Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/0de38c-baa9-4087-9bd5-757cb270d4c2/1/8UOImPECS7Tb8bv1qOFKL-C2oI4.roa
File:                     8UOImPECS7Tb8bv1qOFKL-C2oI4.roa (raw, json)
Hash identifier:          1X/4/xyAeuRwfLo60MnDR1gYBOVEUFBCMmt3e2Crits=
Subject key identifier:   F1:43:88:98:F1:02:4B:B4:DB:F1:BB:F5:A8:E1:4A:2F:E0:B6:A0:8E
Certificate issuer:       /CN=3261efe627712604f35b9ad9ccbf0368695f5013
Certificate serial:       019C4C23FDE1FFAA24A3735A61289CF843A4
Authority key identifier: 32:61:EF:E6:27:71:26:04:F3:5B:9A:D9:CC:BF:03:68:69:5F:50:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmHv5idxJgTzW5rZzL8DaGlfUBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/0de38c-baa9-4087-9bd5-757cb270d4c2/1/8UOImPECS7Tb8bv1qOFKL-C2oI4.roa
Signing time:             Wed 11 Feb 2026 09:59:13 +0000
ROA not before:           Wed 11 Feb 2026 09:59:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60344
IP address blocks:        141.49.0.0/16 maxlen: 16
                          185.29.188.0/24 maxlen: 24
                          185.29.189.0/24 maxlen: 24
                          185.29.190.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/0de38c-baa9-4087-9bd5-757cb270d4c2/1/MmHv5idxJgTzW5rZzL8DaGlfUBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/0de38c-baa9-4087-9bd5-757cb270d4c2/1/MmHv5idxJgTzW5rZzL8DaGlfUBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmHv5idxJgTzW5rZzL8DaGlfUBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4c:23:fd:e1:ff:aa:24:a3:73:5a:61:28:9c:f8:43:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3261efe627712604f35b9ad9ccbf0368695f5013
        Validity
            Not Before: Feb 11 09:59:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f1438898f1024bb4dbf1bbf5a8e14a2fe0b6a08e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:19:08:00:37:0d:1f:4a:3f:1f:d4:70:8c:d7:
                    33:84:86:c9:42:bb:03:58:da:ba:c2:75:af:fd:46:
                    98:97:2f:55:f8:13:fb:22:57:14:6b:1d:c8:e4:64:
                    e3:b2:24:20:21:96:d3:58:a3:c0:5d:7e:3b:52:8a:
                    5b:89:49:f3:11:b4:4f:71:cb:39:bd:f6:1a:b1:ab:
                    15:f1:dc:87:a8:93:ba:92:46:f0:f1:38:d5:e9:d7:
                    a7:71:c9:9e:2e:97:93:6a:1b:5d:b7:23:ea:21:a9:
                    c5:c9:9c:84:1b:51:d9:1a:c8:3d:18:9c:e1:96:7d:
                    07:1b:7b:4b:d8:05:dc:85:88:e0:2d:90:57:84:fb:
                    9f:88:04:e9:4b:77:84:52:d3:c8:ca:4d:7f:32:ed:
                    7f:a1:a1:2c:01:aa:67:de:1b:02:34:cc:fc:a3:6b:
                    c4:c2:7a:b1:1c:3a:4c:2d:32:e1:13:a2:77:67:59:
                    25:95:b1:73:2c:e9:e6:41:16:19:2e:7d:fd:7d:c3:
                    75:6a:2c:9c:11:5f:54:53:76:9e:f7:df:87:15:3e:
                    bd:6b:65:2e:38:a0:f1:cf:b7:9a:4b:9b:82:7a:92:
                    03:c6:8a:99:c6:13:ef:18:51:ce:ee:e5:86:e9:5c:
                    a7:da:e6:da:d0:40:a8:cc:42:f1:8e:1b:ef:23:ab:
                    b5:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:43:88:98:F1:02:4B:B4:DB:F1:BB:F5:A8:E1:4A:2F:E0:B6:A0:8E
            X509v3 Authority Key Identifier:
                keyid:32:61:EF:E6:27:71:26:04:F3:5B:9A:D9:CC:BF:03:68:69:5F:50:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmHv5idxJgTzW5rZzL8DaGlfUBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/0de38c-baa9-4087-9bd5-757cb270d4c2/1/8UOImPECS7Tb8bv1qOFKL-C2oI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/0de38c-baa9-4087-9bd5-757cb270d4c2/1/MmHv5idxJgTzW5rZzL8DaGlfUBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.49.0.0/16
                  185.29.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:0d:c3:2a:cd:a5:1f:a9:36:5d:82:aa:f3:8f:c3:65:67:7c:
         55:3e:81:ab:6c:ba:49:0d:92:00:21:72:22:fa:a7:33:d4:f6:
         d6:03:87:66:95:72:99:41:fc:e2:04:2f:70:ce:38:5e:5d:0c:
         43:1c:87:20:54:46:5d:e7:a8:d6:25:63:ab:e6:0d:87:9e:2f:
         f4:db:55:26:d0:39:dc:c7:d7:d4:a5:f8:7b:1a:71:5d:35:7f:
         09:82:ee:43:cb:dc:53:bc:85:c2:85:31:00:12:64:e0:03:b2:
         92:14:b0:c0:bc:11:0f:2d:01:d6:7c:cc:6b:8a:9b:e2:ff:4c:
         22:97:e7:d0:cc:a3:bf:75:f7:38:6f:ab:bc:23:83:b4:e5:e4:
         2a:f6:4c:8f:8c:a6:d2:9b:94:1a:a5:a7:9a:78:02:c6:dc:eb:
         95:80:d5:7c:b0:f2:05:d4:84:c4:d3:2e:44:ae:11:ce:11:fc:
         b6:8c:25:46:8b:fe:48:89:49:a7:fb:6d:64:fc:be:de:75:9f:
         1a:3a:b9:0c:6a:2a:3a:97:60:19:16:2b:94:48:24:5c:63:eb:
         08:a4:58:94:e6:ff:46:fe:ea:43:57:2d:71:83:66:be:4e:11:
         59:2a:c0:29:73:39:d2:26:91:5b:7f:31:30:b2:a4:43:a9:09:
         e4:fa:ff:27
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAZxMI/3h/6oko3NaYSic+EOkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjFlZmU2Mjc3MTI2MDRmMzViOWFkOWNjYmYwMzY4Njk1
ZjUwMTMwHhcNMjYwMjExMDk1OTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTQzODg5OGYxMDI0YmI0ZGJmMWJiZjVhOGUxNGEyZmUwYjZhMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBkIADcNH0o/H9RwjNczhIbJQrsD
WNq6wnWv/UaYly9V+BP7IlcUax3I5GTjsiQgIZbTWKPAXX47UopbiUnzEbRPccs5
vfYasasV8dyHqJO6kkbw8TjV6denccmeLpeTahtdtyPqIanFyZyEG1HZGsg9GJzh
ln0HG3tL2AXchYjgLZBXhPufiATpS3eEUtPIyk1/Mu1/oaEsAapn3hsCNMz8o2vE
wnqxHDpMLTLhE6J3Z1kllbFzLOnmQRYZLn39fcN1aiycEV9UU3ae99+HFT69a2Uu
OKDxz7eaS5uCepIDxoqZxhPvGFHO7uWG6Vyn2uba0ECozELxjhvvI6u1GwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFPFDiJjxAku02/G79ajhSi/gtqCOMB8GA1UdIwQY
MBaAFDJh7+YncSYE81ua2cy/A2hpX1ATMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1IdjVpZHhKZ1R6VzVyWnpMOERhR2xmVUJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8wZGUzOGMtYmFhOS00MDg3LTliZDUt
NzU3Y2IyNzBkNGMyLzEvOFVPSW1QRUNTN1RiOGJ2MXFPRktMLUMyb0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8wZGUzOGMtYmFhOS00MDg3LTliZDUtNzU3Y2IyNzBkNGMy
LzEvTW1IdjVpZHhKZ1R6VzVyWnpMOERhR2xmVUJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMAjTEDBAK5
HbwwDQYJKoZIhvcNAQELBQADggEBAJcNwyrNpR+pNl2CqvOPw2VnfFU+gatsukkN
kgAhciL6pzPU9tYDh2aVcplB/OIEL3DOOF5dDEMchyBURl3nqNYlY6vmDYeeL/Tb
VSbQOdzH19Sl+HsacV01fwmC7kPL3FO8hcKFMQASZOADspIUsMC8EQ8tAdZ8zGuK
m+L/TCKX59DMo7919zhvq7wjg7Tl5Cr2TI+MptKblBqlp5p4Asbc65WA1Xyw8gXU
hMTTLkSuEc4R/LaMJUaL/kiJSaf7bWT8vt51nxo6uQxqKjqXYBkWK5RIJFxj6wik
WJTm/0b+6kNXLXGDZr5OEVkqwClzOdImkVt/MTCypEOpCeT6/yc=
-----END CERTIFICATE-----