Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/lNTYTE9WgDjCKRHxx-5oKGVMyws.roa
File:                     lNTYTE9WgDjCKRHxx-5oKGVMyws.roa (raw, json)
Hash identifier:          F5eoGDOfsItqhgiLneAqJxaKhQNBdrzGn1QRusktyAM=
Subject key identifier:   94:D4:D8:4C:4F:56:80:38:C2:29:11:F1:C7:EE:68:28:65:4C:CB:0B
Certificate issuer:       /CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
Certificate serial:       019E013EF1C46ACF9D4C2260C8894FF85D47
Authority key identifier: F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/lNTYTE9WgDjCKRHxx-5oKGVMyws.roa
Signing time:             Thu 07 May 2026 07:02:42 +0000
ROA not before:           Thu 07 May 2026 07:02:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137409
IP address blocks:        31.14.72.0/24 maxlen: 24
                          31.14.73.0/24 maxlen: 24
                          31.14.74.0/24 maxlen: 24
                          31.14.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:01:3e:f1:c4:6a:cf:9d:4c:22:60:c8:89:4f:f8:5d:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8f73c5c0f3a106a8ba7dff3e35c816d1078dc71
        Validity
            Not Before: May  7 07:02:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94d4d84c4f568038c22911f1c7ee6828654ccb0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a5:38:35:7e:93:2d:a4:fc:22:ba:99:3f:f1:
                    84:ed:5f:17:ed:95:5b:ec:79:a4:00:35:ca:eb:d9:
                    f2:7f:bd:c1:47:74:c9:33:de:9a:08:4d:e3:30:01:
                    1f:52:e4:65:19:77:28:a3:d0:fe:b4:02:cc:93:7d:
                    5a:0f:ed:87:87:be:d9:f6:16:c8:da:2f:39:c9:6d:
                    f4:2d:17:7b:2a:25:e9:da:eb:2f:36:6a:52:04:a5:
                    3e:ac:b3:53:76:fc:a6:64:14:6a:62:25:91:23:8b:
                    66:ed:ce:60:6d:44:67:f5:bf:08:d6:48:32:3b:d2:
                    0e:80:5d:3d:c0:2b:3e:14:a9:b7:b2:81:6b:4a:77:
                    9a:8c:ab:99:dc:14:d2:4e:03:49:53:55:c4:fd:0a:
                    09:0c:60:fc:88:a2:bc:44:9b:96:6f:eb:17:70:d9:
                    ab:52:bf:d2:e1:58:f3:f3:04:a1:50:85:c8:7b:8d:
                    6b:f1:a9:b0:24:72:dc:0b:56:75:d3:4f:2a:92:bd:
                    a2:0b:32:83:f0:b7:59:59:92:20:f3:4e:d3:f3:7f:
                    93:c8:ba:c6:d3:48:4a:2c:7e:80:48:0d:4e:88:1b:
                    0d:ab:92:ea:d2:24:d4:b7:dd:b6:f0:2d:e0:bc:90:
                    48:1c:80:21:44:be:60:3c:99:8b:56:07:4a:06:30:
                    8b:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:D4:D8:4C:4F:56:80:38:C2:29:11:F1:C7:EE:68:28:65:4C:CB:0B
            X509v3 Authority Key Identifier:
