Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/66a439-cf33-47c5-92ab-80b5118abaf6/1/1-UeNT_mEXVZRgA_7glg9OO4Sjtw.roa
File:                     1-UeNT_mEXVZRgA_7glg9OO4Sjtw.roa (raw, json)
Hash identifier:          1z29a91IWJoK+mNlT9BWeHq46/FmmyPlWPOT1hR/7F8=
Subject key identifier:   F9:47:8D:4F:F9:84:5D:56:51:80:0F:FB:82:58:3D:38:EE:12:8E:DC
Certificate issuer:       /CN=2a17d254774c97a9c685a9ec5d24f2fc69689908
Certificate serial:       019B7DCA6C1BD5A9B8605C0CCE9D7A715852
Authority key identifier: 2A:17:D2:54:77:4C:97:A9:C6:85:A9:EC:5D:24:F2:FC:69:68:99:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KhfSVHdMl6nGhansXSTy_GlomQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/66a439-cf33-47c5-92ab-80b5118abaf6/1/1-UeNT_mEXVZRgA_7glg9OO4Sjtw.roa
Signing time:             Fri 02 Jan 2026 08:19:36 +0000
ROA not before:           Fri 02 Jan 2026 08:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39043
IP address blocks:        91.211.68.0/22 maxlen: 22
                          195.66.156.0/23 maxlen: 23
                          195.66.156.0/24 maxlen: 24
                          195.66.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/66a439-cf33-47c5-92ab-80b5118abaf6/1/KhfSVHdMl6nGhansXSTy_GlomQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/66a439-cf33-47c5-92ab-80b5118abaf6/1/KhfSVHdMl6nGhansXSTy_GlomQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KhfSVHdMl6nGhansXSTy_GlomQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:ca:6c:1b:d5:a9:b8:60:5c:0c:ce:9d:7a:71:58:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a17d254774c97a9c685a9ec5d24f2fc69689908
        Validity
            Not Before: Jan  2 08:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9478d4ff9845d5651800ffb82583d38ee128edc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:da:f9:4f:90:59:76:c9:6d:c0:ed:f9:9f:d8:
                    26:df:d3:17:30:28:5a:6f:71:1a:61:46:01:d0:6b:
                    41:a2:bb:75:2e:96:e1:63:8e:40:a3:b1:d3:6e:81:
                    ae:55:19:d2:e1:28:f7:86:c5:7e:ee:aa:bf:91:b5:
                    5f:06:b6:17:ec:c2:3b:0d:73:68:c1:9d:db:da:94:
                    a5:e4:17:7d:73:fb:1e:96:80:b7:96:24:14:09:3a:
                    c2:68:46:09:bb:00:e2:c1:0b:ce:ab:c2:8e:06:b3:
                    f2:24:bb:41:8c:e3:fc:5a:a6:8f:8d:04:03:4d:c1:
                    73:51:ee:5b:36:86:17:17:91:d4:19:56:40:b4:9a:
                    39:f7:2d:01:9f:2c:6b:1e:72:c7:c5:f4:ef:ca:e3:
                    2b:2a:e4:03:ed:bc:0d:f1:78:51:a3:db:22:96:7e:
                    f7:7b:43:1a:8e:76:03:7d:c3:79:c4:b9:2a:aa:80:
                    9e:3e:bc:63:35:87:d4:f0:16:84:51:bb:b1:1c:58:
                    b7:7c:e0:90:a1:05:bc:8a:79:d7:42:b1:83:8f:92:
                    fa:02:3a:8b:97:fa:14:19:99:69:fe:4e:9e:02:13:
                    6d:66:36:f9:a2:23:04:6e:6f:ad:56:d8:5e:42:a0:
                    3f:66:5f:94:82:72:c7:9c:58:ec:fa:1b:b4:81:6b:
                    f1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:47:8D:4F:F9:84:5D:56:51:80:0F:FB:82:58:3D:38:EE:12:8E:DC
            X509v3 Authority Key Identifier:
                keyid:2A:17:D2:54:77:4C:97:A9:C6:85:A9:EC:5D:24:F2:FC:69:68:99:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KhfSVHdMl6nGhansXSTy_GlomQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/66a439-cf33-47c5-92ab-80b5118abaf6/1/1-UeNT_mEXVZRgA_7glg9OO4Sjtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/66a439-cf33-47c5-92ab-80b5118abaf6/1/KhfSVHdMl6nGhansXSTy_GlomQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.68.0/22
                  195.66.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ac:f0:02:3f:62:9c:d5:7e:81:2f:e6:4e:f3:12:fb:b1:b2:c6:
         36:ed:a8:ff:62:fa:67:3e:c5:20:e5:61:fd:dc:3e:22:3e:69:
         53:38:3e:b9:b4:3f:39:48:ce:89:58:64:e4:0f:df:c4:ed:4b:
         2f:68:25:2c:3a:84:d8:74:48:ce:8b:02:ca:14:d3:dd:42:2b:
         9c:e0:37:c7:3c:38:5d:09:a1:ba:72:f9:09:9f:e7:e4:b3:a6:
         d5:a0:fd:4f:6a:38:df:05:72:67:65:fe:42:d3:1f:a6:19:2f:
         85:dc:f6:bf:fa:33:b3:f0:cb:10:a4:cc:91:d1:ad:a5:51:cf:
         08:f2:a3:35:08:56:05:16:c6:98:09:fa:87:f7:0e:04:7d:19:
         ea:d4:15:53:9b:d0:1a:41:04:ba:a3:6f:77:a0:23:f2:d4:50:
         a4:f8:63:95:7b:ec:54:51:37:a3:0a:e8:ec:9d:37:38:a5:64:
         54:bb:69:09:f3:44:77:fb:f1:44:4d:8d:fd:81:60:df:33:4e:
         f6:26:87:d5:2d:15:b8:cc:28:f2:ec:09:b9:d5:15:15:d3:9a:
         61:cf:14:18:47:0b:89:96:80:c6:0b:52:02:c6:b7:a3:3a:19:
         98:2c:77:c8:a9:6e:ac:f7:60:d1:cd:9d:17:24:09:48:e7:7e:
         2b:9a:15:18
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZt9ymwb1am4YFwMzp16cVhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMTdkMjU0Nzc0Yzk3YTljNjg1YTllYzVkMjRmMmZjNjk2
ODk5MDgwHhcNMjYwMTAyMDgxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTQ3OGQ0ZmY5ODQ1ZDU2NTE4MDBmZmI4MjU4M2QzOGVlMTI4ZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltr5T5BZdsltwO35n9gm39MXMCha
b3EaYUYB0GtBort1LpbhY45Ao7HTboGuVRnS4Sj3hsV+7qq/kbVfBrYX7MI7DXNo
wZ3b2pSl5Bd9c/seloC3liQUCTrCaEYJuwDiwQvOq8KOBrPyJLtBjOP8WqaPjQQD
TcFzUe5bNoYXF5HUGVZAtJo59y0BnyxrHnLHxfTvyuMrKuQD7bwN8XhRo9siln73
e0MajnYDfcN5xLkqqoCePrxjNYfU8BaEUbuxHFi3fOCQoQW8innXQrGDj5L6AjqL
l/oUGZlp/k6eAhNtZjb5oiMEbm+tVtheQqA/Zl+UgnLHnFjs+hu0gWvxbQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPlHjU/5hF1WUYAP+4JYPTjuEo7cMB8GA1UdIwQY
MBaAFCoX0lR3TJepxoWp7F0k8vxpaJkIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2hmU1ZIZE1sNm5HaGFuc1hTVHlfR2xvbVFnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi82NmE0MzktY2YzMy00N2M1LTkyYWIt
ODBiNTExOGFiYWY2LzEvMS1VZU5UX21FWFZaUmdBXzdnbGc5T080U2p0dy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjIvNjZhNDM5LWNmMzMtNDdjNS05MmFiLTgwYjUxMThhYmFm
Ni8xL0toZlNWSGRNbDZuR2hhbnNYU1R5X0dsb21RZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAlvTRAME
AcNCnDANBgkqhkiG9w0BAQsFAAOCAQEArPACP2Kc1X6BL+ZO8xL7sbLGNu2o/2L6
Zz7FIOVh/dw+Ij5pUzg+ubQ/OUjOiVhk5A/fxO1LL2glLDqE2HRIzosCyhTT3UIr
nOA3xzw4XQmhunL5CZ/n5LOm1aD9T2o43wVyZ2X+QtMfphkvhdz2v/ozs/DLEKTM
kdGtpVHPCPKjNQhWBRbGmAn6h/cOBH0Z6tQVU5vQGkEEuqNvd6Aj8tRQpPhjlXvs
VFE3owro7J03OKVkVLtpCfNEd/vxRE2N/YFg3zNO9iaH1S0VuMwo8uwJudUVFdOa
Yc8UGEcLiZaAxgtSAsa3ozoZmCx3yKlurPdg0c2dFyQJSOd+K5oVGA==
-----END CERTIFICATE-----