Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/VBdgLCJ2-5Nl3qZazFpZsUmQNHc.roa
File:                     VBdgLCJ2-5Nl3qZazFpZsUmQNHc.roa (raw, json)
Hash identifier:          1wk7mMyCYgzy4JDr5+775irtexYwlsK/lROPNiZfnOo=
Subject key identifier:   54:17:60:2C:22:76:FB:93:65:DE:A6:5A:CC:5A:59:B1:49:90:34:77
Certificate issuer:       /CN=0419f197f173117b7531facb9a63896a29d9a9a0
Certificate serial:       019B79ECC04D417476D7EFADF982631CBF45
Authority key identifier: 04:19:F1:97:F1:73:11:7B:75:31:FA:CB:9A:63:89:6A:29:D9:A9:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BBnxl_FzEXt1MfrLmmOJainZqaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/VBdgLCJ2-5Nl3qZazFpZsUmQNHc.roa
Signing time:             Thu 01 Jan 2026 14:18:37 +0000
ROA not before:           Thu 01 Jan 2026 14:18:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210517
IP address blocks:        91.241.52.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/BBnxl_FzEXt1MfrLmmOJainZqaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/BBnxl_FzEXt1MfrLmmOJainZqaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BBnxl_FzEXt1MfrLmmOJainZqaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:ec:c0:4d:41:74:76:d7:ef:ad:f9:82:63:1c:bf:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0419f197f173117b7531facb9a63896a29d9a9a0
        Validity
            Not Before: Jan  1 14:18:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5417602c2276fb9365dea65acc5a59b149903477
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:25:37:29:80:5c:be:0b:ff:90:b3:1c:4b:e4:
                    d1:ba:b9:11:63:18:86:eb:7d:fd:a6:1e:33:80:16:
                    00:0e:48:97:3f:46:64:c2:84:ed:44:8f:07:5c:04:
                    c1:6d:2c:65:21:00:f7:81:ca:da:77:8f:b0:22:d2:
                    41:f5:9c:f1:99:48:9a:ef:c7:59:71:3e:ff:48:cb:
                    f8:3e:87:c3:81:04:95:5f:8e:b0:c5:c6:cf:2e:eb:
                    e7:84:69:02:11:27:b6:f2:8a:1b:5f:74:86:0e:44:
                    ac:22:08:79:0f:c8:37:a4:25:b2:12:8a:7d:da:46:
                    67:f2:47:a7:4f:1d:39:74:a1:03:e3:a4:c4:db:60:
                    b3:34:e8:63:54:54:2d:c4:c2:bf:79:d1:7e:d8:90:
                    a6:b4:1b:57:7f:22:61:0f:a2:e8:2e:4d:59:4a:ab:
                    c9:8d:0a:d9:32:51:9c:e8:fa:7c:5a:e9:f0:0e:6f:
                    a2:54:e8:f7:44:73:31:75:7d:0c:81:d6:94:95:79:
                    59:5e:9f:26:3b:2a:66:ac:de:7d:71:b5:81:b1:6f:
                    6e:89:14:fa:ec:02:34:07:3d:df:92:78:a2:e7:69:
                    69:df:8f:52:77:21:ad:64:80:04:50:94:53:76:3d:
                    9a:a2:8b:7a:85:60:52:57:b7:0a:63:f0:21:43:3f:
                    21:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:17:60:2C:22:76:FB:93:65:DE:A6:5A:CC:5A:59:B1:49:90:34:77
            X509v3 Authority Key Identifier:
                keyid:04:19:F1:97:F1:73:11:7B:75:31:FA:CB:9A:63:89:6A:29:D9:A9:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BBnxl_FzEXt1MfrLmmOJainZqaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/VBdgLCJ2-5Nl3qZazFpZsUmQNHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/e28021-61d2-4a75-9c2a-b1cb03a3fd5c/1/BBnxl_FzEXt1MfrLmmOJainZqaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:28:e6:09:2e:3f:8c:4e:2c:24:c2:87:2d:bb:a4:e2:83:98:
         28:9b:fb:68:cf:86:fb:ce:af:5c:5e:69:02:66:18:cc:3d:fb:
         53:26:bb:04:14:26:5d:c2:1b:ba:c4:2a:35:82:3b:e3:03:37:
         38:ae:34:ce:00:11:cc:59:2b:42:44:d2:a9:91:2b:cb:7d:b5:
         c6:e8:a8:79:28:67:17:f1:34:4c:ad:eb:a8:1e:91:a4:7b:29:
         68:09:4f:b6:3a:fa:9e:95:26:9e:21:07:ec:66:46:99:a7:33:
         ce:29:33:e5:70:bc:53:de:9e:eb:77:83:ce:8d:88:35:1e:7e:
         6a:6b:e2:e9:90:df:48:b5:7d:49:1e:bf:f7:cb:87:b7:76:49:
         05:a3:31:9e:02:bf:f9:87:c9:e9:8d:53:bb:b7:33:b4:0f:fd:
         25:11:f5:5d:c2:f2:32:c6:1e:5f:74:a1:dc:53:2a:34:f3:e3:
         5c:bf:fc:29:40:7d:fd:9b:d6:7d:93:67:27:7f:5c:fa:bd:a4:
         14:39:ef:b6:cc:2f:25:e5:d8:e8:5e:41:0c:54:b6:a5:f6:73:
         77:7c:62:34:d8:f3:69:e4:37:ed:30:d2:51:ac:b1:ff:42:f3:
         60:d8:43:fb:6f:7b:92:e4:2d:ba:a0:1d:82:43:76:14:0f:c2:
         fc:a6:c6:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt57MBNQXR21++t+YJjHL9FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MTlmMTk3ZjE3MzExN2I3NTMxZmFjYjlhNjM4OTZhMjlk
OWE5YTAwHhcNMjYwMTAxMTQxODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDE3NjAyYzIyNzZmYjkzNjVkZWE2NWFjYzVhNTliMTQ5OTAzNDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8SU3KYBcvgv/kLMcS+TRurkRYxiG
6339ph4zgBYADkiXP0ZkwoTtRI8HXATBbSxlIQD3gcrad4+wItJB9ZzxmUia78dZ
cT7/SMv4PofDgQSVX46wxcbPLuvnhGkCESe28oobX3SGDkSsIgh5D8g3pCWyEop9
2kZn8kenTx05dKED46TE22CzNOhjVFQtxMK/edF+2JCmtBtXfyJhD6LoLk1ZSqvJ
jQrZMlGc6Pp8WunwDm+iVOj3RHMxdX0MgdaUlXlZXp8mOypmrN59cbWBsW9uiRT6
7AI0Bz3fknii52lp349SdyGtZIAEUJRTdj2aoot6hWBSV7cKY/AhQz8hgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQXYCwidvuTZd6mWsxaWbFJkDR3MB8GA1UdIwQY
MBaAFAQZ8ZfxcxF7dTH6y5pjiWop2amgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkJueGxfRnpFWHQxTWZyTG1tT0phaW5acWFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9lMjgwMjEtNjFkMi00YTc1LTljMmEt
YjFjYjAzYTNmZDVjLzEvVkJkZ0xDSjItNU5sM3FaYXpGcFpzVW1RTkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9lMjgwMjEtNjFkMi00YTc1LTljMmEtYjFjYjAzYTNmZDVj
LzEvQkJueGxfRnpFWHQxTWZyTG1tT0phaW5acWFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/E0MA0G
CSqGSIb3DQEBCwUAA4IBAQACKOYJLj+MTiwkwoctu6Tig5gom/toz4b7zq9cXmkC
ZhjMPftTJrsEFCZdwhu6xCo1gjvjAzc4rjTOABHMWStCRNKpkSvLfbXG6Kh5KGcX
8TRMreuoHpGkeyloCU+2OvqelSaeIQfsZkaZpzPOKTPlcLxT3p7rd4POjYg1Hn5q
a+LpkN9ItX1JHr/3y4e3dkkFozGeAr/5h8npjVO7tzO0D/0lEfVdwvIyxh5fdKHc
Uyo08+Ncv/wpQH39m9Z9k2cnf1z6vaQUOe+2zC8l5djoXkEMVLal9nN3fGI02PNp
5DftMNJRrLH/QvNg2EP7b3uS5C26oB2CQ3YUD8L8psZs
-----END CERTIFICATE-----