                keyid:F8:F7:3C:5C:0F:3A:10:6A:8B:A7:DF:F3:E3:5C:81:6D:10:78:DC:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-Pc8XA86EGqLp9_z41yBbRB43HE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/lNTYTE9WgDjCKRHxx-5oKGVMyws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/03cce3-e620-4483-b08b-6d8fd330e9aa/1/1-Pc8XA86EGqLp9_z41yBbRB43HE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.14.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:10:90:bf:78:01:ef:57:8a:69:73:e3:f5:21:45:fb:2b:6f:
         c1:ab:6c:15:5e:2c:f1:39:42:6a:41:d7:3f:19:8e:92:17:88:
         de:e1:00:b8:dc:9d:bc:fd:ba:b4:21:67:bb:c3:e7:3e:80:df:
         1c:8f:12:6c:e7:d9:bb:6c:ea:75:e4:07:aa:df:09:00:d9:2d:
         1c:34:50:31:0c:ec:8b:b0:bf:1b:b4:61:97:fa:dc:86:ec:95:
         7a:ac:5e:20:19:19:1b:4c:2b:41:f3:f8:06:bc:f2:35:a4:cd:
         00:1c:dd:25:78:f4:c6:be:90:92:fe:e0:d5:0a:07:ba:11:b2:
         9e:cc:46:c6:68:23:14:32:df:3e:da:54:57:4b:23:c8:3a:b5:
         7e:e5:6d:0a:1d:e8:a7:ec:28:16:a0:eb:45:1a:8e:e2:ba:d7:
         34:6c:62:4f:4b:c9:62:05:5d:58:19:85:33:d2:01:9c:93:c0:
         18:f0:d9:51:01:d9:2f:55:73:fb:90:d7:d0:7a:a7:5b:92:3c:
         a4:2b:e6:81:ed:52:44:f2:f1:c5:ae:4b:ab:d1:97:22:63:5c:
         d4:07:a4:93:0b:2b:41:e0:0f:1e:93:18:29:d2:81:d0:aa:fd:
         cf:0c:79:ec:2b:13:d3:11:88:f5:64:b1:54:f4:1d:31:af:be:
         6a:07:6e:b5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ4BPvHEas+dTCJgyIlP+F1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZjczYzVjMGYzYTEwNmE4YmE3ZGZmM2UzNWM4MTZkMTA3
OGRjNzEwHhcNMjYwNTA3MDcwMjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGQ0ZDg0YzRmNTY4MDM4YzIyOTExZjFjN2VlNjgyODY1NGNjYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qU4NX6TLaT8IrqZP/GE7V8X7ZVb
7HmkADXK69nyf73BR3TJM96aCE3jMAEfUuRlGXcoo9D+tALMk31aD+2Hh77Z9hbI
2i85yW30LRd7KiXp2usvNmpSBKU+rLNTdvymZBRqYiWRI4tm7c5gbURn9b8I1kgy
O9IOgF09wCs+FKm3soFrSneajKuZ3BTSTgNJU1XE/QoJDGD8iKK8RJuWb+sXcNmr
Ur/S4Vjz8wShUIXIe41r8amwJHLcC1Z1008qkr2iCzKD8LdZWZIg807T83+TyLrG
00hKLH6ASA1OiBsNq5Lq0iTUt9228C3gvJBIHIAhRL5gPJmLVgdKBjCLcQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJTU2ExPVoA4wikR8cfuaChlTMsLMB8GA1UdIwQY
MBaAFPj3PFwPOhBqi6ff8+NcgW0QeNxxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1QYzhYQTg2RUdxTHA5X3o0MXlCYlJCNDNIRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhi
LTZkOGZkMzMwZTlhYS8xL2xOVFlURTlXZ0RqQ0tSSHh4LTVvS0dWTXl3cy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjYvMDNjY2UzLWU2MjAtNDQ4My1iMDhiLTZkOGZkMzMwZTlh
YS8xLzEtUGM4WEE4NkVHcUxwOV96NDF5QmJSQjQzSEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAIfDkgw
DQYJKoZIhvcNAQELBQADggEBAIAQkL94Ae9Ximlz4/UhRfsrb8GrbBVeLPE5QmpB
1z8ZjpIXiN7hALjcnbz9urQhZ7vD5z6A3xyPEmzn2bts6nXkB6rfCQDZLRw0UDEM
7Iuwvxu0YZf63IbslXqsXiAZGRtMK0Hz+Aa88jWkzQAc3SV49Ma+kJL+4NUKB7oR
sp7MRsZoIxQy3z7aVFdLI8g6tX7lbQod6KfsKBag60UajuK61zRsYk9LyWIFXVgZ
hTPSAZyTwBjw2VEB2S9Vc/uQ19B6p1uSPKQr5oHtUkTy8cWuS6vRlyJjXNQHpJML
K0HgDx6TGCnSgdCq/c8MeewrE9MRiPVksVT0HTGvvmoHbrU=
-----END CERTIFICATE-----