Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/sf9Z2ePpKun38jGY3djkfjvGjpg.roa
File:                     sf9Z2ePpKun38jGY3djkfjvGjpg.roa (raw, json)
Hash identifier:          syFz830qmJzC/1pywYFwYVAGBqkNlU+FJmKYctYWrpg=
Subject key identifier:   B1:FF:59:D9:E3:E9:2A:E9:F7:F2:31:98:DD:D8:E4:7E:3B:C6:8E:98
Certificate issuer:       /CN=b0cec1c1799ce61503f908ad8490920fb898942a
Certificate serial:       019D6C82BB45A292A66881212E61E9895979
Authority key identifier: B0:CE:C1:C1:79:9C:E6:15:03:F9:08:AD:84:90:92:0F:B8:98:94:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sM7BwXmc5hUD-QithJCSD7iYlCo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/sf9Z2ePpKun38jGY3djkfjvGjpg.roa
Signing time:             Wed 08 Apr 2026 09:53:20 +0000
ROA not before:           Wed 08 Apr 2026 09:53:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211161
IP address blocks:        45.91.195.0/24 maxlen: 24
                          2a13:5fc0::/32 maxlen: 48
                          2a13:5fc0::1/128 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/sM7BwXmc5hUD-QithJCSD7iYlCo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/sM7BwXmc5hUD-QithJCSD7iYlCo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sM7BwXmc5hUD-QithJCSD7iYlCo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6c:82:bb:45:a2:92:a6:68:81:21:2e:61:e9:89:59:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0cec1c1799ce61503f908ad8490920fb898942a
        Validity
            Not Before: Apr  8 09:53:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1ff59d9e3e92ae9f7f23198ddd8e47e3bc68e98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ab:b5:ac:20:61:46:a5:c4:f7:a0:d2:37:67:
                    3e:52:38:db:4f:d3:e4:85:ae:7c:69:7c:45:18:48:
                    11:62:03:3f:9d:28:37:a6:6c:db:4f:72:a7:bc:6f:
                    cb:51:2b:aa:6f:e9:dd:18:f0:88:01:2d:6c:1d:62:
                    38:bf:b3:f8:8c:e4:be:e4:cc:07:7d:bf:ff:33:7a:
                    c4:13:f8:83:41:13:e9:4b:92:f9:cc:c8:64:26:80:
                    4d:39:cd:61:d6:ac:bd:5d:d2:f6:ac:39:5f:6a:19:
                    fc:99:c8:aa:76:1d:f6:af:ec:7f:96:4d:5a:d9:13:
                    ff:6d:14:54:c4:aa:f0:85:a6:59:1e:09:6f:02:80:
                    ec:07:6c:72:ba:08:e2:d5:4a:28:0a:73:51:97:ee:
                    35:e1:58:55:84:42:69:ab:4a:bf:83:c9:da:f0:f0:
                    db:8d:ce:e9:8a:f9:c1:e9:84:be:bd:fc:19:23:53:
                    ab:31:b0:76:cb:4b:fe:1b:6d:14:02:49:89:d9:6b:
                    25:90:78:aa:98:af:52:52:c1:9b:92:1f:f4:a9:d1:
                    fc:45:4a:bb:0e:91:fe:e8:e3:34:0b:74:1d:83:e0:
                    59:0b:cc:92:11:b1:0a:33:f9:a7:50:02:82:7f:ac:
                    3a:51:09:9c:13:8a:21:22:69:75:0f:1e:d8:d1:75:
                    c0:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:FF:59:D9:E3:E9:2A:E9:F7:F2:31:98:DD:D8:E4:7E:3B:C6:8E:98
            X509v3 Authority Key Identifier:
