Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/eRUram9FiygBh410Dn1i-De_Uv0.roa
File:                     eRUram9FiygBh410Dn1i-De_Uv0.roa (raw, json)
Hash identifier:          0UT7pykP+ViP/ePf2YhJafI90nKn0use/xYGNVGDsGI=
Subject key identifier:   79:15:2B:6A:6F:45:8B:28:01:87:8D:74:0E:7D:62:F8:37:BF:52:FD
Certificate issuer:       /CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
Certificate serial:       019B7EA72C86105CC114D44526F3B0AA4AF3
Authority key identifier: 97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/eRUram9FiygBh410Dn1i-De_Uv0.roa
Signing time:             Fri 02 Jan 2026 12:20:43 +0000
ROA not before:           Fri 02 Jan 2026 12:20:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41588
IP address blocks:        91.195.248.0/23 maxlen: 23
                          195.138.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:2c:86:10:5c:c1:14:d4:45:26:f3:b0:aa:4a:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=97024ffc4927bfe35289435d9d0280420b8ecdcb
        Validity
            Not Before: Jan  2 12:20:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=79152b6a6f458b2801878d740e7d62f837bf52fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9f:b4:dc:a4:e5:4a:56:d2:93:2f:14:e5:a2:
                    8c:a8:76:b0:bf:e3:75:20:08:31:b7:2d:60:88:00:
                    78:c9:d1:c5:44:3b:e9:f8:1f:f2:77:52:6b:2c:ec:
                    be:36:7f:ae:d5:e9:95:1f:76:6b:9f:43:47:5d:f1:
                    c4:42:17:66:21:68:d4:1a:dd:62:c8:c6:9f:85:f7:
                    cc:83:37:4a:2f:48:3e:c5:a8:2a:a6:b7:d6:20:f1:
                    50:b8:4c:c9:e2:f6:98:89:0e:6c:d3:ea:f2:75:e5:
                    9d:ce:ff:62:3c:79:c5:b1:8d:bf:eb:6e:32:49:18:
                    c2:3a:f3:70:93:2b:1f:a9:e1:df:8a:f9:7e:66:7b:
                    19:e2:ff:92:e3:e7:76:e9:62:e2:f8:be:58:5e:c8:
                    4a:40:2b:ec:33:fa:2f:aa:9d:51:e7:75:ca:20:8e:
                    d8:b5:9d:e5:7f:d4:68:51:88:38:ce:8b:10:5b:5d:
                    31:4b:a1:f1:0f:0b:df:c5:15:58:af:65:39:1d:31:
                    70:66:12:63:40:16:37:f9:b5:c0:7f:7e:70:dc:8a:
                    06:55:b5:37:81:8c:fa:9f:c0:5d:1b:32:e6:52:3e:
                    7e:55:4d:2e:bf:90:32:40:d1:c5:13:61:d3:ed:b9:
                    3e:0d:01:84:99:e9:76:a5:9e:cc:30:54:28:12:b3:
                    e7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:15:2B:6A:6F:45:8B:28:01:87:8D:74:0E:7D:62:F8:37:BF:52:FD
            X509v3 Authority Key Identifier:
                keyid:97:02:4F:FC:49:27:BF:E3:52:89:43:5D:9D:02:80:42:0B:8E:CD:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwJP_Eknv-NSiUNdnQKAQguOzcs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/eRUram9FiygBh410Dn1i-De_Uv0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/717221-1d03-4d13-9049-401bda4477b5/1/lwJP_Eknv-NSiUNdnQKAQguOzcs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.248.0/23
