Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/Rok7bhVcrvMGmCeWCMtB237UrvA.roa
File:                     Rok7bhVcrvMGmCeWCMtB237UrvA.roa (raw, json)
Hash identifier:          Xpw27Y+b5oWmTMptkoA1gCQxfXLZzXNMTUlev3rzVHE=
Subject key identifier:   46:89:3B:6E:15:5C:AE:F3:06:98:27:96:08:CB:41:DB:7E:D4:AE:F0
Certificate issuer:       /CN=90f792ea8fff9040b2cd7f170736e42e7483a767
Certificate serial:       019B7D5B1FE02C704B3AD78F36BA26376425
Authority key identifier: 90:F7:92:EA:8F:FF:90:40:B2:CD:7F:17:07:36:E4:2E:74:83:A7:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kPeS6o__kECyzX8XBzbkLnSDp2c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/Rok7bhVcrvMGmCeWCMtB237UrvA.roa
Signing time:             Fri 02 Jan 2026 06:18:02 +0000
ROA not before:           Fri 02 Jan 2026 06:18:02 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51976
IP address blocks:        91.222.68.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/kPeS6o__kECyzX8XBzbkLnSDp2c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/kPeS6o__kECyzX8XBzbkLnSDp2c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kPeS6o__kECyzX8XBzbkLnSDp2c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:5b:1f:e0:2c:70:4b:3a:d7:8f:36:ba:26:37:64:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90f792ea8fff9040b2cd7f170736e42e7483a767
        Validity
            Not Before: Jan  2 06:18:02 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46893b6e155caef30698279608cb41db7ed4aef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4d:01:a9:b0:ec:a5:a4:e2:59:3d:22:ae:e9:
                    88:e9:3e:e0:b7:e1:a9:cb:60:f9:3d:45:7d:4f:2e:
                    8a:64:ed:18:b6:0e:1a:33:d9:5f:0e:56:38:09:bb:
                    f0:d2:12:7c:a5:8a:4c:bb:4b:8d:da:9a:f4:0a:18:
                    af:4d:2e:d9:e9:ea:27:ed:ec:25:32:03:54:17:50:
                    5c:cf:14:41:35:83:f6:81:d4:f7:ea:ae:58:30:3e:
                    78:d8:d4:71:18:15:7c:de:81:93:cd:a3:d9:02:0f:
                    47:c4:33:44:97:8d:86:d0:4f:a5:b6:16:45:ed:97:
                    90:34:bc:05:7e:a7:97:d6:8a:01:bb:7f:2a:bf:f8:
                    7f:15:91:ac:cb:be:97:a9:36:85:83:2c:dd:11:1f:
                    da:29:c0:2d:89:bf:c1:f3:df:5f:5f:c1:29:b4:fc:
                    5d:c1:12:ff:1c:96:bb:83:ef:67:c7:c9:a3:a3:a8:
                    13:5b:fc:10:68:a1:b3:39:86:1e:72:a9:5f:5b:95:
                    8e:c0:37:00:1f:56:e9:5e:5c:51:65:03:61:9d:61:
                    5c:1d:a6:ba:d9:2f:56:0f:07:7f:96:2f:93:80:8b:
                    05:c3:07:f0:e2:ce:ad:f3:01:33:68:a8:67:34:27:
                    32:c3:7c:97:82:cc:66:6c:c2:bd:86:eb:99:32:7a:
                    20:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:89:3B:6E:15:5C:AE:F3:06:98:27:96:08:CB:41:DB:7E:D4:AE:F0
            X509v3 Authority Key Identifier:
