Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/i_WQhoivfiPNt_r8E0ASaD2knr0.roa
File:                     i_WQhoivfiPNt_r8E0ASaD2knr0.roa (raw, json)
Hash identifier:          ZsmBZD3QOznmcRlV4BtsmhxZ3ocoJk7WQB1P/qL5Ad0=
Subject key identifier:   8B:F5:90:86:88:AF:7E:23:CD:B7:FA:FC:13:40:12:68:3D:A4:9E:BD
Certificate issuer:       /CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
Certificate serial:       019DB98D1F0F8EFD8F9197572136CC5C139A
Authority key identifier: F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/i_WQhoivfiPNt_r8E0ASaD2knr0.roa
Signing time:             Thu 23 Apr 2026 08:55:26 +0000
ROA not before:           Thu 23 Apr 2026 08:55:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212804
IP address blocks:        94.142.226.0/24 maxlen: 24
                          2a0a:2785::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:8d:1f:0f:8e:fd:8f:91:97:57:21:36:cc:5c:13:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f50bae60970a2dfc86dd607c5b915ad5c534b413
        Validity
            Not Before: Apr 23 08:55:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8bf5908688af7e23cdb7fafc134012683da49ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:53:84:fd:ff:02:25:84:47:ad:10:c5:93:c0:
                    53:9b:57:c4:3b:0e:aa:3e:f0:3f:9e:fe:54:8c:07:
                    f0:21:ac:1e:db:b3:d0:9d:02:1e:bb:ec:16:e2:aa:
                    c3:fc:0c:c1:25:30:6e:73:8d:27:cc:50:bb:a3:4d:
                    f1:a5:d4:80:74:1b:d6:fd:11:ad:c8:20:a5:4c:13:
                    6b:41:9b:f3:ec:93:78:ef:a6:29:56:02:bc:a2:a5:
                    8f:cc:40:61:a6:65:67:05:47:b8:d4:24:7c:48:e8:
                    a4:d9:ea:85:b9:eb:62:f7:7e:fc:a3:52:d4:a0:aa:
                    b6:57:d3:01:20:36:7a:d0:41:3c:b6:8e:8e:e6:d7:
                    2c:5c:e7:c2:ce:ff:f7:71:5e:05:de:1d:33:0b:ea:
                    f7:e9:a9:27:a8:b2:3d:b3:65:88:d4:c0:62:32:c3:
                    ec:20:6d:c8:9f:a9:46:22:99:04:f4:67:6c:60:4d:
                    e4:ae:32:83:00:55:ad:84:7d:d9:78:d6:a2:8a:2f:
                    cd:fb:c5:6a:9d:fa:34:44:88:5e:a3:7c:a3:38:1c:
                    60:1b:86:0f:b3:bb:62:1e:31:87:68:3b:3c:c6:83:
                    c4:18:08:18:11:b4:58:79:10:de:9b:16:9e:2d:97:
                    42:a6:52:1e:7f:66:73:5b:62:90:b9:e3:da:12:9f:
                    43:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:F5:90:86:88:AF:7E:23:CD:B7:FA:FC:13:40:12:68:3D:A4:9E:BD
            X509v3 Authority Key Identifier:
                keyid:F5:0B:AE:60:97:0A:2D:FC:86:DD:60:7C:5B:91:5A:D5:C5:34:B4:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/i_WQhoivfiPNt_r8E0ASaD2knr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/f71dcb-9e92-44e7-b042-3665067db256/1/9QuuYJcKLfyG3WB8W5Fa1cU0tBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.226.0/24
