Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/lr6mUolMLl5BEchJCD_QS07TjzY.roa
File:                     lr6mUolMLl5BEchJCD_QS07TjzY.roa (raw, json)
Hash identifier:          IE9eNL6Wj7nAobkQqK8TlH8MGrS1NebMEmzmb+E7F2I=
Subject key identifier:   96:BE:A6:52:89:4C:2E:5E:41:11:C8:49:08:3F:D0:4B:4E:D3:8F:36
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D1B0195F6284BA31F8F911F05B732F591
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/lr6mUolMLl5BEchJCD_QS07TjzY.roa
Signing time:             Mon 23 Mar 2026 14:03:01 +0000
ROA not before:           Mon 23 Mar 2026 14:03:01 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215090
IP address blocks:        80.244.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:01:95:f6:28:4b:a3:1f:8f:91:1f:05:b7:32:f5:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 23 14:03:01 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96bea652894c2e5e4111c849083fd04b4ed38f36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:16:6d:d1:2c:11:4a:4d:cc:64:ea:eb:54:55:
                    17:a5:15:3b:1d:9f:b9:3c:40:ee:b6:5d:3c:59:9a:
                    6b:98:7d:61:c3:a1:83:2d:d8:77:fa:5a:c3:c0:55:
                    1a:92:4e:cf:0b:18:32:f7:df:85:8b:dd:0d:d7:37:
                    be:c8:b3:12:b2:dc:70:60:a2:a8:98:e9:94:68:3b:
                    e9:2e:91:82:4e:ab:b8:6e:00:18:d6:42:f4:c5:86:
                    80:48:2b:bd:07:4e:8f:c8:d5:e7:99:c1:90:f7:92:
                    a7:75:22:6f:a4:0a:31:86:08:4f:72:8f:7a:5f:ed:
                    e4:77:51:0e:27:92:4c:05:e6:db:0d:be:ff:8d:d5:
                    27:76:e9:56:9c:b8:45:12:a2:7e:61:29:e4:bd:45:
                    bc:7e:79:c6:8e:1b:d2:52:7c:e6:93:7e:ca:5e:23:
                    3a:37:59:ef:76:cd:88:20:5d:56:dc:2c:b7:f8:94:
                    d7:ed:50:d5:83:28:c3:bb:bc:c8:a8:8e:04:5b:79:
                    a6:4d:ed:e7:d6:ed:ec:a0:aa:7a:8b:ef:fb:c5:54:
                    07:e7:55:de:71:81:dc:30:c7:d3:f3:f7:d3:e4:a1:
                    02:d1:4e:fd:7a:7b:f3:c4:a9:bc:10:00:cd:b3:03:
                    8c:f1:6c:08:ca:98:c9:d6:95:e3:bb:ca:f5:61:ec:
                    eb:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:BE:A6:52:89:4C:2E:5E:41:11:C8:49:08:3F:D0:4B:4E:D3:8F:36
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/lr6mUolMLl5BEchJCD_QS07TjzY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:2b:b1:e4:7f:5b:16:e8:45:b2:56:f9:63:d7:47:82:bc:c5:
         ef:ad:b6:5c:f9:77:b9:dd:d8:92:86:e5:3b:ed:18:30:03:a2:
         e7:60:35:fd:a3:74:ba:63:61:17:b6:78:9c:bb:b6:9b:34:fb:
         30:7e:9a:7e:25:8e:51:9a:a0:2c:4c:b1:56:d9:93:03:ea:74:
         68:a2:30:a0:85:47:e5:91:b2:15:b7:90:9d:d5:72:9e:61:f4:
         9d:b3:a7:99:d3:d5:38:b1:9d:8e:22:9b:da:4f:98:41:27:f3:
         ac:9c:4a:d0:b2:da:c2:6e:56:4b:b4:65:d1:b7:28:00:e8:04:
         10:b1:36:42:82:7d:dc:3c:7c:b3:2a:65:78:e9:0d:e9:05:54:
         6b:fc:2f:3a:ce:7b:9a:cb:69:de:15:eb:42:3b:7c:ed:94:53:
         e1:8d:32:0b:89:92:ce:33:0d:53:9c:41:cf:9d:ed:2a:40:16:
         8b:ab:55:c6:5a:78:b1:dc:15:22:07:78:d7:3e:e6:80:67:7b:
         f3:75:7a:86:9f:ec:95:f3:61:e6:d4:b3:f1:ec:a8:10:b9:00:
         4a:be:d5:a1:ab:9e:1e:a5:e9:fe:69:34:e7:4a:ad:1a:98:9e:
         69:7d:8c:4b:c1:c6:46:47:8c:3d:e5:f9:3f:a2:2a:73:5d:1b:
         f5:ca:10:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0bAZX2KEujH4+RHwW3MvWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMzIzMTQwMzAxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmJlYTY1Mjg5NGMyZTVlNDExMWM4NDkwODNmZDA0YjRlZDM4ZjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtBZt0SwRSk3MZOrrVFUXpRU7HZ+5
PEDutl08WZprmH1hw6GDLdh3+lrDwFUakk7PCxgy99+Fi90N1ze+yLMSstxwYKKo
mOmUaDvpLpGCTqu4bgAY1kL0xYaASCu9B06PyNXnmcGQ95KndSJvpAoxhghPco96
X+3kd1EOJ5JMBebbDb7/jdUndulWnLhFEqJ+YSnkvUW8fnnGjhvSUnzmk37KXiM6
N1nvds2IIF1W3Cy3+JTX7VDVgyjDu7zIqI4EW3mmTe3n1u3soKp6i+/7xVQH51Xe
cYHcMMfT8/fT5KEC0U79envzxKm8EADNswOM8WwIypjJ1pXju8r1YezrfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJa+plKJTC5eQRHISQg/0EtO0482MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvbHI2bVVvbE1MbDVCRWNoSkNEX1FTMDdUanpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPQOMA0G
CSqGSIb3DQEBCwUAA4IBAQCOK7Hkf1sW6EWyVvlj10eCvMXvrbZc+Xe53diShuU7
7RgwA6LnYDX9o3S6Y2EXtnicu7abNPswfpp+JY5RmqAsTLFW2ZMD6nRoojCghUfl
kbIVt5Cd1XKeYfSds6eZ09U4sZ2OIpvaT5hBJ/OsnErQstrCblZLtGXRtygA6AQQ
sTZCgn3cPHyzKmV46Q3pBVRr/C86znuay2neFetCO3ztlFPhjTILiZLOMw1TnEHP
ne0qQBaLq1XGWnix3BUiB3jXPuaAZ3vzdXqGn+yV82Hm1LPx7KgQuQBKvtWhq54e
pen+aTTnSq0amJ5pfYxLwcZGR4w95fk/oipzXRv1yhB8
-----END CERTIFICATE-----