                keyid:90:F7:92:EA:8F:FF:90:40:B2:CD:7F:17:07:36:E4:2E:74:83:A7:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kPeS6o__kECyzX8XBzbkLnSDp2c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/Rok7bhVcrvMGmCeWCMtB237UrvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/8452a8-bafe-4a0f-8c44-cb740db06b29/1/kPeS6o__kECyzX8XBzbkLnSDp2c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         53:e4:da:d3:f9:6d:e0:ed:54:19:d4:9b:3f:fe:48:de:35:35:
         b9:24:9c:b5:a2:3f:a7:91:2d:a2:19:87:39:28:67:ec:89:af:
         22:4f:a2:52:64:04:73:91:c8:d9:4b:50:37:4b:d3:2a:da:3e:
         08:86:72:e3:28:c1:aa:42:c0:55:fd:96:be:ee:a5:27:8d:bd:
         19:9b:dc:00:b2:0d:61:46:e4:f8:60:2e:7f:9f:59:57:71:5d:
         6c:e4:86:1a:3e:42:eb:a8:f5:fe:73:42:18:b6:96:df:40:4e:
         9a:cf:7c:05:88:57:35:de:ce:f4:10:e6:b5:80:99:3c:25:a3:
         d9:7b:33:2b:31:4b:0b:21:04:54:aa:4f:21:7d:d9:d6:b4:62:
         4e:f1:2b:58:2f:85:f7:19:cf:c1:a1:f5:a1:3b:15:1f:76:65:
         3d:7c:73:a5:55:81:b1:3f:d9:af:07:8d:74:18:91:14:22:19:
         ff:bd:88:83:67:5e:72:9b:c8:5a:12:c9:39:0a:92:4c:52:f7:
         dc:a3:82:bb:79:6d:a3:b7:1b:86:90:e4:7b:02:3e:88:aa:a5:
         c6:c1:82:41:87:47:bc:d3:93:3c:8b:d6:38:eb:a9:0c:77:35:
         91:dd:24:41:9a:33:4c:f3:1e:90:26:39:ab:91:01:be:a6:09:
         4a:8a:72:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt9Wx/gLHBLOtePNromN2QlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwZjc5MmVhOGZmZjkwNDBiMmNkN2YxNzA3MzZlNDJlNzQ4
M2E3NjcwHhcNMjYwMTAyMDYxODAyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njg5M2I2ZTE1NWNhZWYzMDY5ODI3OTYwOGNiNDFkYjdlZDRhZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1E0BqbDspaTiWT0irumI6T7gt+Gp
y2D5PUV9Ty6KZO0Ytg4aM9lfDlY4Cbvw0hJ8pYpMu0uN2pr0ChivTS7Z6eon7ewl
MgNUF1BczxRBNYP2gdT36q5YMD542NRxGBV83oGTzaPZAg9HxDNEl42G0E+lthZF
7ZeQNLwFfqeX1ooBu38qv/h/FZGsy76XqTaFgyzdER/aKcAtib/B899fX8EptPxd
wRL/HJa7g+9nx8mjo6gTW/wQaKGzOYYecqlfW5WOwDcAH1bpXlxRZQNhnWFcHaa6
2S9WDwd/li+TgIsFwwfw4s6t8wEzaKhnNCcyw3yXgsxmbMK9huuZMnogBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEaJO24VXK7zBpgnlgjLQdt+1K7wMB8GA1UdIwQY
MBaAFJD3kuqP/5BAss1/Fwc25C50g6dnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva1BlUzZvX19rRUN5elg4WEJ6YmtMblNEcDJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC84NDUyYTgtYmFmZS00YTBmLThjNDQt
Y2I3NDBkYjA2YjI5LzEvUm9rN2JoVmNydk1HbUNlV0NNdEIyMzdVcnZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC84NDUyYTgtYmFmZS00YTBmLThjNDQtY2I3NDBkYjA2YjI5
LzEva1BlUzZvX19rRUN5elg4WEJ6YmtMblNEcDJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW95EMA0G
CSqGSIb3DQEBCwUAA4IBAQBT5NrT+W3g7VQZ1Js//kjeNTW5JJy1oj+nkS2iGYc5
KGfsia8iT6JSZARzkcjZS1A3S9Mq2j4IhnLjKMGqQsBV/Za+7qUnjb0Zm9wAsg1h
RuT4YC5/n1lXcV1s5IYaPkLrqPX+c0IYtpbfQE6az3wFiFc13s70EOa1gJk8JaPZ
ezMrMUsLIQRUqk8hfdnWtGJO8StYL4X3Gc/BofWhOxUfdmU9fHOlVYGxP9mvB410
GJEUIhn/vYiDZ15ym8haEsk5CpJMUvfco4K7eW2jtxuGkOR7Aj6IqqXGwYJBh0e8
05M8i9Y466kMdzWR3SRBmjNM8x6QJjmrkQG+pglKinJ/
-----END CERTIFICATE-----