Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/nVHrsl4hwFWTaCR_GcEsa9Q48KA.roa
File:                     nVHrsl4hwFWTaCR_GcEsa9Q48KA.roa (raw, json)
Hash identifier:          /YrORsls2Ml4uyA19yrvejBRcrJxya6Sn19K3r9l9F8=
Subject key identifier:   9D:51:EB:B2:5E:21:C0:55:93:68:24:7F:19:C1:2C:6B:D4:38:F0:A0
Certificate issuer:       /CN=15403e157c82f75efa7c54a9bc7d0d1bf01b1cae
Certificate serial:       019D48E8BE1132A945B8019E48AFCFDA718C
Authority key identifier: 15:40:3E:15:7C:82:F7:5E:FA:7C:54:A9:BC:7D:0D:1B:F0:1B:1C:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FUA-FXyC9176fFSpvH0NG_AbHK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/nVHrsl4hwFWTaCR_GcEsa9Q48KA.roa
Signing time:             Wed 01 Apr 2026 11:58:25 +0000
ROA not before:           Wed 01 Apr 2026 11:58:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201824
IP address blocks:        91.239.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/FUA-FXyC9176fFSpvH0NG_AbHK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/FUA-FXyC9176fFSpvH0NG_AbHK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FUA-FXyC9176fFSpvH0NG_AbHK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:e8:be:11:32:a9:45:b8:01:9e:48:af:cf:da:71:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15403e157c82f75efa7c54a9bc7d0d1bf01b1cae
        Validity
            Not Before: Apr  1 11:58:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d51ebb25e21c0559368247f19c12c6bd438f0a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:0e:ee:d6:99:23:17:76:9a:6f:f4:23:4d:e0:
                    cf:34:17:12:28:20:d0:93:ab:cc:08:6c:4a:ef:21:
                    66:d7:d2:df:db:12:52:20:44:2a:76:2e:52:e9:b5:
                    cd:e1:08:56:9d:2a:73:ab:70:70:cd:54:db:63:f2:
                    81:14:b1:41:82:18:99:7d:fd:9c:3e:ba:9f:0f:89:
                    df:71:83:1e:ed:67:b8:55:54:8c:26:45:a8:21:f7:
                    f1:4c:d8:40:58:e0:62:d6:17:55:96:b1:fd:fb:db:
                    0d:04:63:54:89:f2:95:cb:24:e5:12:51:39:1f:3c:
                    8f:12:f5:88:b2:eb:bb:b4:76:cc:c2:aa:91:2c:ad:
                    a2:d0:5a:24:07:53:c2:c7:b1:43:70:f4:ee:c4:2f:
                    18:23:69:3d:b1:6b:63:f3:29:43:79:3f:4d:7c:a2:
                    1e:94:5a:91:83:5e:42:65:0d:ad:13:77:2e:07:af:
                    a9:1f:4c:f7:c9:78:51:78:58:70:92:d7:f0:e8:5d:
                    99:33:d5:5c:33:7f:9b:fe:c0:b6:aa:c2:9b:d1:62:
                    22:e2:4b:5c:0c:07:aa:c0:4b:27:ce:f6:0c:34:f2:
                    07:51:46:d0:3d:c6:ef:5d:4b:74:cd:49:41:11:86:
                    bf:93:f4:ca:f3:e0:8e:72:57:71:0a:e3:7a:4a:0e:
                    e5:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:51:EB:B2:5E:21:C0:55:93:68:24:7F:19:C1:2C:6B:D4:38:F0:A0
            X509v3 Authority Key Identifier:
                keyid:15:40:3E:15:7C:82:F7:5E:FA:7C:54:A9:BC:7D:0D:1B:F0:1B:1C:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FUA-FXyC9176fFSpvH0NG_AbHK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/nVHrsl4hwFWTaCR_GcEsa9Q48KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/eaf880-7106-4d33-8735-334f9429248e/1/FUA-FXyC9176fFSpvH0NG_AbHK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:6e:8f:8c:36:e1:9f:3c:94:28:95:5f:d1:b0:2f:7f:82:58:
         53:08:a7:29:cc:92:09:d9:48:58:bb:84:d7:66:21:2a:e4:d6:
         bc:b2:66:b7:f5:41:36:a8:0f:55:39:9e:a4:95:7c:b3:47:ec:
         e5:2b:7b:7b:ec:78:f0:9d:47:64:77:33:48:45:c3:29:3c:17:
         53:26:78:b2:59:59:00:6d:f9:33:2c:e0:4a:3e:b6:6f:23:4a:
         d4:ea:db:ef:21:5d:85:47:c7:b0:5e:bf:ca:6d:ae:1b:b9:6d:
         ec:44:a4:2d:af:0b:c8:8e:cc:65:4d:2a:98:db:e2:00:27:8d:
         cf:e8:63:8d:af:8f:51:95:5c:e6:7f:54:eb:33:e4:fa:53:b9:
         31:34:e6:2b:1c:10:b6:44:70:42:57:de:dc:af:fd:2c:8a:a0:
         87:01:ae:7b:a4:fe:53:e4:24:d5:84:f7:95:2f:2d:1a:a5:fe:
         25:bc:62:64:fc:ca:c4:7d:a4:83:95:b8:5a:1c:82:36:fa:b8:
         92:0d:a0:83:95:23:7f:72:43:ec:f9:27:0a:10:3a:f8:54:6f:
         4a:d4:36:3c:eb:24:5c:3f:32:e1:e2:61:b6:73:42:71:0e:4b:
         64:02:d4:b6:9b:47:eb:25:e9:a8:8a:d0:04:6a:d3:9e:04:3f:
         82:19:d4:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1I6L4RMqlFuAGeSK/P2nGMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1NDAzZTE1N2M4MmY3NWVmYTdjNTRhOWJjN2QwZDFiZjAx
YjFjYWUwHhcNMjYwNDAxMTE1ODI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDUxZWJiMjVlMjFjMDU1OTM2ODI0N2YxOWMxMmM2YmQ0MzhmMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1w7u1pkjF3aab/QjTeDPNBcSKCDQ
k6vMCGxK7yFm19Lf2xJSIEQqdi5S6bXN4QhWnSpzq3BwzVTbY/KBFLFBghiZff2c
PrqfD4nfcYMe7We4VVSMJkWoIffxTNhAWOBi1hdVlrH9+9sNBGNUifKVyyTlElE5
HzyPEvWIsuu7tHbMwqqRLK2i0FokB1PCx7FDcPTuxC8YI2k9sWtj8ylDeT9NfKIe
lFqRg15CZQ2tE3cuB6+pH0z3yXhReFhwktfw6F2ZM9VcM3+b/sC2qsKb0WIi4ktc
DAeqwEsnzvYMNPIHUUbQPcbvXUt0zUlBEYa/k/TK8+COcldxCuN6Sg7lnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1R67JeIcBVk2gkfxnBLGvUOPCgMB8GA1UdIwQY
MBaAFBVAPhV8gvde+nxUqbx9DRvwGxyuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlVBLUZYeUM5MTc2ZkZTcHZIME5HX0FiSEs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9lYWY4ODAtNzEwNi00ZDMzLTg3MzUt
MzM0Zjk0MjkyNDhlLzEvblZIcnNsNGh3RldUYUNSX0djRXNhOVE0OEtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9lYWY4ODAtNzEwNi00ZDMzLTg3MzUtMzM0Zjk0MjkyNDhl
LzEvRlVBLUZYeUM5MTc2ZkZTcHZIME5HX0FiSEs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW++7MA0G
CSqGSIb3DQEBCwUAA4IBAQB/bo+MNuGfPJQolV/RsC9/glhTCKcpzJIJ2UhYu4TX
ZiEq5Na8sma39UE2qA9VOZ6klXyzR+zlK3t77HjwnUdkdzNIRcMpPBdTJniyWVkA
bfkzLOBKPrZvI0rU6tvvIV2FR8ewXr/Kba4buW3sRKQtrwvIjsxlTSqY2+IAJ43P
6GONr49RlVzmf1TrM+T6U7kxNOYrHBC2RHBCV97cr/0siqCHAa57pP5T5CTVhPeV
Ly0apf4lvGJk/MrEfaSDlbhaHII2+riSDaCDlSN/ckPs+ScKEDr4VG9K1DY86yRc
PzLh4mG2c0JxDktkAtS2m0frJemoitAEatOeBD+CGdSN
-----END CERTIFICATE-----