Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/8sEOWFXzdH8YzOqWN09_XqQOMnc.roa
File:                     8sEOWFXzdH8YzOqWN09_XqQOMnc.roa (raw, json)
Hash identifier:          5auvPxA+21grT/tOMVYHwMUsKd6ZVDyQwJyCEtWjC7g=
Subject key identifier:   F2:C1:0E:58:55:F3:74:7F:18:CC:EA:96:37:4F:7F:5E:A4:0E:32:77
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D1AFDEC71D0519C0775A6BB504AFE0119
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/8sEOWFXzdH8YzOqWN09_XqQOMnc.roa
Signing time:             Mon 23 Mar 2026 13:59:01 +0000
ROA not before:           Mon 23 Mar 2026 13:59:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207388
IP address blocks:        91.237.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1a:fd:ec:71:d0:51:9c:07:75:a6:bb:50:4a:fe:01:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 23 13:59:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f2c10e5855f3747f18ccea96374f7f5ea40e3277
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ba:1b:15:c4:68:f7:71:44:84:74:6d:2c:73:
                    e5:39:48:0b:a0:1d:dc:e6:09:ea:e9:0b:ed:fe:7f:
                    b9:90:cd:93:a3:45:60:44:01:e0:f3:b5:c9:2c:e2:
                    5a:35:78:3c:1c:9f:be:16:d4:5b:1e:31:4d:91:af:
                    61:1c:f3:b1:af:68:bb:ab:a9:6e:7e:61:d4:7b:d1:
                    9e:db:b5:6d:c4:bc:58:13:a0:00:12:4f:53:67:85:
                    92:9c:5a:72:06:49:dc:04:1d:28:78:28:c9:22:c5:
                    25:19:da:3d:e2:1c:13:ec:31:65:41:f9:a5:45:9f:
                    61:f9:57:a6:80:e7:be:fb:d8:d5:ea:b9:a6:c6:46:
                    fc:b7:85:91:4b:68:8e:20:41:81:38:22:eb:5c:dc:
                    5e:bf:11:eb:2f:6b:41:ec:8a:36:ac:53:2a:20:83:
                    36:b7:62:17:72:e2:c6:38:4b:09:51:cb:62:eb:ea:
                    fc:4d:5a:ab:fb:46:15:1d:8b:46:d9:21:13:10:ba:
                    97:6b:00:f1:a2:da:f5:eb:27:1e:c3:16:dc:20:fa:
                    76:34:72:e7:d0:28:f6:f5:b0:33:e9:65:38:d3:49:
                    dc:41:66:92:4a:f3:bf:ba:1c:a5:16:e3:e9:52:ed:
                    45:ad:d8:6f:f2:b4:32:71:e2:03:a1:7b:08:94:da:
                    22:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:C1:0E:58:55:F3:74:7F:18:CC:EA:96:37:4F:7F:5E:A4:0E:32:77
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/8sEOWFXzdH8YzOqWN09_XqQOMnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:1a:b3:87:6e:64:71:40:7c:65:c0:94:a4:e5:d8:a2:bd:5c:
         ce:95:58:ce:61:fc:7a:98:53:4e:c7:1c:b3:2d:72:ed:af:76:
         54:aa:be:e1:96:e1:bd:45:94:b0:bc:98:15:8a:d7:b3:d9:42:
         97:4d:14:50:3b:db:d1:40:66:92:dc:23:75:33:b3:81:30:29:
         ca:bc:c9:ce:84:e7:26:79:67:9d:db:45:67:3f:bd:e9:a6:2d:
         db:1a:54:f3:3b:76:e6:8f:57:62:d8:81:e2:46:fb:2a:17:22:
         fe:1e:a7:7e:9c:22:61:08:e8:51:3a:63:f8:5e:5a:f4:0c:fd:
         08:d5:e3:01:17:81:a7:dd:89:0d:66:72:50:d2:e0:83:00:72:
         50:74:04:e2:7c:b3:0b:f2:ae:e2:a0:5e:4b:cd:96:5b:56:de:
         a6:94:7d:04:da:6a:99:fc:e2:a8:a8:99:bb:9b:30:a5:61:ec:
         a2:04:df:5a:ad:8f:4c:f1:3c:51:9d:63:82:b0:1f:7f:1a:0a:
         7b:22:dc:16:8f:67:e2:a3:d1:64:6d:f2:7a:32:a7:46:bc:51:
         4d:a1:36:01:6c:c4:f5:1d:14:c0:e7:71:93:6c:ca:e2:df:f7:
         70:d5:5f:0a:96:0d:1a:8b:a6:6a:7c:e0:4f:03:69:fb:40:e4:
         3a:fb:d0:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0a/exx0FGcB3Wmu1BK/gEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMzIzMTM1OTAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmMxMGU1ODU1ZjM3NDdmMThjY2VhOTYzNzRmN2Y1ZWE0MGUzMjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmbobFcRo93FEhHRtLHPlOUgLoB3c
5gnq6Qvt/n+5kM2To0VgRAHg87XJLOJaNXg8HJ++FtRbHjFNka9hHPOxr2i7q6lu
fmHUe9Ge27VtxLxYE6AAEk9TZ4WSnFpyBkncBB0oeCjJIsUlGdo94hwT7DFlQfml
RZ9h+VemgOe++9jV6rmmxkb8t4WRS2iOIEGBOCLrXNxevxHrL2tB7Io2rFMqIIM2
t2IXcuLGOEsJUcti6+r8TVqr+0YVHYtG2SETELqXawDxotr16ycewxbcIPp2NHLn
0Cj29bAz6WU400ncQWaSSvO/uhylFuPpUu1Frdhv8rQyceIDoXsIlNoiBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPLBDlhV83R/GMzqljdPf16kDjJ3MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvOHNFT1dGWHpkSDhZek9xV04wOV9YcVFPTW5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+2PMA0G
CSqGSIb3DQEBCwUAA4IBAQAPGrOHbmRxQHxlwJSk5diivVzOlVjOYfx6mFNOxxyz
LXLtr3ZUqr7hluG9RZSwvJgVitez2UKXTRRQO9vRQGaS3CN1M7OBMCnKvMnOhOcm
eWed20VnP73ppi3bGlTzO3bmj1di2IHiRvsqFyL+Hqd+nCJhCOhROmP4Xlr0DP0I
1eMBF4Gn3YkNZnJQ0uCDAHJQdATifLML8q7ioF5LzZZbVt6mlH0E2mqZ/OKoqJm7
mzClYeyiBN9arY9M8TxRnWOCsB9/Ggp7ItwWj2fio9FkbfJ6MqdGvFFNoTYBbMT1
HRTA53GTbMri3/dw1V8Klg0ai6ZqfOBPA2n7QOQ6+9CY
-----END CERTIFICATE-----