Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/841257-9d93-4918-a8ae-72ca13dfad2b/1/J2Hlh4Qs9PapyJW1uAhReBAfRdc.roa
File:                     J2Hlh4Qs9PapyJW1uAhReBAfRdc.roa (raw, json)
Hash identifier:          LwBQGu0ai9IuiLQAu2KakRsbf1s3yL9g3pTkW1XPOkA=
Subject key identifier:   27:61:E5:87:84:2C:F4:F6:A9:C8:95:B5:B8:08:51:78:10:1F:45:D7
Certificate issuer:       /CN=e721d0ea683cc675942c098f59c411c860e8aeda
Certificate serial:       019E832AE505E589C816CFBB674CD7B6881C
Authority key identifier: E7:21:D0:EA:68:3C:C6:75:94:2C:09:8F:59:C4:11:C8:60:E8:AE:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5yHQ6mg8xnWULAmPWcQRyGDorto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/841257-9d93-4918-a8ae-72ca13dfad2b/1/J2Hlh4Qs9PapyJW1uAhReBAfRdc.roa
Signing time:             Mon 01 Jun 2026 12:31:26 +0000
ROA not before:           Mon 01 Jun 2026 12:31:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213514
IP address blocks:        91.210.41.0/24 maxlen: 24
                          2a14:cd00::/48 maxlen: 48
                          2a14:cd00:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/841257-9d93-4918-a8ae-72ca13dfad2b/1/5yHQ6mg8xnWULAmPWcQRyGDorto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/841257-9d93-4918-a8ae-72ca13dfad2b/1/5yHQ6mg8xnWULAmPWcQRyGDorto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5yHQ6mg8xnWULAmPWcQRyGDorto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:2a:e5:05:e5:89:c8:16:cf:bb:67:4c:d7:b6:88:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e721d0ea683cc675942c098f59c411c860e8aeda
        Validity
            Not Before: Jun  1 12:31:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2761e587842cf4f6a9c895b5b8085178101f45d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:09:8b:7b:90:01:88:69:80:1a:2e:d8:67:90:
                    e6:6a:4a:66:99:9a:92:8f:24:9e:3a:9e:0f:23:eb:
                    01:5c:d2:f1:5a:ee:f2:b3:15:62:96:fd:6e:54:85:
                    59:4b:95:f8:63:65:5f:8b:4e:c8:ab:4a:8a:08:01:
                    3d:f7:23:bc:a8:e6:ce:2e:09:48:2d:9c:9d:1e:b8:
                    24:cd:ca:90:57:76:6f:62:51:e0:65:bc:d8:73:40:
                    b2:05:a3:16:77:b0:a6:e2:14:52:15:ab:16:28:05:
                    b9:99:99:1e:7e:e1:22:dc:70:b7:db:a7:df:02:26:
                    d9:f2:19:ea:4d:5e:c3:e1:33:02:d0:3f:da:58:b5:
                    46:68:01:05:70:34:d3:fd:f0:10:2b:f2:e5:39:13:
                    63:b2:b9:9f:40:86:3d:bf:bf:35:3c:f9:66:c1:54:
                    7b:b6:8b:20:89:96:83:94:6f:6d:27:cd:87:dc:7f:
                    a9:f3:84:02:0c:a1:54:2a:99:cf:ec:bc:f8:2c:08:
                    61:44:cf:d9:3a:15:aa:e6:33:a9:2c:01:8d:f0:17:
                    b1:f2:a9:de:61:e1:d1:0e:f8:34:1b:60:66:b3:c5:
                    d0:a8:4f:2d:51:56:07:76:60:b8:c1:2f:86:a5:ac:
                    50:21:23:66:ff:47:f5:07:a8:3a:35:ef:e1:8e:1d:
                    79:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:61:E5:87:84:2C:F4:F6:A9:C8:95:B5:B8:08:51:78:10:1F:45:D7
            X509v3 Authority Key Identifier:
                keyid:E7:21:D0:EA:68:3C:C6:75:94:2C:09:8F:59:C4:11:C8:60:E8:AE:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5yHQ6mg8xnWULAmPWcQRyGDorto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/841257-9d93-4918-a8ae-72ca13dfad2b/1/J2Hlh4Qs9PapyJW1uAhReBAfRdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/841257-9d93-4918-a8ae-72ca13dfad2b/1/5yHQ6mg8xnWULAmPWcQRyGDorto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.41.0/24
                IPv6:
                  2a14:cd00::/47

    Signature Algorithm: sha256WithRSAEncryption
         3e:c6:e4:97:ca:7d:22:43:31:b0:ba:b4:fa:4f:61:b4:c4:10:
         7c:b4:88:f4:94:25:0a:6f:e3:fb:94:ef:b3:e5:e8:66:c6:7e:
         da:df:bf:3e:0d:ef:07:78:d1:81:6c:0e:39:e6:39:9e:f8:6d:
         c6:65:6f:79:b5:41:4d:e7:b8:38:c1:e6:e2:e5:95:b6:33:5b:
         3b:87:f9:7d:07:11:f0:a6:0d:5c:c9:5e:c2:a2:41:a4:9a:84:
         a9:b7:67:86:ff:aa:cb:23:ca:c6:5d:88:4d:cd:9b:58:05:9d:
         be:a9:1e:e3:6c:55:9c:7e:0c:7c:3c:24:f2:87:f4:8a:40:d9:
         ce:87:42:db:91:96:71:97:fe:40:c9:61:89:92:94:23:fb:48:
         10:c7:72:22:36:01:8f:26:ca:84:b9:f1:d7:bd:69:eb:50:7b:
         1c:b4:66:51:9f:f0:91:58:43:ff:31:bc:b3:04:e7:7b:43:7a:
         07:2e:4d:ff:e4:ab:5e:ea:8a:62:8d:d2:ce:6d:b0:0a:fd:bd:
         8b:b7:e0:d2:f0:84:ef:12:b8:87:af:93:9b:07:55:be:9e:df:
         1b:e9:88:8f:69:54:2d:3b:62:57:33:37:1c:93:a4:4d:5a:f4:
         b3:7e:12:f7:75:ca:37:f5:68:43:c8:0e:7f:ab:3f:94:07:0c:
         dd:72:68:bc
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZ6DKuUF5YnIFs+7Z0zXtogcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MjFkMGVhNjgzY2M2NzU5NDJjMDk4ZjU5YzQxMWM4NjBl
OGFlZGEwHhcNMjYwNjAxMTIzMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzYxZTU4Nzg0MmNmNGY2YTljODk1YjViODA4NTE3ODEwMWY0NWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQmLe5ABiGmAGi7YZ5DmakpmmZqS
jySeOp4PI+sBXNLxWu7ysxVilv1uVIVZS5X4Y2Vfi07Iq0qKCAE99yO8qObOLglI
LZydHrgkzcqQV3ZvYlHgZbzYc0CyBaMWd7Cm4hRSFasWKAW5mZkefuEi3HC326ff
AibZ8hnqTV7D4TMC0D/aWLVGaAEFcDTT/fAQK/LlORNjsrmfQIY9v781PPlmwVR7
tosgiZaDlG9tJ82H3H+p84QCDKFUKpnP7Lz4LAhhRM/ZOhWq5jOpLAGN8Bex8qne
YeHRDvg0G2Bms8XQqE8tUVYHdmC4wS+GpaxQISNm/0f1B6g6Ne/hjh15xwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCdh5YeELPT2qciVtbgIUXgQH0XXMB8GA1UdIwQY
MBaAFOch0OpoPMZ1lCwJj1nEEchg6K7aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXlIUTZtZzh4bldVTEFtUFdjUVJ5R0RvcnRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS84NDEyNTctOWQ5My00OTE4LWE4YWUt
NzJjYTEzZGZhZDJiLzEvSjJIbGg0UXM5UGFweUpXMXVBaFJlQkFmUmRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS84NDEyNTctOWQ5My00OTE4LWE4YWUtNzJjYTEzZGZhZDJi
LzEvNXlIUTZtZzh4bldVTEFtUFdjUVJ5R0RvcnRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9IpMA8E
AgACMAkDBwEqFM0AAAAwDQYJKoZIhvcNAQELBQADggEBAD7G5JfKfSJDMbC6tPpP
YbTEEHy0iPSUJQpv4/uU77Pl6GbGftrfvz4N7wd40YFsDjnmOZ74bcZlb3m1QU3n
uDjB5uLllbYzWzuH+X0HEfCmDVzJXsKiQaSahKm3Z4b/qssjysZdiE3Nm1gFnb6p
HuNsVZx+DHw8JPKH9IpA2c6HQtuRlnGX/kDJYYmSlCP7SBDHciI2AY8myoS58de9
aetQexy0ZlGf8JFYQ/8xvLME53tDegcuTf/kq17qimKN0s5tsAr9vYu34NLwhO8S
uIevk5sHVb6e3xvpiI9pVC07YlczNxyTpE1a9LN+Evd1yjf1aEPIDn+rP5QHDN1y
aLw=
-----END CERTIFICATE-----