                IPv6:
                  2a0a:2785::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:a4:df:dc:84:75:11:c8:f4:2e:ba:3d:fe:33:cc:9d:b7:d9:
         6a:30:63:23:5a:b6:f7:6f:52:ad:35:b3:5f:1e:bd:bb:6e:4c:
         30:7c:72:86:d2:b4:3f:02:6b:1a:50:8e:7d:71:6e:d3:f4:85:
         4f:c2:53:56:88:95:71:d4:7f:80:4b:ee:4f:77:9b:b1:36:c3:
         49:00:c4:cb:b2:cb:31:a3:35:0c:0f:df:3c:4b:b9:e9:7e:d1:
         90:8c:2e:5f:2f:9c:dd:42:78:b4:d5:ba:19:71:73:5f:44:e9:
         d7:a2:d4:36:23:97:eb:15:2b:79:8b:dd:5e:32:51:aa:ec:a9:
         87:7e:38:cf:f8:d1:a6:13:96:75:f0:c4:dd:9e:94:44:48:4e:
         11:12:a0:18:01:44:ef:93:69:df:2e:71:fc:70:03:01:9c:24:
         f9:ea:8a:ea:ec:34:39:08:ef:ab:6a:c0:e1:ee:66:ed:b6:a5:
         2a:17:d9:9a:0b:16:1a:41:aa:da:a2:44:09:d5:63:72:98:1c:
         53:04:f7:90:50:0c:22:59:e0:d9:d6:d5:c9:c7:fc:8e:60:7e:
         c1:48:57:68:fa:ae:7c:70:12:17:7b:79:3a:12:7b:6e:47:53:
         48:fc:53:a7:50:b3:8c:f4:8c:ec:f7:66:22:5b:d7:73:80:7f:
         67:b2:70:36
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ25jR8Pjv2PkZdXITbMXBOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1MGJhZTYwOTcwYTJkZmM4NmRkNjA3YzViOTE1YWQ1YzUz
NGI0MTMwHhcNMjYwNDIzMDg1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmY1OTA4Njg4YWY3ZTIzY2RiN2ZhZmMxMzQwMTI2ODNkYTQ5ZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlOE/f8CJYRHrRDFk8BTm1fEOw6q
PvA/nv5UjAfwIawe27PQnQIeu+wW4qrD/AzBJTBuc40nzFC7o03xpdSAdBvW/RGt
yCClTBNrQZvz7JN476YpVgK8oqWPzEBhpmVnBUe41CR8SOik2eqFueti9378o1LU
oKq2V9MBIDZ60EE8to6O5tcsXOfCzv/3cV4F3h0zC+r36aknqLI9s2WI1MBiMsPs
IG3In6lGIpkE9GdsYE3krjKDAFWthH3ZeNaiii/N+8Vqnfo0RIheo3yjOBxgG4YP
s7tiHjGHaDs8xoPEGAgYEbRYeRDemxaeLZdCplIef2ZzW2KQuePaEp9DywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIv1kIaIr34jzbf6/BNAEmg9pJ69MB8GA1UdIwQY
MBaAFPULrmCXCi38ht1gfFuRWtXFNLQTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDIt
MzY2NTA2N2RiMjU2LzEvaV9XUWhvaXZmaVBOdF9yOEUwQVNhRDJrbnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9mNzFkY2ItOWU5Mi00NGU3LWIwNDItMzY2NTA2N2RiMjU2
LzEvOVF1dVlKY0tMZnlHM1dCOFc1RmExY1UwdEJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAXo7iMA0E
AgACMAcDBQAqCieFMA0GCSqGSIb3DQEBCwUAA4IBAQAopN/chHURyPQuuj3+M8yd
t9lqMGMjWrb3b1KtNbNfHr27bkwwfHKG0rQ/AmsaUI59cW7T9IVPwlNWiJVx1H+A
S+5Pd5uxNsNJAMTLsssxozUMD988S7npftGQjC5fL5zdQni01boZcXNfROnXotQ2
I5frFSt5i91eMlGq7KmHfjjP+NGmE5Z18MTdnpRESE4REqAYAUTvk2nfLnH8cAMB
nCT56orq7DQ5CO+rasDh7mbttqUqF9maCxYaQaraokQJ1WNymBxTBPeQUAwiWeDZ
1tXJx/yOYH7BSFdo+q58cBIXe3k6EntuR1NI/FOnULOM9Izs92YiW9dzgH9nsnA2
-----END CERTIFICATE-----