Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/47065d-2d83-4641-8223-41f39a8c09dd/1/dbEVVOSGmAB9BVhX1SxdhAa54XM.roa
File:                     dbEVVOSGmAB9BVhX1SxdhAa54XM.roa (raw, json)
Hash identifier:          PzFQiBYckhIajBueW8NDRUzWLgElYVTtb1/iAMzZ3Lk=
Subject key identifier:   75:B1:15:54:E4:86:98:00:7D:05:58:57:D5:2C:5D:84:06:B9:E1:73
Certificate issuer:       /CN=62f603f3a55a29e6617f096b3a69bff0a392a928
Certificate serial:       019B7B36CF3ABEB33EF34415094BAF774386
Authority key identifier: 62:F6:03:F3:A5:5A:29:E6:61:7F:09:6B:3A:69:BF:F0:A3:92:A9:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YvYD86VaKeZhfwlrOmm_8KOSqSg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/47065d-2d83-4641-8223-41f39a8c09dd/1/dbEVVOSGmAB9BVhX1SxdhAa54XM.roa
Signing time:             Thu 01 Jan 2026 20:19:08 +0000
ROA not before:           Thu 01 Jan 2026 20:19:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44238
IP address blocks:        91.195.238.0/23 maxlen: 23
                          2001:67c:160::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/47065d-2d83-4641-8223-41f39a8c09dd/1/YvYD86VaKeZhfwlrOmm_8KOSqSg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/47065d-2d83-4641-8223-41f39a8c09dd/1/YvYD86VaKeZhfwlrOmm_8KOSqSg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YvYD86VaKeZhfwlrOmm_8KOSqSg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:36:cf:3a:be:b3:3e:f3:44:15:09:4b:af:77:43:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62f603f3a55a29e6617f096b3a69bff0a392a928
        Validity
            Not Before: Jan  1 20:19:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75b11554e48698007d055857d52c5d8406b9e173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:5e:e8:13:6f:b8:db:46:59:9e:d0:09:b5:69:
                    0c:29:a0:67:e1:7d:86:d6:97:0a:ac:c6:b9:cd:fa:
                    45:75:75:34:f1:30:55:8a:f3:65:90:cd:6f:01:c2:
                    1f:8b:c9:34:c7:6a:45:58:85:d1:b3:b7:51:85:56:
                    01:0a:04:2c:57:fb:8b:7c:26:50:00:c9:4e:4c:a2:
                    79:68:e5:78:c3:b0:18:75:c8:0c:dd:d5:67:eb:80:
                    0f:74:9a:27:f7:f7:36:fb:54:96:88:f4:ae:63:e9:
                    f4:97:9a:b6:56:50:07:3c:51:ad:4f:92:94:70:c8:
                    9b:c3:d1:94:57:f5:99:ea:b0:59:f4:1a:33:1c:42:
                    12:e2:97:5b:46:46:20:6a:4e:29:29:61:94:65:88:
                    52:fe:b4:e9:b2:9e:5e:c8:c9:58:4d:e0:ad:89:fd:
                    7c:ab:4d:17:11:36:24:0f:f4:46:9a:dc:e3:ea:19:
                    5f:80:7e:33:52:f5:c3:cd:ca:fd:d8:45:3a:a9:15:
                    6a:eb:d8:45:c6:0a:a7:51:2f:b4:0b:55:6b:eb:99:
                    7e:0a:e2:ab:a8:3d:63:11:6c:db:da:39:e2:62:a7:
                    3b:d1:ed:61:af:3b:70:05:fb:cd:7a:d9:72:8f:8c:
                    ce:6a:bd:99:22:17:25:b1:a5:ce:ff:c8:b9:b7:89:
                    d4:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:B1:15:54:E4:86:98:00:7D:05:58:57:D5:2C:5D:84:06:B9:E1:73
            X509v3 Authority Key Identifier:
                keyid:62:F6:03:F3:A5:5A:29:E6:61:7F:09:6B:3A:69:BF:F0:A3:92:A9:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YvYD86VaKeZhfwlrOmm_8KOSqSg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/47065d-2d83-4641-8223-41f39a8c09dd/1/dbEVVOSGmAB9BVhX1SxdhAa54XM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/47065d-2d83-4641-8223-41f39a8c09dd/1/YvYD86VaKeZhfwlrOmm_8KOSqSg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.195.238.0/23
                IPv6:
                  2001:67c:160::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:3a:0c:d5:95:60:84:18:39:d5:7e:aa:27:c6:aa:62:b2:1e:
         f0:56:18:e3:80:27:40:2a:e2:5b:0c:0c:09:75:22:5f:7b:e6:
         0f:21:2a:6f:5a:76:b9:c4:bd:f3:51:fb:07:4c:a0:50:11:e9:
         43:a0:b9:dc:12:7a:77:11:84:31:46:6f:14:0f:15:d3:bc:43:
         90:0b:b2:89:f9:e3:94:fb:8c:a0:f6:cb:59:95:3f:6b:e2:9b:
         b8:ce:a2:e7:54:6d:df:af:f3:43:bf:d6:f4:1a:1b:4e:85:fe:
         35:8f:d5:e8:9a:76:dd:fb:3d:ff:fd:c0:80:cc:09:8a:ce:a8:
         b9:cf:b9:18:14:54:ec:db:70:62:47:d1:61:36:cf:c0:a9:54:
         76:6b:9c:75:e4:86:07:f6:58:fc:3a:a6:e7:f4:1c:d6:d2:2a:
         65:0c:1f:63:68:2a:bc:3e:86:a2:35:4b:d6:0a:6c:94:4f:30:
         5a:56:19:36:c1:e9:4f:99:0c:76:92:1e:32:a9:74:a4:e0:ac:
         f5:c4:33:79:5b:e4:4b:7d:5b:8f:16:bc:66:44:06:a2:bc:a3:
         10:f5:bb:d0:a7:2d:68:32:95:fd:d4:06:0e:c8:e8:34:e6:02:
         1c:fe:92:8d:5f:ce:26:09:1a:77:57:ac:b1:1f:bf:c2:0e:5e:
         25:9f:0f:85
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt7Ns86vrM+80QVCUuvd0OGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZjYwM2YzYTU1YTI5ZTY2MTdmMDk2YjNhNjliZmYwYTM5
MmE5MjgwHhcNMjYwMTAxMjAxOTA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWIxMTU1NGU0ODY5ODAwN2QwNTU4NTdkNTJjNWQ4NDA2YjllMTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlV7oE2+420ZZntAJtWkMKaBn4X2G
1pcKrMa5zfpFdXU08TBVivNlkM1vAcIfi8k0x2pFWIXRs7dRhVYBCgQsV/uLfCZQ
AMlOTKJ5aOV4w7AYdcgM3dVn64APdJon9/c2+1SWiPSuY+n0l5q2VlAHPFGtT5KU
cMibw9GUV/WZ6rBZ9BozHEIS4pdbRkYgak4pKWGUZYhS/rTpsp5eyMlYTeCtif18
q00XETYkD/RGmtzj6hlfgH4zUvXDzcr92EU6qRVq69hFxgqnUS+0C1Vr65l+CuKr
qD1jEWzb2jniYqc70e1hrztwBfvNetlyj4zOar2ZIhclsaXO/8i5t4nUNQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHWxFVTkhpgAfQVYV9UsXYQGueFzMB8GA1UdIwQY
MBaAFGL2A/OlWinmYX8Jazppv/CjkqkoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXZZRDg2VmFLZVpoZndsck9tbV84S09TcVNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS80NzA2NWQtMmQ4My00NjQxLTgyMjMt
NDFmMzlhOGMwOWRkLzEvZGJFVlZPU0dtQUI5QlZoWDFTeGRoQWE1NFhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS80NzA2NWQtMmQ4My00NjQxLTgyMjMtNDFmMzlhOGMwOWRk
LzEvWXZZRDg2VmFLZVpoZndsck9tbV84S09TcVNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQBW8PuMA8E
AgACMAkDBwAgAQZ8AWAwDQYJKoZIhvcNAQELBQADggEBAE46DNWVYIQYOdV+qifG
qmKyHvBWGOOAJ0Aq4lsMDAl1Il975g8hKm9adrnEvfNR+wdMoFAR6UOgudwSencR
hDFGbxQPFdO8Q5ALson545T7jKD2y1mVP2vim7jOoudUbd+v80O/1vQaG06F/jWP
1eiadt37Pf/9wIDMCYrOqLnPuRgUVOzbcGJH0WE2z8CpVHZrnHXkhgf2WPw6puf0
HNbSKmUMH2NoKrw+hqI1S9YKbJRPMFpWGTbB6U+ZDHaSHjKpdKTgrPXEM3lb5Et9
W48WvGZEBqK8oxD1u9CnLWgylf3UBg7I6DTmAhz+ko1fziYJGndXrLEfv8IOXiWf
D4U=
-----END CERTIFICATE-----