Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/hl6VgB4kLfF0gYQB_c8vvP9sw9M.roa
File:                     hl6VgB4kLfF0gYQB_c8vvP9sw9M.roa (raw, json)
Hash identifier:          /Dm24RIVCygX2v7yBsB0ok3cyUYLJnR87PFrPkROav4=
Subject key identifier:   86:5E:95:80:1E:24:2D:F1:74:81:84:01:FD:CF:2F:BC:FF:6C:C3:D3
Certificate issuer:       /CN=3eb91f36cffe80efe0dff26123f8f97c15d9763c
Certificate serial:       019B7F83D4FB7901B6EBA9C006ED80C323FA
Authority key identifier: 3E:B9:1F:36:CF:FE:80:EF:E0:DF:F2:61:23:F8:F9:7C:15:D9:76:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrkfNs_-gO_g3_JhI_j5fBXZdjw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/hl6VgB4kLfF0gYQB_c8vvP9sw9M.roa
Signing time:             Fri 02 Jan 2026 16:21:44 +0000
ROA not before:           Fri 02 Jan 2026 16:21:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43947
IP address blocks:        91.198.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/PrkfNs_-gO_g3_JhI_j5fBXZdjw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/PrkfNs_-gO_g3_JhI_j5fBXZdjw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrkfNs_-gO_g3_JhI_j5fBXZdjw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:83:d4:fb:79:01:b6:eb:a9:c0:06:ed:80:c3:23:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb91f36cffe80efe0dff26123f8f97c15d9763c
        Validity
            Not Before: Jan  2 16:21:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=865e95801e242df174818401fdcf2fbcff6cc3d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:80:c8:be:04:dc:25:14:8d:7d:7b:72:6c:68:
                    b2:15:37:1e:62:47:37:dd:95:27:16:c6:b2:20:d4:
                    66:a7:d0:0f:12:67:06:91:76:c6:b9:10:c7:01:25:
                    ab:37:4b:08:fd:cc:36:19:3c:aa:74:75:97:95:11:
                    ca:dc:27:46:c0:e0:0a:90:b7:e5:f8:ab:c5:34:c2:
                    07:0e:f8:f6:17:8c:83:85:20:f8:69:f5:da:b5:53:
                    ea:7c:0b:77:35:e9:ef:a0:b4:f2:39:82:24:ba:24:
                    55:e2:be:a1:fe:94:06:0f:81:8c:82:6f:07:d0:13:
                    e8:d5:b7:36:7e:1e:7e:2c:d6:a0:c1:54:03:e3:41:
                    55:a6:3e:44:4d:62:b1:f5:7a:34:d3:61:f2:a1:7a:
                    6c:f6:c8:6e:8e:24:4e:66:20:9c:ed:ec:eb:be:61:
                    9f:8b:a1:b0:ed:89:4b:b9:73:1a:a2:62:89:96:85:
                    b4:b9:da:47:ea:c9:21:5c:14:bb:b7:a3:11:1d:29:
                    72:be:47:fe:1e:c3:e0:72:83:62:31:fc:45:59:3d:
                    e2:30:eb:50:7e:19:80:57:61:8d:f8:a8:ce:f9:86:
                    d5:7e:7d:3c:4f:ab:0d:94:49:4d:58:a6:0e:7d:53:
                    2c:ed:60:e5:50:4b:dc:6d:2e:57:3f:14:27:d1:7f:
                    ac:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:5E:95:80:1E:24:2D:F1:74:81:84:01:FD:CF:2F:BC:FF:6C:C3:D3
            X509v3 Authority Key Identifier:
