Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/1-SAETGTeaUOj1XdkqRLUPF6Q-1g.roa
File:                     1-SAETGTeaUOj1XdkqRLUPF6Q-1g.roa (raw, json)
Hash identifier:          J6jUaufkYMrjM7ww1ErRboScW6ZHhG3Zu67b1RodNlQ=
Subject key identifier:   F9:20:04:4C:64:DE:69:43:A3:D5:77:64:A9:12:D4:3C:5E:90:FB:58
Certificate issuer:       /CN=22689d0f913d29cc63d6c926cb462cb27f184408
Certificate serial:       019B7910BFBC5B4D2B56157525F0134BF1E1
Authority key identifier: 22:68:9D:0F:91:3D:29:CC:63:D6:C9:26:CB:46:2C:B2:7F:18:44:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ImidD5E9Kcxj1skmy0Yssn8YRAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/1-SAETGTeaUOj1XdkqRLUPF6Q-1g.roa
Signing time:             Thu 01 Jan 2026 10:18:19 +0000
ROA not before:           Thu 01 Jan 2026 10:18:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210126
IP address blocks:        91.234.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/ImidD5E9Kcxj1skmy0Yssn8YRAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/ImidD5E9Kcxj1skmy0Yssn8YRAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ImidD5E9Kcxj1skmy0Yssn8YRAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:bf:bc:5b:4d:2b:56:15:75:25:f0:13:4b:f1:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22689d0f913d29cc63d6c926cb462cb27f184408
        Validity
            Not Before: Jan  1 10:18:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f920044c64de6943a3d57764a912d43c5e90fb58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:c0:3c:cc:cb:c2:e2:f6:66:c5:6b:7c:b6:e4:
                    e0:a3:82:88:dc:ab:99:70:d5:01:79:95:8c:39:c1:
                    be:9d:90:d9:1d:4a:6a:11:cb:65:51:d8:d5:e7:83:
                    f6:c5:c3:82:4b:2a:d0:bc:08:79:84:51:c0:31:1a:
                    7e:db:ee:68:e2:6b:c3:1f:c1:77:cb:00:9a:fa:a8:
                    b5:ea:09:e2:60:d4:69:c9:10:e8:3d:f6:e5:4a:c0:
                    e1:35:33:40:29:76:a6:e1:38:79:1d:cb:4b:a4:ca:
                    5d:4c:dd:f7:be:17:cc:f2:bf:29:39:65:e0:3e:c4:
                    77:03:7a:33:eb:c8:36:7c:f3:63:ae:5a:a8:70:56:
                    55:52:96:df:16:0c:09:2a:83:ad:6c:b5:0e:29:5f:
                    b6:5c:3c:cc:a0:66:c4:1f:3b:57:16:1d:01:13:bb:
                    06:cf:2a:59:5e:9b:72:79:52:00:36:f7:2b:7e:db:
                    80:f5:da:6a:d4:d5:89:85:68:6f:a8:4c:f8:a8:e5:
                    9e:18:f8:3a:c4:72:c3:d0:a5:14:5e:db:d8:22:50:
                    fd:61:e7:5e:8f:4d:27:51:31:25:83:c2:76:6d:5f:
                    ba:c2:c8:0d:18:00:26:44:7a:69:26:0a:46:d5:66:
                    7f:bf:be:36:d0:7c:99:4f:89:9c:b1:91:09:3f:87:
                    33:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:20:04:4C:64:DE:69:43:A3:D5:77:64:A9:12:D4:3C:5E:90:FB:58
            X509v3 Authority Key Identifier:
                keyid:22:68:9D:0F:91:3D:29:CC:63:D6:C9:26:CB:46:2C:B2:7F:18:44:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ImidD5E9Kcxj1skmy0Yssn8YRAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/1-SAETGTeaUOj1XdkqRLUPF6Q-1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/043eee-3199-4f8e-b0a9-4ad852a12cd6/1/ImidD5E9Kcxj1skmy0Yssn8YRAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.234.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:c2:41:e0:07:23:91:e1:0a:dc:ba:50:7e:db:41:2b:d1:b6:
         ea:f8:0e:6e:7d:f9:fd:02:75:cb:b1:b7:89:1c:65:fc:fb:eb:
         1b:7d:2e:bc:45:3c:05:58:6f:f1:15:1c:04:e1:a4:1a:98:40:
         aa:00:c0:cc:d6:fc:5a:03:78:b4:cb:6e:d2:4e:9a:a3:0b:8f:
         0b:c8:d5:da:fa:03:00:47:17:8e:32:03:70:d6:d6:da:26:d4:
         86:41:0b:3f:91:87:d6:0e:7a:0c:ac:bb:fb:79:50:d9:67:04:
         91:3a:d4:8e:06:06:43:db:79:9b:b5:88:e2:0b:3f:ab:52:b1:
         9d:b9:61:11:a9:24:7b:75:46:9b:84:05:44:4f:6c:17:74:de:
         7b:d2:47:9c:56:12:91:83:d2:a4:6f:2b:ef:71:df:a9:11:1b:
         17:39:74:3c:fb:f1:a3:92:b5:0f:e2:e7:82:01:58:e8:85:f2:
         86:b8:b6:a3:0a:3e:9c:81:3a:29:3c:44:34:d3:0b:69:30:36:
         85:62:6f:61:78:f6:10:8b:15:e6:6e:a6:b9:ab:2d:e7:50:c3:
         22:af:e1:e2:23:2b:90:9a:33:33:ad:db:11:70:db:52:28:40:
         31:89:df:69:1b:c8:dc:65:3f:08:36:f2:62:c8:e8:39:00:31:
         29:38:fc:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt5EL+8W00rVhV1JfATS/HhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyNjg5ZDBmOTEzZDI5Y2M2M2Q2YzkyNmNiNDYyY2IyN2Yx
ODQ0MDgwHhcNMjYwMTAxMTAxODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTIwMDQ0YzY0ZGU2OTQzYTNkNTc3NjRhOTEyZDQzYzVlOTBmYjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMA8zMvC4vZmxWt8tuTgo4KI3KuZ
cNUBeZWMOcG+nZDZHUpqEctlUdjV54P2xcOCSyrQvAh5hFHAMRp+2+5o4mvDH8F3
ywCa+qi16gniYNRpyRDoPfblSsDhNTNAKXam4Th5HctLpMpdTN33vhfM8r8pOWXg
PsR3A3oz68g2fPNjrlqocFZVUpbfFgwJKoOtbLUOKV+2XDzMoGbEHztXFh0BE7sG
zypZXptyeVIANvcrftuA9dpq1NWJhWhvqEz4qOWeGPg6xHLD0KUUXtvYIlD9Yede
j00nUTElg8J2bV+6wsgNGAAmRHppJgpG1WZ/v7420HyZT4mcsZEJP4czkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPkgBExk3mlDo9V3ZKkS1DxekPtYMB8GA1UdIwQY
MBaAFCJonQ+RPSnMY9bJJstGLLJ/GEQIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSW1pZEQ1RTlLY3hqMXNrbXkwWXNzbjhZUkFnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8wNDNlZWUtMzE5OS00ZjhlLWIwYTkt
NGFkODUyYTEyY2Q2LzEvMS1TQUVUR1RlYVVPajFYZGtxUkxVUEY2US0xZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjQvMDQzZWVlLTMxOTktNGY4ZS1iMGE5LTRhZDg1MmExMmNk
Ni8xL0ltaWRENUU5S2N4ajFza215MFlzc244WVJBZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAFvqyDAN
BgkqhkiG9w0BAQsFAAOCAQEAb8JB4AcjkeEK3LpQfttBK9G26vgObn35/QJ1y7G3
iRxl/PvrG30uvEU8BVhv8RUcBOGkGphAqgDAzNb8WgN4tMtu0k6aowuPC8jV2voD
AEcXjjIDcNbW2ibUhkELP5GH1g56DKy7+3lQ2WcEkTrUjgYGQ9t5m7WI4gs/q1Kx
nblhEakke3VGm4QFRE9sF3Tee9JHnFYSkYPSpG8r73HfqREbFzl0PPvxo5K1D+Ln
ggFY6IXyhri2owo+nIE6KTxENNMLaTA2hWJvYXj2EIsV5m6muast51DDIq/h4iMr
kJozM63bEXDbUihAMYnfaRvI3GU/CDbyYsjoOQAxKTj8lQ==
-----END CERTIFICATE-----