                keyid:B0:CE:C1:C1:79:9C:E6:15:03:F9:08:AD:84:90:92:0F:B8:98:94:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sM7BwXmc5hUD-QithJCSD7iYlCo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/sf9Z2ePpKun38jGY3djkfjvGjpg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/635888-6957-4bde-b158-4fe6727e9b25/1/sM7BwXmc5hUD-QithJCSD7iYlCo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.195.0/24
                IPv6:
                  2a13:5fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         02:d4:d9:56:93:92:9c:2c:88:33:b1:b2:97:22:5d:f6:87:ad:
         3e:a4:c4:6d:c0:27:17:d6:8d:b3:6e:c5:9e:be:81:23:8e:68:
         bf:d4:02:50:18:87:09:43:d0:4f:de:17:58:a3:10:89:71:4f:
         94:49:1f:67:01:33:9d:f9:e1:3b:9b:b4:38:a9:87:6e:8b:a2:
         9e:52:3e:03:69:77:cc:42:32:96:39:9e:14:e4:24:f9:10:0d:
         cd:07:7d:e0:61:08:aa:93:fc:83:ac:10:c6:29:ac:06:c2:40:
         4c:2e:60:86:b5:d1:22:19:bb:d9:83:de:95:5a:36:18:68:d8:
         db:fd:f9:a2:0f:5b:de:8a:b7:33:47:b0:2e:2b:14:54:74:bf:
         3c:03:2e:ce:c6:c5:97:bd:cf:2e:d5:ed:b3:9c:cd:c4:f2:fc:
         29:c0:c1:1f:1a:df:62:87:32:09:5b:07:b3:4b:da:4f:63:22:
         6d:11:5f:53:11:e5:6a:7d:ce:5a:eb:f3:43:50:18:95:83:4a:
         78:41:e7:84:fe:f4:0b:c1:18:c5:36:77:6d:03:5f:35:49:6a:
         b1:7f:03:bb:69:b8:8c:08:2e:2c:02:83:e1:c1:e0:d1:5d:aa:
         cc:6e:59:95:4d:a0:eb:99:26:37:6a:90:b2:a4:a3:5a:f1:ce:
         9d:dc:9e:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ1sgrtFopKmaIEhLmHpiVl5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwY2VjMWMxNzk5Y2U2MTUwM2Y5MDhhZDg0OTA5MjBmYjg5
ODk0MmEwHhcNMjYwNDA4MDk1MzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWZmNTlkOWUzZTkyYWU5ZjdmMjMxOThkZGQ4ZTQ3ZTNiYzY4ZTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhau1rCBhRqXE96DSN2c+UjjbT9Pk
ha58aXxFGEgRYgM/nSg3pmzbT3KnvG/LUSuqb+ndGPCIAS1sHWI4v7P4jOS+5MwH
fb//M3rEE/iDQRPpS5L5zMhkJoBNOc1h1qy9XdL2rDlfahn8mciqdh32r+x/lk1a
2RP/bRRUxKrwhaZZHglvAoDsB2xyugji1UooCnNRl+414VhVhEJpq0q/g8na8PDb
jc7pivnB6YS+vfwZI1OrMbB2y0v+G20UAkmJ2WslkHiqmK9SUsGbkh/0qdH8RUq7
DpH+6OM0C3Qdg+BZC8ySEbEKM/mnUAKCf6w6UQmcE4ohIml1Dx7Y0XXAEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLH/Wdnj6Srp9/IxmN3Y5H47xo6YMB8GA1UdIwQY
MBaAFLDOwcF5nOYVA/kIrYSQkg+4mJQqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc003QndYbWM1aFVELVFpdGhKQ1NEN2lZbENvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy82MzU4ODgtNjk1Ny00YmRlLWIxNTgt
NGZlNjcyN2U5YjI1LzEvc2Y5WjJlUHBLdW4zOGpHWTNkamtmanZHanBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy82MzU4ODgtNjk1Ny00YmRlLWIxNTgtNGZlNjcyN2U5YjI1
LzEvc003QndYbWM1aFVELVFpdGhKQ1NEN2lZbENvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVvDMA0E
AgACMAcDBQAqE1/AMA0GCSqGSIb3DQEBCwUAA4IBAQAC1NlWk5KcLIgzsbKXIl32
h60+pMRtwCcX1o2zbsWevoEjjmi/1AJQGIcJQ9BP3hdYoxCJcU+USR9nATOd+eE7
m7Q4qYdui6KeUj4DaXfMQjKWOZ4U5CT5EA3NB33gYQiqk/yDrBDGKawGwkBMLmCG
tdEiGbvZg96VWjYYaNjb/fmiD1veirczR7AuKxRUdL88Ay7OxsWXvc8u1e2znM3E
8vwpwMEfGt9ihzIJWwezS9pPYyJtEV9TEeVqfc5a6/NDUBiVg0p4QeeE/vQLwRjF
NndtA181SWqxfwO7abiMCC4sAoPhweDRXarMblmVTaDrmSY3apCypKNa8c6d3J6V
-----END CERTIFICATE-----