Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/s6iGh0g_eMRoU-lRmgwRh7ylDjk.roa
File:                     s6iGh0g_eMRoU-lRmgwRh7ylDjk.roa (raw, json)
Hash identifier:          GyjyRl7jRs8ST09oXB2xKujwx6J0IjpwQw2utOBKQk4=
Subject key identifier:   B3:A8:86:87:48:3F:78:C4:68:53:E9:51:9A:0C:11:87:BC:A5:0E:39
Certificate issuer:       /CN=c378bc3bd350eedc4f377c224556b250da6dde6f
Certificate serial:       019D9A5E8CA86B1FCEA5E3E9C8539F242463
Authority key identifier: C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/s6iGh0g_eMRoU-lRmgwRh7ylDjk.roa
Signing time:             Fri 17 Apr 2026 07:36:20 +0000
ROA not before:           Fri 17 Apr 2026 07:36:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17497
IP address blocks:        91.108.83.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:5e:8c:a8:6b:1f:ce:a5:e3:e9:c8:53:9f:24:24:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c378bc3bd350eedc4f377c224556b250da6dde6f
        Validity
            Not Before: Apr 17 07:36:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3a88687483f78c46853e9519a0c1187bca50e39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:9a:70:29:19:57:98:14:a0:09:84:6e:bd:fe:
                    75:fc:98:a6:05:e3:d1:3d:40:2b:f3:9d:aa:22:59:
                    81:e8:85:63:36:75:92:97:2d:62:b8:ef:60:42:a7:
                    f6:4b:74:31:8b:bb:70:72:13:8b:be:10:9d:d1:71:
                    9e:27:56:ca:02:e1:fc:04:53:70:e9:ba:e4:9d:b4:
                    dc:bf:12:77:56:d8:1d:a2:95:5d:c3:85:f4:19:7b:
                    5e:57:75:39:27:e9:7c:0b:c5:8a:58:72:b5:ee:98:
                    a4:90:c4:22:fd:0b:4b:b0:70:62:90:cf:77:37:f1:
                    db:f3:93:81:ee:54:ea:40:07:f7:77:5e:32:01:73:
                    41:84:be:04:65:83:6c:85:b2:85:a8:27:00:0f:90:
                    ec:19:c2:78:48:5a:60:74:63:1c:22:0c:5b:e6:ac:
                    99:4d:b2:24:17:31:42:a2:12:3b:81:48:e4:09:7e:
                    9e:fa:33:6e:fc:00:42:35:dd:62:f2:2a:62:f2:24:
                    b6:fe:d5:2b:15:e6:33:13:8c:24:c8:e3:1c:8d:94:
                    0d:18:81:55:78:d6:b1:bb:de:09:73:ed:e1:7a:39:
                    1f:7a:18:a0:07:90:01:09:82:66:75:44:27:74:42:
                    8e:66:43:48:37:7c:6f:2d:df:d9:7a:a4:ca:1d:49:
                    13:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:A8:86:87:48:3F:78:C4:68:53:E9:51:9A:0C:11:87:BC:A5:0E:39
            X509v3 Authority Key Identifier:
                keyid:C3:78:BC:3B:D3:50:EE:DC:4F:37:7C:22:45:56:B2:50:DA:6D:DE:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w3i8O9NQ7txPN3wiRVayUNpt3m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/s6iGh0g_eMRoU-lRmgwRh7ylDjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/be66e4-f14b-4b31-bdaf-4414558fdcbb/1/w3i8O9NQ7txPN3wiRVayUNpt3m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.108.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:06:5f:0c:e6:3b:a1:2b:dd:f4:37:df:2c:db:d4:35:e0:97:
         6e:a4:52:67:81:98:ee:b9:43:24:85:98:bb:86:04:93:ac:03:
         a6:f0:52:71:61:97:ba:e3:96:04:1b:9d:dd:bb:03:fb:4d:ec:
         b4:4d:8e:96:bf:2b:85:98:7c:08:a5:7f:45:70:6f:75:5e:e0:
         3b:45:4d:3a:5f:d2:4b:28:f2:84:d8:52:37:a1:32:97:a7:cb:
         70:73:e8:1b:55:66:49:53:15:1b:5f:63:6e:87:e9:02:20:f8:
         05:61:d7:a4:70:87:78:99:ee:d9:0c:c7:45:9f:77:04:2e:fd:
         f6:fe:2f:77:52:7d:a3:54:1e:ad:91:46:c6:0c:4a:1d:2d:b7:
         49:43:50:09:69:58:d2:f0:69:9f:9e:06:6b:d8:90:b5:0d:bc:
         ee:7b:4f:10:55:10:bd:75:9b:10:b4:79:33:e9:f1:f0:c8:54:
         79:af:90:b8:9f:e9:46:c6:37:4d:79:e9:f5:20:37:f7:e0:2c:
         58:73:88:8b:65:60:4b:ca:24:3e:aa:da:6c:b9:1d:c7:a4:87:
         1a:27:50:99:39:80:82:ba:5f:f3:c5:8e:8e:79:e0:24:67:8b:
         ef:fa:8a:f3:d1:24:03:eb:98:40:d2:8c:8a:47:d3:06:85:73:
         2e:a3:27:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2aXoyoax/OpePpyFOfJCRjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNzhiYzNiZDM1MGVlZGM0ZjM3N2MyMjQ1NTZiMjUwZGE2
ZGRlNmYwHhcNMjYwNDE3MDczNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2E4ODY4NzQ4M2Y3OGM0Njg1M2U5NTE5YTBjMTE4N2JjYTUwZTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJpwKRlXmBSgCYRuvf51/JimBePR
PUAr852qIlmB6IVjNnWSly1iuO9gQqf2S3Qxi7twchOLvhCd0XGeJ1bKAuH8BFNw
6brknbTcvxJ3VtgdopVdw4X0GXteV3U5J+l8C8WKWHK17pikkMQi/QtLsHBikM93
N/Hb85OB7lTqQAf3d14yAXNBhL4EZYNshbKFqCcAD5DsGcJ4SFpgdGMcIgxb5qyZ
TbIkFzFCohI7gUjkCX6e+jNu/ABCNd1i8ipi8iS2/tUrFeYzE4wkyOMcjZQNGIFV
eNaxu94Jc+3hejkfehigB5ABCYJmdUQndEKOZkNIN3xvLd/ZeqTKHUkTawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOohodIP3jEaFPpUZoMEYe8pQ45MB8GA1UdIwQY
MBaAFMN4vDvTUO7cTzd8IkVWslDabd5vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYt
NDQxNDU1OGZkY2JiLzEvczZpR2gwZ19lTVJvVS1sUm1nd1JoN3lsRGprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZTY2ZTQtZjE0Yi00YjMxLWJkYWYtNDQxNDU1OGZkY2Ji
LzEvdzNpOE85TlE3dHhQTjN3aVJWYXlVTnB0M204LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2xTMA0G
CSqGSIb3DQEBCwUAA4IBAQCrBl8M5juhK930N98s29Q14JdupFJngZjuuUMkhZi7
hgSTrAOm8FJxYZe645YEG53duwP7Tey0TY6WvyuFmHwIpX9FcG91XuA7RU06X9JL
KPKE2FI3oTKXp8twc+gbVWZJUxUbX2Nuh+kCIPgFYdekcId4me7ZDMdFn3cELv32
/i93Un2jVB6tkUbGDEodLbdJQ1AJaVjS8GmfngZr2JC1Dbzue08QVRC9dZsQtHkz
6fHwyFR5r5C4n+lGxjdNeen1IDf34CxYc4iLZWBLyiQ+qtpsuR3HpIcaJ1CZOYCC
ul/zxY6OeeAkZ4vv+orz0SQD65hA0oyKR9MGhXMuoyej
-----END CERTIFICATE-----