                keyid:3E:B9:1F:36:CF:FE:80:EF:E0:DF:F2:61:23:F8:F9:7C:15:D9:76:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrkfNs_-gO_g3_JhI_j5fBXZdjw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/hl6VgB4kLfF0gYQB_c8vvP9sw9M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/aa6565-5d97-4a80-9a5d-424c23f50ff3/1/PrkfNs_-gO_g3_JhI_j5fBXZdjw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:44:e0:3e:51:37:1d:30:73:8a:5c:0c:90:fc:38:3f:d1:56:
         a2:75:23:82:74:0f:49:c0:bd:ed:84:09:bc:b8:e2:72:e0:87:
         54:05:77:12:87:da:02:4f:48:5f:d9:cf:f1:eb:24:14:4a:ec:
         d8:8d:4b:d4:de:69:c2:28:f8:e2:95:e1:aa:36:bb:a4:16:db:
         66:24:7c:b4:52:b9:06:1f:5c:2a:4c:9f:a3:e3:c1:3d:3d:4b:
         7c:1b:b9:45:41:5e:af:e1:8d:3a:f2:6b:60:45:8f:50:00:62:
         55:58:23:90:44:2e:6c:73:02:89:0a:98:85:e8:d8:8e:a7:83:
         3b:d4:17:5e:db:2e:8b:fe:44:cf:7f:47:03:32:9b:26:e0:96:
         03:50:13:cc:66:4d:fc:f3:31:dc:36:37:ec:51:37:99:13:be:
         a6:e6:ac:8e:fc:af:54:bd:f8:b9:84:23:5c:ea:c8:e9:82:e9:
         52:5a:7a:3a:5c:0c:25:22:6d:9d:11:4d:72:8c:06:1b:e0:a5:
         ae:1e:4e:83:71:7c:fa:e3:89:31:1e:7e:65:6e:36:a4:f7:5f:
         2f:aa:fc:9b:08:c7:63:c4:63:34:23:1a:03:2c:0a:a8:0d:f1:
         8b:ab:67:08:84:88:34:65:09:f8:f5:cc:1d:f9:22:4e:54:81:
         09:f6:22:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt/g9T7eQG266nABu2AwyP6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjkxZjM2Y2ZmZTgwZWZlMGRmZjI2MTIzZjhmOTdjMTVk
OTc2M2MwHhcNMjYwMTAyMTYyMTQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjVlOTU4MDFlMjQyZGYxNzQ4MTg0MDFmZGNmMmZiY2ZmNmNjM2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy4DIvgTcJRSNfXtybGiyFTceYkc3
3ZUnFsayINRmp9APEmcGkXbGuRDHASWrN0sI/cw2GTyqdHWXlRHK3CdGwOAKkLfl
+KvFNMIHDvj2F4yDhSD4afXatVPqfAt3NenvoLTyOYIkuiRV4r6h/pQGD4GMgm8H
0BPo1bc2fh5+LNagwVQD40FVpj5ETWKx9Xo002HyoXps9shujiROZiCc7ezrvmGf
i6Gw7YlLuXMaomKJloW0udpH6skhXBS7t6MRHSlyvkf+HsPgcoNiMfxFWT3iMOtQ
fhmAV2GN+KjO+YbVfn08T6sNlElNWKYOfVMs7WDlUEvcbS5XPxQn0X+s1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIZelYAeJC3xdIGEAf3PL7z/bMPTMB8GA1UdIwQY
MBaAFD65HzbP/oDv4N/yYSP4+XwV2XY8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJrZk5zXy1nT19nM19KaElfajVmQlhaZGp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy9hYTY1NjUtNWQ5Ny00YTgwLTlhNWQt
NDI0YzIzZjUwZmYzLzEvaGw2VmdCNGtMZkYwZ1lRQl9jOHZ2UDlzdzlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy9hYTY1NjUtNWQ5Ny00YTgwLTlhNWQtNDI0YzIzZjUwZmYz
LzEvUHJrZk5zXy1nT19nM19KaElfajVmQlhaZGp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8bbMA0G
CSqGSIb3DQEBCwUAA4IBAQBaROA+UTcdMHOKXAyQ/Dg/0VaidSOCdA9JwL3thAm8
uOJy4IdUBXcSh9oCT0hf2c/x6yQUSuzYjUvU3mnCKPjileGqNrukFttmJHy0UrkG
H1wqTJ+j48E9PUt8G7lFQV6v4Y068mtgRY9QAGJVWCOQRC5scwKJCpiF6NiOp4M7
1Bde2y6L/kTPf0cDMpsm4JYDUBPMZk388zHcNjfsUTeZE76m5qyO/K9Uvfi5hCNc
6sjpgulSWno6XAwlIm2dEU1yjAYb4KWuHk6DcXz644kxHn5lbjak918vqvybCMdj
xGM0IxoDLAqoDfGLq2cIhIg0ZQn49cwd+SJOVIEJ9iIj
-----END CERTIFICATE-----