Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/oJikVGeGH47Pi9ETf25ZC2y534A.roa
File:                     oJikVGeGH47Pi9ETf25ZC2y534A.roa (raw, json)
Hash identifier:          O9mHTIlUIZNrSBo/sFV/Ngmx3bneDcEBab5/fbZjQkU=
Subject key identifier:   A0:98:A4:54:67:86:1F:8E:CF:8B:D1:13:7F:6E:59:0B:6C:B9:DF:80
Certificate issuer:       /CN=0e2e4fd219f5b77ce80cdfaf9e3a6441dec50042
Certificate serial:       019D911FE66DFC7E00E6F083FFB6A1345CDC
Authority key identifier: 0E:2E:4F:D2:19:F5:B7:7C:E8:0C:DF:AF:9E:3A:64:41:DE:C5:00:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/oJikVGeGH47Pi9ETf25ZC2y534A.roa
Signing time:             Wed 15 Apr 2026 12:31:20 +0000
ROA not before:           Wed 15 Apr 2026 12:31:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5413
IP address blocks:        91.227.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:1f:e6:6d:fc:7e:00:e6:f0:83:ff:b6:a1:34:5c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e2e4fd219f5b77ce80cdfaf9e3a6441dec50042
        Validity
            Not Before: Apr 15 12:31:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a098a45467861f8ecf8bd1137f6e590b6cb9df80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:43:70:68:da:7a:18:1a:be:b6:c0:c0:b8:85:
                    48:cf:94:b6:62:50:36:81:4a:e7:3f:4e:97:79:de:
                    ef:c7:68:5e:b6:cb:cb:a6:b0:18:c6:3f:cc:aa:a9:
                    20:4f:ab:7f:c1:4a:c3:f0:4f:34:7c:10:e8:6b:dd:
                    8a:1f:66:55:95:6d:df:fe:c6:8b:9a:e7:7e:b8:5c:
                    27:76:5c:d7:18:f7:a8:40:22:17:fa:42:a5:5c:18:
                    fe:05:a4:d0:20:5a:de:21:20:2e:b8:78:72:7e:d6:
                    5b:d4:6d:0a:b3:f9:55:c3:f8:94:32:0f:ed:c4:b8:
                    19:40:d2:c7:d5:f4:c3:9e:8b:33:a7:b3:48:42:c1:
                    64:69:bd:f2:fd:73:57:77:3a:db:92:83:f3:1c:73:
                    e3:55:c4:9b:97:99:0e:90:9d:79:03:62:cd:b7:5d:
                    2c:3e:1a:b0:7b:b8:da:cf:1e:c0:da:45:e7:14:ff:
                    2b:89:61:2a:f9:4d:e2:b2:57:d4:a6:83:64:f0:66:
                    59:cd:c2:a4:12:03:f7:ac:af:e9:bf:fb:1b:56:71:
                    22:ba:b7:51:82:e5:f6:f8:1a:f4:7e:e2:92:fc:e6:
                    e0:4d:4a:e5:63:02:04:d9:a4:f3:6d:91:68:2a:74:
                    62:c7:85:f2:57:21:bb:a5:34:43:4d:b7:e3:16:4d:
                    1c:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:98:A4:54:67:86:1F:8E:CF:8B:D1:13:7F:6E:59:0B:6C:B9:DF:80
            X509v3 Authority Key Identifier:
                keyid:0E:2E:4F:D2:19:F5:B7:7C:E8:0C:DF:AF:9E:3A:64:41:DE:C5:00:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Di5P0hn1t3zoDN-vnjpkQd7FAEI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/oJikVGeGH47Pi9ETf25ZC2y534A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/e11224-61c7-4786-86e9-238fee692430/1/Di5P0hn1t3zoDN-vnjpkQd7FAEI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:53:9f:65:ba:dc:9f:48:62:84:5f:ef:d2:d1:1d:1d:ed:a6:
         89:06:3e:a7:99:fd:7f:60:10:22:0f:11:15:2c:47:bf:83:2a:
         ec:ee:72:05:ee:32:a6:a3:ac:ae:f2:66:e3:aa:25:f8:fb:f4:
         ba:e4:8a:ce:68:2e:ca:4d:e7:b6:36:99:e5:17:9e:4c:6c:49:
         43:0d:9f:52:d5:90:4e:79:2d:42:e8:23:28:d3:4c:9c:21:fb:
         59:65:e5:fd:34:73:69:71:a9:da:1c:4e:fa:63:31:7b:d6:32:
         f5:2b:cd:c9:39:68:00:f0:de:33:2d:e5:5d:8e:a6:91:e4:d0:
         b8:5a:87:d1:b5:04:94:81:b0:77:b7:d1:80:f7:f3:88:7f:e7:
         e0:05:c5:c6:b7:5f:cb:ec:8f:24:90:eb:a5:4f:b4:4d:43:60:
         53:33:6c:93:b6:4f:1c:1c:cc:e0:80:99:46:5a:d3:6e:73:86:
         c9:71:3f:8c:76:8d:29:89:b5:7d:5d:fe:97:7e:86:0d:8e:74:
         55:f7:1d:60:78:45:b5:46:36:d2:74:67:81:3f:49:1e:59:26:
         31:53:79:06:ba:b1:9c:63:6f:6b:ba:65:86:67:8b:e9:73:41:
         2e:6e:ee:cd:ae:59:15:c6:48:cb:e9:c3:16:ae:61:29:3e:a2:
         9f:b4:5e:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2RH+Zt/H4A5vCD/7ahNFzcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMmU0ZmQyMTlmNWI3N2NlODBjZGZhZjllM2E2NDQxZGVj
NTAwNDIwHhcNMjYwNDE1MTIzMTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDk4YTQ1NDY3ODYxZjhlY2Y4YmQxMTM3ZjZlNTkwYjZjYjlkZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqENwaNp6GBq+tsDAuIVIz5S2YlA2
gUrnP06Xed7vx2hetsvLprAYxj/MqqkgT6t/wUrD8E80fBDoa92KH2ZVlW3f/saL
mud+uFwndlzXGPeoQCIX+kKlXBj+BaTQIFreISAuuHhyftZb1G0Ks/lVw/iUMg/t
xLgZQNLH1fTDnoszp7NIQsFkab3y/XNXdzrbkoPzHHPjVcSbl5kOkJ15A2LNt10s
Phqwe7jazx7A2kXnFP8riWEq+U3islfUpoNk8GZZzcKkEgP3rK/pv/sbVnEiurdR
guX2+Br0fuKS/ObgTUrlYwIE2aTzbZFoKnRix4XyVyG7pTRDTbfjFk0cuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCYpFRnhh+Oz4vRE39uWQtsud+AMB8GA1UdIwQY
MBaAFA4uT9IZ9bd86Azfr546ZEHexQBCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGk1UDBobjF0M3pvRE4tdm5qcGtRZDdGQUVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9lMTEyMjQtNjFjNy00Nzg2LTg2ZTkt
MjM4ZmVlNjkyNDMwLzEvb0ppa1ZHZUdINDdQaTlFVGYyNVpDMnk1MzRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9lMTEyMjQtNjFjNy00Nzg2LTg2ZTktMjM4ZmVlNjkyNDMw
LzEvRGk1UDBobjF0M3pvRE4tdm5qcGtRZDdGQUVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+P1MA0G
CSqGSIb3DQEBCwUAA4IBAQBOU59lutyfSGKEX+/S0R0d7aaJBj6nmf1/YBAiDxEV
LEe/gyrs7nIF7jKmo6yu8mbjqiX4+/S65IrOaC7KTee2NpnlF55MbElDDZ9S1ZBO
eS1C6CMo00ycIftZZeX9NHNpcanaHE76YzF71jL1K83JOWgA8N4zLeVdjqaR5NC4
WofRtQSUgbB3t9GA9/OIf+fgBcXGt1/L7I8kkOulT7RNQ2BTM2yTtk8cHMzggJlG
WtNuc4bJcT+Mdo0pibV9Xf6XfoYNjnRV9x1geEW1RjbSdGeBP0keWSYxU3kGurGc
Y29rumWGZ4vpc0Eubu7NrlkVxkjL6cMWrmEpPqKftF7S
-----END CERTIFICATE-----