Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/UpYiW0YdIrwDWxZOiUzZurQIgF8.roa
File:                     UpYiW0YdIrwDWxZOiUzZurQIgF8.roa (raw, json)
Hash identifier:          jjGKWizAXtSVxLo+5q6XJ9JA42WltZ7bWlMMRZurw8Y=
Subject key identifier:   52:96:22:5B:46:1D:22:BC:03:5B:16:4E:89:4C:D9:BA:B4:08:80:5F
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D1B00AAFE9D82354D24BEA488FA345C45
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/UpYiW0YdIrwDWxZOiUzZurQIgF8.roa
Signing time:             Mon 23 Mar 2026 14:02:01 +0000
ROA not before:           Mon 23 Mar 2026 14:02:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20724
IP address blocks:        80.244.13.0/24 maxlen: 24
                          91.227.62.0/24 maxlen: 24
                          212.46.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:00:aa:fe:9d:82:35:4d:24:be:a4:88:fa:34:5c:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 23 14:02:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5296225b461d22bc035b164e894cd9bab408805f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:4b:ee:01:0b:24:1d:9a:f4:e8:60:76:86:64:
                    31:53:df:a3:c3:9f:a9:18:35:0a:43:aa:84:31:58:
                    81:b8:88:fe:46:46:65:84:46:e2:fc:66:8e:eb:27:
                    d5:3d:b0:f6:4c:f5:c5:2e:5a:bb:06:51:3e:85:40:
                    6a:66:08:50:c8:a0:b9:06:c8:39:22:63:5d:a6:a3:
                    5a:4c:ed:94:da:e5:50:a7:8a:b5:a5:49:d4:05:3f:
                    ef:5a:76:b4:ca:5c:b3:bb:07:cb:40:ce:f3:db:77:
                    24:e8:83:fe:d8:75:e6:8a:8d:76:4b:e3:e5:50:48:
                    db:34:bc:a6:15:48:c4:a9:00:19:08:2f:d9:32:38:
                    84:13:ae:14:c7:ca:79:a1:fb:ce:5f:6e:18:24:ec:
                    f8:08:8a:7d:bd:e7:b0:f9:61:93:c1:06:2c:ef:4c:
                    e7:70:2d:d1:0f:39:ab:13:f4:5c:37:b5:3d:9e:b3:
                    b5:e4:5c:db:06:2e:2f:32:78:f7:81:a0:19:a7:dd:
                    3b:50:e4:6f:7d:02:cf:b5:0b:58:12:fe:d1:64:48:
                    16:32:5d:a1:3c:85:da:3e:98:06:01:52:07:bb:d0:
                    15:d4:45:88:85:da:4a:4c:51:9e:50:09:6f:0b:b8:
                    62:e9:31:e6:f6:4f:aa:df:be:25:e1:43:67:e1:84:
                    9e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:96:22:5B:46:1D:22:BC:03:5B:16:4E:89:4C:D9:BA:B4:08:80:5F
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/UpYiW0YdIrwDWxZOiUzZurQIgF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.13.0/24
                  91.227.62.0/24
                  212.46.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:19:42:ee:a7:c5:72:ee:02:2d:5f:5c:70:0e:67:89:9f:70:
         43:cc:c2:e3:b3:f0:39:56:33:99:61:84:1d:37:40:44:cc:e2:
         e8:19:d1:b3:ff:aa:f3:ab:d5:5c:f4:18:23:97:a3:a7:4f:a2:
         1d:73:93:40:58:a7:ec:0c:cb:c4:33:95:d8:96:ac:a1:fd:d5:
         9e:ad:f8:c9:4b:14:1b:bf:33:51:ea:7a:71:c9:f2:c5:0a:e1:
         86:e2:b7:0c:0c:d6:01:54:71:19:06:18:80:82:e3:b9:6b:94:
         2b:f7:0d:e8:c7:51:54:11:2c:8d:c0:6d:55:ed:9c:d1:84:32:
         26:42:62:4b:00:79:45:5a:b3:5c:e4:b9:81:02:57:84:70:72:
         aa:1e:a6:e4:be:70:57:4f:55:7a:f7:85:52:eb:22:f3:68:4c:
         97:24:71:24:94:0a:f6:b4:43:67:cb:dd:e1:4b:9e:cf:e2:e6:
         1d:f7:81:27:74:7c:cc:f1:e8:5e:32:86:ce:69:e8:20:2d:f5:
         dd:3e:89:67:56:77:75:0a:d5:55:7b:68:d1:90:72:d9:db:2f:
         61:98:5a:44:b4:1e:f2:14:f9:cd:a5:cd:86:bc:8d:88:da:2b:
         a1:e4:ed:4b:5e:d0:8e:a6:78:50:c2:fb:cf:6c:5e:12:68:3f:
         7a:1e:79:98
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0bAKr+nYI1TSS+pIj6NFxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMzIzMTQwMjAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjk2MjI1YjQ2MWQyMmJjMDM1YjE2NGU4OTRjZDliYWI0MDg4MDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UvuAQskHZr06GB2hmQxU9+jw5+p
GDUKQ6qEMViBuIj+RkZlhEbi/GaO6yfVPbD2TPXFLlq7BlE+hUBqZghQyKC5Bsg5
ImNdpqNaTO2U2uVQp4q1pUnUBT/vWna0ylyzuwfLQM7z23ck6IP+2HXmio12S+Pl
UEjbNLymFUjEqQAZCC/ZMjiEE64Ux8p5ofvOX24YJOz4CIp9veew+WGTwQYs70zn
cC3RDzmrE/RcN7U9nrO15FzbBi4vMnj3gaAZp907UORvfQLPtQtYEv7RZEgWMl2h
PIXaPpgGAVIHu9AV1EWIhdpKTFGeUAlvC7hi6THm9k+q374l4UNn4YSeYQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFKWIltGHSK8A1sWTolM2bq0CIBfMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvVXBZaVcwWWRJcndEV3haT2lVelp1clFJZ0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUPQNAwQA
W+M+AwQA1C4lMA0GCSqGSIb3DQEBCwUAA4IBAQA3GULup8Vy7gItX1xwDmeJn3BD
zMLjs/A5VjOZYYQdN0BEzOLoGdGz/6rzq9Vc9Bgjl6OnT6Idc5NAWKfsDMvEM5XY
lqyh/dWerfjJSxQbvzNR6npxyfLFCuGG4rcMDNYBVHEZBhiAguO5a5Qr9w3ox1FU
ESyNwG1V7ZzRhDImQmJLAHlFWrNc5LmBAleEcHKqHqbkvnBXT1V694VS6yLzaEyX
JHEklAr2tENny93hS57P4uYd94EndHzM8eheMobOaeggLfXdPolnVnd1CtVVe2jR
kHLZ2y9hmFpEtB7yFPnNpc2GvI2I2iuh5O1LXtCOpnhQwvvPbF4SaD96HnmY
-----END CERTIFICATE-----