Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/8EOlbJXLvuv7BSeNnd2ICGJWLZo.roa
File:                     8EOlbJXLvuv7BSeNnd2ICGJWLZo.roa (raw, json)
Hash identifier:          CsWLwhPzZNOdijrEAjbyM64wLJ4YacynY1WeU/f0DKI=
Subject key identifier:   F0:43:A5:6C:95:CB:BE:EB:FB:05:27:8D:9D:DD:88:08:62:56:2D:9A
Certificate issuer:       /CN=74ae8f1949ba7f4bc233e6c217a8418ca4e1132b
Certificate serial:       019B7C11D65E66CEACC3408CBE83876ED46B
Authority key identifier: 74:AE:8F:19:49:BA:7F:4B:C2:33:E6:C2:17:A8:41:8C:A4:E1:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dK6PGUm6f0vCM-bCF6hBjKThEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/8EOlbJXLvuv7BSeNnd2ICGJWLZo.roa
Signing time:             Fri 02 Jan 2026 00:18:22 +0000
ROA not before:           Fri 02 Jan 2026 00:18:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     196668
IP address blocks:        91.213.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/dK6PGUm6f0vCM-bCF6hBjKThEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/dK6PGUm6f0vCM-bCF6hBjKThEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dK6PGUm6f0vCM-bCF6hBjKThEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:11:d6:5e:66:ce:ac:c3:40:8c:be:83:87:6e:d4:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74ae8f1949ba7f4bc233e6c217a8418ca4e1132b
        Validity
            Not Before: Jan  2 00:18:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f043a56c95cbbeebfb05278d9ddd880862562d9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:30:b9:cb:9d:22:4f:7c:9f:7e:e8:39:a5:2a:
                    2a:b3:05:cc:7c:c2:da:a8:5e:d1:8c:16:8e:fe:36:
                    32:3b:10:da:01:b7:5b:ae:52:d1:35:b9:dd:9f:41:
                    ed:ef:cf:22:d5:80:9e:52:74:10:5e:53:eb:93:da:
                    af:d2:30:1b:29:8b:8f:f7:88:63:d0:ae:ee:e2:43:
                    93:26:48:b3:3f:dc:0a:98:56:a5:b8:8a:76:29:0c:
                    3c:07:de:cd:67:ec:7a:c6:b6:67:07:22:3e:e3:bf:
                    dd:fe:a2:fc:65:de:53:84:53:36:5d:00:8c:95:cb:
                    e3:30:b2:51:fe:ce:6f:9e:84:47:71:21:15:27:5a:
                    c5:02:29:00:e1:a9:ce:a3:76:ad:49:dc:31:d0:f0:
                    8f:4e:8c:17:a2:dc:6e:9d:42:a7:92:01:b4:b0:96:
                    1e:c2:e1:f1:9c:32:8f:8c:62:85:0e:ec:99:11:89:
                    54:9e:0e:a6:71:0f:9e:3b:a4:96:f7:97:65:a6:a0:
                    46:01:ae:73:bd:93:41:85:0d:5e:c4:b7:88:c9:a6:
                    f2:20:45:32:3a:e4:2c:21:13:3d:16:3f:00:f4:18:
                    9a:2a:d2:e1:5b:eb:f9:30:bf:c6:5e:d8:2f:d8:45:
                    cc:6d:4e:05:6e:78:ed:77:a2:99:ec:4a:99:30:f4:
                    91:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:43:A5:6C:95:CB:BE:EB:FB:05:27:8D:9D:DD:88:08:62:56:2D:9A
            X509v3 Authority Key Identifier:
                keyid:74:AE:8F:19:49:BA:7F:4B:C2:33:E6:C2:17:A8:41:8C:A4:E1:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dK6PGUm6f0vCM-bCF6hBjKThEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/8EOlbJXLvuv7BSeNnd2ICGJWLZo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/8507be-e8d4-45e2-9ea9-1514fae15107/1/dK6PGUm6f0vCM-bCF6hBjKThEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:59:f3:99:c9:ca:d3:91:10:5a:70:b8:b6:1a:b5:e9:fe:14:
         9c:09:52:07:85:5f:f8:9e:92:a5:b0:7a:56:7e:08:5d:a6:75:
         8f:6f:91:63:23:9b:98:bb:dc:44:55:87:3c:f4:59:e8:71:97:
         c5:cf:38:d3:ab:18:da:89:51:81:01:4b:ac:be:a6:70:12:e8:
         d1:20:69:f9:e3:a6:c2:92:06:ef:f0:88:80:09:ce:76:a5:5d:
         6b:0c:a0:f1:dd:49:96:7d:d1:bc:6d:06:8f:d3:45:0b:ac:88:
         43:1f:8b:fc:7e:f4:7a:9d:fc:af:80:27:f7:32:22:2c:bc:72:
         82:a6:6b:f8:cc:63:92:d3:37:c4:7f:05:63:fa:8a:7a:92:ad:
         ae:38:ab:e0:6c:88:0d:01:ee:9c:59:c8:ca:a1:95:82:1e:61:
         94:36:b9:21:c7:c4:eb:92:5d:49:21:86:b1:a5:5b:fd:86:f4:
         49:ec:1a:1a:ab:ee:22:fe:9e:e3:8c:dd:13:4d:4a:19:89:46:
         aa:87:33:7d:06:74:3e:71:91:03:ea:e7:19:37:41:5f:b9:0b:
         98:63:20:b4:13:bb:89:7c:3c:54:34:0f:f8:09:a6:93:96:ec:
         b6:72:ca:b6:4e:c5:75:79:3b:9d:81:c2:f5:5f:02:ec:52:37:
         9b:c8:93:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8EdZeZs6sw0CMvoOHbtRrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YWU4ZjE5NDliYTdmNGJjMjMzZTZjMjE3YTg0MThjYTRl
MTEzMmIwHhcNMjYwMTAyMDAxODIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQzYTU2Yzk1Y2JiZWViZmIwNTI3OGQ5ZGRkODgwODYyNTYyZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjC5y50iT3yffug5pSoqswXMfMLa
qF7RjBaO/jYyOxDaAbdbrlLRNbndn0Ht788i1YCeUnQQXlPrk9qv0jAbKYuP94hj
0K7u4kOTJkizP9wKmFaluIp2KQw8B97NZ+x6xrZnByI+47/d/qL8Zd5ThFM2XQCM
lcvjMLJR/s5vnoRHcSEVJ1rFAikA4anOo3atSdwx0PCPTowXotxunUKnkgG0sJYe
wuHxnDKPjGKFDuyZEYlUng6mcQ+eO6SW95dlpqBGAa5zvZNBhQ1exLeIyabyIEUy
OuQsIRM9Fj8A9BiaKtLhW+v5ML/GXtgv2EXMbU4Fbnjtd6KZ7EqZMPSRawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBDpWyVy77r+wUnjZ3diAhiVi2aMB8GA1UdIwQY
MBaAFHSujxlJun9LwjPmwheoQYyk4RMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEs2UEdVbTZmMHZDTS1iQ0Y2aEJqS1RoRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy84NTA3YmUtZThkNC00NWUyLTllYTkt
MTUxNGZhZTE1MTA3LzEvOEVPbGJKWEx2dXY3QlNlTm5kMklDR0pXTFpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy84NTA3YmUtZThkNC00NWUyLTllYTktMTUxNGZhZTE1MTA3
LzEvZEs2UEdVbTZmMHZDTS1iQ0Y2aEJqS1RoRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9XeMA0G
CSqGSIb3DQEBCwUAA4IBAQA2WfOZycrTkRBacLi2GrXp/hScCVIHhV/4npKlsHpW
fghdpnWPb5FjI5uYu9xEVYc89FnocZfFzzjTqxjaiVGBAUusvqZwEujRIGn546bC
kgbv8IiACc52pV1rDKDx3UmWfdG8bQaP00ULrIhDH4v8fvR6nfyvgCf3MiIsvHKC
pmv4zGOS0zfEfwVj+op6kq2uOKvgbIgNAe6cWcjKoZWCHmGUNrkhx8Trkl1JIYax
pVv9hvRJ7Boaq+4i/p7jjN0TTUoZiUaqhzN9BnQ+cZED6ucZN0FfuQuYYyC0E7uJ
fDxUNA/4CaaTluy2csq2TsV1eTudgcL1XwLsUjebyJNX
-----END CERTIFICATE-----