                  195.138.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:10:ea:6e:dc:58:63:6f:cb:5b:c4:f2:6d:37:3f:13:ce:9a:
         c4:3f:93:86:9c:24:b1:80:84:7c:b3:bf:0b:01:f8:24:22:46:
         c5:40:cb:e3:10:87:c0:47:46:f0:ef:df:61:9a:7a:f6:0f:c2:
         0b:2b:b9:f5:f9:29:14:fd:8b:f8:8a:a7:d9:4a:7b:e4:b2:80:
         9f:f3:f2:49:50:ad:db:ae:a9:43:32:89:3b:4b:bb:8e:18:b1:
         01:aa:ba:f8:23:2f:9d:06:75:85:5b:b1:89:a7:d5:19:46:8f:
         c4:fb:d9:ea:a2:8d:64:10:12:41:7e:ce:7f:61:9c:75:f4:44:
         ae:72:be:c3:91:89:86:e8:51:30:88:53:bf:d8:5a:b5:b3:73:
         54:dd:75:6e:d3:0a:85:bf:88:63:68:de:e1:78:5b:eb:6d:06:
         a5:44:28:73:99:19:c8:12:88:53:a9:3f:c1:15:2c:4c:27:19:
         a6:0c:b6:6a:80:64:c2:4e:21:f4:7d:19:3d:d0:1c:04:ba:50:
         58:f0:d2:c5:12:d2:4d:5f:7a:93:26:00:e5:b2:58:4a:c7:25:
         41:f1:db:9d:ed:bc:ff:94:f1:be:0e:01:0f:cd:ec:5d:68:be:
         f6:23:ed:37:d1:77:61:5f:fa:6c:68:85:2f:d0:12:00:bf:44:
         76:e0:e5:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt+pyyGEFzBFNRFJvOwqkrzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDI0ZmZjNDkyN2JmZTM1Mjg5NDM1ZDlkMDI4MDQyMGI4
ZWNkY2IwHhcNMjYwMTAyMTIyMDQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTE1MmI2YTZmNDU4YjI4MDE4NzhkNzQwZTdkNjJmODM3YmY1MmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ+03KTlSlbSky8U5aKMqHawv+N1
IAgxty1giAB4ydHFRDvp+B/yd1JrLOy+Nn+u1emVH3Zrn0NHXfHEQhdmIWjUGt1i
yMafhffMgzdKL0g+xagqprfWIPFQuEzJ4vaYiQ5s0+rydeWdzv9iPHnFsY2/624y
SRjCOvNwkysfqeHfivl+ZnsZ4v+S4+d26WLi+L5YXshKQCvsM/ovqp1R53XKII7Y
tZ3lf9RoUYg4zosQW10xS6HxDwvfxRVYr2U5HTFwZhJjQBY3+bXAf35w3IoGVbU3
gYz6n8BdGzLmUj5+VU0uv5AyQNHFE2HT7bk+DQGEmel2pZ7MMFQoErPnjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHkVK2pvRYsoAYeNdA59Yvg3v1L9MB8GA1UdIwQY
MBaAFJcCT/xJJ7/jUolDXZ0CgEILjs3LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDkt
NDAxYmRhNDQ3N2I1LzEvZVJVcmFtOUZpeWdCaDQxMERuMWktRGVfVXYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC83MTcyMjEtMWQwMy00ZDEzLTkwNDktNDAxYmRhNDQ3N2I1
LzEvbHdKUF9Fa252LU5TaVVOZG5RS0FRZ3VPemNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW8P4AwQA
w4rBMA0GCSqGSIb3DQEBCwUAA4IBAQB4EOpu3Fhjb8tbxPJtNz8TzprEP5OGnCSx
gIR8s78LAfgkIkbFQMvjEIfAR0bw799hmnr2D8ILK7n1+SkU/Yv4iqfZSnvksoCf
8/JJUK3brqlDMok7S7uOGLEBqrr4Iy+dBnWFW7GJp9UZRo/E+9nqoo1kEBJBfs5/
YZx19ESucr7DkYmG6FEwiFO/2Fq1s3NU3XVu0wqFv4hjaN7heFvrbQalRChzmRnI
EohTqT/BFSxMJxmmDLZqgGTCTiH0fRk90BwEulBY8NLFEtJNX3qTJgDlslhKxyVB
8dud7bz/lPG+DgEPzexdaL72I+030XdhX/psaIUv0BIAv0R24OWb
-----END CERTIFICATE-----