMWEtNjkzOC00ZmRjLTljNmUt
ZmFjM2Q1NTQzYTJjLzEvcjNfeVh4SDZ4VWNpNndYbUZxWkxYZ3IxRjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9iYzQwMWEtNjkzOC00ZmRjLTljNmUtZmFjM2Q1NTQzYTJj
LzEvQzZ2V2dzR29fRkEzcmI5b0ZEcm5mOUFQT0tzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+A6MA0G
CSqGSIb3DQEBCwUAA4IBAQBJII0/QI48h/vp7i+iG/Rs8woVT0FqeGzl/b52GGIP
46bPuQfgdG6YYnEYQrLWp8SZEhFEW8uXDeJsN3IQEryts2tHZ13Zw+PRNqqA6Xs9
JM5SGLtTYDgq1yrJ6KBFSHBb4hncWAWCCc8sqbAdEQwwblRjPHcA3L8a7gfR3+ZL
ySUKLMowfmbpFhJESVb2y93o1mJ8iGFkOboJKZGC7kozNuZ/gAa5AsiKlNz6Dx0C
yuY6YJcC6IjlTnPsXCy+63asyZqfnBOHzPYoLlb2/ixKlQLCyIDabRgO6JHOQJfG
NuZ+FnrkCBe++Ydb17aJziUprNsGaZ/fB99jTQWdJzsH
-----END CERTIFICATE-----